Enhancement: collapsible sidebar menus

2025-09-22 00:52:42 -05:00 · 2025-09-20 10:16:36 -07:00
7 changed files with 123 additions and 298 deletions
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -2,11 +2,9 @@

 If you feel like contributing to the project, please do! Bug fixes and improvements are always welcome.

-⚠️ Please note: Pull requests that implement a new feature or enhancement _should almost always target an existing feature request_ with evidence of community interest and discussion. This is in order to balance the work of implementing and maintaining new features / enhancements. Pull requests that are opened without meeting this requirement may not be merged.
-
 If you want to implement something big:

- As above, please start with a discussion! Maybe something similar is already in development and we can make it happen together.
+- Please start a discussion about that in the issues! Maybe something similar is already in development and we can make it happen together.
 - When making additions to the project, consider if the majority of users will benefit from your change. If not, you're probably better of forking the project.
 - Also consider if your change will get in the way of other users. A good change is a change that enhances the experience of some users who want that change and does not affect users who do not care about the change.
 - Please see the [paperless-ngx merge process](#merging-prs) below.
--- a/src-ui/src/app/components/app-frame/app-frame.component.html
+++ b/src-ui/src/app/components/app-frame/app-frame.component.html
@@ -166,10 +166,13 @@
        </div>

        <div class="nav-group mt-3 mb-1">
-          <h6 class="sidebar-heading px-3 text-muted">
+          <h6 class="sidebar-heading px-3 text-muted d-flex align-items-center">
            <span i18n>Manage</span>
+            <button class="btn btn-link p-2 py-0" (click)="manageCollapse.toggle()">
+              <i-bs width="0.9em" height="0.9em" [name]="isManageMenuCollapsed ? 'chevron-down' : 'chevron-up'"></i-bs>
+            </button>
          </h6>
-          <ul class="nav flex-column mb-2">
+          <ul class="nav flex-column mb-2" #manageCollapse="ngbCollapse" [(ngbCollapse)]="isManageMenuCollapsed">
            <li class="nav-item app-link"
              *pngxIfPermissions="{ action: PermissionAction.View, type: PermissionType.Correspondent }">
              <a class="nav-link" routerLink="correspondents" routerLinkActive="active" (click)="closeMenu()"
@@ -243,10 +246,14 @@
        </div>

        <div class="nav-group mt-auto mb-1">
-          <h6 class="sidebar-heading px-3 pt-4 text-muted">
+          <h6 class="sidebar-heading px-3 pt-4 text-muted d-flex align-items-center">
            <span i18n>Administration</span>
+            <button class="btn btn-link p-2 py-0" (click)="adminCollapse.toggle()">
+              <i-bs width="0.9em" height="0.9em" [name]="isAdminMenuCollapsed ? 'chevron-down' : 'chevron-up'"></i-bs>
+            </button>
          </h6>
-          <ul class="nav flex-column mb-2">
+          <div class="mb-2">
+            <ul class="nav flex-column" #adminCollapse="ngbCollapse" [(ngbCollapse)]="isAdminMenuCollapsed">
              <li class="nav-item app-link" *pngxIfPermissions="{ action: PermissionAction.Change, type: PermissionType.UISettings }"
                tourAnchor="tour.settings">
                <a class="nav-link" routerLink="settings" routerLinkActive="active" (click)="closeMenu()"
@@ -292,6 +299,8 @@
                  </a>
                </li>
              }
+            </ul>
+            <ul class="nav flex-column">
              <li class="nav-item mt-2" tourAnchor="tour.outro">
                <a class="px-3 py-2 text-muted small d-flex align-items-center flex-wrap text-decoration-none"
                  target="_blank" rel="noopener noreferrer" href="https://docs.paperless-ngx.com" ngbPopover="Documentation"
@@ -356,6 +365,7 @@
            </ul>
          </div>
        </div>
+      </div>
    </nav>

    <main role="main" class="ms-sm-auto px-md-4"
--- a/src-ui/src/app/components/app-frame/app-frame.component.ts
+++ b/src-ui/src/app/components/app-frame/app-frame.component.ts
@@ -89,6 +89,8 @@ export class AppFrameComponent
  appRemoteVersion: AppRemoteVersion

  isMenuCollapsed: boolean = true
+  isManageMenuCollapsed: boolean = false
+  isAdminMenuCollapsed: boolean = false

  slimSidebarAnimating: boolean = false

--- a/src-ui/src/main.ts
+++ b/src-ui/src/main.ts
@@ -55,7 +55,9 @@ import {
  checkLg,
  chevronDoubleLeft,
  chevronDoubleRight,
+  chevronDown,
  chevronRight,
+  chevronUp,
  clipboard,
  clipboardCheck,
  clipboardCheckFill,
@@ -267,7 +269,9 @@ const icons = {
  checkLg,
  chevronDoubleLeft,
  chevronDoubleRight,
+  chevronDown,
  chevronRight,
+  chevronUp,
  clipboard,
  clipboardCheck,
  clipboardCheckFill,
--- a/src/documents/tests/test_api_app_config.py
+++ b/src/documents/tests/test_api_app_config.py
@@ -1,6 +1,4 @@
 import json
-from fractions import Fraction
-from io import BytesIO
 from pathlib import Path

 from django.contrib.auth.models import User
@@ -8,11 +6,6 @@ from django.core.files.uploadedfile import SimpleUploadedFile
 from rest_framework import status
 from rest_framework.test import APITestCase

-try:
-    from PIL import Image
-except ModuleNotFoundError:  # pragma: no cover - Pillow is required in production
-    Image = None  # type: ignore[assignment]
-
 from documents.tests.utils import DirectoriesMixin
 from paperless.models import ApplicationConfiguration
 from paperless.models import ColorConvertChoices
@@ -197,74 +190,6 @@ class TestApiAppConfig(DirectoriesMixin, APITestCase):
        )
        self.assertFalse(Path(old_logo.path).exists())

-    def test_api_strips_metadata_from_logo_upload(self):
-        """
-        GIVEN:
-            - An image file containing EXIF metadata including GPS coordinates
-        WHEN:
-            - Uploaded via PATCH to app config
-        THEN:
-            - Stored logo no longer contains EXIF metadata
-        """
-        if Image is None:
-            self.skipTest("Pillow is not installed")
-
-        if not hasattr(Image, "Exif"):
-            self.skipTest("Current Pillow version cannot create EXIF metadata")
-
-        assert Image is not None
-
-        exif = Image.Exif()
-        exif[0x010E] = "Test description"  # ImageDescription
-        exif[0x8825] = {
-            1: "N",  # GPSLatitudeRef
-            2: (Fraction(51, 1), Fraction(30, 1), Fraction(0, 1)),
-            3: "E",  # GPSLongitudeRef
-            4: (Fraction(0, 1), Fraction(7, 1), Fraction(0, 1)),
-        }
-
-        buffer = BytesIO()
-        Image.new("RGB", (8, 8), "white").save(buffer, format="JPEG", exif=exif)
-        buffer.seek(0)
-
-        with Image.open(BytesIO(buffer.getvalue())) as uploaded_image:
-            self.assertGreater(len(uploaded_image.getexif()), 0)
-
-        response = self.client.patch(
-            f"{self.ENDPOINT}1/",
-            {
-                "app_logo": SimpleUploadedFile(
-                    name="with_exif.jpg",
-                    content=buffer.getvalue(),
-                    content_type="image/jpeg",
-                ),
-            },
-        )
-
-        self.assertEqual(response.status_code, status.HTTP_200_OK)
-
-        config = ApplicationConfiguration.objects.first()
-        stored_logo = Path(config.app_logo.path)
-        self.assertTrue(stored_logo.exists())
-
-        with Image.open(stored_logo) as sanitized:
-            sanitized_exif = sanitized.getexif()
-            self.assertNotEqual(sanitized_exif.get(0x010E), "Test description")
-
-            gps_ifd = None
-            if hasattr(sanitized_exif, "get_ifd"):
-                try:
-                    gps_ifd = sanitized_exif.get_ifd(0x8825)
-                except KeyError:
-                    gps_ifd = None
-            else:
-                gps_ifd = sanitized_exif.get(0x8825)
-
-            if gps_ifd is not None:
-                self.assertEqual(len(gps_ifd), 0, "GPS metadata should be cleared")
-
-            self.assertNotIn("exif", sanitized.info)
-
    def test_api_rejects_malicious_svg_logo(self):
        """
        GIVEN:
--- a/src/paperless/serialisers.py
+++ b/src/paperless/serialisers.py
@@ -1,5 +1,4 @@
 import logging
-from io import BytesIO

 import magic
 from allauth.mfa.adapter import get_adapter as get_mfa_adapter
@@ -10,10 +9,6 @@ from allauth.socialaccount.models import SocialApp
 from django.contrib.auth.models import Group
 from django.contrib.auth.models import Permission
 from django.contrib.auth.models import User
-from django.core.files.uploadedfile import SimpleUploadedFile
-from PIL import Image
-from PIL import ImageOps
-from PIL import UnidentifiedImageError
 from rest_framework import serializers
 from rest_framework.authtoken.serializers import AuthTokenSerializer

@@ -24,102 +19,6 @@ from paperless_mail.serialisers import ObfuscatedPasswordField
 logger = logging.getLogger("paperless.settings")


-def strip_image_metadata(uploaded_file, mime_type: str | None):
-    """Return a copy of ``uploaded_file`` with EXIF/ICC metadata removed."""
-
-    if uploaded_file is None:
-        return uploaded_file
-
-    original_position = uploaded_file.tell() if hasattr(uploaded_file, "tell") else None
-    image = None
-
-    sanitized = None
-
-    try:
-        if hasattr(uploaded_file, "seek"):
-            uploaded_file.seek(0)
-        image = Image.open(uploaded_file)
-        image.load()
-    except (UnidentifiedImageError, OSError):
-        if hasattr(uploaded_file, "seek") and original_position is not None:
-            uploaded_file.seek(original_position)
-        return uploaded_file
-
-    try:
-        image_format = (image.format or "").upper()
-        image = ImageOps.exif_transpose(image)
-
-        if image_format not in {"JPEG", "JPG", "PNG"}:
-            if hasattr(uploaded_file, "seek") and original_position is not None:
-                uploaded_file.seek(original_position)
-            return uploaded_file
-
-        if hasattr(image, "info"):
-            image.info.pop("exif", None)
-            image.info.pop("icc_profile", None)
-            image.info.pop("comment", None)
-
-        if image_format in {"JPEG", "JPG"}:
-            sanitized = image.convert("RGB")
-            save_kwargs = {
-                "format": "JPEG",
-                "quality": 95,
-                "subsampling": 0,
-                "optimize": True,
-                "exif": b"",
-            }
-        else:  # PNG
-            target_mode = (
-                "RGBA"
-                if ("A" in image.mode or image.info.get("transparency"))
-                else "RGB"
-            )
-            sanitized = image.convert(target_mode)
-            save_kwargs = {
-                "format": "PNG",
-                "optimize": True,
-            }
-
-        buffer = BytesIO()
-        try:
-            sanitized.save(buffer, **save_kwargs)
-        except (OSError, ValueError):
-            buffer = BytesIO()
-            if image_format in {"JPEG", "JPG"}:
-                sanitized.save(
-                    buffer,
-                    format="JPEG",
-                    quality=90,
-                    subsampling=0,
-                    exif=b"",
-                )
-            else:
-                sanitized.save(
-                    buffer,
-                    format="PNG",
-                )
-
-        buffer.seek(0)
-
-        if hasattr(uploaded_file, "close"):
-            try:
-                uploaded_file.close()
-            except Exception:
-                pass
-
-        content_type = getattr(uploaded_file, "content_type", None) or mime_type
-        return SimpleUploadedFile(
-            name=getattr(uploaded_file, "name", "logo"),
-            content=buffer.getvalue(),
-            content_type=content_type,
-        )
-    finally:
-        if sanitized is not None:
-            sanitized.close()
-        if image is not None:
-            image.close()
-
-
 class PaperlessAuthTokenSerializer(AuthTokenSerializer):
    code = serializers.CharField(
        label="MFA Code",
@@ -310,23 +209,10 @@ class ApplicationConfigurationSerializer(serializers.ModelSerializer):
        return super().update(instance, validated_data)

    def validate_app_logo(self, file):
-        if not file:
-            return file
-
-        if hasattr(file, "seek"):
-            file.seek(0)
-        mime_type = magic.from_buffer(file.read(2048), mime=True)
-        if hasattr(file, "seek"):
-            file.seek(0)
-
-        if mime_type == "image/svg+xml":
+        if file and magic.from_buffer(file.read(2048), mime=True) == "image/svg+xml":
            reject_dangerous_svg(file)
-            if hasattr(file, "seek"):
-                file.seek(0)
        return file

-        return strip_image_metadata(file, mime_type)
-
    class Meta:
        model = ApplicationConfiguration
        fields = "__all__"
--- a/src/paperless/settings.py
+++ b/src/paperless/settings.py
@@ -922,7 +922,7 @@ CELERY_ACCEPT_CONTENT = ["application/json", "application/x-python-serialize"]
 CELERY_BEAT_SCHEDULE = _parse_beat_schedule()

 # https://docs.celeryq.dev/en/stable/userguide/configuration.html#beat-schedule-filename
-CELERY_BEAT_SCHEDULE_FILENAME = str(DATA_DIR / "celerybeat-schedule.db")
+CELERY_BEAT_SCHEDULE_FILENAME = DATA_DIR / "celerybeat-schedule.db"


 # Cachalot: Database read cache.