diff --git a/plugins/documents/app/controllers/documents_controller.rb b/plugins/documents/app/controllers/documents_controller.rb index d4e688dd..4d115eaf 100644 --- a/plugins/documents/app/controllers/documents_controller.rb +++ b/plugins/documents/app/controllers/documents_controller.rb @@ -26,6 +26,7 @@ class DocumentsController < ApplicationController @document = Document.new @document.data = params[:document][:data].read @document.mime = FileMagic.new(FileMagic::MAGIC_MIME).buffer(@document.data) + raise t('.not_allowed_mime', mime: @document.mime) unless allowed_mime? @document.mime if params[:document][:name] == '' name = params[:document][:data].original_filename name = File.basename(name) @@ -56,4 +57,12 @@ class DocumentsController < ApplicationController @document = Document.find(params[:id]) send_data(@document.data, filename: @document.filename, type: @document.mime) end + + def allowed_mime?(mime) + whitelist = FoodsoftConfig[:documents_allowed_extension].split + MIME::Types.type_for(whitelist).each do |type| + return true if type.like? mime + end + false + end end diff --git a/plugins/documents/app/overrides/admin/configs/_tab_others/add_documents_config.html.haml.deface b/plugins/documents/app/overrides/admin/configs/_tab_others/add_documents_config.html.haml.deface index 65b9a0b3..f0e5d68a 100644 --- a/plugins/documents/app/overrides/admin/configs/_tab_others/add_documents_config.html.haml.deface +++ b/plugins/documents/app/overrides/admin/configs/_tab_others/add_documents_config.html.haml.deface @@ -1,2 +1,3 @@ -/ insert_before ':root:first-child' -= config_input form, :use_documents, as: :boolean +/ insert_after ':root:last-child' += config_use_heading form, :use_documents do + = config_input form, :documents_allowed_extension, as: :string, input_html: {class: 'input-xlarge'} diff --git a/plugins/documents/config/locales/de.yml b/plugins/documents/config/locales/de.yml index c9e5ed79..382f0ce7 100644 --- a/plugins/documents/config/locales/de.yml +++ b/plugins/documents/config/locales/de.yml @@ -9,14 +9,17 @@ de: name: Name config: hints: + documents_allowed_extension: Eine Liste an erlaubten Dateiendungen getrennt durch Leerzeichen. use_documents: Einfache Dokumentenverwaltung aktivieren keys: + documents_allowed_extension: Erlaubte Endungen use_documents: Dokumente verwenden navigation: documents: Dokumente documents: create: error: 'Dokument konnte nicht erstellt werden: %{error}' + not_allowed_mime: Der Dateityp "%{mime}" ist nicht erlaubt. Bitte kontaktiere einen Administrator um ihn freizuschalten. notice: Dokument wurde erstellt destroy: error: 'Dokument konnt nicht gelöscht werden: %{error}' diff --git a/plugins/documents/config/locales/en.yml b/plugins/documents/config/locales/en.yml index 56ab39a0..67ea08cd 100644 --- a/plugins/documents/config/locales/en.yml +++ b/plugins/documents/config/locales/en.yml @@ -9,14 +9,17 @@ en: name: Name config: hints: + documents_allowed_extension: A list of allowed filename extensions separated by spaces. use_documents: Add a basic document sharing page to the foodcoop menu. keys: + documents_allowed_extension: Allowed extensions use_documents: Enable documents navigation: documents: Documents documents: create: error: 'Document could not be created: %{error}' + not_allowed_mime: The filetype "%{mime}" is not allowed. Please contact an administrator to whitelist it. notice: Document was created destroy: error: 'Document could not be deleted: %{error}' diff --git a/plugins/documents/lib/foodsoft_documents/engine.rb b/plugins/documents/lib/foodsoft_documents/engine.rb index b3819a0e..e2e8ed7c 100644 --- a/plugins/documents/lib/foodsoft_documents/engine.rb +++ b/plugins/documents/lib/foodsoft_documents/engine.rb @@ -11,5 +11,9 @@ module FoodsoftDocuments sub_nav.items.insert(i, sub_nav.items.delete_at(-1)) end end + + def default_foodsoft_config(cfg) + cfg[:documents_allowed_extension] = 'gif jpg png txt' + end end end