Commit e6f83399f3e5d3f245428d2495552317eefe8cfe
1 parent
055b3c4d
Exists in
spb-stable
and in
3 other branches
Dont allow upload of non-image formats for user avatar
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
7 additions
and
2 deletions
Show diff stats
app/models/user.rb
| ... | ... | @@ -113,9 +113,8 @@ class User < ActiveRecord::Base |
| 113 | 113 | message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } |
| 114 | 114 | |
| 115 | 115 | validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true |
| 116 | - | |
| 117 | 116 | validate :namespace_uniq, if: ->(user) { user.username_changed? } |
| 118 | - | |
| 117 | + validate :avatar_type, if: ->(user) { user.avatar_changed? } | |
| 119 | 118 | validates :avatar, file_size: { maximum: 100.kilobytes.to_i } |
| 120 | 119 | |
| 121 | 120 | before_validation :generate_password, on: :create |
| ... | ... | @@ -244,6 +243,12 @@ class User < ActiveRecord::Base |
| 244 | 243 | end |
| 245 | 244 | end |
| 246 | 245 | |
| 246 | + def avatar_type | |
| 247 | + unless self.avatar.image? | |
| 248 | + self.errors.add :avatar, "only images allowed" | |
| 249 | + end | |
| 250 | + end | |
| 251 | + | |
| 247 | 252 | # Groups user has access to |
| 248 | 253 | def authorized_groups |
| 249 | 254 | @authorized_groups ||= begin | ... | ... |