You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original PR Title: DEV: Adds 'upload' type to schema setting Original PR Description: The type: upload exists on main site settings, but not under the type: objects schema setting. This adds this feature for objects in Site Settings, Theme Settings, and Theme Site Settings. Original PR URL: discourse#36071
PR Type
Enhancement
Description
Adds support for 'upload' type fields within objects schema settings
Implements upload ID to URL hydration for objects type settings
Adds upload reference tracking for site, theme, and theme site settings
Creates frontend upload field component for schema setting objects
Diagram Walkthrough
flowchart LR
A["Objects Schema Settings"] -->|"Extract upload IDs"| B["SchemaSettingsObjectValidator"]
B -->|"Convert URLs to IDs"| C["Upload ID Storage"]
C -->|"Track references"| D["UploadReference"]
D -->|"Hydrate on retrieval"| E["Upload URLs"]
F["Frontend Upload Component"] -->|"Handle uploads"| A
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: Missing auditing: New critical actions creating/destroying UploadReference records on save lack explicit audit logging of actor, action, and outcome.
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Unhandled JSON: JSON.parse on objects values is performed without rescue in all_settings which may raise and break settings hydration for malformed input.
Referred Code
# For uploads nested in objects type, hydrate upload IDs to URLsiftype_hash[:type].to_s == "objects" && type_hash[:schema]parsed_value=JSON.parse(value)value=hydrate_uploads_in_objects(parsed_value,type_hash[:schema])end
The SchemaSettingsObjectValidator should not mutate its input by converting upload URLs to IDs. This data transformation should be handled separately from the validation logic to improve code clarity and prevent side effects.
# Data transformation should be a separate step before validationdefcoerce_upload_urls_to_ids(object,schema)# ... logic to find 'upload' properties and convert URLs to IDs ...# This method is responsible for mutation.returnmutated_objectend# The validator is now pure and only checks for validity.classSchemaSettingsObjectValidatordefhas_valid_property_value_type?(property_attributes,property_name)value=@object[property_name]# ...when"upload"# Only validates that the value is an integer ID.returnvalue.is_a?(Integer)# ...endend
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly identifies a significant design flaw where the SchemaSettingsObjectValidator mutates its input, violating the principle of separation of concerns and potentially causing future bugs.
Medium
Possible issue
Validate existence of upload ID
In has_valid_property_value_type?, when validating an 'upload' property, check for the existence of the upload record if the value is an integer by using Upload.exists?(value).
# Convert upload URLs to IDs like core does
if value.is_a?(String)
upload = Upload.get_from_url(value)
if upload
@object[property_name.to_s] = upload.id
true
else
false
end
+elsif value.is_a?(Integer)+ Upload.exists?(value)
else
- value.is_a?(Integer)+ false
end
Apply / Chat
Suggestion importance[1-10]: 8
__
Why: The suggestion correctly points out a validation flaw where non-existent integer upload IDs are considered valid, which could lead to data integrity issues. Adding Upload.exists? makes the validation more robust and consistent.
Medium
Handle missing uploads during hydration
In hydrate_uploads_in_object, use the safe navigation operator (&.) to set the upload property to nil if the upload record is not found, preventing stale IDs from being sent to the client.
def hydrate_uploads_in_object(object, properties, uploads_by_id)
properties.each do |prop_key, prop_value|
case prop_value[:type]
when "upload"
key = prop_key.to_s
upload_id = object[key]
upload = uploads_by_id[upload_id]
- object[key] = upload.url if upload+ object[key] = upload&.url
when "objects"
nested_objects = object[prop_key.to_s]
if nested_objects.is_a?(Array)
nested_objects.each do |nested_obj|
hydrate_uploads_in_object(nested_obj, prop_value[:schema][:properties], uploads_by_id)
end
end
end
end
end
Apply / Chat
Suggestion importance[1-10]: 7
__
Why: The suggestion correctly identifies that a missing upload record would leave a stale ID in the setting data, which could cause client-side errors. Using the safe navigation operator (&.) correctly handles this edge case by setting the value to nil.
Medium
General
Refactor duplicated code into a concern
Refactor the duplicated extract_upload_ids_from_objects_value method from SiteSetting, ThemeSetting, and ThemeSiteSetting into a shared concern to reduce code duplication and improve maintainability.
-def extract_upload_ids_from_objects_value- return [] if self.value.blank?+# In a new file, e.g., app/models/concerns/extracts_upload_ids.rb+module ExtractsUploadIds+ extend ActiveSupport::Concern- type_hash = SiteSetting.type_supervisor.type_hash(self.name.to_sym)- return [] unless type_hash[:schema]&.dig(:properties)+ private- begin- parsed_value = JSON.parse(self.value)- parsed_value = [parsed_value] unless parsed_value.is_a?(Array)- upload_ids = Set.new+ def extract_upload_ids_from_objects_value+ return [] if self.value.blank?- parsed_value.each do |obj|- validator = SchemaSettingsObjectValidator.new(schema: type_hash[:schema], object: obj)+ schema = schema_for_setting+ return [] unless schema&.dig(:properties)- upload_ids.merge(validator.property_values_of_type("upload"))+ begin+ parsed_value = JSON.parse(self.value)+ parsed_value = [parsed_value] unless parsed_value.is_a?(Array)+ upload_ids = Set.new++ parsed_value.each do |obj|+ validator = SchemaSettingsObjectValidator.new(schema: schema, object: obj)+ upload_ids.merge(validator.property_values_of_type("upload"))+ end++ upload_ids.to_a+ rescue JSON::ParserError+ []
end
-- upload_ids.to_a- rescue JSON::ParserError- []
end
end
+# In app/models/site_setting.rb+# include ExtractsUploadIds+#+# private+#+# def schema_for_setting+# SiteSetting.type_supervisor.type_hash(self.name.to_sym)[:schema]+# end+
Apply / Chat
Suggestion importance[1-10]: 6
__
Why: The suggestion correctly identifies significant code duplication across three models and proposes a sound refactoring strategy using a concern, which would improve maintainability.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Benchmark PR discourse#36071
Type: Corrupted (contains bugs)
Original PR Title: DEV: Adds 'upload' type to schema setting
Original PR Description: The
type: uploadexists on main site settings, but not under thetype: objectsschema setting. This adds this feature forobjectsin Site Settings, Theme Settings, and Theme Site Settings.Original PR URL: discourse#36071
PR Type
Enhancement
Description
Adds support for 'upload' type fields within objects schema settings
Implements upload ID to URL hydration for objects type settings
Adds upload reference tracking for site, theme, and theme site settings
Creates frontend upload field component for schema setting objects
Diagram Walkthrough
File Walkthrough
7 files
Extract and track upload IDs from objectsExtract and track upload IDs from objectsAdd upload reference tracking for theme site settingsConvert upload URLs to IDs during validationHydrate upload IDs to URLs in objects settingsAdd upload field type to schema settingsCreate upload field component for schema settings4 files
Test upload hydration in objects settingsTest upload URL to ID conversionTest upload reference creation for objectsAdd test objects with uploads configuration