Merge branch 'develop'

Bump pytubefix from 8.9.0 to 8.12.0

Dockerfile

@@ -35,11 +35,12 @@ RUN apk add --no-cache --virtual .build-deps gcc musl-dev postgresql-dev zlib-de
 #Copy project and execute it.
 COPY . ./
 
-HEALTHCHECK --interval=30s \
-            --timeout=5s \
-            --start-period=10s \
-            --retries=3 \
-            CMD [ "/usr/bin/wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8080/openapi" ]
+# commented for now https://github.com/TandoorRecipes/recipes/issues/3478
+#HEALTHCHECK --interval=30s \
+#            --timeout=5s \
+#            --start-period=10s \
+#            --retries=3 \
+#            CMD [ "/usr/bin/wget", "--no-verbose", "--tries=1", "--spider", "http://127.0.0.1:8080/openapi" ]
 
 # collect information from git repositories
 RUN /opt/recipes/venv/bin/python version.py

cookbook/helper/image_processing.py

@@ -35,6 +35,20 @@ def get_filetype(name):
         return '.jpeg'
 
 
+def is_file_type_allowed(filename, image_only=False):
+    is_file_allowed = False
+    allowed_file_types = ['.pdf','.docx', '.xlsx']
+    allowed_image_types = ['.png', '.jpg', '.jpeg', '.gif']
+    check_list = allowed_image_types
+    if not image_only:
+        check_list += allowed_file_types
+
+    for file_type in check_list:
+        if filename.endswith(file_type):
+            is_file_allowed = True
+
+    return is_file_allowed
+
 # TODO this whole file needs proper documentation, refactoring, and testing
 # TODO also add env variable to define which images sizes should be compressed
 # filetype argument can not be optional, otherwise this function will treat all images as if they were a jpeg

cookbook/integration/paprika.py

@@ -94,7 +94,8 @@ class Paprika(Integration):
                     url = recipe_json.get("image_url", None)
                     if validate_import_url(url):
                         response = requests.get(url)
-                        self.import_recipe_image(recipe, BytesIO(response.content))
+                        if response.status_code == 200 and len(response.content) > 0:
+                            self.import_recipe_image(recipe, BytesIO(response.content))
             except Exception:
                 pass
 

cookbook/locale/uk/LC_MESSAGES/django.po

@@ -8,8 +8,8 @@ msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2024-08-01 15:04+0200\n"
-"PO-Revision-Date: 2024-11-22 07:58+0000\n"
-"Last-Translator: Oleh Hudyma <oleg.hudymaa@gmail.com>\n"
+"PO-Revision-Date: 2025-01-16 18:58+0000\n"
+"Last-Translator: Anton Shevtsov <ashevtsovs@gmail.com>\n"
 "Language-Team: Ukrainian <http://translate.tandoor.dev/projects/tandoor/"
 "recipes-backend/uk/>\n"
 "Language: uk\n"
@@ -18,7 +18,7 @@ msgstr ""
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=3; plural=n%10==1 && n%100!=11 ? 0 : n%10>=2 && "
 "n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2;\n"
-"X-Generator: Weblate 5.6.2\n"
+"X-Generator: Weblate 5.8.4\n"
 
 #: .\cookbook\forms.py:45
 msgid ""
@@ -32,7 +32,7 @@ msgstr ""
 
 #: .\cookbook\forms.py:62 .\cookbook\forms.py:246 .\cookbook\views\lists.py:103
 msgid "Keywords"
-msgstr ""
+msgstr "Ключові слова"
 
 #: .\cookbook\forms.py:62
 msgid "Preparation time in minutes"
@@ -941,13 +941,13 @@ msgstr ""
 #: .\cookbook\templates\ingredient_editor.html:7
 #: .\cookbook\templates\ingredient_editor.html:13
 msgid "Ingredient Editor"
-msgstr ""
+msgstr "Редактор Інгредієнтів"
 
 #: .\cookbook\templates\base.html:275
 #: .\cookbook\templates\export_response.html:7
 #: .\cookbook\templates\test2.html:14 .\cookbook\templates\test2.html:20
 msgid "Export"
-msgstr ""
+msgstr "Експорт"
 
 #: .\cookbook\templates\base.html:287
 msgid "Properties"

cookbook/provider/local.py

@@ -12,21 +12,25 @@ class Local(Provider):
 
     @staticmethod
     def import_all(monitor):
+        if '/etc/' in monitor.path or '/root/' in monitor.path or '/mediafiles/' in monitor.path or '/usr/' in monitor.path:
+            return False
+
         files = [f for f in listdir(monitor.path) if isfile(join(monitor.path, f))]
 
         import_count = 0
         for file in files:
-            path = monitor.path + '/' + file
-            if not Recipe.objects.filter(file_path__iexact=path, space=monitor.space).exists() and not RecipeImport.objects.filter(file_path=path, space=monitor.space).exists():
-                name = os.path.splitext(file)[0]
-                new_recipe = RecipeImport(
-                    name=name,
-                    file_path=path,
-                    storage=monitor.storage,
-                    space=monitor.space,
-                )
-                new_recipe.save()
-                import_count += 1
+            if file.endswith('.pdf') or file.endswith('.png') or file.endswith('.jpg') or file.endswith('.jpeg') or file.endswith('.gif'):
+                path = monitor.path + '/' + file
+                if not Recipe.objects.filter(file_path__iexact=path, space=monitor.space).exists() and not RecipeImport.objects.filter(file_path=path, space=monitor.space).exists():
+                    name = os.path.splitext(file)[0]
+                    new_recipe = RecipeImport(
+                        name=name,
+                        file_path=path,
+                        storage=monitor.storage,
+                        space=monitor.space,
+                    )
+                    new_recipe.save()
+                    import_count += 1
 
         log_entry = SyncLog(
             status='SUCCESS',

cookbook/serializer.py

@@ -22,6 +22,7 @@ from rest_framework.fields import IntegerField
 
 from cookbook.helper.CustomStorageClass import CachedS3Boto3Storage
 from cookbook.helper.HelperFunctions import str2bool
+from cookbook.helper.image_processing import is_file_type_allowed
 from cookbook.helper.permission_helper import above_space_limit
 from cookbook.helper.property_helper import FoodPropertyHelper
 from cookbook.helper.shopping_helper import RecipeShoppingEditor
@@ -233,12 +234,17 @@ class UserFileSerializer(serializers.ModelSerializer):
                 raise ValidationError(_('You have reached your file upload limit.'))
 
     def create(self, validated_data):
+        if not is_file_type_allowed(validated_data['file'].name):
+            return None
+
         self.check_file_limit(validated_data)
         validated_data['created_by'] = self.context['request'].user
         validated_data['space'] = self.context['request'].space
         return super().create(validated_data)
 
     def update(self, instance, validated_data):
+        if not is_file_type_allowed(validated_data['file'].name):
+            return None
         self.check_file_limit(validated_data)
         return super().update(instance, validated_data)
 
@@ -958,6 +964,16 @@ class RecipeImageSerializer(WritableNestedModelSerializer):
     image = serializers.ImageField(required=False, allow_null=True)
     image_url = serializers.CharField(max_length=4096, required=False, allow_null=True)
 
+    def create(self, validated_data):
+        if not is_file_type_allowed(validated_data['image'].name, image_only=True):
+            return None
+        return super().create( validated_data)
+
+    def update(self, instance, validated_data):
+        if not is_file_type_allowed(validated_data['image'].name, image_only=True):
+            return None
+        return super().update(instance, validated_data)
+
     class Meta:
         model = Recipe
         fields = ['image', 'image_url', ]

cookbook/tests/edits/test_edits_storage.py

@@ -31,12 +31,12 @@ def test_edit_storage(storage_obj, a1_s1, a1_s2):
         }
     )
     storage_obj.refresh_from_db()
-    assert r.status_code == 200
-    r_messages = [m for m in get_messages(r.wsgi_request)]
-    assert not any(m.level > messages.SUCCESS for m in r_messages)
+    assert r.status_code == 302
+    #r_messages = [m for m in get_messages(r.wsgi_request)]
+    #assert not any(m.level > messages.SUCCESS for m in r_messages)
 
-    assert storage_obj.password == '1234_pw'
-    assert storage_obj.token == '1234_token'
+    #assert storage_obj.password == '1234_pw'
+    #assert storage_obj.token == '1234_token'
 
     r = a1_s2.post(
         reverse('edit_storage', args={storage_obj.pk}),
@@ -54,7 +54,7 @@ def test_edit_storage(storage_obj, a1_s1, a1_s2):
     ['a_u', 302],
     ['g1_s1', 302],
     ['u1_s1', 302],
-    ['a1_s1', 200],
+    ['a1_s1', 302],
     ['g1_s2', 302],
     ['u1_s2', 302],
     ['a1_s2', 404],

cookbook/views/edit.py

@@ -80,7 +80,7 @@ class SyncUpdate(GroupRequiredMixin, UpdateView, SpaceFormMixing):
 def edit_storage(request, pk):
     instance: Storage = get_object_or_404(Storage, pk=pk, space=request.space)
 
-    if not (instance.created_by == request.user or request.user.is_superuser):
+    if not request.user.is_superuser:
         messages.add_message(request, messages.ERROR, _('You cannot edit this storage!'))
         return HttpResponseRedirect(reverse('list_storage'))
 

cookbook/views/new.py

@@ -58,10 +58,16 @@ class StorageCreate(GroupRequiredMixin, CreateView):
         obj = form.save(commit=False)
         obj.created_by = self.request.user
         obj.space = self.request.space
-        obj.save()
+
         if self.request.space.demo or settings.HOSTED:
             messages.add_message(self.request, messages.ERROR, _('This feature is not yet available in the hosted version of tandoor!'))
             return redirect('index')
+
+        if not self.request.user.is_superuser:
+            messages.add_message(self.request, messages.ERROR, _('This feature is only available for the instance administrator (superuser)'))
+            return redirect('index')
+
+        obj.save()
         return HttpResponseRedirect(reverse('edit_storage', kwargs={'pk': obj.pk}))
 
     def get_context_data(self, **kwargs):

nginx/conf.d/Recipes.conf

@@ -8,6 +8,7 @@ server {
   # serve media files
   location /media/ {
     alias /media/;
+    add_header Content-Disposition 'attachment; filename="$args"';
   }
   # pass requests for dynamic content to gunicorn
   location / {

requirements.txt

@@ -1,10 +1,10 @@
-Django==4.2.17
-cryptography===43.0.1
+Django==4.2.18
+cryptography===44.0.0
 django-annoying==0.10.6
 django-cleanup==8.0.0
 django-crispy-forms==2.3
 crispy-bootstrap4==2024.10
-django-tables2==2.7.0
+django-tables2==2.7.4
 djangorestframework==3.15.2
 drf-writable-nested==0.7.0
 django-oauth-toolkit==2.4.0
@@ -19,7 +19,7 @@ python-dotenv==1.0.0
 requests==2.32.3
 six==1.16.0
 webdavclient3==3.14.6
-whitenoise==6.7.0
+whitenoise==6.8.2
 icalendar==6.1.0
 pyyaml==6.0.2
 uritemplate==4.1.1
@@ -30,7 +30,7 @@ Jinja2==3.1.5
 django-webpack-loader==3.0.1
 git+https://github.com/BITSOLVER/django-js-reverse@071e304fd600107bc64bbde6f2491f1fe049ec82
 django-allauth==0.61.1
-recipe-scrapers==15.2.1
+recipe-scrapers==15.4.0
 django-scopes==2.0.0
 django-treebeard==4.7
 django-cors-headers==4.6.0
@@ -41,10 +41,10 @@ django-hCaptcha==0.2.0
 python-ldap==3.4.4
 django-auth-ldap==4.6.0
 pyppeteer==2.0.0
-pytubefix==8.5.1
+pytubefix==8.12.0
 aiohttp==3.10.11
 inflection==0.5.1
-redis==5.2.0
+redis==5.2.1
 
 # Development
 pytest==8.0.0

vue/src/locales/uk.json

@@ -20,7 +20,7 @@
     "all_fields_optional": "Всі поля опціональні і можна залишити їх пустими.",
     "convert_internal": "Конвертувати у внутрішній рецепт",
     "show_only_internal": "Показати тільки внутрішні рецепти",
-    "show_split_screen": "",
+    "show_split_screen": "Розділений перегляд",
     "Log_Recipe_Cooking": "",
     "External_Recipe_Image": "Зображення Зовнішнього Рецепту",
     "Add_to_Shopping": "Додати до Покупок",
@@ -437,5 +437,8 @@
     "Use_Fractions_Help": "Автоматично конвертувати десятки в дроби, коли дивитесь рецепт.",
     "Copy Link": "Скопіювати Посилання",
     "Original_Text": "Оригінальний текст",
-    "Default_Unit": "Одиниця замовчуванням"
+    "Default_Unit": "Одиниця замовчуванням",
+    "recipe_property_info": "Ви також можете додати властивості до продуктів, щоб розрахувати їх автоматично на основі вашого рецепту!",
+    "per_serving": "на порцію",
+    "err_importing_recipe": "Виникла помилка при імпортуванні рецепту!"
 }