feat: add fily type and max user media uplod limits

2025-11-05 23:18:53 -05:00 · 2025-08-19 11:35:49 +03:00 · 2025-08-19 11:35:49 +03:00 · 8cbeb72dd2
commit 8cbeb72dd2
parent e9f862a0ff
10 changed files with 98 additions and 27 deletions
--- a/cms/permissions.py
+++ b/cms/permissions.py
@ -1,14 +1,22 @@
 from django.conf import settings
 from rest_framework import permissions
 from rest_framework.exceptions import PermissionDenied
-from files.methods import is_mediacms_editor, is_mediacms_manager
+from files.methods import (
    is_mediacms_editor,
    is_mediacms_manager,
    user_allowed_to_upload,
 )
 class IsAuthorizedToAdd(permissions.BasePermission):
    def has_permission(self, request, view):
        if request.method in permissions.SAFE_METHODS:
            return True
-        return user_allowed_to_upload(request)
+        if not user_allowed_to_upload(request):
            raise PermissionDenied("You don't have permission to upload media, or have reached max number of media uploads.")
        return True
 class IsAuthorizedToAddComment(permissions.BasePermission):
@ -55,26 +63,6 @@ class IsUserOrEditor(permissions.BasePermission):
        return obj.user == request.user
 def user_allowed_to_upload(request):
    """Any custom logic for whether a user is allowed
    to upload content lives here
    """
    if request.user.is_anonymous:
        return False
    if request.user.is_superuser:
        return True
    if settings.CAN_ADD_MEDIA == "all":
        return True
    elif settings.CAN_ADD_MEDIA == "email_verified":
        if request.user.email_is_verified:
            return True
    elif settings.CAN_ADD_MEDIA == "advancedUser":
        if request.user.advancedUser:
            return True
    return False
 def user_allowed_to_comment(request):
    """Any custom logic for whether a user is allowed
    to comment lives here
--- a/cms/settings.py
+++ b/cms/settings.py
@ -226,7 +226,7 @@ POST_UPLOAD_AUTHOR_MESSAGE_UNLISTED_NO_COMMENTARY = ""
 # only in case where unlisted workflow is used and no commentary
 # exists
-CANNOT_ADD_MEDIA_MESSAGE = ""
+CANNOT_ADD_MEDIA_MESSAGE = "User cannot add media, or maximum number of media uploads has been reached."
 # mp4hls command, part of Bento4
 MP4HLS_COMMAND = "/home/mediacms.io/mediacms/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/bin/mp4hls"
@ -501,9 +501,14 @@ ALLOW_CUSTOM_MEDIA_URLS = False
 # Whether to allow anonymous users to list all users
 ALLOW_ANONYMOUS_USER_LISTING = True
 # Maximum number of media a user can upload
 NUMBER_OF_MEDIA_USER_CAN_UPLOAD = 100
 # ffmpeg options
 FFMPEG_DEFAULT_PRESET = "medium"  # see https://trac.ffmpeg.org/wiki/Encode/H.264
 ALLOWED_MEDIA_UPLOAD_TYPES = ["video", "audio", "image", "pdf"]
 try:
    # keep a local_settings.py file for local overrides
    from .local_settings import *  # noqa
--- a/docs/admins_docs.md
+++ b/docs/admins_docs.md
@ -26,6 +26,8 @@
 - [23. SAML setup](#23-saml-setup)
 - [24. Identity Providers setup](#24-identity-providers-setup)
 - [25. Custom urls](#25-custom-urls)
 - [26. Allowed files](#26-allowed-files)
 - [27. User upload limits](#27-user-upload-limits)
 ## 1. Welcome
@ -976,3 +978,21 @@ Visiting the admin, you will see the Identity Providers tab and you can add one.
 ## 25. Custom urls
 To enable custom urls, set `ALLOW_CUSTOM_MEDIA_URLS = True` on settings.py or local_settings.py
 This will enable editing the URL of the media, while editing a media. If the URL is already taken you get a message you cannot update this.
 ## 26. Allowed files
 MediaCMS performs identification attempts on new file uploads and only allows certain file types specified in the `ALLOWED_MEDIA_UPLOAD_TYPES` setting. By default, only ["video", "audio", "image", "pdf"] files are allowed.
 When a file is not identified as one of these allowed types, the file gets removed from the system and there's an entry indicating that this is not a supported media type.
 If you want to change the allowed file types, edit the `ALLOWED_MEDIA_UPLOAD_TYPES` list in your `settings.py` or `local_settings.py` file.
 ## 27. User upload limits
 MediaCMS allows you to set a maximum number of media files that each user can upload. This is controlled by the `NUMBER_OF_MEDIA_USER_CAN_UPLOAD` setting in `settings.py` or `local_settings.py`. By default, this is set to 100 media items per user.
 When a user reaches this limit, they will no longer be able to upload new media until they delete some of their existing content. This limit applies regardless of the user's role or permissions in the system.
 To change the maximum number of uploads allowed per user, modify the `NUMBER_OF_MEDIA_USER_CAN_UPLOAD` value in your settings file:
 ```
 NUMBER_OF_MEDIA_USER_CAN_UPLOAD = 5
 ```
--- a/files/methods.py
+++ b/files/methods.py
@ -401,6 +401,32 @@ def clean_comment(raw_comment):
    return cleaned_comment
 def user_allowed_to_upload(request):
    """Any custom logic for whether a user is allowed
    to upload content lives here
    """
    if request.user.is_anonymous:
        return False
    if is_mediacms_editor(request.user):
        return True
    # Check if user has reached the maximum number of uploads
    if hasattr(settings, 'NUMBER_OF_MEDIA_USER_CAN_UPLOAD'):
        if models.Media.objects.filter(user=request.user).count() >= settings.NUMBER_OF_MEDIA_USER_CAN_UPLOAD:
            return False
    if settings.CAN_ADD_MEDIA == "all":
        return True
    elif settings.CAN_ADD_MEDIA == "email_verified":
        if request.user.email_is_verified:
            return True
    elif settings.CAN_ADD_MEDIA == "advancedUser":
        if request.user.advancedUser:
            return True
    return False
 def kill_ffmpeg_process(filepath):
    """Kill ffmpeg process that is processing a specific file
@ -606,3 +632,7 @@ def copy_media(media_id):
        None
    """
    pass
 def is_media_allowed_type(media):
    return media.media_type in settings.ALLOWED_MEDIA_UPLOAD_TYPES
--- a/files/models/media.py
+++ b/files/models/media.py
@ -336,6 +336,15 @@ class Media(models.Model):
        video duration, encode
        """
        self.set_media_type()
        from ..methods import is_media_allowed_type
        if not is_media_allowed_type(self):
            helpers.rm_file(self.media_file.path)
            if self.state == "public":
                self.state = "unlisted"
                self.save(update_fields=["state"])
            return False
        if self.media_type == "video":
            self.set_thumbnail(force=True)
            if settings.DO_NOT_TRANSCODE_VIDEO:
--- a/files/views/media.py
+++ b/files/views/media.py
@ -159,6 +159,7 @@ class MediaList(APIView):
    )
    def post(self, request, format=None):
        # Add new media
        serializer = MediaSerializer(data=request.data, context={"request": request})
        if serializer.is_valid():
            media_file = request.data["media_file"]
--- a/files/views/pages.py
+++ b/files/views/pages.py
@ -8,8 +8,8 @@ from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import render
 from django.views.decorators.csrf import csrf_exempt
 from cms.permissions import user_allowed_to_upload
 from cms.version import VERSION
 from files.methods import user_allowed_to_upload
 from users.models import User
 from .. import helpers
@ -26,6 +26,7 @@ from ..methods import (
    create_video_trim_request,
    get_user_or_session,
    handle_video_chapters,
    is_media_allowed_type,
    is_mediacms_editor,
 )
 from ..models import Category, Media, Playlist, Subtitle, Tag, VideoTrimRequest
@ -238,6 +239,10 @@ def edit_media(request):
    if not (request.user.has_contributor_access_to_media(media) or is_mediacms_editor(request.user)):
        return HttpResponseRedirect("/")
    if not is_media_allowed_type(media):
        return HttpResponseRedirect(media.get_absolute_url())
    if request.method == "POST":
        form = MediaMetadataForm(request.user, request.POST, request.FILES, instance=media)
        if form.is_valid():
@ -577,6 +582,7 @@ def view_media(request):
        if video_msg and media.user == request.user:
            messages.add_message(request, messages.INFO, video_msg)
    context["is_media_allowed_type"] = is_media_allowed_type(media)
    return render(request, "cms/media.html", context)
--- a/templates/cms/add-media.html
+++ b/templates/cms/add-media.html
@ -119,7 +119,7 @@
 		<br>
-		<a href='/contact'>Contact</a> the admin owners for more information.
+		<a href='/contact'>Contact</a> portal owners for more information.
 	{% endif %}
--- a/templates/cms/media.html
+++ b/templates/cms/media.html
@ -126,7 +126,19 @@
 <link href="{% static "css/media.css" %}" rel="stylesheet">
 {%endblock topimports %}
-{% block content %}<div id="page-media"></div>{% endblock content %}
+{% block content %}
    {% if is_media_allowed_type %}
        <div id="page-media"></div>
    {% else %}
        <div class="user-action-form-wrap">
            <div class="user-action-form-inner">
                This media type is not supported.
            </div>
        </div>
    {% endif %}
 {% endblock content %}
 {% block bottomimports %}
    <script src="{% static "js/media.js" %}?v={{ VERSION }}"></script>
--- a/uploader/views.py
+++ b/uploader/views.py
@ -8,8 +8,8 @@ from django.core.files import File
 from django.http import JsonResponse
 from django.views import generic
 from cms.permissions import user_allowed_to_upload
 from files.helpers import rm_file
 from files.methods import user_allowed_to_upload
 from files.models import Media
 from .fineuploader import ChunkedFineUploader