RDISCROWD-5567 enhance task guidelines images

pybossa/settings_local.py.tmpl

@@ -500,3 +500,5 @@ WIZARD_STEPS = OrderedDict([
         'visible_checks': {'and': ['project_publish'], 'or': []},
     })]
 )
+
+MAX_IMAGE_UPLOAD_SIZE_MB = 5

pybossa/view/projects.py

@@ -34,11 +34,12 @@
 import urllib.parse
 from rq import Queue
 from werkzeug.datastructures import MultiDict
+from werkzeug.utils import secure_filename
 
 import pybossa.sched as sched
 from pybossa.core import (uploader, signer, sentinel, json_exporter,
                           csv_exporter, importer, db, task_json_exporter,
-                          task_csv_exporter, anonymizer)
+                          task_csv_exporter, anonymizer, csrf)
 from pybossa.model import make_uuid
 from pybossa.model.project import Project
 from pybossa.model.category import Category
@@ -517,6 +518,57 @@ def clone(short_name):
         project=project_sanitized
     ))
 
+@blueprint.route('/<short_name>/tasks/taskpresenterimageupload', methods=['GET', 'POST'])
+@login_required
+@admin_or_subadmin_required
+@csrf.exempt
+def upload_task_guidelines_image(short_name):
+    error = False
+    project = project_by_shortname(short_name)
+
+    disable_editor = (not current_user.admin and
+                      current_app.config.get(
+                          'DISABLE_TASK_PRESENTER_EDITOR'))
+
+    is_admin_or_owner = (
+        current_user.admin or
+        (project.owner_id == current_user.id or
+            current_user.id in project.owners_ids))
+
+    if disable_editor:
+        flash(gettext('Task presenter editor disabled!'), 'error')
+        error = True
+    elif not is_admin_or_owner:
+        flash(gettext('Ooops! Only project owners can upload files.'), 'error')
+        error = True
+
+    imgurls = []
+    large_file = False
+    for file in request.files.getlist("image"):
+        file_size_mb = file.seek(0, os.SEEK_END) / 1024 / 1024
+        file.seek(0, os.SEEK_SET)
+        file.filename = secure_filename(file.filename)
+        if file_size_mb < current_app.config.get('MAX_IMAGE_UPLOAD_SIZE_MB'):
+            container = "user_%s" % current_user.id
+            uploader.upload_file(file, container=container)
+            imgurls.append(get_avatar_url(
+                current_app.config.get('UPLOAD_METHOD'),
+                file.filename,
+                container,
+                current_app.config.get('AVATAR_ABSOLUTE')
+            ))
+        else:
+            flash(gettext('File must be smaller than ' + str(current_app.config.get('MAX_IMAGE_UPLOAD_SIZE_MB')) + ' MB.'))
+            large_file = True
+            error = True
+
+    response = {
+        "imgurls" : imgurls,
+        "error": error
+    }
+
+    return jsonify(response), 200 if large_file == False else 413
+
 @blueprint.route('/<short_name>/tasks/taskpresentereditor', methods=['GET', 'POST'])
 @login_required
 @admin_or_subadmin_required

settings_test.py.tmpl

@@ -245,3 +245,5 @@ COMPLETED_TASK_CLEANUP_DAYS = [
     (90, "90 days"),
     (180, "180 days")
 ]
+
+MAX_IMAGE_UPLOAD_SIZE_MB = 5

test/test_web.py

@@ -4693,6 +4693,96 @@ def test_48_task_presenter_editor_works_json(self, mock):
         assert data['form']['guidelines'] == 'Some guidelines!', data
 
 
+    @with_context
+    @patch('pybossa.view.projects.uploader.upload_file', return_value=True)
+    def test_task_presenter_large_image_upload(self, mock):
+        """Test API /tasks/taskpresenterimageupload should not upload images with size > 5 MB"""
+        print("running test_task_presenter_image_upload...")
+        user = UserFactory.create(id=500)
+        project = ProjectFactory.create(
+            short_name='test_project',
+            name='Test Project',
+            info={
+                'total': 150,
+                'task_presenter': 'foo',
+                'data_classification': dict(input_data="L4 - public", output_data="L4 - public"),
+                'kpi': 0.5,
+                'product': 'abc',
+                'subproduct': 'def',
+            },
+            owner=user)
+        headers = [('Authorization', user.api_key)]
+        with open('./test/files/small-image1.jpg', 'rb') as img:
+            imgStringIO = BytesIO(img.read())
+        with patch.dict(self.flask_app.config, {'MAX_IMAGE_UPLOAD_SIZE_MB': 0}):
+        # Call API method to upload image.
+            res = self.app.post('/project/{}/tasks/taskpresenterimageupload'.format(project.short_name), headers=headers, data={'image': (imgStringIO, 'large-image.jpg')})
+        res_data = json.loads(res.data)
+        assert res.status_code == 413, "POST image upload should yield 413"
+        assert len(res_data['imgurls']) == 0, "Successful count of uploaded images 0."
+        assert res_data['error'] == True, "There should be an error for a file larger than 5 MB."
+
+    @with_context
+    @patch('pybossa.view.projects.uploader.upload_file', return_value=True)
+    def test_task_presenter_image_upload(self, mock):
+        """Test API /tasks/taskpresenterimageupload to upload a task presenter guidelines image"""
+        print("running test_task_presenter_image_upload...")
+        user = UserFactory.create(id=500)
+        project = ProjectFactory.create(
+            short_name='test_project',
+            name='Test Project',
+            info={
+                'total': 150,
+                'task_presenter': 'foo',
+                'data_classification': dict(input_data="L4 - public", output_data="L4 - public"),
+                'kpi': 0.5,
+                'product': 'abc',
+                'subproduct': 'def',
+            },
+            owner=user)
+        headers = [('Authorization', user.api_key)]
+        with open('./test/files/small-image1.jpg', 'rb') as img:
+            imgStringIO = BytesIO(img.read())
+        # Call API method to upload image.
+        res = self.app.post('/project/{}/tasks/taskpresenterimageupload'.format(project.short_name), headers=headers, data={'image': (imgStringIO, 'large-image.jpg')})
+        res_data = json.loads(res.data)
+        assert res.status_code == 200, "POST image upload should be successful"
+        assert len(res_data['imgurls']) == 1, "Successful count of uploaded images 1."
+        assert res_data['error'] == False, "There should be no errors for normal file upload"
+
+    @with_context
+    @patch('pybossa.view.projects.uploader.upload_file', return_value=True)
+    def test_task_presenter_multiple_image_upload(self, mock):
+        """Test API /tasks/taskpresenterimageupload to upload multiple task presenter guidelines images"""
+        print("running test_task_presenter_image_upload...")
+        user = UserFactory.create(id=500)
+        project = ProjectFactory.create(
+            short_name='test_project',
+            name='Test Project',
+            info={
+                'total': 150,
+                'task_presenter': 'foo',
+                'data_classification': dict(input_data="L4 - public", output_data="L4 - public"),
+                'kpi': 0.5,
+                'product': 'abc',
+                'subproduct': 'def',
+            },
+            owner=user)
+        headers = [('Authorization', user.api_key)]
+        with open('./test/files/small-image1.jpg', 'rb') as img1:
+            imgStringIO1 = BytesIO(img1.read())
+        with open('./test/files/small-image2.jpg', 'rb') as img2:
+            imgStringIO2 = BytesIO(img2.read())
+        # Call API method to upload image.
+        res = self.app.post('/project/{}/tasks/taskpresenterimageupload'.format(project.short_name), headers=headers, data={'image':
+            [(imgStringIO1, 'img1.jpg'), (imgStringIO2, 'img2.jpg')]
+        })
+        res_data = json.loads(res.data)
+        assert res.status_code == 200, "POST image upload should be successful"
+        assert len(res_data['imgurls']) == 2, "Successful count of uploaded images 2."
+        assert res_data['error'] == False, "There should be no errors for normal file upload"
+
+
     @with_context
     @patch('pybossa.ckan.requests.get')
     @patch('pybossa.view.projects.uploader.upload_file', return_value=True)