closes RECNVS-61
test plan:
* create an assignment as a teacher
* while instfs is running and enabled, submit a submission to the
assignment as a student; verify (e.g. with the `dc up` output
in instfs) that it was stored in instfs
* click the "Download all submissions" button as the teacher
* Verify the downloaded zip contains the file you uploaded as a student
Change-Id: I5ce3cd1a983dc340181ef8602ace48d542f641a5
Reviewed-on: https://gerrit.instructure.com/143078
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
also restore to the right state
refs CNVS-38273
Change-Id: I461ee4b35be39ade249069a96f69f1ccf5b7dae7
Reviewed-on: https://gerrit.instructure.com/119513
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
when we make_childless, we copy the data, so it still needs to be
deleted from the original attachment.
fixes CNVS-38273
test plan:
- run a content export, and then upload the package to your user files
- run the attachment gc
- the export attachment should be deleted (including content), but the
user file version should still exist
Change-Id: Ia41090f45a0d580183583e0680e8ca27bdc2b0d4
Reviewed-on: https://gerrit.instructure.com/119451
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
refs CNVS-37514
test plan:
- create two attachments, and a child attachment for one of them
- set the two roots to a created_at in the past, but not the child
- run the gc
- it should not delete the child attachment
Change-Id: I4a39b62a6de9bab4a38b95f9c0eba04908a31b1d
Reviewed-on: https://gerrit.instructure.com/119270
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Change-Id: Iffef70aa6b0614b237de048f7d1919098aa08856
Reviewed-on: https://gerrit.instructure.com/115808
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
closes CNVS-37514
test plan:
- create some content exports, of different types
- modify the created_at date of some of the attachments
- run the cleanup script, with a date that makes sense
- the correct attachments should be deleted
Change-Id: I67d0d485a546b99bd63e8cf65e74a0de55072944
Reviewed-on: https://gerrit.instructure.com/115392
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
closes CNVS-37152
test plan:
- have old folder export attachments
- run Attachments::GarbageCollector::FolderExports.delete_content
- make sure the s3 objects are deleted
- if you are happy, run:
Attachments::GarbageCollector::FolderExports.delete_rows
- otherwise, run:
Attachments::GarbageCollector::FolderExports.undelete_content
Change-Id: Ie6f094f0ffdc151f71b84b5b7a39afc3da0a4638
Reviewed-on: https://gerrit.instructure.com/113109
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
fixes CNVS-36040
test plan:
- try file uploads against an eu-central-1 and a us-east-1 s3 bucket as
well as local uploads
- try direct-to-s3 uploads (like from the files area), proxied uploads
(add a new file from the add module item dialog), and behind-the-scenes
uploads (like generating a course export or doing a sis import)
- make sure previously uploaded files continue to work
Change-Id: Ifd55cd72e017257e807f26a11a2f0870b7f68957
Reviewed-on: https://gerrit.instructure.com/110446
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
also fix copy_attachment_content when the destination file
doesn't exist yet
Change-Id: I46489f7f7395061bd34560b5d471c56133cf1dca
Reviewed-on: https://gerrit.instructure.com/109231
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
also, specify the target as an Object, not just a filename
(so that it has the bucket context)
Change-Id: I9999b0502cf1f050e380a1d8fe32e5240ce7db5c
Reviewed-on: https://gerrit.instructure.com/103220
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-33615
test plan:
* upload and download files using S3
* submit an assignment
* do an SIS import with parallel
* do a course copy
* export and import a course
* upload some custom css file in theme editor
* test a canvadoc and crocodoc preview
Change-Id: I9145b39728938e7e5903d23c4a4598fc8df4ef45
Reviewed-on: https://gerrit.instructure.com/93002
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
fixes CNVS-21854
Moves permission-based scope concatenation from
FilesController#api_index to Attachments::ScopedToUser#scope. Updates
Folder permission policy to delegate permissions for :read_as_admin &
:manage_files to its context. Add Folder.from_context_or_id to
encapsulate folder finding logic from FilesController#api_index.
test plan:
- Regression testing for API files index action.
Change-Id: I1dc855cc16a98969482a72d251848c47e300b05c
Reviewed-on: https://gerrit.instructure.com/58415
Tested-by: Jenkins
Reviewed-by: Matt Berns <mberns@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: John Corrigan <jcorrigan@instructure.com>
test plan:
- create a private eportfolio with a file attachment
- get the sharing link from the eportfolio dashboard
(the thing with the long verifier in it)
- confirm that the eportfolio, and its files, are
visible through that link
(a) as a different user
(b) with no user, in a private/incognito window
- confirm that the private eportfolio is not accessible
by another/no user without the verifier
fixes CNVS-20092
Change-Id: I8dc14690068ebfc34f868d10597f95411f55c165
Reviewed-on: https://gerrit.instructure.com/53077
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
test plan
- upload a file on user 1
- destroy the s3object
- upload the file again on user 2
- merge user2 into user 1
- it should be a new root_attachment that works
Change-Id: I979932a7aa1a652b2aab4c660dcc6b6de15b8861
Reviewed-on: https://gerrit.instructure.com/50954
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
for verifiers that grant access to files that would otherwise
not be accessible (such as a file attachment in user context),
allow them to check permission on a different object instead.
in this commit, the verifier remaps file permissions for
eportfolio attachments to permissions on the eportfolio itself.
test plan:
- create an eportfolio, and set it to public
- attach a file to it
- verify that another user can view the eportfolio and the
file attachment
- save the URL to the file attachment
- uncheck the public eportfolio setting and save it
- verify that the saved URL for the file attachment no longer
works
fixes CNVS-19719
Change-Id: Ic1839f13d571d3f5f2aa692f94bd1fd1d5e485ca
Reviewed-on: https://gerrit.instructure.com/52120
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
This commit adds a new form of attachment verifier. Rather than just
being the `uuid` from the attachment object, it is a signed JWT that
includes the attachment id, the viewing user id, and a viewing context.
The existing code that checks the verifier now checks to see if it's
a UUID and returns success if it is (to preserve legacy behavior). It
attempts to decode and verify the token, and verify that the user
captured in the token still has permission to :read or :download the
attachment.
The context captured in the token is currently unused, but may prove
useful for debugging or future purposes. The context is just an
asset_string for a model.
The only place generating new verifiers with this commit is the helper
ApplicationController#verified_file_download_url, which is only used by
content exports and eportfolios.
We also shoot increments to statsd when legacy and new verifiers are
used, so we can see when legacy verifier usage is low enough to disable.
Test plan:
* Create a course export.
* View the export at /courses/X/content_exports
* Verify that the verifier= in the download URL is decoded correctly
at jwt.io. It should have a user_id, an id, and a context.
* Verify that a you can successfully download the export.
* Use the files API and verify that urls still have the
old-style verifier=<40-character UUID> on them, and that these
links still work without authentication (such as an incognito tab
or curl)
* enable eportfolios in account settings
* upload a file to user files
* create an eportfolio, and attach a user file to it
* save the eportfolio
* confirm that the download link
(which looks like /eportfolios/X/entries/Y/files/ZZZ)
redirects to a file download link with a new verifier
fixes CNVS-18858
fixes CNVS-18861
Change-Id: I3db21469462dfdb8f8067f509a01a55d7cb23abd
Reviewed-on: https://gerrit.instructure.com/48637
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
test plan:
- you should be able to perform content imports on rails3
(specifically, there should not be a "Content-length does not match",
or, for very small imports, "(something) from ASCII-8BIT to UTF-8"
error)
fixes CNVS-12229
Change-Id: I8a549c3760972dc028461b391c87a2fcc98ff9f4
Reviewed-on: https://gerrit.instructure.com/33186
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
fixes CNVS-12045
test plan:
- with local file storage
* upload attachment to course and submit file
* download attachment
- with s3 file storage
* upload attachment to course and submit file
* download attachment
Change-Id: I9e3fd20a6659e53a37dae04137e2b39b0e3c3ea8
Reviewed-on: https://gerrit.instructure.com/32433
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
Andrew Huff