Added a permission to control which users can access private attachments.

2025-07-31 00:04:40 +02:00 · 2020-03-30 16:56:58 +02:00 · 2020-03-30 16:56:58 +02:00 · e83d72ec10
commit e83d72ec10
parent 9769915b34
7 changed files with 31 additions and 9 deletions
--- a/templates/AdminPages/_attachments.html.twig
+++ b/templates/AdminPages/_attachments.html.twig
@ -42,7 +42,9 @@
                        </span>
                            </h6>
                        {% endif %}
-                        {% if attach.picture %}
+                        {% if attach.secure and not is_granted('show_private', attach) %}
+                            {# Leave blank #}
+                        {% elseif attach.picture %}
                            <a href="{{ attach | entityURL('file_view') }}" target="_blank" rel="noopener" data-no-ajax>
                                <img class="img-fluid img-thumbnail thumbnail-sm" src="{{ attachment_thumbnail(attach, 'thumbnail_md') }}" alt="{% trans %}attachment.preview.alt{% endtrans %}" />
                            </a>
--- a/templates/Parts/edit/_attachments.html.twig
+++ b/templates/Parts/edit/_attachments.html.twig
@ -40,7 +40,9 @@
                        </h6>
                    {% endif %}

-                    {% if attach.picture %}
+                    {% if attach.secure and not is_granted('show_private', attach) %}
+                        {# Leave blank #}
+                    {% elseif attach.picture %}
                        <a href="{{ attach | entityURL('file_view') }}" rel="noopener" target="_blank" data-no-ajax>
                            <img class="img-fluid img-thumbnail thumbnail-sm" src="{{ attachment_thumbnail(attach, 'thumbnail_md') }}" alt="{% trans %}attachment.preview.alt{% endtrans %}" />
                        </a>
--- a/templates/Parts/info/_attachments_info.html.twig
+++ b/templates/Parts/info/_attachments_info.html.twig
@ -41,12 +41,12 @@

            <td><div class="btn-group" role="group" aria-label="">
                    <a {% if attachment_helper.fileExisting(attachment) %}href="{{ attachment|entityURL('file_view') }}"{% endif %} target="_blank"
-                       class="btn btn-secondary {% if not attachment_helper.fileExisting(attachment)  %}disabled{% endif %}"
+                       class="btn btn-secondary {% if not attachment_helper.fileExisting(attachment) or (attachment.secure and not is_granted("show_secure", attachment))  %}disabled{% endif %}"
                       data-no-ajax title="{% trans %}attachment.view{% endtrans %}" rel="noopener">
                        <i class="fas fa-eye fa-fw"></i>
                    </a>
                    <a {% if attachment_helper.fileExisting(attachment)  %}href="{{ attachment|entityURL('file_download') }}"{% endif %} data-no-ajax
-                       class="btn btn-secondary {% if not attachment_helper.fileExisting(attachment)  %}disabled{% endif %}"
+                       class="btn btn-secondary {% if not attachment_helper.fileExisting(attachment) or (attachment.secure and not is_granted("show_secure", attachment)) %}disabled{% endif %}"
                       title="{% trans %}attachment.download{% endtrans %}">
                        <i class="fas fa-download fa-fw"></i>
                    </a>
@ -58,9 +58,6 @@
                            <span class="text-muted dropdown-item-text" ><i class="fas fa-lightbulb fa-fw"></i> <b>ID:</b> {{ attachment.iD }}</span>
                            <span class="text-muted dropdown-item-text" ><i class="fas fa-calendar fa-fw"></i> <b>{% trans %}createdAt{% endtrans %}:</b> {{ attachment.addedDate | format_datetime("short")}}</span>
                            <span class="text-muted dropdown-item-text" ><i class="fas fa-history fa-fw"></i> <b>{% trans %}createdAt{% endtrans %}:</b> {{ attachment.addedDate | format_datetime("short")}}</span>
-                            <div class="dropdown-divider"></div>
-                            <a class="dropdown-item" href="#">{% trans %}attachment.edit{% endtrans %}</a>
-                            <a class="dropdown-item" href="#">{% trans %}attachment.delete{% endtrans %}</a>
                        </div>
                    </div>
                </div></td>
--- a/templates/helper.twig
+++ b/templates/helper.twig
@ -7,14 +7,19 @@
 {% endmacro %}

 {% macro attachment_icon(attachment, attachment_helper, class = "fa-fw fas fa-3x", link = true) %}
+    {% set disabled = attachment.secure and not is_granted("show_secure", attachment) %}
    {% if not attachment_helper or attachment_helper.fileExisting(attachment) %}
-        <a target="_blank"  data-no-ajax rel="noopener" href="{% if link %}{{ attachment|entityURL('file_view') }}{% endif %}">
+        {% if link and not disabled %}
+        <a target="_blank" data-no-ajax rel="noopener" href="{{ attachment|entityURL('file_view') }}">
+        {% endif %}
            {% if attachment.picture %}
                <img class="hoverpic" src="{{ attachment|entityURL('file_view') }}">
            {% else %}
                <i class="text-dark {{ class }} {{ ext_to_fa_icon(attachment.extension) }}"></i>
            {% endif %}
+        {% if link and not disabled %}
        </a>
+        {% endif %}
    {% elseif not attachment_helper.fileExisting(attachment) %}
        <i class="{{ class }} fa-exclamation-triangle text-danger"></i>
    {% endif %}