Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add AttachmentsCopier concern #1271

Merged
merged 4 commits into from
Jun 26, 2024
Merged

Add AttachmentsCopier concern #1271

merged 4 commits into from
Jun 26, 2024

Conversation

aapomm
Copy link
Contributor

@aapomm aapomm commented Jun 18, 2024
edited
Loading

Spec

When moving an instance of evidence to another node the attachments are not moved. This means that if we delete the original node, the attachments are destroyed and the attachment can no longer be referenced in the evidence.

Proposed solution
Copy the attachment to the new node when an evidence or note are moved

  • In the controller's update action, check if the node_id is being changed
  • If yes, check whether the text includes any attachment syntax (!/projects/1/nodes/1/attachments/img.jpeg!)
  • If yes, find the attachment by file name and node_id and copy the attachment to the new node
  • Update the evidence/note text with the reference to the new node's attachment.

Other Information

If there's anything else that's important and relevant to your pull
request, mention that information here. This could include
benchmarks, or other information.

Thanks for contributing to Dradis!

Copyright assignment

Collaboration is difficult with commercial closed source but we want
to keep as much of the OSS ethos as possible available to users
who want to fix it themselves.

In order to unambiguously own and sell Dradis Framework commercial
products, we must have the copyright associated with the entire
codebase. Any code you create which is merged must be owned by us.
That's not us trying to be a jerks, that's just the way it works.

Please review the CONTRIBUTING.md
file for the details.

You can delete this section, but the following sentence needs to
remain in the PR's description:

I assign all rights, including copyright, to any future Dradis
work by myself to Security Roots.

Check List

  • Added a CHANGELOG entry

etdsoft
etdsoft reviewed Jun 26, 2024
View reviewed changes
app/controllers/notes_controller.rb
Comment on lines +49 to +52
@note.assign_attributes(note_params)
copy_attachments(@note) if @note.node_changed?

if @note.save
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good consistency move.

app/controllers/concerns/attachments_copier.rb
Comment on lines +11 to +14
new_path = full_screenshot_path.gsub(
/nodes\/[0-9]+\/attachments\/.+/,
"nodes/#{new_attachment.node_id}/attachments/#{new_filename}"
)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm concerned about this text manipulation. Then I thought about the "copy link" feature of the attachments sidebar, perhaps we can use the same approach?

https://github.com/dradis/dradis-ce/blob/main/app/views/attachments/_attachment_box.html.erb#L59

I could even consider moving this into a helper to avoid duplication, but we don't currently have an attachment_helper.rb it could fit in.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's tricky to DRY this considering that the contexts are different. The attachment box is in the view that has access to the route helpers while this code isn't. There's also some possible rabbit hole with the default_url_options = /pro once we move the link helpers out of the view. Happy to explore this more if we need this code on many more places but currently, this seems like the simplest approach.

@aapomm aapomm merged commit bbb8543 into develop Jun 26, 2024
3 checks passed
@aapomm aapomm deleted the attachments/evidence-note-move branch June 26, 2024 10:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@etdsoft etdsoft etdsoft left review comments

@caitmich caitmich caitmich left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aapomm @etdsoft @caitmich