FOUR-21235 | Enforce File Upload Limit When Using Chunked File Upload Component

[mcraeteisha]

Issue

Ticket: FOUR-21235

This PR implements FileSizeCheck middleware to enforce file upload limits for chunked uploads processed by vue-simple-uploader and laravel-chunk-upload. The middleware compares the file size against user-specific limits set in app.php.

Solution

• Implement FileCheckMiddleware in processmaker
• Set maximum file size limits in app.php

How to Test

1. Go to branch task/FOUR-21235 in processmaker.
2. Attempt to hit any of the following routes with a file size that exceeds your max file size limits in app.php:
   • Create a Screen with a File Upload component → Add the Screen to a Process Task → Run the Process → Upload a File
     • https://processmaker.test/api/1.0/requests/{request}/files
   • Import a Process
     • https://processmaker.test/api/1.0/processes/import/validation
   • Import a Project
     • https://processmaker.test/api/1.0/projects/import/validation
   • Import a PM Block
     • https://processmaker.test/api/1.0/pm-blocks/import/validation
   • Import a Collection
     • https://processmaker.test/collections/import-chunked
   • Import a Screen
     • https://processmaker.test/api/1.0/screens/import
   • Import a Decision Table
     • https://processmaker.test/designer/decision-tables/import-chunked
   • Go to Admin → File Manager → Public Files → Upload a Public File
     • https://processmaker.test/api/1.0/file-manager

• If you don't have a file that exceeds the upload_max_filesize, such as a really large Collection or Screen, you can test to ensure that no errors are thrown when hitting these endpoints. But for the File Upload control in a Screen and the Public File upload, you should be able to upload any type of large file to test the functionality of the middleware.

ci:package-collections:task/FOUR-21235-b

Code Review Checklist

• I have pulled this code locally and tested it on my instance, along with any associated packages.
• This code adheres to ProcessMaker Coding Guidelines.
• This code includes a unit test or an E2E test that tests its functionality, or is covered by an existing test.
• This solution fixes the bug reported in the original ticket.
• This solution does not alter the expected output of a component in a way that would break existing Processes.
• This solution does not implement any breaking changes that would invalidate documentation or cause existing Processes to fail.
• This solution has been tested with enterprise packages that rely on its functionality and does not introduce bugs in those packages.
• This code does not duplicate functionality that already exists in the framework or in ProcessMaker.
• This ticket conforms to the PRD associated with this part of ProcessMaker.

[processmaker-sonarqube]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarQube