Merge pull request #2078 from IFRCGo/feature/check-svg-file-type

Feature/check svg file type

Author: szabozoltan69

api/models.py

@@ -647,7 +647,13 @@ class Meta:
         verbose_name_plural = _('region snippets')
 
     def __str__(self):
-        return self.snippet
+        return (
+            self.snippet[:80] if self.snippet else None
+        ) or (
+            self.image.url
+            if getattr(self, 'image', None) and self.image.url
+            else ''
+        )
 
 
 @reversion.register(follow=('region',))
@@ -664,7 +670,7 @@ class Meta:
         verbose_name_plural = _('region emergencies snippets')
 
     def __str__(self):
-        return self.snippet
+        return (self.snippet[:80] if self.snippet else None) or self.title or ''
 
 
 @reversion.register(follow=('region',))
@@ -681,7 +687,7 @@ class Meta:
         verbose_name_plural = _('region preparedness snippets')
 
     def __str__(self):
-        return self.snippet
+        return (self.snippet[:80] if self.snippet else None) or self.title or ''
 
 
 @reversion.register(follow=('region',))
@@ -698,7 +704,7 @@ class Meta:
         verbose_name_plural = _('region profile snippets')
 
     def __str__(self):
-        return self.snippet
+        return (self.snippet[:80] if self.snippet else None) or self.title or ''
 
 # class RegionAdditionalLink(models.Model):
 #     region = models.ForeignKey(Region, related_name='additional_links', on_delete=models.CASCADE)
@@ -724,7 +730,13 @@ class Meta:
         verbose_name_plural = _('country snippets')
 
     def __str__(self):
-        return self.snippet
+        return (
+            self.snippet[:80] if self.snippet else None
+        ) or (
+            self.image.url
+            if getattr(self, 'image', None) and self.image.url
+            else ''
+        )
 
 
 @reversion.register()
@@ -1020,7 +1032,13 @@ class Meta:
         verbose_name_plural = _('snippets')
 
     def __str__(self):
-        return self.snippet if self.snippet else ''
+        return (
+            self.snippet[:80] if self.snippet else None
+        ) or (
+            self.image.url
+            if getattr(self, 'image', None) and self.image.url
+            else ''
+        )
 
 
 class SituationReportType(models.Model):

api/serializers.py

@@ -77,6 +77,7 @@
 )
 from local_units.serializers import MiniDelegationOfficeSerializer
 from local_units.models import DelegationOffice
+from utils.file_check import validate_file_type
 
 
 class GeoSerializerMixin:
@@ -200,6 +201,10 @@ class Meta:
             "average_household_size",
         )
 
+    def validate_logo(self, logo):
+        validate_file_type(logo)
+        return logo
+
 
 class CountryGeoSerializer(ModelSerializer):
     bbox = serializers.SerializerMethodField()
@@ -487,6 +492,10 @@ class Meta:
             "id",
         )
 
+    def validate_image(self, image):
+        validate_file_type(image)
+        return image
+
 
 class RegionEmergencySnippetSerializer(ModelSerializer):
     class Meta:
@@ -551,6 +560,10 @@ class Meta:
             "id",
         )
 
+    def validate_image(self, image):
+        validate_file_type(image)
+        return image
+
 
 class RegionLinkSerializer(ModelSerializer):
     class Meta:
@@ -778,6 +791,7 @@ def get_country_delegation(self, country):
 
 class CountryKeyDocumentSerializer(ModelSerializer):
     country_details = MiniCountrySerializer(source='country', read_only=True)
+
     class Meta:
         model = CountryKeyDocument
         fields = "__all__"
@@ -832,6 +846,10 @@ class Meta:
             "tab_display",
         )
 
+    def validate_image(self, image):
+        validate_file_type(image)
+        return image
+
 
 class EventContactSerializer(ModelSerializer):
     class Meta:
@@ -931,6 +949,7 @@ class Meta:
 
 
 class EventFeaturedDocumentSerializer(serializers.ModelSerializer):
+
     class Meta:
         model = EventFeaturedDocument
         fields = (
@@ -941,6 +960,14 @@ class Meta:
             "file",
         )
 
+    def validate_thumbnail(self, thumbnail):
+        validate_file_type(thumbnail)
+        return thumbnail
+
+    def validate_file(self, file):
+        validate_file_type(file)
+        return file
+
 
 class EventLinkSerializer(ModelSerializer):
     class Meta:
@@ -1376,6 +1403,10 @@ class Meta:
             "visibility_display",
         )
 
+    def validate_document(self, document):
+        validate_file_type(document)
+        return document
+
 
 class AppealTableauSerializer(serializers.ModelSerializer):
     country = MiniCountrySerializer()
@@ -1559,8 +1590,8 @@ class AppealDocumentAppealSerializer(serializers.ModelSerializer):
     class Meta:
         model = Appeal
         fields = (
-            'id',
-            'code',
+            "id",
+            "code",
         )
 
 
@@ -1582,6 +1613,10 @@ class Meta:
             "id",
         )
 
+    def validate_document(self, document):
+        validate_file_type(document)
+        return document
+
 
 class ProfileSerializer(ModelSerializer):
     country = MiniCountrySerializer()
@@ -1666,7 +1701,7 @@ class Meta:
 
 
 class UserCountryCountrySerializer(serializers.ModelSerializer):
-    region_details = MiniRegionSerialzier(source='region', read_only=True)
+    region_details = MiniRegionSerialzier(source="region", read_only=True)
 
     class Meta:
         model = Country
@@ -1680,12 +1715,12 @@ class Meta:
 
 class UserCountrySerializer(serializers.ModelSerializer):
     country_name = serializers.CharField(source="country.name", read_only=True)
-    region = serializers.IntegerField(source='country.region.name', read_only=True)
-    region_details = MiniRegionSerialzier(source='country.region', read_only=True)
+    region = serializers.IntegerField(source="country.region.name", read_only=True)
+    region_details = MiniRegionSerialzier(source="country.region", read_only=True)
 
     class Meta:
         model = UserCountry
-        exclude = ('id', 'user')
+        exclude = ("id", "user")
 
 
 class UserMeSerializer(UserSerializer):
@@ -1737,9 +1772,9 @@ def get_lang_permissions(user) -> dict:
     def get_is_dref_coordinator_for_regions(user) -> List[int]:
         data = list(
             Permission.objects.filter(
-                codename__startswith='dref_region_admin_',
+                codename__startswith="dref_region_admin_",
                 group__user=user
-            ).values_list('codename', flat=True)
+            ).values_list("codename", flat=True)
         )
         regions = []
         for d in data:
@@ -1750,27 +1785,27 @@ def get_is_dref_coordinator_for_regions(user) -> List[int]:
     @staticmethod
     def get_is_per_admin_for_regions(user) -> List[int]:
         permission_codenames = Permission.objects.filter(
-            codename__startswith='per_region_admin',
+            codename__startswith="per_region_admin",
             group__user=user
-        ).values_list('codename', flat=True)
+        ).values_list("codename", flat=True)
 
-        regions = {int(code.split('_')[-1]) for code in permission_codenames}
+        regions = {int(code.split("_")[-1]) for code in permission_codenames}
         return list(regions)
 
     @staticmethod
     def get_is_per_admin_for_countries(user) -> List[int]:
         permission_codenames = Permission.objects.filter(
-            codename__startswith='per_country_admin',
+            codename__startswith="per_country_admin",
             group__user=user
-        ).values_list('codename', flat=True)
+        ).values_list("codename", flat=True)
 
-        countries = {int(code.split('_')[-1]) for code in permission_codenames}
+        countries = {int(code.split("_")[-1]) for code in permission_codenames}
         return list(countries)
 
     @staticmethod
     @extend_schema_field(UserCountrySerializer(many=True))
     def get_user_countries_regions(user):
-        qs = UserCountry.objects.filter(user=user).distinct('country')
+        qs = UserCountry.objects.filter(user=user).distinct("country")
         return UserCountrySerializer(qs, many=True).data
 
 
@@ -1818,7 +1853,7 @@ class Meta:
 
 class FieldReportEnumDisplayMixin:
     """
-    Use for fields = '__all__'
+    Use for fields = "__all__"
     """
 
     epi_figures_source_display = serializers.CharField(source="get_epi_figures_source_display", read_only=True)
@@ -1961,7 +1996,7 @@ def __init__(self, *args, **kwargs):
     external_partners = ExternalPartnerSerializer(many=True)
     supported_activities = SupportedActivitySerializer(many=True)
     regions = RegionSerializer(many=True)
-    visibility_display = serializers.CharField(source='get_visibility_display', read_only=True)
+    visibility_display = serializers.CharField(source="get_visibility_display", read_only=True)
 
     class Meta:
         model = FieldReport
@@ -1972,11 +2007,11 @@ class FieldReportMiniUserSerializer(ModelSerializer):
     class Meta:
         model = User
         fields = (
-            'id',
-            'username',
-            'email',
-            'first_name',
-            'last_name'
+            "id",
+            "username",
+            "email",
+            "first_name",
+            "last_name"
         )
 
 
@@ -2015,7 +2050,7 @@ class FieldReportSerializer(
     dtype_details = DisasterTypeSerializer(source="dtype", read_only=True)
     external_partners_details = ExternalPartnerSerializer(source="external_partners", many=True, read_only=True)
     supported_activities_details = SupportedActivitySerializer(source="supported_activities", many=True, read_only=True)
-    user_details = FieldReportMiniUserSerializer(source='user', read_only=True)
+    user_details = FieldReportMiniUserSerializer(source="user", read_only=True)
 
     class Meta:
         model = FieldReport
@@ -2037,7 +2072,7 @@ def create_event(self, report):
         event.regions.add(*report.regions.all())
         FieldReportSerializer.trigger_field_translation(event)
         report.event = event
-        report.save(update_fields=['event'])
+        report.save(update_fields=["event"])
 
     def validate(self, data):
         # Set RecentAffected according to the sent _affected key – see (¤) in other code parts
@@ -2058,7 +2093,7 @@ def validate(self, data):
         return data
 
     def create(self, validated_data):
-        validated_data['user'] = self.context["request"].user
+        validated_data["user"] = self.context["request"].user
         countries = validated_data["countries"]
         field_report = super().create(validated_data)
         # also add regions for the coutries selected
@@ -2068,7 +2103,7 @@ def create(self, validated_data):
         return field_report
 
     def update(self, instance, validated_data):
-        validated_data['user'] = self.context["request"].user
+        validated_data["user"] = self.context["request"].user
         return super().update(instance, validated_data)
 
 
@@ -2339,7 +2374,7 @@ class HistoricalDisasterSerializer(serializers.Serializer):
 
 
 class ExportSerializer(serializers.ModelSerializer):
-    status_display = serializers.CharField(source='get_status_display', read_only=True)
+    status_display = serializers.CharField(source="get_status_display", read_only=True)
 
     class Meta:
         model = Export
@@ -2354,10 +2389,14 @@ class Meta:
             "url"
         )
 
+    def validate_pdf_file(self, pdf_file):
+        validate_file_type(pdf_file)
+        return pdf_file
+
     def create(self, validated_data):
-        export_id = validated_data.get('export_id')
-        export_type = validated_data.get('export_type')
-        country_id = validated_data.get('per_country')
+        export_id = validated_data.get("export_id")
+        export_type = validated_data.get("export_type")
+        country_id = validated_data.get("per_country")
         if export_type == Export.ExportType.DREF:
             title = Dref.objects.filter(
                 id=export_id

country_plan/serializers.py

@@ -5,6 +5,7 @@
     StrategicPriority,
     MembershipCoordination,
 )
+from utils.file_check import validate_file_type
 
 
 class StrategicPrioritySerializer(serializers.ModelSerializer):
@@ -67,3 +68,11 @@ def get_internal_plan_file(self, obj):
             return request.build_absolute_uri(
                 serializers.FileField().to_representation(file)
             )
+
+    def validate_internal_plan_file(self, internal_plan_file):
+        validate_file_type(internal_plan_file)
+        return internal_plan_file
+
+    def validate_public_plan_file(self, public_plan_file):
+        validate_file_type(public_plan_file)
+        return public_plan_file