Override realm of uploading user when invoked via the email mirror

Here, we don't want to check the uploading users' realm when determining message privacy, because that'll prevent non-Zulip users from having email-mirror-uploaded images. Instead, we just pass along the target realm for the message explicitly to upload_message_image() (imported from commit 6891261552135b1f41ff9da55ffe963ee5000556)
2025-11-18 21:48:30 +00:00 · 2014-02-06 23:37:23 -05:00
parent 1e87e7c5c1
commit fe55127eee
2 changed files with 8 additions and 7 deletions
--- a/zerver/lib/email_mirror.py
+++ b/zerver/lib/email_mirror.py
@@ -143,7 +143,7 @@ def filter_footer(text):

    return text.partition("--")[0].strip()

-def extract_and_upload_attachments(message):
+def extract_and_upload_attachments(message, realm):
    attachment_links = []

    payload = message.get_payload()
@@ -157,7 +157,8 @@ def extract_and_upload_attachments(message):
        if filename:
            s3_url = upload_message_image(filename, content_type,
                                          part.get_payload(decode=True),
-                                          email_gateway_user)
+                                          email_gateway_user,
+                                          target_realm=realm)
            formatted_link = "[%s](%s)" % (filename, s3_url)
            attachment_links.append(formatted_link)

@@ -208,7 +209,7 @@ def process_message(message, rcpt_to=None):
        debug_info["to"] = to
        stream = extract_and_validate(to)
        debug_info["stream"] = stream
-        body += extract_and_upload_attachments(message)
+        body += extract_and_upload_attachments(message, stream.realm)
        if not body:
            # You can't send empty Zulips, so to avoid confusion over the
            # email forwarding failing, set a dummy message body.
--- a/zerver/lib/upload.py
+++ b/zerver/lib/upload.py
@@ -96,13 +96,13 @@ def get_file_info(request, user_file):
 def authed_upload_enabled(realm):
    return realm.domain in ('zulip.com', 'squarespace.com')

-def upload_message_image_s3(uploaded_file_name, content_type, file_data, user_profile, private=None):
+def upload_message_image_s3(uploaded_file_name, content_type, file_data, user_profile, private=None, target_realm=None):
    if private is None:
-        private = authed_upload_enabled(user_profile.realm)
+        private = authed_upload_enabled(target_realm if target_realm is not None else user_profile.realm)
    if private:
        bucket_name = settings.S3_AUTH_UPLOADS_BUCKET
        s3_file_name = "/".join([
-            str(user_profile.realm.id),
+            str(target_realm.id if target_realm is not None else user_profile.realm.id),
            random_name(18),
            sanitize_name(uploaded_file_name)
        ])
@@ -163,7 +163,7 @@ def write_local_file(type, path, file_data):
    with open(file_path, 'wb') as f:
        f.write(file_data)

-def upload_message_image_local(uploaded_file_name, content_type, file_data, user_profile, private=None):
+def upload_message_image_local(uploaded_file_name, content_type, file_data, user_profile, private=None, target_realm=None):
    # Split into 256 subdirectories to prevent directories from getting too big
    path = "/".join([
        str(user_profile.realm.id),