openproject/app/contracts/attachments/prepare_upload_contract.rb

#-- encoding: UTF-8

#-- copyright
# OpenProject is an open source project management software.
# Copyright (C) 2012-2021 the OpenProject GmbH
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License version 3.
#
# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:
# Copyright (C) 2006-2013 Jean-Philippe Lang
# Copyright (C) 2010-2013 the ChiliProject Team
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# See COPYRIGHT and LICENSE files for more details.
#++

module Attachments
  class PrepareUploadContract < CreateContract
    validate :validate_direct_uploads_active

    private

    def validate_direct_uploads_active
      errors.add :base, :not_available unless OpenProject::Configuration.direct_uploads?
    end

    ##
    # The browser hasn't given a specific content type.
    # So we don't check the content type here during the prepare_upload step yet.
    #
    # We'll do it again later in the FinishDirectUploadJob where the normal create contract
    # without this opt-out is used, and where a more specific content type may be
    # determined.
    def validate_content_type
      return if pending_content_type?

      super
    end

    def pending_content_type?
      return false unless OpenProject::Configuration.direct_uploads?

      model.content_type == OpenProject::ContentTypeDetector::SENSIBLE_DEFAULT
    end
  end
end
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`#-- encoding: UTF-8`
Fix/bump representable (#5465) * bump reform and roar -> bumps representer * adapt to changed validation interface * disable initializer patch for now * adapt to changed representable attr interface * can no longer have private methods inside a representer * private no longer possible for representer * bump reform * wip - restyle validation * remove commented out patch * apply injection as prescribed * reactivate reform error symbols patch * remove patch to Hash superfluous wit ruby 2.3 * remove outdated human_attribute_name patch * whitespace fixes * adapt filter name after removal of human_attribute_name patch * adapt filter specs to no longer rely on human_attribute_name patch * fix version filter name * remove reliance on no longer existing human_attribute_name patch * use correct key in journal formatter * remove private from representer * adapt to altered setter interface * reenable i18n for error messages in contracts * no private methods in representer * defined model for contracts * fix validaton * instantiate correct Object * define model for contract * circumvent now existing render method on reform * replace deprecated constant * patch correct reform class - not the module - via prepend * refactor too complex method * replace deprations * remove remnants of parentId * prevent error symbols from existing twice * adapt user representer to altered setter interface * adapt watcher representer to altered setter interface * remove now unnessary patch * adapt setter to altered interface * adapt spec * fix custom field setters * remove parentId from wp representer As the parent is a wp resource, clients should use the parent link instead * adapt spec to changed valid? interface * remove parentId from wp schema * replace references of parentId in frontend * remove TODO [ci skip] 8 years ago
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`#-- copyright`
Update copyright notice 5 years ago			`# OpenProject is an open source project management software.`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2012-2021 the OpenProject GmbH`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License version 3.`
			`#`
			`# OpenProject is a fork of ChiliProject, which is a fork of Redmine. The copyright follows:`
update copyright to 2021 (#8925) Updates the copyright to 2021 for all files that have a copyright. Files in our source code without the copyright header still do not receive one automatically. Additionally, backlisted files are also excluded. Previously the copyright of chiliproject which references redmine stated a copyright of redmine up to and including 2017 which is not true for the code we have in here. Because of that I changed that to 2013 4 years ago			`# Copyright (C) 2006-2013 Jean-Philippe Lang`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`# Copyright (C) 2010-2013 the ChiliProject Team`
			`#`
			`# This program is free software; you can redistribute it and/or`
			`# modify it under the terms of the GNU General Public License`
			`# as published by the Free Software Foundation; either version 2`
			`# of the License, or (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU General Public License`
			`# along with this program; if not, write to the Free Software`
			`# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.`
			`#`
Move license and copyright docs to root, fix names and references 3 years ago			`# See COPYRIGHT and LICENSE files for more details.`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`#++`

[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`module Attachments`
			`class PrepareUploadContract < CreateContract`
			`validate :validate_direct_uploads_active`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago
[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`private`
Enforce passing of current_user into representers Thereby permission checks will no longer silently fail if no user was passed. This uncovered a lot of places where we actually expected a user to be passed, when it wasn't. This was especially true for collections. The basic idea is, that virtually all representers could change their behaviour based on the current user. Representers where this is not the case (e.g. Digest), can still explicitly opt-out. 9 years ago
[37868] Whitelist for attachment mime types and extensions on upload (#9431) * Add setting for whitelist * Make attachments API BaseServices compatible * Add prepare service and contract * Correctly pass the filename to the UploadedFile * Add presence check to filename * Fix expected validation message * We no longer raise a multipart error when metadata is empty * Fix filesize validation on prepared uploads * Add parser error if invalid metadata json * When attachment is not saved, use filename property * Return correct error message on JSON parser erroro * Fix specs * Use attachment upload representer * Fix direct uploads mocks with new service layer * Lint * Fix export job using attachment service * Fix IFC controller using attachment prepare service * Fix export job * RenameRename params_getter to params_source * Fix mail handler using attachment service * Fix usage of attachment create service in documents * Reuse shared examples for document attachment spec * Fix stubbed attachment service in export job spec * Use admin user in backup spec * Fix export job for bim * Fix attachment integration spec * Fix issues_controller spec * Make budget resource spec reuse common examples * Fix attachment parsing representer spec * Replace prepare part of attachment spec into separate service spec * Clear cache for login spec * Convert document create/update into services * Budget services * Allow options to be passed to property twin * Remove setting author on budget initialize * Replace meetings update with services * Replace ifc models attachment handling with services * Don't check uploader if changed by system * Fix uploader being changed by system * Replace wiki page attach_files with attachable services * Replace avatar saving * Replace snapshot attach_files * Skip double validation when container present * Set snapshot through attachment service * Remove attach_files * Validate content type in contract * Enforce writing the content type without accepting user input * Expect changed content_type * Fix content of viewpoint image to get correct content type * Fix tsv spec * Add create contract spec * Bypass whitelist in internal services when conflicting with user * Fix expects in specs after whitelist bypass * Render contract errors for wiki * Add before_hook to bodied to allow to pre-authorize permissions * Budget errors from contract * Document errors from contract 3 years ago			`def validate_direct_uploads_active`
			`errors.add :base, :not_available unless OpenProject::Configuration.direct_uploads?`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`end`
fix direct upload for all content types 3 years ago
			`##`
			`# The browser hasn't given a specific content type.`
			`# So we don't check the content type here during the prepare_upload step yet.`
			`#`
			`# We'll do it again later in the FinishDirectUploadJob where the normal create contract`
			`# without this opt-out is used, and where a more specific content type may be`
			`# determined.`
			`def validate_content_type`
			`return if pending_content_type?`

			`super`
			`end`

			`def pending_content_type?`
			`return false unless OpenProject::Configuration.direct_uploads?`

			`model.content_type == OpenProject::ContentTypeDetector::SENSIBLE_DEFAULT`
			`end`
parse attachment metadata using a representer - adding general error handling for parse errors - changing the default error message for parse errors, which was very form specific before 10 years ago			`end`
			`end`