Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Médiathèque #2547

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

Médiathèque #2547

wants to merge 36 commits into from

Conversation

arnaudlevy
Copy link
Member

@arnaudlevy arnaudlevy commented Jan 3, 2025
edited
Loading

Médiathèque

  • Titre médiathèque
  • Médias navigables
  • Filtres
  • Mise à jour des textes
  • Gestion des collections
  • Gestion des catégories
  • Version anglaise
  • Mise à jour de l'image (en cascade)

Import des médias

  • Images à la une
  • Bloc image
  • Bloc chapitre
  • Bloc CTA
  • Bloc Galerie

Il y a des doutes sur Témoignages, Chiffres-clés, Fonctionnalités, mais on va attendre le besoin réel.

Réutilisation des médias

  • Pour les images à la une
  • Version anglaise

Pas de réutilisation dans les blocs, cela implique une refonte de toute l'édition des blocs.

Migrations

  • Images à la une
  • Blocs

@arnaudlevy arnaudlevy changed the title not working yet Médiathèque Jan 3, 2025
arnaudlevy and others added 5 commits January 3, 2025 18:32
@arnaudlevy @SebouChu
Quite stable for a first step
d8b56d2 
Co-authored-by: Sébastien Gaya <[email protected]>
@arnaudlevy
nice draft
0a945c3
@arnaudlevy @SebouChu
wip
851869e 
Co-authored-by: Sébastien Gaya <[email protected]>
@arnaudlevy
wip
15ebdc1
@arnaudlevy @SebouChu @pabois
wip
d0c2fbc 
Co-authored-by: Sébastien Gaya <[email protected]>
Co-authored-by: Pierre-André Boissinot <[email protected]>
@arnaudlevy arnaudlevy marked this pull request as ready for review January 6, 2025 11:26
@arnaudlevy
Copy link
Member Author

Quand une image est envoyée en image à la une sans être croppée (on ne touche pas du tout au cropper), elle n'est pourtant pas identique à l'image envoyée dans un bloc. Résultat, il y a 2 images dans la médiathèque. @pabois possible de ne pas faire ça ? Si on ne touche pas, on ne touche pas ?

arnaudlevy
arnaudlevy commented Jan 9, 2025
View reviewed changes
db/schema.rb Outdated Show resolved Hide resolved
arnaudlevy and others added 9 commits January 9, 2025 14:22
@arnaudlevy
Merge branch 'main' into media-library
99eb3de
@arnaudlevy
ugly (but done)
dc3a55e
@arnaudlevy
Merge branch 'media-library' of github.com:osunyorg/admin into media-…
4716e9a 
…library
@arnaudlevy
remove small
671d88e
@arnaudlevy
Merge branch 'main' into media-library
12aae9a
@arnaudlevy
Merge branch 'main' into media-library
de67e33
@arnaudlevy
Merge branch 'main' into media-library
8e30660
@arnaudlevy
Merge branch 'main' into media-library
d8630d0
@arnaudlevy @SebouChu
App Vue qui gère l'edit in place (#2567)
45313ce 
* wip

* remove data view

* partly working

* better

* better

* changes save / cancel

* wip

* saving works

* Working facets

* responsive optim

* move esbuild

* vue wip

* i18n

* cropper works!

* cleaner

* cloud done

* medias done

* changes done

* components

* clean

* clean

* remove form

* remove vscode

* and ignore

* clean again

* clean

* categories

* Fix #2588

* refactor

* remove

* locales

* clean

* fix

* fix

---------

Co-authored-by: Sébastien Gaya <[email protected]>
@SebouChu SebouChu added huge big and removed huge labels Jan 24, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 24, 2025
View reviewed changes
app/services/osuny/media/picker.rb
end

def about
@about ||= about_type.constantize.find_by(university: university, id: about_id)

Check failure

Code scanning / CodeQL

Code injection Critical

This code execution depends on a
user-provided value
Loading
.

Copilot Autofix AI 3 days ago

To fix the problem, we need to ensure that the about_type value is validated and restricted to a set of known safe values before calling constantize. This can be achieved by introducing a whitelist of allowed types and checking the about_type against this list.

  1. Define a whitelist of allowed types.
  2. Validate the about_type against this whitelist before calling constantize.
  3. Raise an error or handle the case where about_type is not in the whitelist.
Suggested changeset 1
app/services/osuny/media/picker.rb

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/app/services/osuny/media/picker.rb b/app/services/osuny/media/picker.rb
--- a/app/services/osuny/media/picker.rb
+++ b/app/services/osuny/media/picker.rb
@@ -64,2 +64,4 @@
 
+  ALLOWED_TYPES = ['Type1', 'Type2', 'Type3'].freeze
+
   def about_type
@@ -73,2 +75,5 @@
   def about
+    unless ALLOWED_TYPES.include?(about_type)
+      raise "Invalid about_type: #{about_type}"
+    end
     @about ||= about_type.constantize.find_by(university: university, id: about_id)
EOF
@@ -64,2 +64,4 @@

ALLOWED_TYPES = ['Type1', 'Type2', 'Type3'].freeze

def about_type
@@ -73,2 +75,5 @@
def about
unless ALLOWED_TYPES.include?(about_type)
raise "Invalid about_type: #{about_type}"
end
@about ||= about_type.constantize.find_by(university: university, id: about_id)
Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SebouChu SebouChu Awaiting requested review from SebouChu SebouChu is a code owner

@pabois pabois Awaiting requested review from pabois pabois is a code owner

@alexisben alexisben Awaiting requested review from alexisben alexisben is a code owner

@Olivia206 Olivia206 Awaiting requested review from Olivia206 Olivia206 is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
big
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@arnaudlevy @SebouChu