From a70b967919e37311a69f267a49519976244f7c55 Mon Sep 17 00:00:00 2001
From: Karina Kwiatek <kjk@kjk.dog>
Date: Tue, 12 Dec 2023 00:20:27 +0100
Subject: [PATCH] Set constraints for images in uploader

---
 app/uploaders/base_uploader.rb            | 8 +++++---
 app/views/settings/profile/edit.html.haml | 4 ++--
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/app/uploaders/base_uploader.rb b/app/uploaders/base_uploader.rb
index fea89216..5478042c 100644
--- a/app/uploaders/base_uploader.rb
+++ b/app/uploaders/base_uploader.rb
@@ -11,9 +11,11 @@ class BaseUploader < CarrierWave::Uploader::Base
   # Process cropping on upload
   process :cropping
 
-  def store_dir
-    "/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
-  end
+  def content_type_whitelist = %w[image/jpeg image/gif image/png]
+
+  def store_dir = "/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+
+  def size_range = (1.byte)..(2.megabytes)
 
   def paperclip_path
     return "/users/:attachment/:id_partition/:style/:basename.:extension" if APP_CONFIG["fog"].blank?
diff --git a/app/views/settings/profile/edit.html.haml b/app/views/settings/profile/edit.html.haml
index d2311e51..262ddfaf 100644
--- a/app/views/settings/profile/edit.html.haml
+++ b/app/views/settings/profile/edit.html.haml
@@ -7,7 +7,7 @@
           .flex-shrink-0
             = render AvatarComponent.new(user: current_user, size: "lg", classes: ["me-3"])
           .flex-grow-1
-            = f.file_field :profile_picture, accept: APP_CONFIG[:accepted_image_formats].join(","), data: { cropper_target: "input", action: "cropper#change" }
+            = f.file_field :profile_picture, accept: current_user.profile_picture.content_type_whitelist.join(','), data: { cropper_target: "input", action: "cropper#change" }
 
         .row.d-none{ data: { cropper_target: "controls" } }
           .col-sm-10.col-md-8
@@ -22,7 +22,7 @@
           .col-xs-12.col-md-6
             %img.mw-100.me-3{ src: current_user.profile_header.url(:mobile) }
           .col-xs-12.col-md-6.mt-3.mt-sm-0.ps-3.pe-3
-            = f.file_field :profile_header, accept: APP_CONFIG[:accepted_image_formats].join(","), data: { cropper_target: "input", action: "cropper#change" }
+            = f.file_field :profile_header, accept: current_user.profile_header.content_type_whitelist.join(','), data: { cropper_target: "input", action: "cropper#change" }
 
         .row.d-none{ data: { cropper_target: "controls" } }
           .col-sm-10.col-md-8