New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Use doctype setting to set auto-extracted file as private #24828
Conversation
- Use `make_attachments_public` to determine the file privacy while auto creating files from the text editor field - Currently, all files in the text editor field are automatically public
TODO:
|
8653f47
to
ed6613c
Compare
…c for Communication - Note: DocType Communication's records are used for emails that have the file link embedded in its content - fix: The files extracted from a Communication must be public so that they are visible in an email (link in email) - Test: Check if file is created appropriately from a Comment and a Communication
7a17677
to
65c8a37
Compare
@ankush not sure how to handle |
@marination this doesn't work afaik We use cookies from current request and pass it to wkhtml so it can read private images. However when it's done from background jobs it's not possible. Lines 179 to 193 in 4e1ed29
Possible fix that we have discussed before:
Both are long pending design flaws, will have get it fixed somehow to make this work 😔 |
0d1e103
to
1f3e32a
Compare
update: working on base64-ing private images rn. Once we have this it's easier to port this change without breaking anything. |
the world of email is 💩 |
How about this approach:
This way we stay close to the current implementation but get fairly good security. |
df91947
to
aa51492
Compare
…ort #24828) (#25673) * fix: Use doctype setting to set auto-extracted file as private - Use `make_attachments_public` to determine the file privacy while auto creating files from the text editor field - Currently, all files in the text editor field are automatically public (cherry picked from commit 7445de9) * test: use meta for fetching settings (cherry picked from commit ed6613c) * test: Comment + Comm.n file extraction & Attachments default to public for Communication - Note: DocType Communication's records are used for emails that have the file link embedded in its content - fix: The files extracted from a Communication must be public so that they are visible in an email (link in email) - Test: Check if file is created appropriately from a Comment and a Communication (cherry picked from commit 65c8a37) * fix: Use regex in failing test (cherry picked from commit 1f3e32a) --------- Co-authored-by: marination <maricadsouza221197@gmail.com> Co-authored-by: Ankush Menat <ankushmenat@gmail.com>
…-24828 fix: Use doctype setting to set auto-extracted file as private (backport #24828)
# [15.20.0](v15.19.1...v15.20.0) (2024-04-02) ### Bug Fixes * advertise insights to system manager only ([7046320](7046320)) * cint -> avoid precision loss if already integer ([#25735](#25735)) ([#25737](#25737)) ([6c822e0](6c822e0)) * **enqueue:** pass the original method argument here ([#25722](#25722)) ([2c14450](2c14450)), closes [/github.com/frappe/frappe/blob/87d121f47a4afc507442a97bf1854bb3d17f42c6/frappe/email/doctype/email_queue/email_queue.py#L735-L736](https://github.com//github.com/frappe/frappe/blob/87d121f47a4afc507442a97bf1854bb3d17f42c6/frappe/email/doctype/email_queue/email_queue.py/issues/L735-L736) * **event:** clear message after handling exception ([eb9e88e](eb9e88e)) * fieldname extraction (backport [#24411](#24411)) ([#25670](#25670)) ([ed4e1b3](ed4e1b3)), closes [#22892](#22892) * incorrect status on data import (backport [#25660](#25660)) ([#25703](#25703)) ([0165c75](0165c75)) * incorrect UI icon for desc sort ([#25687](#25687)) ([#25689](#25689)) ([f7f2849](f7f2849)) * invalid filter on email acccount ([#25674](#25674)) ([#25676](#25676)) ([c15b47a](c15b47a)) * let's colored tags in listview ([#25552](#25552)) ([4e17959](4e17959)) * make ads translatable ([217ef0b](217ef0b)) * make insights ad translatable ([43e6734](43e6734)) * message update in custom app if is_standard ([#25754](#25754)) ([86ad2e6](86ad2e6)) * non-html notifications from files ([a35e9ba](a35e9ba)) * preserve original error message ([#25682](#25682)) ([#25685](#25685)) ([3d364b7](3d364b7)) * reserved keywords as col name ([#25718](#25718)) ([#25726](#25726)) ([fca1c1a](fca1c1a)) * **restore:** check backup directory and bench directory if we can't find the file ([e6e4258](e6e4258)) * translatable web footer ([99bbd94](99bbd94)) * Use CssParser to correctly pass options to wkhtmltopdf ([e9811ea](e9811ea)) * Use doctype setting to set auto-extracted file as private (backport [#24828](#24828)) ([#25673](#25673)) ([14ccbe7](14ccbe7)) ### Features * allow skipping msgprint ([59813db](59813db)), closes [/github.com/frappe/frappe/blob/version-15/frappe/desk/doctype/event/event.py#L398](https://github.com//github.com/frappe/frappe/blob/version-15/frappe/desk/doctype/event/event.py/issues/L398) * **customize_form:** allow setting `creation` as a default sort field ([#25760](#25760)) ([d540c72](d540c72)) * **notification:** specify message type (html, md, txt) ([e9a8a14](e9a8a14)) ### Reverts * Revert "fix: message update in custom app if is_standard (#25754)" (#25767) ([f5a17f7](f5a17f7)), closes [#25754](#25754) [#25767](#25767)
Use
make_attachments_public
to determine the file privacy while auto creating files from the text editor fieldCurrently, all files in the text editor field are automatically public and there is no way to control this behaviour except manually setting the file as private each time.