Fix: keep source=import signal alive across chunked media uploads

[level09]

Summary

PR #312 replaced the request.referrer check on /admin/api/media/chunk with request.form.get(\"source\") == \"import\". Dropzone drops its params option on chunked POSTs, so the form field is missing on every chunk request, import_upload is always False, and in S3 mode the chunk endpoint takes the S3 push + local delete branch. The import ETL then runs and finds no local file:

ValueError: The filename given was either non existent or was a directory
  File \"enferno/data_import/utils/media_import.py\", line 447, in upload_import
    info = exiflib.get_json(filepath)[0]

Every import in S3 mode has been failing since #312 merged.

Fix

Move source=import from Dropzone's params to the URL query string and check request.args instead of request.form. Query params live on the URL and ride along on every chunk POST regardless of how Dropzone shapes the body.

Same security posture as the form-body check — both come from the client. The actual access control is the current_user.has_role(\"Admin\") gate three lines down, which is unchanged.

Test plan

• Upload a video via the media import tool with FILESYSTEM_LOCAL=False. Confirm the file lands in enferno/media/ locally for ETL, then ends up in S3 after MediaImport.upload().
• Upload a video via the media import tool with FILESYSTEM_LOCAL=True. Confirm normal local-only behavior still works.
• Confirm normal (non-import) Dropzone uploads under Bulletin/Actor still go straight to S3 in S3 mode.
• Confirm a non-admin user can't bypass the extension check by hitting /admin/api/media/chunk?source=import directly (admin role gate still applies).

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: c9bf29c4-a7b4-4483-9cd9-47fd7361688c

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/import-source-param-survive-chunking

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}