Active Storage doesn't have validations yet.
We can restrict the accepted file types in the form:
<div class="field">
<%= f.label :deliverable %>
<%= f.file_field :deliverable, direct_upload: true,
accept: 'application/pdf,
application/zip,application/vnd.openxmlformats-officedocument.wordprocessingml.document' %>
</div>
And add a custom validation in the model:
class Item
has_one_attached :document
validate :correct_document_mime_type
private
def correct_document_mime_type
if document.attached? && !document.content_type.in?(%w(application/msword application/pdf))
errors.add(:document, 'Must be a PDF or a DOC file')
end
end
end
Yes, but sticking to your example, the security team checks all the deposited suitcases before storing them (in the planes). The airport needs to handle both checking and storage.
In reality, Rails is a secure web framework, so I was confused it simply seemed not to offer the xray. It does though, sometimes we seem to cause "empty" uploads which cannot be analyzed (because they're empty), so that's a fault on my site. Rails' xray is in place and works. :)