studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(backend) extract attachment keys from updated content for access

Browse Source 
We can't prevent document editors from copy/pasting content to from one
document to another. The problem is that copying content, will copy the
urls pointing to attachments but if we don't do anything, the reader of
the document to which the content is being pasted, may not be allowed to
access the attachment files from the original document.

Using the work from the previous commit, we can grant access to the readers
of the target document by extracting the attachment keys from the content and
adding themto the target document's "attachments" field. Before doing this,
we check that the current user can indeed access the attachment files extracted
from the content and that they are allowed to edit the current document.
This commit is contained in:
Samuel Paccoud - DINUM
2025-01-21 23:56:50 +01:00
committed by Manuel Raynaud
parent 34a208a80d
commit c02f19a2cd
4 changed files with 92 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/backend/core/tests/documents/test_api_documents_media_auth.py
View File

@@ -1,5 +1,5 @@
"""
Test file uploads API endpoint for users in impress's core app.
Test media-auth authorization API endpoint in docs core app.
"""
from io import BytesIO