Skip to content

Commit

Permalink
LP-1126 - Limit file upload size to 10MB
Browse files Browse the repository at this point in the history
  • Loading branch information
chrisrlc committed Dec 18, 2024
1 parent 39d9b50 commit d8c4df5
Show file tree
Hide file tree
Showing 12 changed files with 152 additions and 22 deletions.
9 changes: 9 additions & 0 deletions app/assets/javascripts/spotlight/admin/sir-trevor/locales.js
Original file line number Diff line number Diff line change
@@ -1,4 +1,13 @@
SirTrevor.Locales.en.blocks = $.extend(SirTrevor.Locales.en.blocks, {
// Override the uploaded_items widget description
uploaded_items: {
title: "Uploaded Item Row",
description: "This widget displays uploaded items in a horizontal row. Optionally, you can add a heading and/or text to be displayed adjacent to the items. To meet accessibility standards, be sure to provide an item caption if adding an optional link URL. Each item should be less than 10MB in size.",
caption: 'Caption',
link: 'Link URL'
},

// Add alt text field to the resources panel
resources: {
panel: {
drag: "Drag",
Expand Down
12 changes: 12 additions & 0 deletions app/prepends/prepended_controllers/upload_controller.rb
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,18 @@
# Based on the Module#prepend pattern in ruby.
# Uses the to_prepare Rails hook in application.rb to inject this module to override Spotlight::Resources::UploadController
module PrependedControllers::UploadController
# Overrides create method to display more helpful error messages
def create
if @resource.save_and_index
flash[:notice] = t('spotlight.resources.upload.success')
return redirect_to new_exhibit_resource_path(@resource.exhibit, tab: :upload) if params['add-and-continue']
else
flash[:error] = @resource.errors.messages.values.flatten.join(' ')
end

redirect_to admin_exhibit_catalog_path(@resource.exhibit, sort: :timestamp)
end

private

# Overrides build_resource method to handle multiple uploads
Expand Down
11 changes: 11 additions & 0 deletions app/prepends/prepended_uploaders/featured_image_uploader.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
# frozen_string_literal: true

# Based on the Module#prepend pattern in ruby.
# Uses the to_prepare Rails hook in application.rb to inject this module to override Spotlight::FeaturedImageUploader
module PrependedUploaders::FeaturedImageUploader
# Carrierwave validation to check file size is between provided range
# File is first uploaded to tmp, then removed if validation fails
def size_range
1.byte..10.megabytes
end
end
3 changes: 3 additions & 0 deletions config/application.rb
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,9 @@ class Application < Rails::Application

# Services
Spotlight::ExhibitImportExportService.prepend PrependedServices::ExhibitImportExportService

# Uploaders
Spotlight::FeaturedImageUploader.prepend PrependedUploaders::FeaturedImageUploader
end
end
end
13 changes: 12 additions & 1 deletion config/locales/en.yml
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,20 @@

en:
hello: "Hello world"
activerecord:
errors:
models:
spotlight/resource:
attributes:
uploads:
too_long: You are not allowed to upload more than 30 files for a single exhibit item.
portal_resources:
form:
add_item: "Add results of portal search"
dashboard: Dashboard
errors:
messages:
extension_allowlist_error: "You are not allowed to upload %{extension} files, allowed types: %{allowed_types}."
min_size_error: "File size should be greater than %{min_size}."
max_size_error: "File size should be less than %{max_size}."
local_documentation: Cornell curator documentation

23 changes: 23 additions & 0 deletions config/locales/spotlight.en.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,29 @@ en:
spotlight/exhibit:
tag_list: Cmd+click or Ctrl+click to select multiple tags.
spotlight:
catalog:
edit_default:
url-field:
help: 'Valid file types: %{extensions}. Files should be less than 10MB in size.'
confirmation_mailer:
confirmation_instructions:
welcome: "Welcome %{email}!"
instructions: "You recently requested an account on the Library's Online Exhibitions website. Please click the link below to confirm your account:"
confirm: Confirm my account
contacts:
form:
source:
remote:
help: File should be less than 10MB in size.
featured_images:
form:
source:
remote:
help: File should be less than 10MB in size.
upload_form:
source:
remote:
help: File should be less than 10MB in size.
header_links:
login: Admin Login
admin_users:
Expand All @@ -17,6 +35,11 @@ en:
destroy: Remove from exhibit creator role
instructions: Existing exhibit creators
update: Make user an exhibit creator
resources:
upload:
form:
url-field:
help: 'Valid file types: %{extensions}. Files should be less than 10MB in size.'
search:
fields:
spotlight_copyright_tesim: Copyright
Expand Down
1 change: 1 addition & 0 deletions spec/fixtures/invalid.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
I hope someone uploads me!
Binary file added spec/fixtures/white_large.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
72 changes: 56 additions & 16 deletions spec/prepends/prepended_controllers/upload_controller_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -19,22 +19,62 @@
let(:exhibit) { create(:exhibit) }
let(:user) { exhibit.users.first }

before { sign_in user }

it 'creates a new upload item with multiple featured images' do
expect(exhibit.resources.count).to eq(0)
post :create, params: {
exhibit_id: exhibit,
resources_upload: {
url: [image_1, image_2],
data: item_data
},
controller: 'spotlight/resources/upload',
action: 'create'
}
expect(exhibit.resources.count).to eq(1)
new_item = exhibit.resources.first
expect(new_item.uploads.count).to eq(2)
context 'when not logged in' do
it 'is not allowed' do
post :create, params: { exhibit_id: exhibit }
expect(response).to redirect_to main_app.new_user_session_path
end
end

context 'when signed in as a curator' do
before { sign_in user }

it 'creates a new upload item with multiple featured images' do
expect(exhibit.resources.count).to eq(0)
post :create, params: {
exhibit_id: exhibit,
resources_upload: {
url: [image_1, image_2],
data: item_data
},
controller: 'spotlight/resources/upload',
action: 'create'
}
expect(exhibit.resources.count).to eq(1)
new_item = exhibit.resources.first
expect(new_item.uploads.count).to eq(2)
end

# Copies tests from spec/controllers/spotlight/resources/upload_controller_spec.rb in spotlight gem
# since #create is overridden in PrependedControllers
it 'redirects to the item admin page' do
post :create, params: { exhibit_id: exhibit, resources_upload: { url: [image_1], data: item_data } }
expect(flash[:notice]).to eq('Object uploaded successfully.')
expect(response).to redirect_to admin_exhibit_catalog_path(exhibit, sort: :timestamp)
end

it 'redirects to the upload form when the add-and-continue parameter is present' do
post :create, params: { exhibit_id: exhibit, 'add-and-continue' => 'true', resources_upload: { url: [image_1], data: item_data } }
expect(flash[:notice]).to eq('Object uploaded successfully.')
expect(response).to redirect_to new_exhibit_resource_path(exhibit, tab: 'upload')
end

context 'invalid resource' do
let(:too_large_image) { Rack::Test::UploadedFile.new(File.expand_path('../../fixtures/white_large.png', __dir__)) }
let(:invalid_file_type) { Rack::Test::UploadedFile.new(File.expand_path('../../fixtures/invalid.txt', __dir__)) }

it 'displays error messages when image is too large' do
post :create, params: { exhibit_id: exhibit, resources_upload: { url: [too_large_image], data: item_data } }
expect(flash[:error]).to eq('File size should be less than 10 MB.')
expect(response).to redirect_to admin_exhibit_catalog_path(exhibit, sort: :timestamp)
end

it 'displays multiple errors messages, when multiple invalid files' do
post :create, params: { exhibit_id: exhibit, resources_upload: { url: [too_large_image, invalid_file_type], data: item_data } }
expect(flash[:error]).to include('File size should be less than 10 MB.')
expect(flash[:error]).to include('You are not allowed to upload "txt" files, allowed types:')
end
end
end
end
end
18 changes: 18 additions & 0 deletions spec/prepends/prepended_uploaders/featured_image_uploader_spec.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
require 'rails_helper'

describe Spotlight::FeaturedImageUploader do
let(:mounter) { Spotlight::FeaturedImage.new }
let(:featured_image_uploader) { described_class.new(mounter, 'mounted_as') }

describe '#size_range' do
it 'does not error when file is less than 10 megabytes' do
test_file = File.open(File.expand_path('../../fixtures/grey.png', __dir__))
expect { featured_image_uploader.cache!(test_file) }.not_to raise_error
end

it 'raises an error when file is more than 10 megabytes' do
test_file = File.open(File.expand_path('../../fixtures/white_large.png', __dir__))
expect { featured_image_uploader.cache!(test_file) }.to raise_error(CarrierWave::IntegrityError, 'File size should be less than 10 MB.')
end
end
end
7 changes: 7 additions & 0 deletions spec/spec_helper.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,9 @@
FactoryBot.definition_file_paths = [File.expand_path("../factories", __FILE__)]
FactoryBot.find_definitions

require "#{Gem::Specification.find_by_name('blacklight-spotlight').gem_dir}/spec/support/features/test_features_helpers"
require "#{Gem::Specification.find_by_name('blacklight-spotlight').gem_dir}/spec/support/controllers/engine_helpers"

# This file was generated by the `rails generate rspec:install` command. Conventionally, all
# specs live under a `spec` directory, which RSpec adds to the `$LOAD_PATH`.
# The generated `.rspec` file contains `--require spec_helper` which will cause
Expand Down Expand Up @@ -56,6 +59,10 @@

config.include FactoryBot::Syntax::Methods

# Uses spec support from spotlight
config.include Controllers::EngineHelpers, type: :controller
config.include Spotlight::TestFeaturesHelpers, type: :system

config.before(:each, type: :system) do
driven_by :rack_test
end
Expand Down
5 changes: 0 additions & 5 deletions spec/system/page_widget_spec.rb
Original file line number Diff line number Diff line change
@@ -1,11 +1,6 @@
require 'rails_helper'

# Gem::Specificationfind_by_name is not a rails dynamic finder
require "#{Gem::Specification.find_by_name('blacklight-spotlight').gem_dir}/spec/support/features/test_features_helpers"

describe 'Editing spotlight pages', type: :system do
include Spotlight::TestFeaturesHelpers

let(:exhibit) { create(:exhibit) }
let(:user) { exhibit.users.first }
let!(:item) { create(:upload_with_multiple_images, exhibit: exhibit) }
Expand Down

0 comments on commit d8c4df5

Please sign in to comment.