- Enhance file validation view with file type check

- Fix saver action with non ASCII filename uploads #77

.travis.yml

@@ -18,6 +18,8 @@ install:
   - sed -ie "s#test-5.0#test-$PLONE_VERSION#" buildout.cfg
   - buildout -N buildout:download-cache=downloads -c tests.cfg annotate
   - buildout -N buildout:download-cache=downloads -c tests.cfg
+  - pip install zest.pocompile
+  - pocompile src
 before_script:
 - export DISPLAY=:99.0
 - sh -e /etc/init.d/xvfb start

CHANGES.rst

@@ -1,6 +1,26 @@
 Changelog
 =========
 
+2.0.0b2 (unreleased)
+--------------------
+2.0.0b2dev0 (unreleased)
+------------------------
+2.0.0b1.post3 (unreleased)
+--------------------------
+
+- Nothing changed yet.
+
+
+2.0.0b1.post2 (2017-06-28)
+--------------------------
+
+FHNW Patches:
+
+- No default fields on form creation
+
+- Use FHNW email template https://gitlab.fhnw.ch/webteam/fhnw.webauftritt/issues/770
+  [karalics,tomgross]
+
 2.0.0b2 (unreleased)
 --------------------
 
@@ -10,6 +30,8 @@ Breaking changes:
 
 New features:
 
+- Enhance file validation view with type check
+  [tomgross]
 - *add item here*
 
 Bug fixes:

CONTRIBUTORS.rst

@@ -16,3 +16,4 @@ Google Summer of Code student Prakhar Joshi pushed a lot further.
 - Jens W. Klein, jens@bluedynamics.com
 - Peter Holzer, peter.holzer@agitator.com
 - Thomas Massmann, thomas.massmann@it-spir.it
+

README.rst

@@ -118,4 +118,5 @@ Compatibility
 =============
 
 - 1.x targets Plone 4.x
-- 2.x targets Plone 5.x
+- 2.x targets Plone 5.1.x onwards
+

docs/fields.rst

@@ -35,13 +35,32 @@ Edit XML Fields Model
 
 .. image:: images/edit-xml-fields-model-page.png
 
-Validating fields
------------------
+Validating file uploads
+-----------------------
+
+Collective.easyform comes with a custom validation view,
+which helps with validation of file uploads. It supports
+two modes:
+
+ * file size validation
+ * file type validation
+
+For file type validation a blacklist or whitelist can be used.
 
 For validation of filesize put the following line into
 the custom validator of a file upload field:
 
- `python:portal.restrictedTraverse('validate_file_size')(value, size=300)` 
+ `python:portal.restrictedTraverse('validate_file')(value, size=300)`
 
 where `size` is the maximum allowed size in bytes.
 
+Validation against the filetype is done by checking the file extension.
+Use this for whitelisting:
+
+ `python:portal.restrictedTraverse('validate_file')(value, allowed_types=('pdf', 'docx'))`
+
+and this for blacklisting:
+
+ `python:portal.restrictedTraverse('validate_file')(value, forbidden_types=('zip', 'rar'))`
+
+Make sure the types in `allowed_types` or `forbidden_types` are all lowercase.

setup.py

@@ -1,6 +1,6 @@
 from setuptools import setup, find_packages
 
-version = '2.0.0b2dev0'
+version = '2.0.0b1.post3.dev0'
 
 setup(
     name='collective.easyform',

src/collective/easyform/browser/configure.zcml

@@ -49,10 +49,20 @@
         permission="zope2.View"
         />
 
+    <!-- BBB -->
     <browser:page
         for="*"
         name="validate_file_size"
         class=".view.ValidateFileSize"
         permission="zope2.View"
         />
+
+    <browser:page
+        for="*"
+        name="validate_file"
+        class=".view.ValidateFileSize"
+        permission="zope2.View"
+        />
+
+
 </configure>

src/collective/easyform/browser/view.py

@@ -11,8 +11,10 @@
 from collective.easyform.interfaces import IEasyFormThanksPage
 from collective.easyform.interfaces import IFieldExtender
 from logging import getLogger
+from os.path import splitext
 from plone.app.z3cform.inline_validation import InlineValidationView
 from plone.autoform.form import AutoExtensibleForm
+from plone.namedfile.interfaces import INamed
 from plone.z3cform import layout
 from Products.Five import BrowserView
 from Products.Five.browser.pagetemplatefile import ViewPageTemplateFile
@@ -310,16 +312,36 @@ def __call__(self, fname=None, fset=None):
         return super(EasyFormInlineValidationView, self).__call__(fname, fset)
 
 
-class ValidateFileSize(BrowserView):
+class ValidateFile(BrowserView):
 
-    def __call__(self, value, size=1048576):
+    def __call__(self, value, size=1048576, allowed_types=None,
+                 forbidden_types=None):
         if not value:
             return False
-        if value.getSize() <= size:
+        if not INamed.providedBy(value):
             return False
-        else:
+        if size and value.getSize() > size:
             return _(
                 'msg_file_too_big',
                 mapping={'size': size},
                 default=u'File is bigger than allowed size of ${size} bytes!'
             )
+        ftype = splitext(value.filename)[-1]
+        # remove leading dot '.' from file extension
+        ftype = ftype and ftype[1:].lower() or ''
+        if allowed_types and ftype not in allowed_types:
+            return _(
+                'msg_file_not_allowed',
+                mapping={'ftype': ftype},
+                default=u'File type ${ftype} is not allowed!'
+            )
+        if forbidden_types and ftype in forbidden_types:
+            return _(
+                'msg_file_not_allowed',
+                mapping={'ftype': ftype},
+                default=u'File type ${ftype} is not allowed!'
+            )
+        return False
+
+# BBB
+ValidateFileSize = ValidateFile

src/collective/easyform/default_schemata/fields_default.xml

@@ -4,22 +4,5 @@
     xmlns:i18n="http://xml.zope.org/namespaces/i18n"
     i18n:domain="collective.easyform">
   <schema>
-    <field
-        name="replyto"
-        type="zope.schema.TextLine"
-        easyform:TDefault="python:member and member.getProperty('email', '') or ''"
-        easyform:serverSide="False"
-        easyform:validators="isValidEmail">
-      <description/>
-      <title>Your E-Mail Address</title>
-    </field>
-    <field name="topic" type="zope.schema.TextLine">
-      <description/>
-      <title>Subject</title>
-    </field>
-    <field name="comments" type="zope.schema.Text">
-      <description/>
-      <title>Comments</title>
-    </field>
   </schema>
 </model>