RubygemsResearch

Sha256: 911b40efb9f89b3e2b7a188740bedc5ca05d6c1f32fd54b7f6ac8167d2b61117

Contents?: true

Size: 1.27 KB

Versions: 1

Compression:

Stored size: 1.27 KB

# frozen_string_literal: true
module Decidim
  # This class deals with uploading hero images to ParticipatoryProcesses.
  class ImageUploader < ApplicationUploader
    include CarrierWave::MiniMagick

    process :validate_size, :validate_dimensions

    # CarrierWave automatically calls this method and validates the content
    # type fo the temp file to match against any of these options.
    def content_type_whitelist
      [
        %r{image\/}
      ]
    end

    # A simple check to avoid DoS with maliciously crafted images, or just to
    # avoid reckless users that upload gigapixels images.
    #
    # See https://hackerone.com/reports/390
    def validate_dimensions
      manipulate! do |image|
        validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.dimensions.any? { |dimension| dimension > max_image_height_or_width }
        image
      end
    end

    def validate_size
      manipulate! do |image|
        validation_error!(I18n.t("carrierwave.errors.image_too_big")) if image.size > Decidim.maximum_attachment_size
        image
      end
    end

    def max_image_height_or_width
      2000
    end

    private

    def validation_error!(text)
      model.errors.add(mounted_as, text)
      raise CarrierWave::IntegrityError, text
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
decidim-core-0.1.0	app/uploaders/decidim/image_uploader.rb