Now validate resources mime_types

.gitignore

@@ -89,7 +89,6 @@ Gemfile.lock
 
 # Local Gemfile for developing without sharing dependencies
 .gemfile
-*.txt
 
 *.orig
 

resources/app/models/refinery/resource.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'dragonfly'
 
 module Refinery
@@ -7,33 +9,37 @@ class Resource < Refinery::Core::BaseModel
     extend Mobility
     translates :resource_title
 
-    dragonfly_accessor :file, :app => :refinery_resources
+    dragonfly_accessor :file, app: :refinery_resources
 
-    validates :file, :presence => true
+    validates :file, presence: true
     validates_with FileSizeValidator
+    validates_property :mime_type,
+                       of: :file,
+                       in: ::Refinery::Resources.whitelisted_mime_types,
+                       message: :incorrect_format
 
-    delegate :ext, :size, :mime_type, :url, :to => :file
+    delegate :ext, :size, :mime_type, :url, to: :file
 
-    before_destroy :cached_mime_type, :prepend => true
+    before_destroy :cached_mime_type, prepend: true
 
     def cached_mime_type
       @cached_mime_type ||= mime_type
     end
 
     # used for searching
     def type_of_content
-      cached_mime_type.split("/").join(" ")
+      cached_mime_type.split('/').join(' ')
     end
 
     # Returns a titleized version of the filename
     # my_file.pdf returns My File
     def title
-      resource_title.presence || CGI::unescape(file_name.to_s).gsub(/\.\w+$/, '').titleize
+      resource_title.presence || CGI.unescape(file_name.to_s).gsub(/\.\w+$/, '').titleize
     end
 
     def update_index
-      return if self.aai_config.disable_auto_indexing
-      copy = self.dup.tap{ |r| r.file_uid = r.file_uid_was}
+      return if aai_config.disable_auto_indexing
+      copy = dup.tap { |r| r.file_uid = r.file_uid_was }
       self.class.index_remove(copy)
       self.class.index_add(self)
     end
@@ -47,9 +53,9 @@ def per_page(dialog = false)
       def create_resources(params)
         resources = []
 
-        if params.present? and params[:file].is_a?(Array)
+        if params.present? && params[:file].is_a?(Array)
           params[:file].each do |resource|
-            resources << create({:file => resource}.merge(params.except(:file).to_h))
+            resources << create({ file: resource }.merge(params.except(:file).to_h))
           end
         else
           resources << create(params)

resources/config/locales/en.yml

@@ -36,4 +36,6 @@ en:
       models:
         refinery/resource:
           blank: You must specify file for upload
-          too_big: File should be smaller than %{size} bytes in size
+          incorrect_format: "File type is not allowed. Your file must be a MP4, MPEG, WMV, AVI, WAV,
+          GIF, JPEG, PNG, SVG, TIFF, PSD, CSV, PDF, TXT, RAR, ZIP, XLS, PPT or a DOC"
+          too_big: File should be smaller than %{size} bytes in size

resources/config/locales/fr.yml

@@ -36,4 +36,6 @@ fr:
       models:
         refinery/resource:
           blank: Vous devez spécifier un fichier à télécharger
-          too_big: Le poids maximal des fichiers est de %{size} megaoctets
+          incorrect_format: "Type de fichier non autorisé. Votre fichier doit être un MP4, MPEG, WMV, AVI, WAV,
+          GIF, JPEG, PNG, SVG, TIFF, PSD, CSV, PDF, TXT, RAR, ZIP, XLS, PPT ou un DOC"
+          too_big: Le poids maximal des fichiers est de %{size} megaoctets

resources/lib/generators/refinery/resources/templates/config/initializers/refinery/resources.rb.erb

@@ -9,6 +9,9 @@ Refinery::Resources.configure do |config|
   # Configure how many resources per page should be displayed in the list of resources in the admin area
   # config.pages_per_admin_index = <%= Refinery::Resources.pages_per_admin_index.inspect %>
 
+  # Configure white-listed mime types for validation
+  # config.whitelisted_mime_types = <%= Refinery::Resources.whitelisted_mime_types.inspect %>
+
   # Configure Dragonfly.
   # Refer to config/initializers/refinery/dragonfly.rb for the full list of dragonfly configurations which can be used.
   # This includes all dragonfly config for Dragonfly v 1.1.1

resources/lib/refinery/resources/configuration.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Refinery
   module Resources
-
     extend Refinery::Dragonfly::ExtensionConfiguration
     include ActiveSupport::Configurable
 
-    config_accessor :max_file_size, :pages_per_dialog, :pages_per_admin_index, :content_disposition
+    config_accessor :max_file_size, :pages_per_dialog, :pages_per_admin_index,
+                    :content_disposition, :whitelisted_mime_types
 
     self.content_disposition = :attachment
     self.max_file_size = 52_428_800
@@ -13,6 +15,40 @@ module Resources
 
     self.dragonfly_name = :refinery_resources
 
-  end
-end
+    self.whitelisted_mime_types = %w[
+      audio/mp4
+      audio/mpeg
+      audio/wav
+      audio/x-wav
+
+      image/gif
+      image/jpeg
+      image/png
+      image/svg+xml
+      image/tiff
+      image/x-psd
+
+      video/mp4
+      video/mpeg
+      video/quicktime
+      video/x-msvideo
+      video/x-ms-wmv
 
+      text/csv
+      text/plain
+
+      application/pdf
+      application/rtf
+      application/x-rar
+      application/zip
+
+      application/vnd.ms-excel
+      application/vnd.ms-powerpoint
+      application/vnd.msword
+
+      application/vnd.openxmlformats-officedocument.presentationml.presentation
+      application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
+      application/vnd.openxmlformats-officedocument.wordprocessingml.document
+    ]
+  end
+end

resources/spec/factories/resource.rb

@@ -1,5 +1,7 @@
+# frozen_string_literal: true
+
 FactoryBot.define do
-  factory :resource, :class => Refinery::Resource do
-    file Refinery.roots('refinery/resources').join("spec/fixtures/refinery_is_awesome.txt")
+  factory :resource, class: Refinery::Resource do
+    file Refinery.roots('refinery/resources').join('spec/fixtures/cape-town-tide-table.pdf')
   end
 end