From ddf171b0ed72566a7b1b7fa2e22017d8804cac58 Mon Sep 17 00:00:00 2001
From: Oliver Roick <oliver.roick@gmail.com>
Date: Mon, 11 Jul 2016 13:43:22 +0200
Subject: [PATCH] Fixes #374 -- Check mime type of uploaded file

---
 cadasta/organization/forms.py | 15 +++++++++++++--
 cadasta/resources/forms.py    |  5 ++++-
 requirements/common.txt       |  2 +-
 3 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/cadasta/organization/forms.py b/cadasta/organization/forms.py
index 1be128671..ddbdf5f55 100644
--- a/cadasta/organization/forms.py
+++ b/cadasta/organization/forms.py
@@ -21,6 +21,11 @@
 from .download.resources import ResourceExporter
 
 FORM_CHOICES = ROLE_CHOICES + (('Pb', _('Public User')),)
+QUESTIONNAIRE_TYPES = [
+    'application/msexcel',
+    'application/vnd.ms-excel',
+    'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet'
+]
 
 
 def create_update_or_delete_project_role(project, user, role):
@@ -213,7 +218,10 @@ class ProjectAddDetails(forms.Form):
     description = forms.CharField(required=False, widget=forms.Textarea)
     access = PublicPrivateField(initial='public')
     url = forms.URLField(required=False)
-    questionaire = forms.CharField(required=False, widget=S3FileUploadWidget)
+    questionaire = forms.CharField(
+        required=False,
+        widget=S3FileUploadWidget(upload_to='xls-forms',
+                                  accepted_types=QUESTIONNAIRE_TYPES))
     contacts = ContactsField(form=ContactsForm, required=False)
 
     def __init__(self, *args, **kwargs):
@@ -234,7 +242,10 @@ def clean_name(self):
 
 class ProjectEditDetails(forms.ModelForm):
     urls = pg_forms.SimpleArrayField(forms.URLField(), required=False)
-    questionnaire = forms.CharField(required=False, widget=S3FileUploadWidget)
+    questionnaire = forms.CharField(
+        required=False,
+        widget=S3FileUploadWidget(upload_to='xls-forms',
+                                  accepted_types=QUESTIONNAIRE_TYPES))
     access = PublicPrivateField()
     contacts = ContactsField(form=ContactsForm, required=False)
 
diff --git a/cadasta/resources/forms.py b/cadasta/resources/forms.py
index 2f9752683..588f434a9 100644
--- a/cadasta/resources/forms.py
+++ b/cadasta/resources/forms.py
@@ -3,10 +3,13 @@
 from buckets.widgets import S3FileUploadWidget
 from .models import Resource, ContentObject
 from .fields import ResourceField
+from .validators import ACCEPTED_TYPES
 
 
 class ResourceForm(forms.ModelForm):
-    file = forms.CharField(widget=S3FileUploadWidget(upload_to='resources'))
+    file = forms.CharField(
+        widget=S3FileUploadWidget(upload_to='resources',
+                                  accepted_types=ACCEPTED_TYPES))
 
     class Meta:
         model = Resource
diff --git a/requirements/common.txt b/requirements/common.txt
index 0a2b5cd41..a119d2aa4 100644
--- a/requirements/common.txt
+++ b/requirements/common.txt
@@ -19,7 +19,7 @@ django-audit-log==0.7.0
 django-simple-history==1.8.1
 simplejson==3.8.1
 django-widget-tweaks==1.4.1
-django-buckets==0.1.10
+django-buckets==0.1.11
 pyxform-cadasta==0.9.22
 python-magic==0.4.11
 Pillow==3.2.0