Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Now validate resources mime_types #3403

Merged
merged 7 commits into from Sep 20, 2018
Merged
Show file tree
Hide file tree
Changes from 6 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 0 additions & 1 deletion .gitignore
Expand Up @@ -89,7 +89,6 @@ Gemfile.lock

# Local Gemfile for developing without sharing dependencies
.gemfile
*.txt

*.orig

Expand Down
26 changes: 16 additions & 10 deletions resources/app/models/refinery/resource.rb
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'dragonfly'

module Refinery
Expand All @@ -7,33 +9,37 @@ class Resource < Refinery::Core::BaseModel
extend Mobility
translates :resource_title

dragonfly_accessor :file, :app => :refinery_resources
dragonfly_accessor :file, app: :refinery_resources

validates :file, :presence => true
validates :file, presence: true
validates_with FileSizeValidator
validates_property :mime_type,
of: :file,
in: ::Refinery::Resources.whitelisted_mime_types,
message: :incorrect_format

delegate :ext, :size, :mime_type, :url, :to => :file
delegate :ext, :size, :mime_type, :url, to: :file

before_destroy :cached_mime_type, :prepend => true
before_destroy :cached_mime_type, prepend: true

def cached_mime_type
@cached_mime_type ||= mime_type
end

# used for searching
def type_of_content
cached_mime_type.split("/").join(" ")
cached_mime_type.split('/').join(' ')
end

# Returns a titleized version of the filename
# my_file.pdf returns My File
def title
resource_title.presence || CGI::unescape(file_name.to_s).gsub(/\.\w+$/, '').titleize
resource_title.presence || CGI.unescape(file_name.to_s).gsub(/\.\w+$/, '').titleize
end

def update_index
return if self.aai_config.disable_auto_indexing
copy = self.dup.tap{ |r| r.file_uid = r.file_uid_was}
return if aai_config.disable_auto_indexing
copy = dup.tap { |r| r.file_uid = r.file_uid_was }
self.class.index_remove(copy)
self.class.index_add(self)
end
Expand All @@ -47,9 +53,9 @@ def per_page(dialog = false)
def create_resources(params)
resources = []

if params.present? and params[:file].is_a?(Array)
if params.present? && params[:file].is_a?(Array)
params[:file].each do |resource|
resources << create({:file => resource}.merge(params.except(:file).to_h))
resources << create({ file: resource }.merge(params.except(:file).to_h))
end
else
resources << create(params)
Expand Down
4 changes: 3 additions & 1 deletion resources/config/locales/en.yml
Expand Up @@ -36,4 +36,6 @@ en:
models:
refinery/resource:
blank: You must specify file for upload
too_big: File should be smaller than %{size} bytes in size
incorrect_format: "File type is not allowed. Your file must be a MP4, MPEG, WMV, AVI, WAV,
GIF, JPEG, PNG, SVG, TIFF, PSD, CSV, PDF, TXT, RAR, ZIP, XLS, PPT or a DOC"
too_big: File should be smaller than %{size} bytes in size
4 changes: 3 additions & 1 deletion resources/config/locales/fr.yml
Expand Up @@ -36,4 +36,6 @@ fr:
models:
refinery/resource:
blank: Vous devez spécifier un fichier à télécharger
too_big: Le poids maximal des fichiers est de %{size} megaoctets
incorrect_format: "Type de fichier non autorisé. Votre fichier doit être un MP4, MPEG, WMV, AVI, WAV,
GIF, JPEG, PNG, SVG, TIFF, PSD, CSV, PDF, TXT, RAR, ZIP, XLS, PPT ou un DOC"
too_big: Le poids maximal des fichiers est de %{size} megaoctets
Expand Up @@ -9,6 +9,9 @@ Refinery::Resources.configure do |config|
# Configure how many resources per page should be displayed in the list of resources in the admin area
# config.pages_per_admin_index = <%= Refinery::Resources.pages_per_admin_index.inspect %>

# Configure white-listed mime types for validation
# config.whitelisted_mime_types = <%= Refinery::Resources.whitelisted_mime_types.inspect %>

# Configure Dragonfly.
# Refer to config/initializers/refinery/dragonfly.rb for the full list of dragonfly configurations which can be used.
# This includes all dragonfly config for Dragonfly v 1.1.1
Expand Down
44 changes: 40 additions & 4 deletions resources/lib/refinery/resources/configuration.rb
@@ -1,10 +1,12 @@
# frozen_string_literal: true

module Refinery
module Resources

extend Refinery::Dragonfly::ExtensionConfiguration
include ActiveSupport::Configurable

config_accessor :max_file_size, :pages_per_dialog, :pages_per_admin_index, :content_disposition
config_accessor :max_file_size, :pages_per_dialog, :pages_per_admin_index,
:content_disposition, :whitelisted_mime_types

self.content_disposition = :attachment
self.max_file_size = 52_428_800
Expand All @@ -13,6 +15,40 @@ module Resources

self.dragonfly_name = :refinery_resources

end
end
self.whitelisted_mime_types = %w[
audio/mp4
audio/mpeg
audio/wav
audio/x-wav

image/gif
image/jpeg
image/png
image/svg+xml
image/tiff
image/x-psd

video/mp4
video/mpeg
video/quicktime
video/x-msvideo
video/x-ms-wmv

text/csv
text/plain

application/pdf
application/rtf
application/x-rar
application/zip

application/vnd.ms-excel
application/vnd.ms-powerpoint
application/vnd.msword

application/vnd.openxmlformats-officedocument.presentationml.presentation
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
application/vnd.openxmlformats-officedocument.wordprocessingml.document
]
end
end
6 changes: 4 additions & 2 deletions resources/spec/factories/resource.rb
@@ -1,5 +1,7 @@
# frozen_string_literal: true

FactoryBot.define do
factory :resource, :class => Refinery::Resource do
file Refinery.roots('refinery/resources').join("spec/fixtures/refinery_is_awesome.txt")
factory :resource, class: Refinery::Resource do
file Refinery.roots('refinery/resources').join('spec/fixtures/cape-town-tide-table.pdf')
end
end