From a2f944b475e983400da4b81096df1e30e74b6f18 Mon Sep 17 00:00:00 2001
From: Georg Lehner <jorge@magma-soft.at>
Date: Fri, 7 Jun 2024 17:58:41 +0200
Subject: [PATCH] Enable attachments by default

In order to not break existing django-helpdesk installations
upon upgrade.
---
 docs/settings.rst    | 10 +++++-----
 helpdesk/settings.py |  6 +++++-
 2 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/docs/settings.rst b/docs/settings.rst
index 004a06bf..3d0131b3 100644
--- a/docs/settings.rst
+++ b/docs/settings.rst
@@ -62,11 +62,11 @@ Settings related to attachments:
   attachments which are then attached to the ticket.  Also enables the
   ``HELPDESK_ALWAYS_SAVE_INCOMING_EMAIL_MESSAGE`` setting.
 
-  **Caution**: Until version 1.2.0 attachments were enabled by
-  default. Since uploaded files by default are published without access
-  control this can lead to unintended exposure of sensitive
-  data. The default is now to disable attachments by default. Only
-  enable attachments if you have secured access to them.
+  **Caution**: Set this to False, unless you have secured access to
+   the uploaded files. Otherwise anyone on the Internet will be able
+   to download your ticket attachments.
+
+   Attachments are enabled by default for backwards compatibility.
   
 - **HELPDESK_VALID_EXTENSIONS** Valid extensions for file types that can be attached to tickets. Note: This used to be called **VALID_EXTENSIONS** which is now deprecated.
 
diff --git a/helpdesk/settings.py b/helpdesk/settings.py
index 6d83ed63..d6d1acbb 100644
--- a/helpdesk/settings.py
+++ b/helpdesk/settings.py
@@ -57,9 +57,13 @@ HELPDESK_STAFF_VIEW_PROTECTOR = getattr(settings,
                                          lambda _: None)
 
 # Enable ticket and Email attachments
+#
+# Caution! Set this to False, unless you have secured access to
+#   the uploaded files. Otherwise anyone on the Internet will be
+#   able to download your ticket attachments.
 HELPDESK_ENABLE_ATTACHMENTS = getattr(settings,
                                       'HELPDESK_ENABLE_ATTACHMENTS',
-                                      False)
+                                      True)
 
 # Enable the Dependencies field on ticket view
 HELPDESK_ENABLE_DEPENDENCIES_ON_TICKET = getattr(settings,