forked from Scifabric/pybossa
-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RDISCROWD-5567 enhance task guidelines images #801
Merged
Merged
Changes from 16 commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
f87937f
added upload_task_guidelines_image route
ef56a06
add security checks
9c5d4c4
add errors to response
1bbdef5
implement uploading and file size check
729e9ef
remove test flash
5888129
add file size tests
9f49341
fix typo in test description
c57b92e
added multiple file uploads test
b4ced2e
use send 413 response code on large file
02d2ff1
refactor errors to error
23183f3
switch to small images
ede0754
remove added files
cb7f384
Delete setuplogins.py
n00rsy 8e1aa8a
use magic number for max image upload size
a75dc39
edit settings_local template
daefff8
edit settings_test template
f622f6c
use default value for MAX_IMAGE_UPLOAD_SIZE_MB
719c94a
initial push for edge case tests
f5548b1
refactor and fix edge cases test
9653bfc
bump theme SHA
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Submodule default
updated
4 files
+0 −4 | static/css/projects.css | |
+33 −0 | static/js/image_upload.js | |
+1 −1 | static/src/yarn.lock | |
+9 −4 | templates/projects/task_presenter_editor.html |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -34,11 +34,12 @@ | |
import urllib.parse | ||
from rq import Queue | ||
from werkzeug.datastructures import MultiDict | ||
from werkzeug.utils import secure_filename | ||
|
||
import pybossa.sched as sched | ||
from pybossa.core import (uploader, signer, sentinel, json_exporter, | ||
csv_exporter, importer, db, task_json_exporter, | ||
task_csv_exporter, anonymizer) | ||
task_csv_exporter, anonymizer, csrf) | ||
from pybossa.model import make_uuid | ||
from pybossa.model.project import Project | ||
from pybossa.model.category import Category | ||
|
@@ -517,6 +518,57 @@ def clone(short_name): | |
project=project_sanitized | ||
)) | ||
|
||
@blueprint.route('/<short_name>/tasks/taskpresenterimageupload', methods=['GET', 'POST']) | ||
@login_required | ||
@admin_or_subadmin_required | ||
@csrf.exempt | ||
def upload_task_guidelines_image(short_name): | ||
error = False | ||
project = project_by_shortname(short_name) | ||
|
||
disable_editor = (not current_user.admin and | ||
current_app.config.get( | ||
'DISABLE_TASK_PRESENTER_EDITOR')) | ||
|
||
is_admin_or_owner = ( | ||
current_user.admin or | ||
(project.owner_id == current_user.id or | ||
current_user.id in project.owners_ids)) | ||
|
||
if disable_editor: | ||
flash(gettext('Task presenter editor disabled!'), 'error') | ||
error = True | ||
elif not is_admin_or_owner: | ||
flash(gettext('Ooops! Only project owners can upload files.'), 'error') | ||
error = True | ||
|
||
imgurls = [] | ||
large_file = False | ||
for file in request.files.getlist("image"): | ||
file_size_mb = file.seek(0, os.SEEK_END) / 1024 / 1024 | ||
file.seek(0, os.SEEK_SET) | ||
file.filename = secure_filename(file.filename) | ||
if file_size_mb < current_app.config.get('MAX_IMAGE_UPLOAD_SIZE_MB'): | ||
container = "user_%s" % current_user.id | ||
uploader.upload_file(file, container=container) | ||
imgurls.append(get_avatar_url( | ||
current_app.config.get('UPLOAD_METHOD'), | ||
file.filename, | ||
container, | ||
current_app.config.get('AVATAR_ABSOLUTE') | ||
)) | ||
else: | ||
flash(gettext('File must be smaller than ' + str(current_app.config.get('MAX_IMAGE_UPLOAD_SIZE_MB')) + ' MB.')) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. current_app.config.get('MAX_IMAGE_UPLOAD_SIZE_MB', 5) |
||
large_file = True | ||
error = True | ||
|
||
response = { | ||
"imgurls" : imgurls, | ||
"error": error | ||
} | ||
|
||
return jsonify(response), 200 if large_file == False else 413 | ||
|
||
@blueprint.route('/<short_name>/tasks/taskpresentereditor', methods=['GET', 'POST']) | ||
@login_required | ||
@admin_or_subadmin_required | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -245,3 +245,5 @@ COMPLETED_TASK_CLEANUP_DAYS = [ | |
(90, "90 days"), | ||
(180, "180 days") | ||
] | ||
|
||
MAX_IMAGE_UPLOAD_SIZE_MB = 5 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be a good idea to also include a default value in case a dev does not have this setting. Otherwise, if the setting is missing, the upload will always fail.