[WEB 3053]feat: support LibreOffice file attachments in issues

[sangeethailango]

Description

This PR allows LibreOffice, Microsoft Viseo, Netpbm, Open Office Bea files in the issue attachments.

Summary by CodeRabbit

• New Features

  • Added support for new file types including OpenDocument formats, Microsoft Visio, and Netpbm image formats
  • Implemented new patch method for attachment updates
  • Enhanced attachment handling with file validation and presigned URL generation

• Improvements

  • Added soft delete functionality for file attachments
  • Improved asset retrieval with optional parameter support

• Bug Fixes

  • Added file type and size validation for attachments

[coderabbitai]

Walkthrough

This pull request introduces significant enhancements to the issue attachment handling in the API server. The changes focus on improving file attachment management by adding file type validation, implementing soft delete functionality, and expanding support for various file formats. The modifications include adding a new patch method, updating the get and delete methods with more robust logic, and expanding the list of acceptable MIME types for attachments.

Changes

File	Change Summary
apiserver/plane/app/views/issue/attachment.py	- Added patch method for attachment updates - Modified delete method to use soft delete - Updated get method to handle optional pk parameter - Implemented file type and size validation
apiserver/plane/settings/common.py	- Added new MIME types for OpenDocument formats - Included Microsoft Visio format - Added Netpbm image formats

Possibly related PRs

• feat: add issue attachment v1 endpoint  #6307: Similar modifications to delete method implementing soft deletes and adding a patch method.

Suggested labels

⚙️backend

Suggested reviewers

• sriramveeraghanta

Poem

🐰 Attachments dance with grace and might,
Soft deletes and formats shining bright,
From OpenDoc to Visio's flair,
Our file handling now beyond compare,
A rabbit's code, both smart and light! 📄✨

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 07773ea and 01f6804.

📒 Files selected for processing (1)

• apiserver/plane/settings/common.py (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apiserver/plane/settings/common.py

⏰ Context from checks skipped due to timeout of 90000ms (3)

• GitHub Check: lint-apiserver
• GitHub Check: Analyze (javascript)
• GitHub Check: Analyze (python)

Finishing Touches

• 📝 Generate Docstrings

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

apiserver/plane/app/views/issue/attachment.py (1)

Line range hint 183-198: Handle FileAsset not found in get method

When a pk is provided in the get method, the code assumes the FileAsset exists. If it doesn't (e.g., invalid pk), a DoesNotExist exception will be raised, resulting in a 500 Internal Server Error.

Add exception handling to return a 404 response when the FileAsset is not found.

Apply this diff to handle exceptions:

if pk:
+    try:
        # Get the asset
        asset = FileAsset.objects.get(
            id=pk, workspace__slug=slug, project_id=project_id
        )
+    except FileAsset.DoesNotExist:
+        return Response(
+            {"error": "Asset not found.", "status": False},
+            status=status.HTTP_404_NOT_FOUND,
+        )

    # Check if the asset is uploaded
    if not asset.is_uploaded:
        return Response(

🧹 Nitpick comments (3)

apiserver/plane/app/views/issue/attachment.py (2)

123-128: Create FileAsset after successful presigned URL generation

Currently, the FileAsset is created before generating the presigned URL. If the presigned URL generation fails, you'll have an orphaned FileAsset record without a valid upload path.

Consider creating the FileAsset only after successfully generating the presigned URL, or implement cleanup logic for failed cases.

Apply this diff to adjust the creation timing:

-# Create a File Asset
-asset = FileAsset.objects.create(
-    attributes={"name": name, "type": type, "size": size_limit},
-    asset=asset_key,
-    size=size_limit,
-    workspace_id=workspace.id,
-    created_by=request.user,
-    issue_id=issue_id,
-    project_id=project_id,
-    entity_type=FileAsset.EntityTypeContext.ISSUE_ATTACHMENT,
-)

# Get the presigned URL
storage = S3Storage(request=request)

try:
    presigned_url = storage.generate_presigned_post(
        object_name=asset_key, file_type=type, file_size=size_limit
    )
+except Exception as e:
+    return Response(
+        {"error": "Failed to generate upload URL.", "details": str(e), "status": False},
+        status=status.HTTP_500_INTERNAL_SERVER_ERROR,
+    )

+# Create a File Asset only after successful presigned URL generation
+asset = FileAsset.objects.create(
+    attributes={"name": name, "type": type, "size": size_limit},
+    asset=asset_key,
+    size=size_limit,
+    workspace_id=workspace.id,
+    created_by=request.user,
+    issue_id=issue_id,
+    project_id=project_id,
+    entity_type=FileAsset.EntityTypeContext.ISSUE_ATTACHMENT,
+)

---

Line range hint 155-160: Remove physical files upon soft delete

In the delete method, the FileAsset is marked as deleted in the database, but the actual file in storage remains. This can lead to unnecessary storage costs and potential security risks since obsolete files are still accessible.

Consider implementing a background task or modifying the deletion logic to remove the physical file from storage when an asset is soft deleted.

apiserver/plane/settings/common.py (1)

364-375: Correct typo in comment and verify MIME types

There's a typo in the comment on line 374~: "Open Office Bae" should be "OpenOffice Base."

Also, ensure that all added MIME types are accurate and necessary for your application's use cases.

Apply this diff to fix the typo:

-    # Open Office Bae
+    # OpenOffice Base

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between ae657af and 07773ea.

📒 Files selected for processing (2)

• apiserver/plane/app/views/issue/attachment.py (1 hunks)
• apiserver/plane/settings/common.py (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: lint-apiserver
• GitHub Check: Analyze (javascript)

🔇 Additional comments (2)

apiserver/plane/app/views/issue/attachment.py (1)

123-128: Verify handling of file size limits

The size_limit is determined by the size provided in the request, but there is no guarantee that the actual file uploaded will respect this limit. If a user uploads a file larger than the declared size, it could cause issues or exceed storage quotas.

Ensure that the storage backend enforces the file size limit or consider adding server-side validation after the upload is complete.

apiserver/plane/settings/common.py (1)

364-375: Review security implications of added MIME types

Some added MIME types, such as OpenDocument formats and certain image types, might contain executable content or scripts, potentially leading to security vulnerabilities if not properly handled.

Ensure that the application performs thorough validation and sanitization of these file types to mitigate security risks.

Also applies to: 393-394