0132c5f0a5
Fix unprivileged users being able to see images and MD5 hashes of media assets belonging to censored posts.
33 lines
870 B
Plaintext
33 lines
870 B
Plaintext
<div id="c-media-assets">
|
|
<div id="a-show" class="fixed-width-container">
|
|
<h1 class="mb-4">Media Asset</h1>
|
|
|
|
<% if policy(@media_asset).can_see_image? %>
|
|
<%= render MediaAssetComponent.new(media_asset: @media_asset) %>
|
|
<% end %>
|
|
|
|
<table class="striped aligned-vertical">
|
|
<% if @post.present? %>
|
|
<tr>
|
|
<th>Post</th>
|
|
<td><%= link_to "##{@post.id}", @post %></td>
|
|
</tr>
|
|
<% end %>
|
|
|
|
<% if policy(@media_asset).can_see_image? %>
|
|
<tr>
|
|
<th>MD5</th>
|
|
<td><%= @media_asset.md5 %></td>
|
|
</tr>
|
|
<% end %>
|
|
|
|
<% @media_asset.metadata.sort.each do |key, value| %>
|
|
<tr>
|
|
<th><%= key %></th>
|
|
<td><%= link_to value, media_assets_path(search: { metadata: { key => value }}) %></td>
|
|
</tr>
|
|
<% end %>
|
|
</table>
|
|
</div>
|
|
</div>
|