Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IBX-3095: Fixed BinaryFile fieldtype resolving #128

Merged
merged 2 commits into from
Jul 11, 2022

Conversation

barw4
Copy link
Member

@barw4 barw4 commented Jul 4, 2022

Question Answer
JIRA issue IBX-3095
Type bug
Target Ibexa version v3.3
BC breaks no

@barw4 barw4 requested a review from a team July 4, 2022 09:03
@barw4 barw4 self-assigned this Jul 4, 2022
@barw4 barw4 added Bug Something isn't working Ready for review labels Jul 4, 2022
@konradoboza konradoboza requested a review from a team July 4, 2022 09:30
Copy link
Member

@mnocon mnocon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The solution looks good, for the query:

{
  content {
    articles {
      edges {
        node {
          _name
          newEzbinaryfile8 {
            id
            fileName
            fileSize
            mimeType
            downloadCount
            uri
            mimeType
          }
        }
      }
    }
  }
}

the response looks like this:

{
  "data": {
    "content": {
      "articles": {
        "edges": [
          {
            "node": {
              "_name": "Test123123",
              "newEzbinaryfile8": {
                "id": "image/b44ee0a57fea81643701e0ab82bf1ddf.jfif",
                "fileName": "Crew Event 2019 original picture.jfif",
                "fileSize": 316062,
                "mimeType": "image/jpeg",
                "downloadCount": null,
                "uri": "/content/download/56/264?version=4"
              }
            }
          }
        ]
      }
    }
  }
}

The only concern I have is the id property ("id":image/b44ee0a57fea81643701e0ab82bf1ddf.jfif",).

b44ee0a57fea81643701e0ab82bf1ddf is the filename on the disk (the file is stored in public/var/site/storage/original/image/b44ee0a57fea81643701e0ab82bf1ddf)

I know that in order to get the GraphQL response I need to have permissions to view that Content Item, so I can already download it - and most likely there's no real security risk here.

But the filename on the disk is for me an implementation detail that's not worth having in the API, and we had some security tickets related to filenames of uploaded files (https://issues.ibexa.co/browse/IBX-1656, https://issues.ibexa.co/browse/EZP-31139) so I've decided that it's best to double check whether we really want to include it in the response.

@barw4 @adamwojs @konradoboza @glye if you're ok with including the id property then I'm fine with as well, just want to make sure.

Other: the downloadCount property is still null - not sure if we should do something about it (and if it's a good idea to expose it)

@konradoboza
Copy link
Member

I agree with @mnocon, id property doesn't bring much value and we shouldn't expose it. The same stands for downloadCount.

@glye
Copy link
Member

glye commented Jul 7, 2022

Thanks @mnocon. All: Is there any usecase at all for including the id? If not, it's just noise. For instance, in our default vhost we do not grant read access to the original dir, so direct access from there is not supposed to be possible.

I agree about downloadCount as it provides info not just about the info but the system around it. It is more of an admin related property than a generically useful read property.

@sonarcloud
Copy link

sonarcloud bot commented Jul 7, 2022

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@barw4
Copy link
Member Author

barw4 commented Jul 7, 2022

id and downloadCount have been removed in 7fb09f7, also BinaryBaseFieldValue was removed as it was useless.

Copy link
Member

@mnocon mnocon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now, thanks!

@adamwojs adamwojs merged commit 481990c into 2.3 Jul 11, 2022
@adamwojs adamwojs deleted the ibx-3095-binary-file-resolving branch July 11, 2022 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

Successfully merging this pull request may close these issues.

6 participants