Misago icon indicating copy to clipboard operation
Misago copied to clipboard

Published 20 hours ago verified publisher icon rafalp

Attachment size limit permission not respected

Open AetherUnbound opened this issue 6 years ago • 7 comments
trafficstars

It doesn't look like the attachment size limit that's modifiable in the user role permission settings isn't being respected. I may not be setting this right, but here's the settings:

Member role settings image

Moderator role settings image

My user roles image

Error message I'm receiving image

Is there another setting I'm missing?

AetherUnbound avatar Sep 12 '19 03:09 AetherUnbound

Ah, it looks like there's a per-AttachmentType file size that may have higher priority over this setting, even though the AttachmentType option states:

May be overriden via user permission.

EDIT: I bumped the AttachmentType limit and now I'm able to upload larger images, so I guess the settings aren't being applied in the right order or something

AetherUnbound avatar Sep 19 '19 00:09 AetherUnbound

It seems to be this line that's getting that setting: https://github.com/rafalp/Misago/blob/b16b5c6b726ca5e71cc5738e5d062d6c9d534b55/misago/threads/api/attachments.py#L32

AetherUnbound avatar Sep 19 '19 00:09 AetherUnbound

Forgive me, I know nothing about ACL altogether, albeit in django 😁 This looks like it might be where the issue is occurring? https://github.com/rafalp/Misago/blob/b16b5c6b726ca5e71cc5738e5d062d6c9d534b55/misago/threads/permissions/attachments.py#L43-L58

AetherUnbound avatar Sep 19 '19 00:09 AetherUnbound

Attachment type limit overrides uploads limit for individual types:

https://github.com/rafalp/Misago/blob/master/misago/threads/api/attachments.py#L32 https://github.com/rafalp/Misago/blob/master/misago/threads/api/attachments.py#L89

rafalp avatar Sep 25 '19 10:09 rafalp

Huh, it looks like the request.user_acl["max_attachment_size"] is the first "hard limit" that's tested though: https://github.com/rafalp/Misago/blob/master/misago/threads/api/attachments.py#L90 Where does that number come from? I had just assumed it was the group permissions

AetherUnbound avatar Sep 25 '19 14:09 AetherUnbound

Can we use GITHUB public code on our website? Is there any copyright policy?

emawalekr01 avatar Dec 20 '19 17:12 emawalekr01

@emawalekr01

Misago is free and open source software. You can read license here: https://github.com/rafalp/Misago/blob/master/LICENSE.rst

Please ask on our support forums in future. Asking unrelated questions in other people issues is found rude on GitHub ;)

rafalp avatar Dec 20 '19 17:12 rafalp

What's happening currently is there are two separate filesize checks:

  • Check against user's upload limit, coming from their permissions
  • Check against attachment type upload limit, coming from file type (if set)

So you can have user with permission to upload files that are 8mb in size, but file type they are uploading is limited to 2mb. You are uploading 4mb file. First check will pass but second check will fail.

I will remove support for per-type upload limits in 0.30 but keep fields around. I will drop them altogether 1.0 I think.

rafalp avatar Mar 11 '23 23:03 rafalp