mirror of
https://github.com/zulip/zulip.git
synced 2025-11-05 06:23:38 +00:00
d149af936d
Previously, Attachment.is_realm_public and its cousin, Attachment.is_web_public, were properties that began as False and transitioned to True only when a message containing a link to the attachment was sent to the appropriate class of stream, or such a link was added as part of editing a message. This pattern meant that neither field was updated in situations where the access permissions for a message changed: * Moving the message to a different stream. * Changing the permissions for a stream containing links to the message. This correctness issue has limited security impact, because uploaded files are secured both by a random URL and by these access checks. To fix this, we reformulate these fields as a cache, with code paths that change the permissions affecting an attachment responsible for setting these values to the `None` (uncached) state. We prefer setting this `None` state over computing the correct permissions, because the correct post-edit permissions are a function of all messages containing the attachment, and we don't want to be responsible for fetching all of those messages in the edit code paths.
326 KiB
326 KiB