disable user exports by default

- new setting to enable user exports defaults to False - add setting to enable and disable user exports - do not allow user exports when using s3 storage - do not serve non-image files from /images/ (requires update to nginx settings) - increase default file upload limit to 100MB to enable user exports to be imported (can be changed in .env)
2024-01-16 21:32:13 +11:00 · 2024-01-16 21:32:13 +11:00 · d640e4ac96
commit d640e4ac96
parent b04ebe397b
11 changed files with 127 additions and 5 deletions
--- a/bookwyrm/views/init.py
+++ b/bookwyrm/views/init.py
@ -18,6 +18,8 @@ from .admin.imports import (
    set_import_size_limit,
    set_user_import_completed,
    set_user_import_limit,
+    enable_user_exports,
+    disable_user_exports,
 )
 from .admin.ip_blocklist import IPBlocklist
 from .admin.invite import ManageInvites, Invite, InviteRequest
--- a/bookwyrm/views/admin/imports.py
+++ b/bookwyrm/views/admin/imports.py
@ -9,7 +9,7 @@ from django.views.decorators.http import require_POST

 from bookwyrm import models
 from bookwyrm.views.helpers import redirect_to_referer
-from bookwyrm.settings import PAGE_LENGTH
+from bookwyrm.settings import PAGE_LENGTH, USE_S3


 # pylint: disable=no-self-use
@ -59,6 +59,7 @@ class ImportList(View):
            "import_size_limit": site_settings.import_size_limit,
            "import_limit_reset": site_settings.import_limit_reset,
            "user_import_time_limit": site_settings.user_import_time_limit,
+            "use_s3": USE_S3,
        }
        return TemplateResponse(request, "settings/imports/imports.html", data)

@ -126,3 +127,25 @@ def set_user_import_limit(request):
    site.user_import_time_limit = int(request.POST.get("limit"))
    site.save(update_fields=["user_import_time_limit"])
    return redirect("settings-imports")
+
+
+@require_POST
+@permission_required("bookwyrm.edit_instance_settings", raise_exception=True)
+# pylint: disable=unused-argument
+def enable_user_exports(request):
+    """Allow users to export account data"""
+    site = models.SiteSettings.objects.get()
+    site.user_exports_enabled = True
+    site.save(update_fields=["user_exports_enabled"])
+    return redirect("settings-imports")
+
+
+@require_POST
+@permission_required("bookwyrm.edit_instance_settings", raise_exception=True)
+# pylint: disable=unused-argument
+def disable_user_exports(request):
+    """Don't allow users to export account data"""
+    site = models.SiteSettings.objects.get()
+    site.user_exports_enabled = False
+    site.save(update_fields=["user_exports_enabled"])
+    return redirect("settings-imports")