[ActiveStorage] Feature Request: attachment validations

[Matt Yanchek]

Hey all, with ActiveStorage coming out very soon I am very quickly finding a need for some validations for attachments before storing. Some very quick validation helpers would be great for example content type and size would be huge wins in protecting an application that is expecting to only allow images.

Just a quick example:

class User < ApplicationRecord
  has_one_attached :avatar
 
  validates :avatar, attachment: { content_types: 'image/*', size: 50 }
end

[Luis Felipe Sanchez]

I think this would be a great feature to have. Looking around the code I find that one main issue is that doing attribute assignment like `@record.file=attachable`

uploads the attachable to the service right away. We could make it so that `ActiveStorage::Attached` stores the attachable as an instance variable and a new method called `attach!` actually uploads the file.
Then one could validate that `file.content_type` is valid.

[ifom...@gmail.com]

Hi all,

I think this is one of the essential features that are missing in Active Storage. Thus I'm pretty sure it's gonna be implemented pretty soon one way or another, and I wonder what is the maintainers' plan for it, if there is any.

I know about active_storage_validations gem, but its functionality is quite limited and the gem itself is pretty self-inconsistent and raw (though it's the best publicly available gem I could find, kudos to the maintainers!)

One approach I'm thinking of would be to adapt paperclip's validators for Active Storage (thanks to MIT license), and I think I could do it, but I'm not sure if it's gonna be accepted. One doesn't have to invent the wheel, but I'd like to hear an expert opinion.

Thank you,

Ivan

[Rob Zolkos]

Rails 6 will have validations for AS  https://github.com/rails/rails/commit/e8682c5bf051517b0b265e446aa1a7eccfd47bf7#diff-c76fb6202b7f95a08fe12f40c4999ac9R11

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-co...@googlegroups.com.
To post to this group, send email to rubyonra...@googlegroups.com.
Visit this group at https://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.

[ifom...@gmail.com]

Hmmm...

Hi Rob,

thanks for your reply!

I see how one can validate presence of a blob from this change, but I'm not sure what could be the syntax for validating content type, filename, or file size after this change. Could you please elaborate on that? The commit you referred to provides neither documentation nor tests for these cases.

Best regards,

Ivan

[George Claghorn]

Validations are planned for Rails 6. Here’s a rough sketch of the API I have in mind:

    validates_attached :logo, presence: true, byte_size: { less_than: 10.megabytes, message: "must be smaller than 10 MB" }, content_type: /\Aimage\//

I intended to implement this myself, and laid the groundwork for it in the commit Rob mentioned, but Igor Kasyanchuk asked if he could fold active_storage_validations into Active Storage proper: https://github.com/rails/rails/issues/33741. Since September, I’ve been giving him time to open a PR.

Please feel free to investigate yourself. Rails 6 is slated for early next year, so if nobody else opens a PR before then, I’ll come back to validations after the holidays.

[ifom...@gmail.com]

Hi George,

thanks for your positive feedback! I'll see how far I can get :)

Best regards,

Ivan

[Abhishek Chandrasekhar]

Hey everyone!

It seems this has been open for a while, and as per George's last statement I'm assuming a pull request is still welcome? If so I've been working on this the past few days 📅

(As a small side note, there does already seem to be a PR open but I provided my thoughts on that here. I believe Igor responded in support as well)

I had a question about the `:presence` validator.

The Issue

I assume we want validates :avatar, presence: true to validate that a ::Blob is actually attached. However activestorage attachments don't work like standard model fields: all changes to attachments and blobs are processed after the record itself is saved (for good reason).

This unfortunately means any validations for :presence run at a time when the attachment changes (stored in @attachment_changes) have not yet been applied.

Potential Workaround + Another Issue

One workaround would be to have the validator look at what changes are queued up to be applied and decide if an attachment is expected to be present or blank after the record is saved.

This would work well, but the :detach, :purge, and :purge_later throw a wrench in this logic. They immediately delete the attachments (or at least queue them up for deletion) before setting the attachment to nil. So when the record is finally validated later it might fail :presence validations but it's too late because the association ::Attachment/::Blob records are already destroyed.

All this makes what should be a "simple" presence check much more complex because of the nature of how attachments are stored. Unless I'm missing an obvious solution, which I might be!

My personal thought: If we want attachments to feel like true model fields then the validation should be performed first and the deletion should be blocked/avoided if the validation fails. (And of course, users can always bypass validations as needed).

Would love to hear your thoughts. In the mean time, I'm happy to implement the size and content type validations. 

As always, thanks for everyone's time here. As an avid Rails user, everyone's contribution is much appreciated.