-
-
Notifications
You must be signed in to change notification settings - Fork 392
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
8 changed files
with
95 additions
and
63 deletions.
There are no files selected for viewing
76 changes: 76 additions & 0 deletions
76
decidim-core/app/controllers/concerns/decidim/direct_upload.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,76 @@ | ||
# frozen_string_literal: true | ||
|
||
module Decidim | ||
module DirectUpload | ||
extend ActiveSupport::Concern | ||
|
||
included do | ||
include Decidim::NeedsOrganization | ||
skip_before_action :verify_organization | ||
|
||
before_action :check_organization! | ||
before_action :check_authenticated! | ||
before_action :validate_direct_upload | ||
end | ||
|
||
protected | ||
|
||
def verify_organization; end | ||
|
||
def validate_direct_upload | ||
return if current_admin.present? | ||
|
||
head :unprocessable_entity unless [ | ||
maximum_allowed_size.try(:to_i) >= blob_args[:byte_size].try(:to_i), | ||
content_types.any? { |pattern| pattern.match?(blob_args[:content_type]) }, | ||
content_types.any? { |pattern| pattern.match?(MiniMime.lookup_by_extension(extension)&.content_type) }, | ||
allowed_extensions.any? { |pattern| pattern.match?(extension) } | ||
].all? | ||
rescue NoMethodError | ||
head :unprocessable_entity | ||
end | ||
|
||
def extension | ||
File.extname(blob_args[:filename]).delete(".") | ||
end | ||
|
||
def maximum_allowed_size | ||
current_organization.settings.upload_maximum_file_size | ||
end | ||
|
||
def check_organization! | ||
head :unauthorized if current_organization.blank? && current_admin.blank? | ||
end | ||
|
||
def check_authenticated! | ||
head :unauthorized if current_user.blank? && current_admin.blank? | ||
end | ||
|
||
def allowed_extensions | ||
if user_has_elevated_role? | ||
current_organization.settings.upload_allowed_file_extensions_admin | ||
else | ||
current_organization.settings.upload_allowed_file_extensions | ||
end | ||
end | ||
|
||
def content_types | ||
if user_has_elevated_role? | ||
current_organization.settings.upload_allowed_content_types_admin | ||
else | ||
current_organization.settings.upload_allowed_content_types | ||
end | ||
end | ||
|
||
private | ||
|
||
def user_has_elevated_role? | ||
[ | ||
current_user&.admin?, | ||
defined?(Decidim::Assemblies::AssembliesWithUserRole) && Decidim::Assemblies::AssembliesWithUserRole.for(current_user).any?, | ||
defined?(Decidim::Conferences::ConferencesWithUserRole) && Decidim::Conferences::ConferencesWithUserRole.for(current_user).any?, | ||
defined?(Decidim::ParticipatoryProcessesWithUserRole) && Decidim::ParticipatoryProcessesWithUserRole.for(current_user).any? | ||
].any? | ||
end | ||
end | ||
end |
55 changes: 0 additions & 55 deletions
55
decidim-core/app/controllers/decidim/direct_uploads_controller.rb
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters