Binary Attachments

[derwok]

Backend

• Research: File-Handling Packages (CollectionFS, Meteor-Files, roll-our-own, gridFS)
  => The winner is: https://github.com/VeliovGroup/Meteor-Files
• Integrate Meteor-Files into project
• Store uploads in subdirectories per meeting series (to avoid clutter & too many files in one dir)
• Add minutesID & seriesID to meta-data of uloaded files
• Filter collection publish on serverside by visible meeting series per user
• settings.json with: on&off, storagePath, maxFilesize, allow/deny extension
• Indroduce "Uploader" role to userroles
• immediate return from upload/remove/download methods of user is not allowed to do so
• Always(!) prohibit uploads of html / htm files. Regardless of settings.json config See XSS vulnerability Security concern: Persistent XSS by uploading html files veliovgroup/Meteor-Files#289
• server startup: check storagePath for write access. Log Error & switch-off Upload if no write access
• Refactor Attachment.js facade
• On delete of Minutes/Series => delete according attachments also

Frontend

• Display only attachments für current visible minutes
• Show paperclip icon on minutes-date-list
• Allow Upload/Remove of File. Show Yes/No-Msgbox before remove
• Allow Cancel of upload & show Progressbar and remaining time during upload
• Nice error popup if upload candidate is not allowed for some reasons.
• Show/hide attachment buttons on: userrole, settings.json, isFinalized state
• Show username behind every attachment file name
• On attachment tooltip show: upload timestamp, filesize in bytes/MB
• Expand/Collapse upload area
• Server Stats show #attachment and total MBytes
• Attachments to Meeting Minutes EMail

Mixed

• Put feature on "login screen info block"
• Update AdminDoc on settings.json regarding attachments
• Update UserDoc on upload attachments feature

E2E Tests

• Basic upload / download test
• Check role based visibility of buttons
• Check role based visibility of download URLs