From e2aabb2800410960c12a738ebdcaaf938a30da61 Mon Sep 17 00:00:00 2001
From: baldarn <2814802+baldarn@users.noreply.github.com>
Date: Wed, 28 Aug 2024 23:01:59 +0200
Subject: [PATCH] Limit image resizing for club, members and users (#9)

---
 Gemfile                               |  1 +
 Gemfile.lock                          |  6 ++++++
 app/controllers/base_controller.rb    | 15 +++++++++++++++
 app/controllers/clubs_controller.rb   |  3 ++-
 app/controllers/members_controller.rb |  3 ++-
 app/controllers/users_controller.rb   |  1 +
 app/models/club.rb                    |  1 +
 app/models/member.rb                  |  1 +
 app/models/user.rb                    |  1 +
 app/views/clubs/_form.html.erb        |  9 ++++-----
 app/views/members/_form.html.erb      | 10 ++++------
 app/views/users/_form.html.erb        | 10 ++++------
 config/locales/simple_form.it.yml     |  3 +++
 13 files changed, 45 insertions(+), 19 deletions(-)

diff --git a/Gemfile b/Gemfile
index a19b63d..32bc740 100644
--- a/Gemfile
+++ b/Gemfile
@@ -41,6 +41,7 @@ gem 'devise', '~> 4.9'
 gem 'devise-i18n'
 
 # Other
+gem 'active_storage_validations'
 gem 'aws-sdk-s3'
 gem 'bcrypt', '~> 3.1.7'
 gem 'front_matter_parser'
diff --git a/Gemfile.lock b/Gemfile.lock
index cb1ea76..51095c8 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -51,6 +51,11 @@ GEM
       erubi (~> 1.11)
       rails-dom-testing (~> 2.2)
       rails-html-sanitizer (~> 1.6)
+    active_storage_validations (1.1.4)
+      activejob (>= 5.2.0)
+      activemodel (>= 5.2.0)
+      activestorage (>= 5.2.0)
+      activesupport (>= 5.2.0)
     activejob (7.2.0)
       activesupport (= 7.2.0)
       globalid (>= 0.3.6)
@@ -471,6 +476,7 @@ PLATFORMS
   x86_64-linux
 
 DEPENDENCIES
+  active_storage_validations
   aws-sdk-s3
   bcrypt (~> 3.1.7)
   bootstrap (~> 5.1)
diff --git a/app/controllers/base_controller.rb b/app/controllers/base_controller.rb
index a56be6a..b42bc59 100644
--- a/app/controllers/base_controller.rb
+++ b/app/controllers/base_controller.rb
@@ -15,4 +15,19 @@ def set_club
   def current_user_is_admin?
     head :unauthorized unless current_user.admin?
   end
+
+  def resize_image(picture_param, height, width)
+    return unless picture_param
+
+    begin
+      ImageProcessing::MiniMagick
+        .source(picture_param)
+        .resize_to_fit(width, height)
+        .call(destination: picture_param.tempfile.path)
+    rescue StandardError => _e
+      # Do nothing. If this is catching, it probably means the
+      # file type is incorrect, which can be caught later by
+      # model validations.
+    end
+  end
 end
diff --git a/app/controllers/clubs_controller.rb b/app/controllers/clubs_controller.rb
index 5b03329..9ab6cde 100644
--- a/app/controllers/clubs_controller.rb
+++ b/app/controllers/clubs_controller.rb
@@ -2,6 +2,7 @@
 
 class ClubsController < BaseController
   before_action :current_user_is_admin?
+  before_action -> { resize_image(club_params[:picture], 300, 300) }, only: [:update]
 
   def edit
     @club = current_user.club
@@ -20,6 +21,6 @@ def update
   private
 
   def club_params
-    params.require(:club).permit(:name, :email, :address, :postal_code, :province, :tax_code, :telephone)
+    params.require(:club).permit(:name, :email, :address, :postal_code, :province, :tax_code, :telephone, :picture)
   end
 end
diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb
index d5407a8..cf0da90 100644
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@@ -2,12 +2,13 @@
 
 class MembersController < BaseController
   before_action :current_user_is_admin?
+  before_action -> { resize_image(member_params[:picture], 250, 200) }, only: %i[create update]
 
   def index
     @group = params[:group_id] ? @club.groups.find(params[:group_id]) : nil
     @tag = params[:tag_id] ? @club.tags.find(params[:tag_id]) : nil
 
-    @members = @club.members
+    @members = @club.members.order(:last_name)
     @members = @members.joins(:groups).where(groups: { id: @group.id }) if @group
     @members = @members.joins(:tags).where(tags: { id: @tag.id }) if @tag
     @members = @members.page(params[:page])
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 565941f..c948324 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -2,6 +2,7 @@
 
 class UsersController < BaseController
   before_action :current_user_is_admin?
+  before_action -> { resize_image(user_params[:picture], 250, 200) }, only: %i[create update]
 
   def index
     @users = @club.users.page(params[:page])
diff --git a/app/models/club.rb b/app/models/club.rb
index a47726c..4f3a673 100644
--- a/app/models/club.rb
+++ b/app/models/club.rb
@@ -2,6 +2,7 @@
 
 class Club < ApplicationRecord
   has_one_attached :picture
+  validates :picture, content_type: ['image/png', 'image/jpeg']
 
   has_many :users, dependent: :destroy
 
diff --git a/app/models/member.rb b/app/models/member.rb
index 2aa4b1d..681fc3d 100644
--- a/app/models/member.rb
+++ b/app/models/member.rb
@@ -2,6 +2,7 @@
 
 class Member < ApplicationRecord
   has_one_attached :picture
+  validates :picture, content_type: ['image/png', 'image/jpeg']
 
   belongs_to :club
 
diff --git a/app/models/user.rb b/app/models/user.rb
index a641502..d41c3b5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -8,6 +8,7 @@ class User < ApplicationRecord
          :confirmable, :lockable, :timeoutable
 
   has_one_attached :picture
+  validates :picture, content_type: ['image/png', 'image/jpeg']
 
   has_many :user_groups, dependent: :destroy
   has_many :groups, through: :user_groups, dependent: :nullify
diff --git a/app/views/clubs/_form.html.erb b/app/views/clubs/_form.html.erb
index 285b235..f3d7259 100644
--- a/app/views/clubs/_form.html.erb
+++ b/app/views/clubs/_form.html.erb
@@ -10,10 +10,9 @@
   <%= f.input :province %>
   <%= f.input :tax_code %>
   <%= f.input :telephone %>
-  <%=
-    if club.picture.present?
-      image_tag club.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: 'max-width: 200px'
-    end
-    %>
+  <%= f.input :picture, as: :file %>
+  <% if club.errors[:picture].blank? && club.picture.present? %>
+    <%= image_tag club.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: "max-width: 200px" %>
+  <% end %>
   <%= f.submit 'Save', class: 'btn btn-primary' %>
 <% end %>
\ No newline at end of file
diff --git a/app/views/members/_form.html.erb b/app/views/members/_form.html.erb
index 2be453f..57d2929 100644
--- a/app/views/members/_form.html.erb
+++ b/app/views/members/_form.html.erb
@@ -80,11 +80,9 @@
   <%= f.association :groups, collection: @club.groups, as: :check_boxes %>
   <%= f.input :privacy_disclaimer %>
   <%= f.input :picture_disclaimer %>
-  <%= f.file_field :picture %>
-  <%=
-    if member.picture.present?
-      image_tag member.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: 'max-width: 200px'
-    end
-    %>
+  <%= f.input :picture, as: :file %>
+  <% if member.errors[:picture].blank? && member.picture.present? %>
+    <%= image_tag member.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: "max-width: 200px" %>
+  <% end %>
   <%= f.submit 'Save', class: 'btn btn-primary' %>
 <% end %>
\ No newline at end of file
diff --git a/app/views/users/_form.html.erb b/app/views/users/_form.html.erb
index 171e804..8c31f90 100644
--- a/app/views/users/_form.html.erb
+++ b/app/views/users/_form.html.erb
@@ -8,11 +8,9 @@
   <%= f.input :role, prompt: 'Seleziona ruolo', collection: User.roles.map { |role, v| [User.human_attribute_name("role.#{role}"), role] }, wrapper_html: { class: 'col-sm-6' } %>
   <%= f.association :groups, collection: @club.groups, as: :check_boxes %>
   <%= f.input :blsd_expires_at, include_blank: true, wrapper_html: { class: 'col-sm-6' } %>
-  <%= f.file_field :picture %>
-  <%=
-    if user.picture.present?
-      image_tag user.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: 'max-width: 200px'
-    end
-    %>
+  <%= f.input :picture, as: :file %>
+  <% if user.errors[:picture].blank? && user.picture.present? %>
+    <%= image_tag user.picture, class: 'img-fluid img-thumbnail rounded mx-auto d-block', style: "max-width: 200px" %>
+  <% end %>
   <%= f.submit 'Save', class: 'btn btn-primary' %>
 <% end %>
\ No newline at end of file
diff --git a/config/locales/simple_form.it.yml b/config/locales/simple_form.it.yml
index edec64d..0ca7529 100644
--- a/config/locales/simple_form.it.yml
+++ b/config/locales/simple_form.it.yml
@@ -12,6 +12,7 @@ it:
       default_message: "Rivedere gli errori:"
     labels:
       user:
+        picture: Foto
         first_name: Nome
         last_name: Cognome
         email: Email
@@ -23,6 +24,7 @@ it:
         club_province: Provincia Club
         club_tax_code: Codice Fiscale/PIva Club
       member:
+        picture: Foto
         first_name: Nome
         last_name: Cognome
         born_at: Nato il
@@ -56,6 +58,7 @@ it:
       group:
         name: Nome
       club:
+        picture: Immagine
         name: Nome
         email: Nome
         address: Indirizzo