Merge pull request #1770 from codidact/0valt/1769/uploads

File upload improvements

Author: ArtOfCode-

Gemfile

@@ -7,6 +7,7 @@ gem 'counter_culture', '~> 3.2'
 gem 'fastimage', '~> 2.2'
 gem 'image_processing', '~> 1.12'
 gem 'jquery-rails', '~> 4.5.0'
+gem 'mime-types', '~> 3.7'
 gem 'mysql2', '~> 0.5.4'
 gem 'puma', '~> 5.6'
 gem 'rails', '~> 7.2'

Gemfile.lock

@@ -493,6 +493,7 @@ DEPENDENCIES
   listen (~> 3.7)
   maintenance_tasks (~> 2.2)
   memory_profiler (~> 1.0)
+  mime-types (~> 3.7)
   minitest (~> 5.16.0)
   minitest-ci (~> 3.4.0)
   msgpack (~> 1.8)

app/assets/javascripts/site_settings.js

@@ -1,9 +1,17 @@
 $(() => {
+  /**
+   * @type {Record<string, JQuery<HTMLInputElement | HTMLTextAreaElement | HTMLSelectElement>>}
+   */
   const settingEditFields = {
+    'array': $(`<select class="form-element js-setting-edit" multiple></select>`),
     'string': $(`<input type="text" class="form-element js-setting-edit" />`),
     'integer': $('<input type="number" class="form-element js-setting-edit" />'),
     'float': $('<input type="number" step="0.0001" class="form-element js-setting-edit" />'),
-    'boolean': $(`<select class="form-element js-setting-edit"><option value></option><option value="true">true</option><option value="false">false</option></select>`),
+    'boolean': $(`<select class="form-element js-setting-edit">
+                    <option value></option>
+                    <option value="true">true</option>
+                    <option value="false">false</option>
+                  </select>`),
     'json': $(`<textarea rows="5" cols="100" class="form-element js-setting-edit"></textarea>`),
     'text': $(`<textarea rows="5" cols="100" class="form-element js-setting-edit"></textarea>`)
   };
@@ -26,9 +34,34 @@ $(() => {
     const data = await resp.json();
     const value = data.typed;
 
-    const form = settingEditFields[valueType].clone().val(!!value ? value.toString() : '')
-                                             .attr('data-name', name).attr('data-community-id', communityId);
-    $tgt.addClass('editing').html(form).append(`<button class="button is-primary is-filled js-setting-submit">Update</button>`);
+    const field = settingEditFields[valueType].clone()
+                                              .attr('data-name', name)
+                                              .attr('data-community-id', communityId)
+                                              .get(0);
+
+    if (valueType === 'array' && field instanceof HTMLSelectElement) {
+      for (const opt of data.options ?? []) {
+        const option = document.createElement('option');
+        option.textContent = opt;
+        option.value = opt;
+        option.selected = value.includes(opt);
+        field.add(option);
+      }
+    }
+    else if (valueType === 'boolean') {
+      field.value = value.toString();
+    }
+    else {
+      field.value = !!value ? value.toString() : '';
+    }
+
+    $tgt.addClass('editing')
+        .html(field)
+        .append(`<button class="button is-primary is-filled js-setting-submit has-display-block">Update</button>`);
+
+    if (valueType === 'array') {
+      $(field).select2();
+    }
   });
 
   $(document).on('click', '.js-setting-submit', async (evt) => {
@@ -39,9 +72,14 @@ $(() => {
     const communityId = $input.data('community-id');
     const value = $input.val();
 
-    let body = {site_setting: {value}};
+    const body = {
+      site_setting: {
+        value: Array.isArray(value) ? value.join(' ') : value
+      }
+    };
+
     if (!!communityId) {
-      body = Object.assign(body, {community_id: communityId});
+      body.community_id = communityId;
     }
 
     const resp = await QPixel.fetchJSON(`/admin/settings/${name}`, body);

app/controllers/posts_controller.rb

@@ -509,12 +509,12 @@ def document
   end
 
   def upload
-    content_types = Rails.application.config.active_storage.web_image_content_types
-    extensions = content_types.map { |ct| ct.gsub('image/', '') }
-    unless helpers.valid_image?(params[:file])
-      render json: { error: "Images must be one of #{extensions.join(', ')}" }, status: :bad_request
+    unless helpers.valid_upload?(params[:file])
+      render json: { error: "Images must be one of #{helpers.allowed_upload_extensions.join(', ')}" },
+             status: :bad_request
       return
     end
+
     @blob = ActiveStorage::Blob.create_and_upload!(io: params[:file], filename: params[:file].original_filename,
                                                    content_type: params[:file].content_type)
     render json: { link: uploaded_url(@blob.key) }

app/controllers/users_controller.rb

@@ -398,7 +398,7 @@ def update_profile
     @user = current_user
 
     if params[:user][:avatar].present?
-      if helpers.valid_image?(params[:user][:avatar])
+      if helpers.valid_upload?(params[:user][:avatar])
         @user.avatar.attach(params[:user][:avatar])
       else
         @user.errors.add(:avatar, 'must be a valid image')

app/helpers/uploads_helper.rb

@@ -1,3 +1,5 @@
+require 'mime/types'
+
 module UploadsHelper
   def upload_remote_url(blob)
     bucket = Rails.cache.fetch 'active_storage/s3/bucket' do
@@ -6,15 +8,23 @@ def upload_remote_url(blob)
     "https://s3.amazonaws.com/#{bucket}/#{blob.is_a?(String) ? blob : blob.key}"
   end
 
-  ##
-  # Test if the given IO object is a valid image file by content type, extension, and content test.
-  # @param io [File] The file to test.
+  # Gets a list of MIME types allowed to be uploaded
+  # @return [Array<String>]
+  def allowed_upload_mime_types
+    fallback_types = Rails.application.config.active_storage.web_image_content_types
+    SiteSetting['AllowedUploadTypes'].presence || fallback_types
+  end
+
+  # Gets a list of file extensions allowed to be uploaded
+  # @return [Array<String>]
+  def allowed_upload_extensions
+    allowed_upload_mime_types.map { |mime| MIME::Types[mime].first.preferred_extension }
+  end
+
+  # Is a given file a valid upload by content type?
+  # @param io [File] file to check
   # @return [Boolean]
-  def valid_image?(io)
-    content_types = Rails.application.config.active_storage.web_image_content_types
-    extensions = content_types.map { |ct| ct.gsub('image/', '') }
-    submitted_extension = io.original_filename.split('.')[-1].downcase
-    content_types.include?(io.content_type) && extensions.include?(submitted_extension) &&
-      extensions.map(&:to_sym).include?(FastImage.type(io))
+  def valid_upload?(io)
+    allowed_upload_mime_types.include?(io.content_type)
   end
 end

app/models/site_setting.rb

@@ -9,6 +9,8 @@ class SiteSetting < ApplicationRecord
   scope :global, -> { for_community_id(nil) }
   scope :priority_order, -> { order(Arel.sql('IF(site_settings.community_id IS NULL, 1, 0)')) }
 
+  serialize :options, coder: YAML, type: Array
+
   def self.[](name, community: nil)
     key = "SiteSettings/#{community.present? ? community.id : RequestContext.community_id}/#{name}"
     cached = Rails.cache.fetch key, include_community: false do
@@ -48,20 +50,26 @@ def global?
     community_id.nil?
   end
 
+  # Is the setting array-valued?
+  # @return [Boolean] check result
+  def array?
+    value_type.downcase == 'array'
+  end
+
   # Is the setting boolean-valued?
-  # @return [Boolena] check result
+  # @return [Boolean] check result
   def boolean?
     value_type.downcase == 'boolean'
   end
 
   # Is the setting floating point number-valued?
-  # @return [Boolena] check result
+  # @return [Boolean] check result
   def float?
     value_type.downcase == 'float'
   end
 
   # Is the setting integer-valued?
-  # @return [Boolena] check result
+  # @return [Boolean] check result
   def integer?
     value_type.downcase == 'integer'
   end
@@ -118,33 +126,3 @@ def self.all_communities(name)
     end
   end
 end
-
-class SettingConverter
-  def initialize(value)
-    @value = value
-  end
-
-  def as_string
-    @value&.to_s
-  end
-
-  def as_text
-    @value&.to_s
-  end
-
-  def as_integer
-    @value&.to_i
-  end
-
-  def as_float
-    @value&.to_f
-  end
-
-  def as_boolean
-    ActiveModel::Type::Boolean.new.cast(@value)
-  end
-
-  def as_json
-    JSON.parse(@value)
-  end
-end

app/views/site_settings/edit.html.erb

@@ -15,9 +15,16 @@
   <% end %>
   <div class="field">
     <%= f.label :value %>
-    <%= f.text_field :value, class: "form-control" %>
+    <% if @setting.array? %>
+      <%= f.select :value,
+                   options_for_select(@setting.typed, selected: @setting.typed),
+                   {},
+                   class: 'form-element' %>
+    <% else %>
+      <%= f.text_field :value, class: "form-control" %>
+    <% end %>
   </div>
   <div class="field">
-    <%= f.submit "Update", class: "btn btn-info" %>
+    <%= f.submit "Update", class: "btn btn-info has-display-block" %>
   </div>
 <% end %>

app/views/site_settings/index.html.erb

@@ -1,4 +1,4 @@
-<% content_for :title, "Site Settings" %>
+<% content_for :title, 'Site Settings' %>
 
 <h1><%= current_page?(global_settings_path) ? 'Global' : '' %> Site Settings</h1>
 <p>
@@ -26,7 +26,8 @@
               <h4><%= setting.name %></h4>
               <div class="form-caption"><%= setting.description %></div>
             </td>
-            <td class="site-setting--value js-setting-value<%= setting.text? ? '' : ' nowrap' %>" data-type="<%= setting.value_type %>" data-name="<%= setting.name %>"
+            <td class="site-setting--value js-setting-value<%= setting.text? ? '' : ' nowrap' %>"
+                data-type="<%= setting.value_type %>" data-name="<%= setting.name %>"
                 data-community-id="<%= current_page?(global_settings_path) ? nil : RequestContext.community_id %>">
               <%= setting.typed %>
             </td>

db/migrate/20250810133540_add_options_to_site_settings.rb

@@ -0,0 +1,5 @@
+class AddOptionsToSiteSettings < ActiveRecord::Migration[7.2]
+  def change
+    add_column :site_settings, :options, :string
+  end
+end