diff --git a/apiserver/plane/app/serializers/user.py b/apiserver/plane/app/serializers/user.py index 05d8665b56..ec26eb1a29 100644 --- a/apiserver/plane/app/serializers/user.py +++ b/apiserver/plane/app/serializers/user.py @@ -16,26 +16,39 @@ from .base import BaseSerializer class UserSerializer(BaseSerializer): class Meta: model = User - fields = "__all__" + # Exclude password field from the serializer + fields = [ + field.name + for field in User._meta.fields + if field.name != "password" + ] + # Make all system fields and email read only read_only_fields = [ "id", + "username", + "mobile_number", + "email", + "token", "created_at", "updated_at", "is_superuser", "is_staff", + "is_managed", "last_active", "last_login_time", "last_logout_time", "last_login_ip", "last_logout_ip", "last_login_uagent", - "token_updated_at", + "last_location", + "last_login_medium", + "created_location", "is_bot", "is_password_autoset", "is_email_verified", "is_active", + "token_updated_at", ] - extra_kwargs = {"password": {"write_only": True}} # If the user has already filled first name or last name then he is onboarded def get_is_onboarded(self, obj): @@ -208,9 +221,15 @@ class ProfileSerializer(BaseSerializer): class Meta: model = Profile fields = "__all__" + read_only_fields = [ + "user", + ] class AccountSerializer(BaseSerializer): class Meta: model = Account fields = "__all__" + read_only_fields = [ + "user", + ] diff --git a/apiserver/plane/db/models/asset.py b/apiserver/plane/db/models/asset.py index 12f3434efa..a11ba89a4d 100644 --- a/apiserver/plane/db/models/asset.py +++ b/apiserver/plane/db/models/asset.py @@ -1,11 +1,11 @@ # Python imports from uuid import uuid4 +# Django import from django.conf import settings from django.core.exceptions import ValidationError - -# Django import from django.db import models +from django.core.validators import FileExtensionValidator # Module import from .base import BaseModel @@ -32,6 +32,7 @@ class FileAsset(BaseModel): asset = models.FileField( upload_to=get_upload_path, validators=[ + FileExtensionValidator(allowed_extensions=["jpg", "jpeg", "png"]), file_size, ], )