Commit e6f83399f3e5d3f245428d2495552317eefe8cfe
1 parent
055b3c4d
Exists in
spb-stable
and in
3 other branches
Dont allow upload of non-image formats for user avatar
Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
Showing
1 changed file
with
7 additions
and
2 deletions
Show diff stats
app/models/user.rb
| @@ -113,9 +113,8 @@ class User < ActiveRecord::Base | @@ -113,9 +113,8 @@ class User < ActiveRecord::Base | ||
| 113 | message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } | 113 | message: "only letters, digits & '_' '-' '.' allowed. Letter should be first" } |
| 114 | 114 | ||
| 115 | validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true | 115 | validates :notification_level, inclusion: { in: Notification.notification_levels }, presence: true |
| 116 | - | ||
| 117 | validate :namespace_uniq, if: ->(user) { user.username_changed? } | 116 | validate :namespace_uniq, if: ->(user) { user.username_changed? } |
| 118 | - | 117 | + validate :avatar_type, if: ->(user) { user.avatar_changed? } |
| 119 | validates :avatar, file_size: { maximum: 100.kilobytes.to_i } | 118 | validates :avatar, file_size: { maximum: 100.kilobytes.to_i } |
| 120 | 119 | ||
| 121 | before_validation :generate_password, on: :create | 120 | before_validation :generate_password, on: :create |
| @@ -244,6 +243,12 @@ class User < ActiveRecord::Base | @@ -244,6 +243,12 @@ class User < ActiveRecord::Base | ||
| 244 | end | 243 | end |
| 245 | end | 244 | end |
| 246 | 245 | ||
| 246 | + def avatar_type | ||
| 247 | + unless self.avatar.image? | ||
| 248 | + self.errors.add :avatar, "only images allowed" | ||
| 249 | + end | ||
| 250 | + end | ||
| 251 | + | ||
| 247 | # Groups user has access to | 252 | # Groups user has access to |
| 248 | def authorized_groups | 253 | def authorized_groups |
| 249 | @authorized_groups ||= begin | 254 | @authorized_groups ||= begin |