-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IBX-3095: Fixed BinaryFile fieldtype resolving #128
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The solution looks good, for the query:
{
content {
articles {
edges {
node {
_name
newEzbinaryfile8 {
id
fileName
fileSize
mimeType
downloadCount
uri
mimeType
}
}
}
}
}
}
the response looks like this:
{
"data": {
"content": {
"articles": {
"edges": [
{
"node": {
"_name": "Test123123",
"newEzbinaryfile8": {
"id": "image/b44ee0a57fea81643701e0ab82bf1ddf.jfif",
"fileName": "Crew Event 2019 original picture.jfif",
"fileSize": 316062,
"mimeType": "image/jpeg",
"downloadCount": null,
"uri": "/content/download/56/264?version=4"
}
}
}
]
}
}
}
}
The only concern I have is the id
property ("id":image/b44ee0a57fea81643701e0ab82bf1ddf.jfif",
).
b44ee0a57fea81643701e0ab82bf1ddf
is the filename on the disk (the file is stored in public/var/site/storage/original/image/b44ee0a57fea81643701e0ab82bf1ddf
)
I know that in order to get the GraphQL response I need to have permissions to view that Content Item, so I can already download it - and most likely there's no real security risk here.
But the filename on the disk is for me an implementation detail that's not worth having in the API, and we had some security tickets related to filenames of uploaded files (https://issues.ibexa.co/browse/IBX-1656, https://issues.ibexa.co/browse/EZP-31139) so I've decided that it's best to double check whether we really want to include it in the response.
@barw4 @adamwojs @konradoboza @glye if you're ok with including the id
property then I'm fine with as well, just want to make sure.
Other: the downloadCount property is still null
- not sure if we should do something about it (and if it's a good idea to expose it)
I agree with @mnocon, |
Thanks @mnocon. All: Is there any usecase at all for including the I agree about |
…yFileFieldValue` mappings
Kudos, SonarCloud Quality Gate passed! 0 Bugs No Coverage information |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good now, thanks!
v3.3