frappe-better-attach-control icon indicating copy to clipboard operation
frappe-better-attach-control copied to clipboard

Published 20 hours ago verified publisher icon kid1194

QUESTION: How to activate attach options?

Open ghost opened this issue 2 years ago • 7 comments

App is installed after i edited field.py to include a comma

but it won't work, the web form attach dialog is the same as before.

ghost avatar Jun 28 '23 21:06 ghost

@nn-dmt Thanks a lot for reporting this..

The plugin doesn't have any dialog.

But can you explain the problem in details so I can have a clear understanding of the problem..

Best regards..

kid1194 avatar Jun 29 '23 20:06 kid1194

I tried configuring my web form to include options from attach control to my attach fields - but the front end acted the same. There was no change to the front end form functionality. I even added options to the desk form as well as the web form, to no avail.

Can you provide an example configuration of how you would enter the options into the web form?

ghost avatar Jun 30 '23 14:06 ghost

I think also, after the attach control was deactivated and removed, that something damaged the form permissions because now only Desk Access level users are allowed to upload media files into front-end web form. I can only imaging its because of the settings i used were incorrect with required file/mime type but that once removing them its still not working.

I get 417 error on file uploads now on front end web form from users other than system manager/desk user

ghost avatar Jun 30 '23 16:06 ghost

@nn-dmt I'm sorry that you are facing some issues after removing the plugin..

I think also, after the attach control was deactivated and removed, that something damaged the form permissions because now only Desk Access level users are allowed to upload media files into front-end web form. I can only imaging its because of the settings i used were incorrect with required file/mime type but that once removing them its still not working.

The changes that the plugin make to the system are:

  • On install: Creating a custom field to handle the plugin options (Not needed anymore)
  • On Uninstall: Removing the custom field if exist (Not needed anymore)
  • Handling the attachment removal by user which is done using frappe own code
  • Injecting the plugin js and css for webform

There is nothing in the plugin that changes user permission or do anything related to that..

I get 417 error on file uploads now on front end web form from users other than system manager/desk user

Can you please post a screenshot of the error and the browser console log. Maybe I will be able to help..

Can you provide an example configuration of how you would enter the options into the web form?

In the field's Options put the config as a JSON string..

{"allowed_file_types": [".jpg", ".png", ".gif"]}

You can post your attach field config so I can take a look at it..

I will remove the on install & uninstall code from the plugin and update it

Best regards..

kid1194 avatar Jun 30 '23 17:06 kid1194

thank you for the help - i will look into reinstalling it and trying with the formatting you provided.

perhaps the permission issue was always there and i just never noticed.

I will update you. No worries at all and thanks for your time

ghost avatar Jun 30 '23 19:06 ghost

Update:

the issue was not with the plugin, but in the handler.py file in the frappe app.

the type of files i wanted, audio, needed to be added to approved mimetypes list, it was missing audio in all its formats.

        "audio/wav",
        "audio/mpeg",
        "image/png",
        "image/jpeg",
        "application/pdf",
        "application/msword",
        "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
        "application/vnd.ms-excel",
        "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
        "application/vnd.oasis.opendocument.text",
        "application/vnd.oasis.opendocument.spreadsheet",
        "text/plain",
        "video/quicktime",
        "video/mp4",
)

Also needed to change the code down further in the file to the following, since the version that ships with the branch has a bug.

        if not file_url and (frappe.session.user == "Guest" or (user and not user.has_desk_access())):

                filetype = guess_type(filename)[0]
                if filetype not in ALLOWED_MIMETYPES:
                        frappe.throw(_("You can only upload JPG, PNG, PDF, TXT, MP3, WAV or Microsoft documents."))

Please note that i don't yet know if this 'fix' causes any security implications, but it seems like frappe themselves have an open PR with a very similar codeblock as the solution, which just has not yet been merged

ghost avatar Jul 03 '23 15:07 ghost

@nn-dmt Thanks a lot bro for your update and that is a great discovery..

Also needed to change the code down further in the file to the following, since the version that ships with the branch has a bug.

Even that bug exists in v14..

Please note that i don't yet know if this 'fix' causes any security implications, but it seems like frappe themselves have an open PR with a very similar codeblock as the solution, which just has not yet been merged

I can't see anything in the code that might cause a security problem. Even if the security reason that made frappe exclude audio files from the list is the ability to incorporate malicious code into audio files, malicious code can also be incorporated into image files but they still allow images yo be uploaded by guest users..

I will see if I can make the plugin handle the file uploads and allow the modification of the allowed file tyoes list through the plugin, then I will let you know if I found a way..

Best regards..

kid1194 avatar Jul 04 '23 15:07 kid1194