mirror of
https://github.com/wekan/wekan.git
synced 2025-09-22 01:50:48 +02:00
Add back old attachments models for attachment migrations.
Thanks to xet7 !
This commit is contained in:
Lauri Ojansivu
parent
8ef8d546c5
commit
e72646a4d4
2 changed files with 147 additions and 0 deletions
118
models/attachments_old.js
Normal file
118
models/attachments_old.js
Normal file
|
|
@ -0,0 +1,118 @@
|
||||||
|
import { ReactiveCache } from '/imports/reactiveCache';
|
||||||
|
|
||||||
|
const storeName = 'attachments';
|
||||||
|
const defaultStoreOptions = {
|
||||||
|
beforeWrite: fileObj => {
|
||||||
|
if (!fileObj.isImage()) {
|
||||||
|
return {
|
||||||
|
type: 'application/octet-stream',
|
||||||
|
};
|
||||||
|
}
|
||||||
|
return {};
|
||||||
|
},
|
||||||
|
};
|
||||||
|
let store;
|
||||||
|
store = new FS.Store.GridFS(storeName, {
|
||||||
|
// XXX Add a new store for cover thumbnails so we don't load big images in
|
||||||
|
// the general board view
|
||||||
|
// If the uploaded document is not an image we need to enforce browser
|
||||||
|
// download instead of execution. This is particularly important for HTML
|
||||||
|
// files that the browser will just execute if we don't serve them with the
|
||||||
|
// appropriate `application/octet-stream` MIME header which can lead to user
|
||||||
|
// data leaks. I imagine other formats (like PDF) can also be attack vectors.
|
||||||
|
// See https://github.com/wekan/wekan/issues/99
|
||||||
|
// XXX Should we use `beforeWrite` option of CollectionFS instead of
|
||||||
|
// collection-hooks?
|
||||||
|
// We should use `beforeWrite`.
|
||||||
|
...defaultStoreOptions,
|
||||||
|
});
|
||||||
|
AttachmentsOld = new FS.Collection('attachments', {
|
||||||
|
stores: [store],
|
||||||
|
});
|
||||||
|
|
||||||
|
if (Meteor.isServer) {
|
||||||
|
Meteor.startup(() => {
|
||||||
|
AttachmentsOld.files._ensureIndex({ cardId: 1 });
|
||||||
|
});
|
||||||
|
|
||||||
|
AttachmentsOld.allow({
|
||||||
|
insert(userId, doc) {
|
||||||
|
return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId));
|
||||||
|
},
|
||||||
|
update(userId, doc) {
|
||||||
|
return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId));
|
||||||
|
},
|
||||||
|
remove(userId, doc) {
|
||||||
|
return allowIsBoardMember(userId, ReactiveCache.getBoard(doc.boardId));
|
||||||
|
},
|
||||||
|
// We authorize the attachment download either:
|
||||||
|
// - if the board is public, everyone (even unconnected) can download it
|
||||||
|
// - if the board is private, only board members can download it
|
||||||
|
download(userId, doc) {
|
||||||
|
const board = ReactiveCache.getBoard(doc.boardId);
|
||||||
|
if (board.isPublic()) {
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return board.hasMember(userId);
|
||||||
|
}
|
||||||
|
},
|
||||||
|
|
||||||
|
fetch: ['boardId'],
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
// XXX Enforce a schema for the AttachmentsOld CollectionFS
|
||||||
|
|
||||||
|
if (Meteor.isServer) {
|
||||||
|
AttachmentsOld.files.after.insert((userId, doc) => {
|
||||||
|
// If the attachment doesn't have a source field
|
||||||
|
// or its source is different than import
|
||||||
|
if (!doc.source || doc.source !== 'import') {
|
||||||
|
// Add activity about adding the attachment
|
||||||
|
Activities.insert({
|
||||||
|
userId,
|
||||||
|
type: 'card',
|
||||||
|
activityType: 'addAttachment',
|
||||||
|
attachmentId: doc._id,
|
||||||
|
// this preserves the name so that notifications can be meaningful after
|
||||||
|
// this file is removed
|
||||||
|
attachmentName: doc.original.name,
|
||||||
|
boardId: doc.boardId,
|
||||||
|
cardId: doc.cardId,
|
||||||
|
listId: doc.listId,
|
||||||
|
swimlaneId: doc.swimlaneId,
|
||||||
|
});
|
||||||
|
} else {
|
||||||
|
// Don't add activity about adding the attachment as the activity
|
||||||
|
// be imported and delete source field
|
||||||
|
AttachmentsOld.update(
|
||||||
|
{
|
||||||
|
_id: doc._id,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
$unset: {
|
||||||
|
source: '',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
AttachmentsOld.files.before.remove((userId, doc) => {
|
||||||
|
Activities.insert({
|
||||||
|
userId,
|
||||||
|
type: 'card',
|
||||||
|
activityType: 'deleteAttachment',
|
||||||
|
attachmentId: doc._id,
|
||||||
|
// this preserves the name so that notifications can be meaningful after
|
||||||
|
// this file is removed
|
||||||
|
attachmentName: doc.original.name,
|
||||||
|
boardId: doc.boardId,
|
||||||
|
cardId: doc.cardId,
|
||||||
|
listId: doc.listId,
|
||||||
|
swimlaneId: doc.swimlaneId,
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
|
export default AttachmentsOld;
|
||||||
29
models/avatars_old.js
Normal file
29
models/avatars_old.js
Normal file
|
|
@ -0,0 +1,29 @@
|
||||||
|
AvatarsOld = new FS.Collection('avatars', {
|
||||||
|
stores: [new FS.Store.GridFS('avatars')],
|
||||||
|
filter: {
|
||||||
|
maxSize: 72000,
|
||||||
|
allow: {
|
||||||
|
contentTypes: ['image/*'],
|
||||||
|
},
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
|
function isOwner(userId, file) {
|
||||||
|
return userId && userId === file.userId;
|
||||||
|
}
|
||||||
|
|
||||||
|
AvatarsOld.allow({
|
||||||
|
insert: isOwner,
|
||||||
|
update: isOwner,
|
||||||
|
remove: isOwner,
|
||||||
|
download() {
|
||||||
|
return true;
|
||||||
|
},
|
||||||
|
fetch: ['userId'],
|
||||||
|
});
|
||||||
|
|
||||||
|
AvatarsOld.files.before.insert((userId, doc) => {
|
||||||
|
doc.userId = userId;
|
||||||
|
});
|
||||||
|
|
||||||
|
export default AvatarsOld;
|
||||||
Loading…
Add table
Add a link
Reference in a new issue