From d25493e26295d27af34441a5f120226f2c17eda9 Mon Sep 17 00:00:00 2001 From: Claire Date: Mon, 27 Mar 2023 17:07:37 +0200 Subject: [PATCH] Fix user archive takeout when using OpenStack Swift or S3 providers with no ACL support (#24200) --- app/controllers/backups_controller.rb | 6 +++++- app/models/backup.rb | 2 +- config/initializers/paperclip.rb | 1 + 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/controllers/backups_controller.rb b/app/controllers/backups_controller.rb index 2f4b400b8d..0687b62c50 100644 --- a/app/controllers/backups_controller.rb +++ b/app/controllers/backups_controller.rb @@ -13,7 +13,11 @@ class BackupsController < ApplicationController when :s3 redirect_to @backup.dump.expiring_url(10) when :fog - redirect_to @backup.dump.expiring_url(Time.now.utc + 10) + if Paperclip::Attachment.default_options.dig(:storage, :fog_credentials, :openstack_temp_url_key).present? + redirect_to @backup.dump.expiring_url(Time.now.utc + 10) + else + redirect_to full_asset_url(@backup.dump.url) + end when :filesystem redirect_to full_asset_url(@backup.dump.url) end diff --git a/app/models/backup.rb b/app/models/backup.rb index 20e6e8aa8e..8823e7cae5 100644 --- a/app/models/backup.rb +++ b/app/models/backup.rb @@ -17,6 +17,6 @@ class Backup < ApplicationRecord belongs_to :user, inverse_of: :backups - has_attached_file :dump, s3_permissions: 'private' + has_attached_file :dump, s3_permissions: ->(*) { ENV['S3_PERMISSION'] == '' ? nil : 'private' } do_not_validate_attachment_file_type :dump end diff --git a/config/initializers/paperclip.rb b/config/initializers/paperclip.rb index 26b0a2f7cd..c735bab9a5 100644 --- a/config/initializers/paperclip.rb +++ b/config/initializers/paperclip.rb @@ -118,6 +118,7 @@ elsif ENV['SWIFT_ENABLED'] == 'true' openstack_domain_name: ENV.fetch('SWIFT_DOMAIN_NAME') { 'default' }, openstack_region: ENV['SWIFT_REGION'], openstack_cache_ttl: ENV.fetch('SWIFT_CACHE_TTL') { 60 }, + openstack_temp_url_key: ENV['SWIFT_TEMP_URL_KEY'], }, fog_directory: ENV['SWIFT_CONTAINER'],