From 22a214795da6c02012bc84f802bd3a1ed1100fdd Mon Sep 17 00:00:00 2001 From: Nikhil <118773738+pablohashescobar@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:31:13 +0530 Subject: [PATCH 1/2] chore: user and profile serializers (#5459) * fix: user serializer * chore: remove __all__from serializers --- apiserver/plane/app/serializers/user.py | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/apiserver/plane/app/serializers/user.py b/apiserver/plane/app/serializers/user.py index 05d8665b56..ec26eb1a29 100644 --- a/apiserver/plane/app/serializers/user.py +++ b/apiserver/plane/app/serializers/user.py @@ -16,26 +16,39 @@ from .base import BaseSerializer class UserSerializer(BaseSerializer): class Meta: model = User - fields = "__all__" + # Exclude password field from the serializer + fields = [ + field.name + for field in User._meta.fields + if field.name != "password" + ] + # Make all system fields and email read only read_only_fields = [ "id", + "username", + "mobile_number", + "email", + "token", "created_at", "updated_at", "is_superuser", "is_staff", + "is_managed", "last_active", "last_login_time", "last_logout_time", "last_login_ip", "last_logout_ip", "last_login_uagent", - "token_updated_at", + "last_location", + "last_login_medium", + "created_location", "is_bot", "is_password_autoset", "is_email_verified", "is_active", + "token_updated_at", ] - extra_kwargs = {"password": {"write_only": True}} # If the user has already filled first name or last name then he is onboarded def get_is_onboarded(self, obj): @@ -208,9 +221,15 @@ class ProfileSerializer(BaseSerializer): class Meta: model = Profile fields = "__all__" + read_only_fields = [ + "user", + ] class AccountSerializer(BaseSerializer): class Meta: model = Account fields = "__all__" + read_only_fields = [ + "user", + ] From 0fbe4c4de23a887335128e1a3d8982f7873e73c3 Mon Sep 17 00:00:00 2001 From: Nikhil <118773738+pablohashescobar@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:31:41 +0530 Subject: [PATCH 2/2] chore: limit svg uploads (#5462) * fix: limit svg file uploads * chore: limit svg uploads --- apiserver/plane/db/models/asset.py | 5 +++-- apiserver/requirements/base.txt | 1 - 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apiserver/plane/db/models/asset.py b/apiserver/plane/db/models/asset.py index 12f3434efa..a11ba89a4d 100644 --- a/apiserver/plane/db/models/asset.py +++ b/apiserver/plane/db/models/asset.py @@ -1,11 +1,11 @@ # Python imports from uuid import uuid4 +# Django import from django.conf import settings from django.core.exceptions import ValidationError - -# Django import from django.db import models +from django.core.validators import FileExtensionValidator # Module import from .base import BaseModel @@ -32,6 +32,7 @@ class FileAsset(BaseModel): asset = models.FileField( upload_to=get_upload_path, validators=[ + FileExtensionValidator(allowed_extensions=["jpg", "jpeg", "png"]), file_size, ], ) diff --git a/apiserver/requirements/base.txt b/apiserver/requirements/base.txt index 2a8d35219d..9667346a85 100644 --- a/apiserver/requirements/base.txt +++ b/apiserver/requirements/base.txt @@ -61,4 +61,3 @@ zxcvbn==4.4.28 pytz==2024.1 # jwt PyJWT==2.8.0 -