Merge pull request #704 from cul-it/LP-1126-sizelimits

Set upload limits and expiry token fix

app/assets/javascripts/spotlight/admin/sir-trevor/locales.js

@@ -1,4 +1,13 @@
 SirTrevor.Locales.en.blocks = $.extend(SirTrevor.Locales.en.blocks, {
+  // Override the uploaded_items widget description
+  uploaded_items: {
+    title: "Uploaded Item Row",
+    description: "This widget displays uploaded items in a horizontal row. Optionally, you can add a heading and/or text to be displayed adjacent to the items. To meet accessibility standards, be sure to provide an item caption if adding an optional link URL. Each item should be less than 10MB in size.",
+    caption: 'Caption',
+    link: 'Link URL'
+  },
+
+  // Add alt text field to the resources panel
   resources: {
     panel: {
       drag: "Drag",

app/prepends/prepended_controllers/upload_controller.rb

@@ -3,6 +3,20 @@
 # Based on the Module#prepend pattern in ruby.
 # Uses the to_prepare Rails hook in application.rb to inject this module to override Spotlight::Resources::UploadController
 module PrependedControllers::UploadController
+  # Overrides create method to display more helpful error messages
+  def create
+    if @resource.save_and_index
+      flash[:notice] = t('spotlight.resources.upload.success')
+      return redirect_to new_exhibit_resource_path(@resource.exhibit, tab: :upload) if params['add-and-continue']
+    else
+      general_error = t('spotlight.resources.upload.error')
+      specific_errors = @resource.errors.messages.values
+      flash[:error] = [general_error, specific_errors].flatten.join(' ')
+    end
+
+    redirect_to admin_exhibit_catalog_path(@resource.exhibit, sort: :timestamp)
+  end
+
   private
 
   # Overrides build_resource method to handle multiple uploads

app/prepends/prepended_models/upload.rb

@@ -12,6 +12,8 @@ module PrependedModels::Upload
 
   Spotlight::Resources::Upload.accepts_nested_attributes_for :uploads
 
+  Spotlight::Resources::Upload.validates :uploads, length: { maximum: 30 }
+
   # Overrides to_solr method to handle multiple uploads
   # rubocop:disable Metrics/AbcSize
   def to_solr

app/prepends/prepended_uploaders/featured_image_uploader.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+# Based on the Module#prepend pattern in ruby.
+# Uses the to_prepare Rails hook in application.rb to inject this module to override Spotlight::FeaturedImageUploader
+module PrependedUploaders::FeaturedImageUploader
+  # Carrierwave validation to check file size is between provided range
+  # File is first uploaded to tmp, then removed if validation fails
+  def size_range
+    1.byte..10.megabytes
+  end
+end

app/views/spotlight/sir_trevor/blocks/_uploaded_items_block.html.erb

@@ -25,7 +25,9 @@
             <% end %>
 
             <% if uploaded_items_block.zpr_link? %>
-              <%= button_tag t('.zpr_link_html', title: file[:caption]), class: 'btn btn-secondary zpr-link', data: { 'iiif-tilesource' => { type: 'image', url: file[:url] }.to_json } %>
+              <% ### BEGIN CUSTOMIZATION - use patched url %>
+              <%= button_tag t('.zpr_link_html', title: file[:caption]), class: 'btn btn-secondary zpr-link', data: { 'iiif-tilesource' => { type: 'image', url: url }.to_json } %>
+              <% ### END CUSTOMIZATION %>
             <% end %>
           </div>
         </div>

compose.yaml

@@ -61,10 +61,15 @@ services:
       context: .
       target: development
     entrypoint: docker/run_sidekiq.sh
-    depends_on:
-      - redis
+    image: exhibits
+    stdin_open: true
+    tty: true
     env_file:
       - .env
+    volumes:
+      - .:/exhibits
+    depends_on:
+      - redis
 
 volumes:
   db-data:

config/application.rb

@@ -35,6 +35,9 @@ class Application < Rails::Application
 
       # Services
       Spotlight::ExhibitImportExportService.prepend PrependedServices::ExhibitImportExportService
+
+      # Uploaders
+      Spotlight::FeaturedImageUploader.prepend PrependedUploaders::FeaturedImageUploader
     end
   end
 end

config/locales/en.yml

@@ -31,9 +31,20 @@
 
 en:
   hello: "Hello world"
+  activerecord:
+    errors:
+      models:
+        spotlight/resource:
+          attributes:
+            uploads:
+              too_long: You are not allowed to upload more than 30 files for a single exhibit item.
   portal_resources:
     form:
       add_item: "Add results of portal search"
   dashboard: Dashboard
+  errors:
+    messages:
+      extension_allowlist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}."
+      min_size_error: "File size should be greater than %{min_size}."
+      max_size_error: "File size should be less than %{max_size}."
   local_documentation: Cornell curator documentation
-

config/locales/spotlight.en.yml

@@ -4,11 +4,29 @@ en:
       spotlight/exhibit:
         tag_list: Cmd+click or Ctrl+click to select multiple tags.
   spotlight:
+    catalog:
+      edit_default:
+        url-field:
+          help: 'Valid file types: %{extensions}. Files should be less than 10MB in size.'
     confirmation_mailer:
       confirmation_instructions:
         welcome: "Welcome %{email}!"
         instructions: "You recently requested an account on the Library's Online Exhibitions website. Please click the link below to confirm your account:"
         confirm: Confirm my account
+    contacts:
+      form:
+        source:
+          remote:
+            help: File should be less than 10MB in size.
+    featured_images:
+      form:
+        source:
+          remote:
+            help: File should be less than 10MB in size.
+      upload_form:
+        source:
+          remote:
+            help: File should be less than 10MB in size.
     header_links:
       login: Admin Login
     admin_users:
@@ -17,6 +35,12 @@ en:
         destroy: Remove from exhibit creator role
         instructions: Existing exhibit creators
         update: Make user an exhibit creator
+    resources:
+      upload:
+        error: Your item could not be added.
+        form:
+          url-field:
+            help: 'Valid file types: %{extensions}. Files should be less than 10MB in size.'
     search:
       fields:
         spotlight_copyright_tesim: Copyright

spec/fixtures/invalid.txt

@@ -0,0 +1 @@
+I hope someone uploads me!

spec/prepends/prepended_controllers/upload_controller_spec.rb

@@ -19,22 +19,63 @@
     let(:exhibit) { create(:exhibit) }
     let(:user) { exhibit.users.first }
 
-    before { sign_in user }
-
-    it 'creates a new upload item with multiple featured images' do
-      expect(exhibit.resources.count).to eq(0)
-      post :create, params: {
-        exhibit_id: exhibit,
-        resources_upload: {
-          url: [image_1, image_2],
-          data: item_data
-        },
-        controller: 'spotlight/resources/upload',
-        action: 'create'
-      }
-      expect(exhibit.resources.count).to eq(1)
-      new_item = exhibit.resources.first
-      expect(new_item.uploads.count).to eq(2)
+    context 'when not logged in' do
+      it 'is not allowed' do
+        post :create, params: { exhibit_id: exhibit }
+        expect(response).to redirect_to new_user_session_path
+      end
+    end
+
+    context 'when signed in as a curator' do
+      before { sign_in user }
+
+      it 'creates a new upload item with multiple featured images' do
+        expect(exhibit.resources.count).to eq(0)
+        post :create, params: {
+          exhibit_id: exhibit,
+          resources_upload: {
+            url: [image_1, image_2],
+            data: item_data
+          },
+          controller: 'spotlight/resources/upload',
+          action: 'create'
+        }
+        expect(exhibit.resources.count).to eq(1)
+        new_item = exhibit.resources.first
+        expect(new_item.uploads.count).to eq(2)
+      end
+
+      # Copies tests from spec/controllers/spotlight/resources/upload_controller_spec.rb in spotlight gem
+      #   since #create is overridden in PrependedControllers
+      it 'redirects to the item admin page' do
+        post :create, params: { exhibit_id: exhibit, resources_upload: { url: [image_1], data: item_data } }
+        expect(flash[:notice]).to eq('Object uploaded successfully.')
+        expect(response).to redirect_to admin_exhibit_catalog_path(exhibit, sort: :timestamp)
+      end
+
+      it 'redirects to the upload form when the add-and-continue parameter is present' do
+        post :create, params: { exhibit_id: exhibit, 'add-and-continue' => 'true', resources_upload: { url: [image_1], data: item_data } }
+        expect(flash[:notice]).to eq('Object uploaded successfully.')
+        expect(response).to redirect_to new_exhibit_resource_path(exhibit, tab: 'upload')
+      end
+
+      context 'invalid resource' do
+        let(:too_large_image) { Rack::Test::UploadedFile.new(File.expand_path('../../fixtures/white_large.png', __dir__)) }
+        let(:invalid_file_type) { Rack::Test::UploadedFile.new(File.expand_path('../../fixtures/invalid.txt', __dir__)) }
+
+        it 'displays error messages when image is too large' do
+          post :create, params: { exhibit_id: exhibit, resources_upload: { url: [too_large_image], data: item_data } }
+          expect(flash[:error]).to eq('Your item could not be added. File size should be less than 10 MB.')
+          expect(response).to redirect_to admin_exhibit_catalog_path(exhibit, sort: :timestamp)
+        end
+
+        it 'displays multiple errors messages, when multiple invalid files' do
+          post :create, params: { exhibit_id: exhibit, resources_upload: { url: [too_large_image, invalid_file_type], data: item_data } }
+          expect(flash[:error]).to include('Your item could not be added.')
+          expect(flash[:error]).to include('File size should be less than 10 MB.')
+          expect(flash[:error]).to include('You are not allowed to upload "txt" files, allowed types:')
+        end
+      end
     end
   end
 end

spec/prepends/prepended_models/upload_spec.rb

@@ -2,6 +2,26 @@
 
 # Tests overrides in PrependedModels::Upload
 describe Spotlight::Resources::Upload, type: :model do
+  describe 'validations' do
+    let(:exhibit) { create(:exhibit) }
+    let(:upload_resource) { Spotlight::Resources::Upload.new(exhibit: exhibit) }
+    let(:file) { Rack::Test::UploadedFile.new(File.expand_path('../../fixtures/grey.png', __dir__)) }
+
+    it 'is invalid when more than 30 upload files are associated' do
+      uploads_attributes = Array.new(31, { image: file })
+      upload_resource.uploads.build(uploads_attributes)
+      expect(upload_resource).to be_invalid
+      expect(upload_resource.errors[:uploads]).to include('You are not allowed to upload more than 30 files for a single exhibit item.')
+    end
+
+    it 'is valid when 30 upload files are associated' do
+      uploads_attributes = Array.new(30, { image: file })
+      upload_resource.uploads.build(uploads_attributes)
+      expect(upload_resource).to be_valid
+      expect(upload_resource.errors).to be_empty
+    end
+  end
+
   describe '#to_solr' do
     let(:upload_resource) { create(:upload_with_multiple_images) }
 

spec/prepends/prepended_uploaders/featured_image_uploader_spec.rb

@@ -0,0 +1,18 @@
+require 'rails_helper'
+
+describe Spotlight::FeaturedImageUploader do
+  let(:mounter) { Spotlight::FeaturedImage.new }
+  let(:featured_image_uploader) { described_class.new(mounter, 'mounted_as') }
+
+  describe '#size_range' do
+    it 'does not error when file is less than 10 megabytes' do
+      test_file = File.open(File.expand_path('../../fixtures/grey.png', __dir__))
+      expect { featured_image_uploader.cache!(test_file) }.not_to raise_error
+    end
+
+    it 'raises an error when file is more than 10 megabytes' do
+      test_file = File.open(File.expand_path('../../fixtures/white_large.png', __dir__))
+      expect { featured_image_uploader.cache!(test_file) }.to raise_error(CarrierWave::IntegrityError, 'File size should be less than 10 MB.')
+    end
+  end
+end

spec/rails_helper.rb

@@ -59,6 +59,8 @@
   config.include Devise::Test::ControllerHelpers, type: :controller
   config.include Warden::Test::Helpers
 
+  config.include Rails.application.routes.url_helpers
+
   config.before(:each, type: :feature) do
     Warden.test_mode!
   end

spec/spec_helper.rb

@@ -5,6 +5,8 @@
 FactoryBot.definition_file_paths = [File.expand_path("../factories", __FILE__)]
 FactoryBot.find_definitions
 
+require "#{Gem::Specification.find_by_name('blacklight-spotlight').gem_dir}/spec/support/features/test_features_helpers"
+
 # This file was generated by the `rails generate rspec:install` command. Conventionally, all
 # specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
 # The generated `.rspec` file contains `--require spec_helper` which will cause
@@ -56,6 +58,9 @@
 
   config.include FactoryBot::Syntax::Methods
 
+  # Uses spec support from spotlight
+  config.include Spotlight::TestFeaturesHelpers, type: :system
+
   config.before(:each, type: :system) do
     driven_by :rack_test
   end

spec/system/page_widget_spec.rb

@@ -1,11 +1,6 @@
 require 'rails_helper'
 
-# Gem::Specificationfind_by_name is not a rails dynamic finder
-require "#{Gem::Specification.find_by_name('blacklight-spotlight').gem_dir}/spec/support/features/test_features_helpers"
-
 describe 'Editing spotlight pages', type: :system do
-  include Spotlight::TestFeaturesHelpers
-
   let(:exhibit) { create(:exhibit) }
   let(:user) { exhibit.users.first }
   let!(:item) { create(:upload_with_multiple_images, exhibit: exhibit) }