Added the option env option to configure that all new attachment files should be downloaded by default

2025-06-20 17:15:51 +02:00 · 2023-11-26 23:44:02 +01:00 · 2023-11-26 23:44:02 +01:00 · 18db20e511
commit 18db20e511
parent 0f0adfcf36
6 changed files with 44 additions and 4 deletions
--- a/.docker/symfony.conf
+++ b/.docker/symfony.conf
@ -28,7 +28,7 @@
        PassEnv APP_ENV APP_DEBUG APP_SECRET
        PassEnv TRUSTED_PROXIES TRUSTED_HOSTS LOCK_DSN
        PassEnv DATABASE_URL ENFORCE_CHANGE_COMMENTS_FOR
-        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI CHECK_FOR_UPDATES
+        PassEnv DEFAULT_LANG DEFAULT_TIMEZONE BASE_CURRENCY INSTANCE_NAME ALLOW_ATTACHMENT_DOWNLOADS USE_GRAVATAR MAX_ATTACHMENT_FILE_SIZE DEFAULT_URI CHECK_FOR_UPDATES ATTACHMENT_DOWNLOAD_BY_DEFAULT
        PassEnv MAILER_DSN ALLOW_EMAIL_PW_RESET EMAIL_SENDER_EMAIL EMAIL_SENDER_NAME
        PassEnv HISTORY_SAVE_CHANGED_FIELDS HISTORY_SAVE_CHANGED_DATA HISTORY_SAVE_REMOVED_DATA HISTORY_SAVE_NEW_DATA
        PassEnv ERROR_PAGE_ADMIN_EMAIL ERROR_PAGE_SHOW_HELP
--- a/.env
+++ b/.env
@ -29,6 +29,8 @@ INSTANCE_NAME="Part-DB"
 # Allow users to download attachments to the server by providing an URL
 # This could be a potential security issue, as the user can retrieve any file the server has access to (via internet)
 ALLOW_ATTACHMENT_DOWNLOADS=0
+# Set this to 1, if the "download external files" checkbox should be checked by default for new attachments
+ATTACHMENT_DOWNLOAD_BY_DEFAULT=0
 # Use gravatars for user avatars, when user has no own avatar defined
 USE_GRAVATAR=0
 # The maximum allowed size for attachment files in bytes (you can use M for megabytes and G for gigabytes)
--- a/config/parameters.yaml
+++ b/config/parameters.yaml
@ -35,6 +35,7 @@ parameters:
  # Attachments and files
  ######################################################################################################################
  partdb.attachments.allow_downloads: '%env(bool:ALLOW_ATTACHMENT_DOWNLOADS)%'    # Allow users to download attachments to server. Warning: This can be dangerous, because via that feature attackers maybe can access ressources on your intranet!
+  partdb.attachments.download_by_default: '%env(bool:ATTACHMENT_DOWNLOAD_BY_DEFAULT)%' # If this is set the 'download external files' checkbox is set by default for new attachments (only if allow_downloads is set to true)
  partdb.attachments.dir.media: 'public/media/'                                   # The folder where uploaded attachment files are saved (must be in public folder)
  partdb.attachments.dir.secure: 'uploads/'                                       # The folder where secured attachment files are saved (must not be in public/)
  partdb.attachments.max_file_size: '%env(string:MAX_ATTACHMENT_FILE_SIZE)%'      # The maximum size of an attachment file (in bytes, you can use M for megabytes and G for gigabytes)
--- a/config/services.yaml
+++ b/config/services.yaml
@ -93,6 +93,7 @@ services:
        arguments:
            $allow_attachments_download: '%partdb.attachments.allow_downloads%'
            $max_file_size: '%partdb.attachments.max_file_size%'
+            $download_by_default: '%partdb.attachments.download_by_default%'

    App\Services\Attachments\AttachmentSubmitHandler:
        arguments:
--- a/docs/configuration.md
+++ b/docs/configuration.md
@ -53,6 +53,9 @@ options listed, see `.env` file for full list of possible env variables.
  download a file specified as a URL and create it as local file. Please note that this allows users access to all
  resources publicly available to the server (so full access to other servers in the same local network), which could
  be a security risk.
+* `ATTACHMENT_DOWNLOAD_BY_DEFAULT`: When this is set to 1, the "download external file" checkbox is checked by default
+  when adding a new attachment. Otherwise, it is unchecked by default. Use this if you wanna download all attachments
+  locally by default. Attachment download is only possible, when `ALLOW_ATTACHMENT_DOWNLOADS` is set to 1.
 * `USE_GRAVATAR`: Set to `1` to use [gravatar.com](https://gravatar.com/) images for user avatars (as long as they have
  not set their own picture). The users browsers have to download the pictures from a third-party (gravatar) server, so
  this might be a privacy risk.
--- a/src/Form/AttachmentFormType.php
+++ b/src/Form/AttachmentFormType.php
@ -48,8 +48,16 @@ use Symfony\Contracts\Translation\TranslatorInterface;

 class AttachmentFormType extends AbstractType
 {
-    public function __construct(protected AttachmentManager $attachment_helper, protected UrlGeneratorInterface $urlGenerator, protected Security $security, protected AttachmentSubmitHandler $submitHandler, protected TranslatorInterface $translator, protected bool $allow_attachments_download, protected string $max_file_size)
-    {
+    public function __construct(
+        protected AttachmentManager $attachment_helper,
+        protected UrlGeneratorInterface $urlGenerator,
+        protected Security $security,
+        protected AttachmentSubmitHandler $submitHandler,
+        protected TranslatorInterface $translator,
+        protected bool $allow_attachments_download,
+        protected bool $download_by_default,
+        protected string $max_file_size
+    ) {
    }

    public function buildForm(FormBuilderInterface $builder, array $options): void
@ -85,7 +93,8 @@ class AttachmentFormType extends AbstractType
            'required' => false,
            'attr' => [
                'data-controller' => 'elements--attachment-autocomplete',
-                'data-autocomplete' => $this->urlGenerator->generate('typeahead_builtInRessources', ['query' => '__QUERY__']),
+                'data-autocomplete' => $this->urlGenerator->generate('typeahead_builtInRessources',
+                    ['query' => '__QUERY__']),
                //Disable browser autocomplete
                'autocomplete' => 'off',
            ],
@ -159,6 +168,30 @@ class AttachmentFormType extends AbstractType
                }
            }
        );
+
+        //If the attachment should be downloaded by default (and is download allowed at all), register a listener,
+        // which sets the downloadURL checkbox to true for new attachments
+        if ($this->download_by_default && $this->allow_attachments_download) {
+            $builder->addEventListener(FormEvents::POST_SET_DATA, function (FormEvent $event): void {
+                $form = $event->getForm();
+                $attachment = $form->getData();
+
+                if (!$attachment instanceof Attachment && $attachment !== null) {
+                    return;
+                }
+
+                //If the attachment was not created yet, set the downloadURL checkbox to true
+                if ($attachment === null || $attachment->getId() === null) {
+                    $checkbox = $form->get('downloadURL');
+                    //Ensure that the checkbox is not disabled
+                    if ($checkbox->isDisabled()) {
+                        return;
+                    }
+                    //Set the checkbox
+                    $checkbox->setData(true);
+                }
+            });
+        }
    }

    public function configureOptions(OptionsResolver $resolver): void