FIX: Update upload secure status when revising posts (#13110)

FIX: Update upload secure status when revising posts (#13110)

When uploads are created from the composer (editing or creating a post), for sites with secure uploads enabled we assume security by default and that new upload is set to secure. When the post is created, we then check whether the post uploads actually need to be secure and adjust accordingly.

We were not doing this when revising a post, so when a new upload was created when editing a post in a public topic, the secure status stayed true erroneously causing issues with image previews, among other things.

diff --git a/lib/post_revisor.rb b/lib/post_revisor.rb
index 26c13b9..571cf94 100644
--- a/lib/post_revisor.rb
+++ b/lib/post_revisor.rb
@@ -226,6 +226,11 @@ class PostRevisor
     # it can fire events in sidekiq before the post is done saving
     # leading to corrupt state
     QuotedPost.extract_from(@post)
+
+    # This must be done before post_process_post, because that uses
+    # post upload security status to cook URLs.
+    @post.update_uploads_secure_status(source: "post revisor")
+
     post_process_post
 
     update_topic_word_counts
diff --git a/spec/components/post_revisor_spec.rb b/spec/components/post_revisor_spec.rb
index 551c2bc..5d54fbd 100644
--- a/spec/components/post_revisor_spec.rb
+++ b/spec/components/post_revisor_spec.rb
@@ -1115,6 +1115,37 @@ describe PostRevisor do
 
         expect(post.reload.post_uploads.pluck(:upload_id)).to contain_exactly(image2.id, image3.id, image4.id)
       end
+
+      context "secure media uploads" do
+        let!(:image5) { Fabricate(:secure_upload) }
+        before do
+          setup_s3
+          SiteSetting.authorized_extensions = "png|jpg|gif|mp4"
+          SiteSetting.secure_media = true
+          stub_upload(image5)
+        end
+
+        it "updates the upload secure status, which is secure by default from the composer. set to false for a public topic" do
+          subject.revise!(user, raw: <<~RAW)
+              This is a post with a secure upload
+              ![image5](#{image5.short_url})
+          RAW
+
+          expect(image5.reload.secure).to eq(false)
+          expect(image5.security_last_changed_reason).to eq("access control post dictates security | source: post revisor")
+        end
+
+        it "does not update the upload secure status, which is secure by default from the composer for a private" do
+          post.topic.update(category: Fabricate(:private_category,  group: Fabricate(:group)))
+          subject.revise!(user, raw: <<~RAW)
+              This is a post with a secure upload
+              ![image5](#{image5.short_url})
+          RAW
+
+          expect(image5.reload.secure).to eq(true)
+          expect(image5.security_last_changed_reason).to eq("access control post dictates security | source: post revisor")
+        end
+      end
     end
   end
 

GitHub sha: afb2b4c6

This commit appears in #13110 which was approved by lis2. It was merged by martin.