Implement authorization for Active Storage endpoints
Consider blobs attached to any public records accessible to anyone with the URL.
This commit is contained in:
@@ -16,6 +16,14 @@ module ActionText
|
||||
def storage_tracked_record
|
||||
record.try(:storage_tracked_record)
|
||||
end
|
||||
|
||||
def accessible_to?(user)
|
||||
record.try(:accessible_to?, user) || record.try(:publicly_accessible?)
|
||||
end
|
||||
|
||||
def publicly_accessible?
|
||||
record.try(:publicly_accessible?)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user