rooty/fab-manager
1
0
Fork 0
mirror of https://github.com/LaCasemate/fab-manager.git synced 2025-01-20 09:52:19 +01:00
Code Issues Releases Activity

display list of allowed extensions in project's CAD attachments

Browse Source
This commit is contained in:
Sylvain 2016-09-27 14:08:04 +02:00
parent bf9ea40648
commit 36524d4cd9
13 changed files with 73 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -38,6 +38,7 @@
- Admins can toggle reminders on/off and customize the delay
- More file types allowed as project CAD attachements
- Project CAD attachements are now checked by MIME type in addition of extension check
- Project CAD attachement allowed are now configured in environment variables
- Display strategy's name in SSO providers list
- SSO: documentation improved with an usage example
- SSO: mapped fields display their data type. Integers, booleans and dates allow some transformations.
@ -56,7 +57,7 @@
- [TODO DEPLOY] `rake fablab:es_add_event_filters`
- [TODO DEPLOY] `rake db:migrate`
- [TODO DEPLOY] `bundle install`
- [TODO DEPLOY] add `EXCEL_DATE_FORMAT` environment variable in `application.yml`
- [TODO DEPLOY] add `EXCEL_DATE_FORMAT`, `ALLOWED_EXTENSIONS` and `ALLOWED_MIME_TYPES` environment variable in `application.yml`
- [OPTIONAL] `rake fablab:fix:assign_category_to_uncategorized_events` (will put every non-categorized events into a new category called "No Category", to ease re-categorization)
## v2.3.1 2016 September 26

23
README.md
View File

@ -239,6 +239,29 @@ Retrieve them from https://apps.twitter.com
This is optional. You can follow [this guide to get your personal App ID](https://developers.facebook.com/docs/apps/register).
If you do so, you'll be able to customize and get statistics about project shares on Facebook.
LOG_LEVEL
This parameter configures the logs verbosity.
Available log levels can be found [here](http://guides.rubyonrails.org/debugging_rails_applications.html#log-levels).
ALLOWED_EXTENSIONS
Exhaustive list of file's extensions available for public upload as project's CAO attachements.
Each item in the list must be separated from the others by a space char.
You will probably want to check that this list match the `ALLOWED_MIME_TYPES` values below.
Please consider that allowing file archives (eg. ZIP) or binary executable (eg. EXE) may result in a **dangerous** security issue and must be avoided in any cases.
ALLOWED_MIME_TYPES
Exhaustive list of file's mime-types available for public upload as project's CAO attachements.
Each item in the list must be separated from the others by a space char.
You will probably want to check that this list match the `ALLOWED_EXTENSIONS` values above.
Please consider that allowing file archives (eg. application/zip) or binary executable (eg. application/exe) may result in a **dangerous** security issue and must be avoided in any cases.
Settings related to Open Projects
See the [Open Projects](#open-projects) section for a detailed description of these parameters.
Settings related to i18n
See the [Settings](#i18n-settings) section of the [Internationalization (i18n)](#i18n) paragraph for a detailed description of these parameters.

19
app/assets/javascripts/controllers/projects.coffee.erb
View File

@ -12,6 +12,7 @@
# - $scope.components = [{Component}]
# - $scope.themes = [{Theme}]
# - $scope.licences = [{Licence}]
# - $scope.allowedExtensions = [{String}]
# - $scope.submited(content)
# - $scope.cancel()
# - $scope.addFile()
@ -26,7 +27,7 @@
# - $state (Ui-Router) [ 'app.public.projects_show', 'app.public.projects_list' ]
##
class ProjectsController
constructor: ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, _t)->
constructor: ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t)->
## Retrieve the list of machines from the server
Machine.query().$promise.then (data)->
@ -52,8 +53,12 @@ class ProjectsController
id: d.id
name: d.name
## Total number of documentation steps for the current project
$scope.totalSteps = $scope.project.project_steps_attributes.length
## List of extensions allowed for CAD attachements upload
$scope.allowedExtensions = allowedExtensions
##
@ -315,8 +320,8 @@ Application.Controllers.controller "ProjectsController", ["$scope", "$state", 'P
##
# Controller used in the project creation page
##
Application.Controllers.controller "NewProjectController", ["$scope", "$state", 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', '_t'
, ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, _t) ->
Application.Controllers.controller "NewProjectController", ["$scope", "$state", 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'Diacritics', 'dialogs', 'allowedExtensions', '_t'
, ($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, Diacritics, dialogs, allowedExtensions, _t) ->
CSRF.setMetaTags()
## API URL where the form will be posted
@ -333,7 +338,7 @@ Application.Controllers.controller "NewProjectController", ["$scope", "$state",
$scope.matchingMembers = []
## Using the ProjectsController
new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, _t)
new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t)
]
@ -341,8 +346,8 @@ Application.Controllers.controller "NewProjectController", ["$scope", "$state",
##
# Controller used in the project edition page
##
Application.Controllers.controller "EditProjectController", ["$scope", "$state", '$stateParams', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'projectPromise', 'Diacritics', 'dialogs', '_t'
, ($scope, $state, $stateParams, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, projectPromise, Diacritics, dialogs, _t) ->
Application.Controllers.controller "EditProjectController", ["$scope", "$state", '$stateParams', 'Project', 'Machine', 'Member', 'Component', 'Theme', 'Licence', '$document', 'CSRF', 'projectPromise', 'Diacritics', 'dialogs', 'allowedExtensions', '_t'
, ($scope, $state, $stateParams, Project, Machine, Member, Component, Theme, Licence, $document, CSRF, projectPromise, Diacritics, dialogs, allowedExtensions, _t) ->
CSRF.setMetaTags()
## API URL where the form will be posted
@ -359,7 +364,7 @@ Application.Controllers.controller "EditProjectController", ["$scope", "$state",
name: u.full_name
## Using the ProjectsController
new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, _t)
new ProjectsController($scope, $state, Project, Machine, Member, Component, Theme, Licence, $document, Diacritics, dialogs, allowedExtensions, _t)
]

6
app/assets/javascripts/router.coffee.erb
View File

@ -270,6 +270,9 @@ angular.module('application.router', ['ui.router']).
templateUrl: '<%= asset_path "projects/new.html" %>'
controller: 'NewProjectController'
resolve:
allowedExtensions: ['Project', (Project)->
Project.allowedExtensions().$promise
]
translations: [ 'Translations', (Translations) ->
Translations.query(['app.logged.projects_new', 'app.shared.project']).$promise
]
@ -296,6 +299,9 @@ angular.module('application.router', ['ui.router']).
projectPromise: ['$stateParams', 'Project', ($stateParams, Project)->
Project.get(id: $stateParams.id).$promise
]
allowedExtensions: ['Project', (Project)->
Project.allowedExtensions().$promise
]
translations: [ 'Translations', (Translations) ->
Translations.query(['app.logged.projects_edit', 'app.shared.project']).$promise
]

4
app/assets/javascripts/services/project.coffee
View File

@ -11,4 +11,8 @@ Application.Services.factory 'Project', ["$resource", ($resource)->
method: 'GET'
url: '/api/projects/search'
isArray: false
allowedExtensions:
method: 'GET'
url: '/api/projects/allowed_extensions'
isArray: true
]

22
app/assets/templates/projects/_form.html.erb
View File

@ -42,18 +42,22 @@
<label class="col-sm-2 control-label" translate>{{ 'CAD_file' }}</label>
<div class="col-sm-10">
<div ng-repeat="file in project.project_caos_attributes" ng-show="!file._destroy">
<input type="hidden" name="project[project_caos_attributes][][id]" ng-value="file.id" />
<input type="hidden" name="project[project_caos_attributes][][_destroy]" ng-value="file._destroy" />
<div class="col-md-11 m-l-n">
<input type="hidden" name="project[project_caos_attributes][][id]" ng-value="file.id" />
<input type="hidden" name="project[project_caos_attributes][][_destroy]" ng-value="file._destroy" />
<div class="fileinput input-group" data-provides="fileinput" ng-class="fileinputClass(file.attachment)">
<div class="form-control" data-trigger="fileinput">
<i class="glyphicon glyphicon-file fileinput-exists"></i> <span class="fileinput-filename">{{file.attachment}}</span>
<div class="fileinput input-group" data-provides="fileinput" ng-class="fileinputClass(file.attachment)">
<div class="form-control" data-trigger="fileinput">
<i class="glyphicon glyphicon-file fileinput-exists"></i> <span class="fileinput-filename">{{file.attachment}}</span>
</div>
<span class="input-group-addon btn btn-default btn-file"><span class="fileinput-new" translate>{{ 'browse' }}</span>
<span class="fileinput-exists" translate>{{ 'change' }}</span><input type="file" name="project[project_caos_attributes][][attachment]"></span>
<a class="input-group-addon btn btn-danger fileinput-exists" data-dismiss="fileinput" ng-click="deleteFile(file)"><i class="fa fa-trash-o"></i></a>
</div>
<span class="input-group-addon btn btn-default btn-file"><span class="fileinput-new" translate>{{ 'browse' }}</span>
<span class="fileinput-exists" translate>{{ 'change' }}</span><input type="file" name="project[project_caos_attributes][][attachment]"></span>
<a class="input-group-addon btn btn-danger fileinput-exists" data-dismiss="fileinput" ng-click="deleteFile(file)"><i class="fa fa-trash-o"></i></a>
</div>
<div class="col-md-1 m-t-xs">
<i class="fa fa-info-circle" aria-hidden="true" uib-tooltip="{{ 'allowed_extensions' | translate }} : {{allowedExtensions.join(', ')}}" tooltip-placement="bottom" tooltip-class="media-lg"></i>
</div>
</div>
<a class="btn btn-default" ng-click="addFile()" role="button">{{ 'add_a_new_file' | translate }} <i class="fa fa-file-o fa-fw"></i></a>
</div>

4
app/controllers/api/projects_controller.rb
View File

@ -57,6 +57,10 @@ class API::ProjectsController < API::ApiController
render :index
end
def allowed_extensions
render json: ENV['ALLOWED_EXTENSIONS'].split(' '), status: :ok
end
private
def set_project
@project = Project.find(params[:id])

10
app/models/project_cao.rb
View File

@ -2,13 +2,5 @@ class ProjectCao < Asset
mount_uploader :attachment, ProjectCaoUploader
validates :attachment, file_size: { maximum: 20.megabytes.to_i }
validates :attachment, :file_mime_type => {
:content_type => %w(application/pdf application/postscript application/illustrator
image/x-eps image/svg+xml application/sla application/dxf application/acad application/dwg
application/octet-stream application/step application/iges model/iges x-world/x-3dmf
application/ application/vnd.openxmlformats-officedocument.wordprocessingml.document
image/png text/x-arduino text/plain application/scad application/vnd.sketchup.skp
application/x-koan application/vnd-koan koan/x-skm application/vnd.koan application/x-tex
application/x-latex)
}
validates :attachment, :file_mime_type => { :content_type => ENV['ALLOWED_MIME_TYPES'].split(' ') }
end

2
app/uploaders/project_cao_uploader.rb
View File

@ -39,7 +39,7 @@ class ProjectCaoUploader < CarrierWave::Uploader::Base
# Add a white list of extensions which are allowed to be uploaded.
# For images you might use something like this:
def extension_white_list
%w(pdf ai eps cad math svg stl dxf dwg obj step iges igs 3dm 3dmf doc docx png ino scad fcad skp sldprt sldasm slddrw slddrt tex latex ps)
ENV['ALLOWED_EXTENSIONS'].split(' ')
end
# Override the filename of the uploaded files:

3
config/application.yml.default
View File

@ -56,3 +56,6 @@ OPENLAB_APP_ID:
OPENLAB_BASE_URI: 'https://openprojects.fab-manager.com'
LOG_LEVEL: 'debug'
ALLOWED_EXTENSIONS: pdf ai eps cad math svg stl dxf dwg obj step iges igs 3dm 3dmf doc docx png ino scad fcad skp sldprt sldasm slddrw slddrt tex latex ps
ALLOWED_MIME_TYPES: application/pdf application/postscript application/illustrator image/x-eps image/svg+xml application/sla application/dxf application/acad application/dwg application/octet-stream application/step application/iges model/iges x-world/x-3dmf application/ application/vnd.openxmlformats-officedocument.wordprocessingml.document image/png text/x-arduino text/plain application/scad application/vnd.sketchup.skp application/x-koan application/vnd-koan koan/x-skm application/vnd.koan application/x-tex application/x-latex

1
config/locales/app.shared.en.yml
View File

@ -128,6 +128,7 @@ en:
illustration: "Illustration"
add_an_illustration: "Add an illustration"
CAD_file: "CAD file"
allowed_extensions: "Allowed extensions:"
add_a_new_file: "Add a new file"
steps: "Steps"
step_title: "Step title"

1
config/locales/app.shared.fr.yml
View File

@ -128,6 +128,7 @@ fr:
illustration: "Illustration"
add_an_illustration: "Ajouter un visuel"
CAD_file: "Fichier CAO"
allowed_extensions: "Extensions autorisées :"
add_a_new_file: "Ajouter un nouveau fichier"
steps: "Étapes"
step_title: "Titre de l'étape"

3
config/routes.rb
View File

@ -26,10 +26,11 @@ Rails.application.routes.draw do
root 'application#index'
namespace :api, as: nil, defaults: { format: :json } do
resources :projects, only: [:index, :last_published, :show, :create, :update, :destroy] do
resources :projects, only: [:index, :show, :create, :update, :destroy] do
collection do
get :last_published
get :search
get :allowed_extensions
end
end
resources :openlab_projects, only: :index