From 756263bad4697aa7b7d04dfee4cc0c1fb59714c3 Mon Sep 17 00:00:00 2001 From: Lars Date: Tue, 28 Apr 2026 13:56:26 +0200 Subject: [PATCH] feat: implement dynamic upload limits for exercise media - Introduced role-based upload limits for exercise media, allowing users to upload up to 1 MB while admins and superadmins can upload up to 1024 MB. - Updated the media upload logic to enforce these limits, enhancing the flexibility and control over media management in the application. --- backend/routers/exercises.py | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/backend/routers/exercises.py b/backend/routers/exercises.py index d4a04b3..9dbfa77 100644 --- a/backend/routers/exercises.py +++ b/backend/routers/exercises.py @@ -70,12 +70,23 @@ def normalize_exercise_skill_level(value) -> Optional[str]: MEDIA_ROOT = Path(os.getenv("MEDIA_ROOT", str(Path(__file__).resolve().parent.parent / "media"))) MAX_EXERCISE_MEDIA = 10 -MAX_UPLOAD_BYTES = 50 * 1024 * 1024 +# Upload-Limits (Übungs-Medien): Trainer wie bisher kleiner; Admin/Superadmin höheres Limit für große Videos +_MAX_UPLOAD_MB_USER = max(1, int(os.getenv("EXERCISE_MEDIA_MAX_UPLOAD_MB", "50"))) +_MAX_UPLOAD_MB_ADMIN = max(_MAX_UPLOAD_MB_USER, int(os.getenv("EXERCISE_MEDIA_ADMIN_MAX_UPLOAD_MB", "1024"))) +MAX_UPLOAD_BYTES_USER = _MAX_UPLOAD_MB_USER * 1024 * 1024 +MAX_UPLOAD_BYTES_ADMIN = _MAX_UPLOAD_MB_ADMIN * 1024 * 1024 ALLOWED_UPLOAD_MIMES = frozenset( {"image/jpeg", "image/png", "image/gif", "video/mp4", "application/pdf"} ) +def _upload_limit_bytes(session: dict) -> int: + role = session.get("role") or "" + if role in ("admin", "superadmin"): + return MAX_UPLOAD_BYTES_ADMIN + return MAX_UPLOAD_BYTES_USER + + # ============================================================================ # Pydantic Models # ============================================================================ @@ -1201,10 +1212,11 @@ async def upload_exercise_media( ) else: raw = await file.read() - if len(raw) > MAX_UPLOAD_BYTES: + max_upload = _upload_limit_bytes(session) + if len(raw) > max_upload: raise HTTPException( status_code=413, - detail=f"Datei zu groß (max. {MAX_UPLOAD_BYTES // (1024 * 1024)} MB)", + detail=f"Datei zu groß (max. {max_upload // (1024 * 1024)} MB)", ) mime = file.content_type or "" if mime not in ALLOWED_UPLOAD_MIMES: