From d28a1bf31f92ad7b17d3552d828f851ebe8935d7 Mon Sep 17 00:00:00 2001
From: Martin Zurowietz <martin@zurowietz.de>
Date: Thu, 14 Apr 2022 09:56:36 +0200
Subject: [PATCH] Add configurable maximum size of a single file

---
 .../Views/StorageRequestController.php          |  2 ++
 src/Http/Requests/StoreStorageRequestFile.php   |  5 ++++-
 src/config/user_storage.php                     |  7 +++++++
 src/public/assets/scripts/main.js               |  2 +-
 src/public/mix-manifest.json                    |  2 +-
 src/resources/assets/js/createContainer.vue     | 15 ++++++++++++++-
 src/resources/views/create.blade.php            | 12 ++++++++++--
 .../Api/StorageRequestFileControllerTest.php    | 17 ++++++++++++++++-
 8 files changed, 55 insertions(+), 7 deletions(-)

diff --git a/src/Http/Controllers/Views/StorageRequestController.php b/src/Http/Controllers/Views/StorageRequestController.php
index c6af761..339d4a6 100644
--- a/src/Http/Controllers/Views/StorageRequestController.php
+++ b/src/Http/Controllers/Views/StorageRequestController.php
@@ -54,6 +54,7 @@ public function create(Request $request)
         $user = User::convert($request->user());
         $usedQuota = $user->storage_quota_used;
         $availableQuota = $user->storage_quota_available;
+        $maxFilesize = config('user_storage.max_file_size');
 
         $previousRequest = StorageRequest::whereNull('submitted_at')
             ->where('user_id', $user->id)
@@ -64,6 +65,7 @@ public function create(Request $request)
             'previousRequest' => $previousRequest,
             'usedQuota' => $usedQuota,
             'availableQuota' => $availableQuota,
+            'maxFilesize' => $maxFilesize,
         ]);
     }
 
diff --git a/src/Http/Requests/StoreStorageRequestFile.php b/src/Http/Requests/StoreStorageRequestFile.php
index c87535c..77ba918 100644
--- a/src/Http/Requests/StoreStorageRequestFile.php
+++ b/src/Http/Requests/StoreStorageRequestFile.php
@@ -39,8 +39,11 @@ public function rules()
     {
         $user = User::convert($this->storageRequest->user);
 
+        $maxQuota = $user->storage_quota_remaining;
+        $maxFile = config('user_storage.max_file_size');
+
         // The "max" rule expects kilobyte but the quota is in byte.
-        $maxKb = intval(round($user->storage_quota_remaining / 1024));
+        $maxKb = intval(round(min($maxQuota, $maxFile) / 1000));
 
         $mimes = implode(',', array_merge(Image::MIMES, Video::MIMES));
 
diff --git a/src/config/user_storage.php b/src/config/user_storage.php
index 89fb608..ced4c7e 100644
--- a/src/config/user_storage.php
+++ b/src/config/user_storage.php
@@ -6,6 +6,13 @@
     */
     'max_pending_requests' => env('USER_STORAGE_MAX_PENDING_REQUESTS', 3),
 
+    /*
+    | Maximum allowed size of a single uploaded file in bytes.
+    |
+    | Default: 5 GB
+    */
+    'max_file_size' => env('USER_STORAGE_MAX_FILE_SIZE', 5E+9),
+
     /*
     | Allowed maximum combined file size for storage per user (in bytes).
     |
diff --git a/src/public/assets/scripts/main.js b/src/public/assets/scripts/main.js
index d0b7e87..32b5144 100644
--- a/src/public/assets/scripts/main.js
+++ b/src/public/assets/scripts/main.js
@@ -1 +1 @@
-(()=>{"use strict";var e,t={591:()=>{const e=Vue.resource("api/v1/storage-requests{/id}/directories"),t=Vue.resource("api/v1/storage-requests{/id}/files"),i=Vue.resource("api/v1/storage-requests{/id}",{},{approve:{method:"POST",url:"api/v1/storage-requests{/id}/approve"},reject:{method:"POST",url:"api/v1/storage-requests{/id}/reject"},extend:{method:"POST",url:"api/v1/storage-requests{/id}/extend"}});var s=biigle.$require("core.components.fileBrowser"),n=biigle.$require("messages").handleErrorResponse,r=biigle.$require("core.mixins.loader"),o=function(e){var t="",i=["kB","MB","GB","TB"];do{e/=1e3,t=i.shift()}while(e>1e3&&i.length>0);return"".concat(e.toFixed(2)," ").concat(t)},a=function(e){var t={name:"",directories:{},files:[]};return e.files&&e.files.forEach((function(e){var i=e.split("/"),s=i.pop(),n=t;i.forEach((function(e){n.directories.hasOwnProperty(e)||(n.directories[e]={name:e,directories:{},files:[]}),n=n.directories[e]})),n.files.push({name:s})})),t};function l(e,t,i,s,n,r,o,a){var l,u="function"==typeof e?e.options:e;if(t&&(u.render=t,u.staticRenderFns=i,u._compiled=!0),s&&(u.functional=!0),r&&(u._scopeId="data-v-"+r),o?(l=function(e){(e=e||this.$vnode&&this.$vnode.ssrContext||this.parent&&this.parent.$vnode&&this.parent.$vnode.ssrContext)||"undefined"==typeof __VUE_SSR_CONTEXT__||(e=__VUE_SSR_CONTEXT__),n&&n.call(this,e),e&&e._registeredComponents&&e._registeredComponents.add(o)},u._ssrRegister=l):n&&(l=a?function(){n.call(this,(u.functional?this.parent:this).$root.$options.shadowRoot)}:n),l)if(u.functional){u._injectStyles=l;var d=u.render;u.render=function(e,t){return l.call(t),d(e,t)}}else{var c=u.beforeCreate;u.beforeCreate=c?[].concat(c,l):[l]}return{exports:e,options:u}}const u=l({mixins:[r],components:{fileBrowser:s},data:function(){return{currentUploadedSize:0,files:[],finished:!1,finishedUploadedSize:0,loadedUnfinishedRequest:!1,maxSize:-1,rootDirectory:{name:"",directories:{},files:[],selected:!1},selectedDirectory:null,storageRequest:null,usedQuotaBytes:0,availableQuotaBytes:0}},computed:{hasSelectedDirectory:function(){return null!==this.selectedDirectory},selectedDirectoryName:function(){return this.selectedDirectory.name},hasFiles:function(){return this.files.length>0},totalSize:function(){return this.files.reduce((function(e,t){return e+t.size}),0)},totalSizeForHumans:function(){return o(this.totalSize)},uploadedSize:function(){return this.currentUploadedSize+this.finishedUploadedSize},uploadedPercent:function(){return Math.round(this.uploadedSize/this.totalSize*100)},uploadedSizeForHumans:function(){return o(this.uploadedSize)},editable:function(){return!this.loading&&!this.finished},exceedsMaxSize:function(){return-1!==this.availableQuotaBytes&&this.totalSize>this.availableQuotaBytes},canSubmit:function(){return this.hasFiles&&!this.exceedsMaxSize},usedQuota:function(){return o(this.usedQuotaBytes)},availableQuota:function(){return o(this.availableQuotaBytes)},usedQuotaPercent:function(){return Math.round(this.usedQuotaBytes/this.availableQuotaBytes*100)}},methods:{handleFilesChosen:function(e){if(this.hasSelectedDirectory){var t=e.target.files,i=this.selectedDirectory.files,s=0,n=[];for(s=0;s<t.length;s++)n.push(t[s].name);for(s=i.length;s--;)n.includes(i[s].name)&&i.splice(s,1);for(s=0;s<t.length;s++)i.push(t[s]);this.syncFiles()}},getNewDirectory:function(e){return{name:e,directories:{},files:[],selected:!1}},handleNewDirectory:function(e,t){var i,s=this,n=this.rootDirectory.directories;this.hasSelectedDirectory&&(t||(n=this.selectedDirectory.directories),this.selectedDirectory.selected=!1),e.split("/").forEach((function(e){n.hasOwnProperty(e)||(i=Vue.set(n,e,s.getNewDirectory(e))),n=n[e].directories})),i.selected=!0,this.selectedDirectory=i},addDirectory:function(e){var t=prompt("Please enter the new directory name");t&&this.handleNewDirectory(t,!0===e)},addRootDirectory:function(){this.addDirectory(!0)},addFiles:function(){this.$refs.fileInput.click()},selectDirectory:function(e){this.hasSelectedDirectory&&(this.selectedDirectory.selected=!1),this.selectedDirectory=e,this.selectedDirectory.selected=!0},unselectDirectory:function(){this.hasSelectedDirectory&&(this.selectedDirectory.selected=!1,this.selectedDirectory=null)},removeDirectory:function(t,i){var s=this;i=i.slice(1);var r=this.rootDirectory.directories;i.split("/").slice(0,-1).forEach((function(e){r=r[e].directories})),(r[t.name].saved?e.delete({id:this.storageRequest.id},{directories:[i]}):Vue.Promise.resolve()).then((function(){Vue.delete(r,t.name),s.hasSelectedSubdirectory(t)&&(s.selectedDirectory=null),s.syncFiles()}),n)},hasSelectedSubdirectory:function(e){var t=this;return Object.keys(e.directories).reduce((function(i,s){return i||t.hasSelectedSubdirectory(e.directories[s])}),e.selected)},removeFile:function(e,i){i=i.slice(1);var s=this.rootDirectory;i.split("/").forEach((function(e){s=s.directories[e]}));var r,o=s.files;if(e.saved){var a=["".concat(i,"/").concat(e.name)];r=t.delete({id:this.storageRequest.id},{files:a})}else r=Vue.Promise.resolve();r.then((function(){var t=o.indexOf(e);-1!==t&&o.splice(t,1),this.syncFiles()}),n)},extractFiles:function(e,t){t=t?"".concat(t,"/").concat(e.name):e.name;var i=[];for(var s in e.directories)i=i.concat(this.extractFiles(e.directories[s],t));return i.concat(e.files.map((function(i){return{prefix:t,size:i.size,file:i,directory:e}})))},syncFiles:function(){this.files=this.extractFiles(this.rootDirectory)},handleSubmit:function(){this.canSubmit&&(this.startLoading(),(this.storageRequest?Promise.resolve({body:this.storageRequest}):i.save()).then(this.proceedWithUpload).then(this.finishSubmission).catch(n).finally(this.finishLoading))},proceedWithUpload:function(e){return this.storageRequest=e.body,this.uploadAllFiles()},uploadAllFiles:function(){var e=this,t=this.files.filter((function(e){return!0!==e.file.saved}));return function i(){if(0!==t.length)return e.uploadFile(t.shift()).then(i)}()},uploadFile:function(e){var t=this,i="api/v1/storage-requests/".concat(this.storageRequest.id,"/files"),s=new FormData;return s.append("file",e.file),s.append("prefix",e.prefix),this.$http.post(i,s,{uploadProgress:this.updateCurrentUploadedSize}).then((function(){t.currentUploadedSize=0,t.finishedUploadedSize+=e.file.size,e.file.saved=!0,e.directory.saved=!0}))},updateCurrentUploadedSize:function(e){e.lengthComputable&&(this.currentUploadedSize=e.loaded)},finishSubmission:function(){var e=this;return i.update({id:this.storageRequest.id},{}).then((function(){return e.finished=!0}))},addExistingFiles:function(e){e.forEach(this.addExistingFile),this.syncFiles()},addExistingFile:function(e){var t=this,i=e.split("/"),s=i.pop(),n=this.rootDirectory;i.forEach((function(e){n.directories.hasOwnProperty(e)||Vue.set(n.directories,e,t.getNewDirectory(e)),(n=n.directories[e]).saved=!0})),n.files.push({saved:!0,name:s,size:0})}},created:function(){var e=this;this.usedQuotaBytes=biigle.$require("user-storage.usedQuota"),this.availableQuotaBytes=biigle.$require("user-storage.availableQuota"),this.storageRequest=biigle.$require("user-storage.previousRequest"),this.storageRequest&&this.storageRequest.files.length>0&&(this.addExistingFiles(this.storageRequest.files),this.loadedUnfinishedRequest=!0),window.addEventListener("beforeunload",(function(t){if(e.loading)return t.preventDefault(),t.returnValue="","This page is asking you to confirm that you want to leave - the file upload is still in progress."}))}},undefined,undefined,!1,null,null,null).exports;var d=l({props:{request:{type:Object,required:!0},expireDate:{type:Date,default:null},selected:{type:Boolean,default:!1}},computed:{pending:function(){return!this.request.expires_at},expired:function(){return Date.parse(this.request.expires_at)<Date.now()},expiresSoon:function(){return!(!this.request.expires_at||!this.expireDate)&&Date.parse(this.request.expires_at)<this.expireDate.getTime()},expiresTitle:function(){return"Expires ".concat(this.request.expires_at_for_humans)},filesCount:function(){return this.request.files?this.request.files.length:this.request.files_count||0},classObject:function(){return{active:this.selected}}},methods:{handleSelect:function(){this.$emit("select",this.request)},handleDelete:function(){this.$emit("delete",this.request)},handleExtend:function(){this.expiresSoon&&this.$emit("extend",this.request)}}},(function(){var e=this,t=e.$createElement,i=e._self._c||t;return i("a",{staticClass:"list-group-item",class:e.classObject,attrs:{href:"#"},on:{click:function(t){return t.preventDefault(),e.handleSelect.apply(null,arguments)}}},[e._v("\n    #"),i("span",{domProps:{textContent:e._s(e.request.id)}}),e._v(" created "),i("span",{domProps:{textContent:e._s(e.request.created_at_for_humans)}}),e._v(" with "),i("span",{domProps:{textContent:e._s(e.request.files_count)}}),e._v(" file(s).\n    "),e.pending?i("span",[i("span",{staticClass:"label label-default",attrs:{title:"Waiting for review"}},[e._v("pending")])]):i("span",[e.expired?i("span",[i("span",{staticClass:"label label-danger",attrs:{title:"The storage request is expired and will be deleted soon"}},[e._v("expired")])]):i("span",[e.expiresSoon?i("span",{staticClass:"label label-warning",attrs:{title:e.expiresTitle}},[e._v("\n                expires "),i("span",{domProps:{textContent:e._s(this.request.expires_at_for_humans)}})]):i("span",{staticClass:"label label-success",attrs:{title:e.expiresTitle}},[e._v("\n                approved\n            ")])])]),e._v(" "),i("span",{staticClass:"pull-right"},[i("button",{staticClass:"btn btn-default btn-xs delete-button",attrs:{title:"Delete this storage request"},on:{click:function(t){return t.preventDefault(),e.handleDelete.apply(null,arguments)}}},[i("i",{staticClass:"fa fa-trash"})]),e._v(" "),e.expiresSoon?i("button",{staticClass:"btn btn-default btn-xs",attrs:{title:"Extend this storage request"},on:{click:function(t){return t.preventDefault(),e.handleExtend.apply(null,arguments)}}},[i("i",{staticClass:"fa fa-redo"})]):e._e()])])}),[],!1,null,null,null);var c=l({components:{listItem:d.exports},props:{requests:{type:Array,required:!0},expireDate:{type:Date,default:null},selectedRequest:{type:Object,default:null}},computed:{noItems:function(){return 0===this.requests.length}},methods:{emitDelete:function(e){this.$emit("delete",e)},emitExtend:function(e){this.$emit("extend",e)},emitSelect:function(e){this.$emit("select",e)},isSelectedRequest:function(e){return!!this.selectedRequest&&this.selectedRequest.id===e.id}}},(function(){var e=this,t=e.$createElement,i=e._self._c||t;return i("div",{staticClass:"list-group storage-request-list"},[e._l(e.requests,(function(t){return i("list-item",{key:t.id,attrs:{request:t,"expire-date":e.expireDate,selected:e.isSelectedRequest(t)},on:{select:e.emitSelect,delete:e.emitDelete,extend:e.emitExtend}})})),e._v(" "),e.noItems?i("span",{staticClass:"list-group-item text-muted"},[e._v("\n        no storage requests\n    ")]):e._e()],2)}),[],!1,null,null,null);const h=l({mixins:[r],components:{requestList:c.exports,fileBrowser:s},data:function(){return{requests:[],expireDate:0,usedQuotaBytes:0,availableQuotaBytes:0,selectedRequest:null,itemDeleted:!1}},computed:{usedQuota:function(){return o(this.usedQuotaBytes)},availableQuota:function(){return o(this.availableQuotaBytes)},usedQuotaPercent:function(){return Math.round(this.usedQuotaBytes/this.availableQuotaBytes*100)},hasSelectedRequest:function(){return null!==this.selectedRequest},selectedRequestRoot:function(){return a(this.selectedRequest)}},methods:{handleSelectRequest:function(e){this.loading||(e.files?this.selectedRequest=e:(this.startLoading(),i.get({id:e.id}).then(this.setFilesAndSelectRequest,n).finally(this.finishLoading)))},setFilesAndSelectRequest:function(e){var t=this.requests.find((function(t){return t.id===e.body.id}));Vue.set(t,"files",e.body.files),t.files_count=e.body.files_count,this.selectedRequest=t},handleDeleteRequest:function(e){var t=this;this.loading||confirm("Do you really want to delete the storage request with all files?")&&(this.startLoading(),i.delete({id:e.id},{}).then((function(){return t.handleRequestDeleted(e)}),n).finally(this.finishLoading))},handleRequestDeleted:function(e){var t=this.requests.indexOf(e);-1!==t&&this.requests.splice(t,1),this.selectedRequest&&this.selectedRequest.id===e.id&&(this.selectedRequest=null),this.itemDeleted=!0},handleExtendRequest:function(e){this.loading||(this.startLoading(),i.extend({id:e.id},{}).then(this.handleRequestExtended,n).finally(this.finishLoading))},handleRequestExtended:function(e){var t=this.requests.find((function(t){return t.id===e.body.id}));t.expires_at=e.body.expires_at,t.expires_at_for_humans=e.body.expires_at_for_humans},removeDirectory:function(t,i){var s=this;this.loading||confirm("Do you really want to delete the directory with all files?")&&(this.startLoading(),i=i.slice(1),e.delete({id:this.selectedRequest.id},{directories:[i]}).then((function(){return s.directoryRemoved(i)}),n).finally(this.finishLoading))},directoryRemoved:function(e){this.selectedRequest.files=this.selectedRequest.files.filter((function(t){return!t.startsWith(e+"/")})),this.selectedRequest.files_count=this.selectedRequest.files.length,this.itemDeleted=!0},removeFile:function(e,i){var s=this;this.loading||confirm("Do you really want to delete the file?")&&(this.startLoading(),i="".concat(i.slice(1),"/").concat(e.name),t.delete({id:this.selectedRequest.id},{files:[i]}).then((function(){return s.fileRemoved(i)}),n).finally(this.finishLoading))},fileRemoved:function(e){var t=this.selectedRequest.files.indexOf(e);-1!==t&&(this.selectedRequest.files.splice(t,1),this.selectedRequest.files_count-=1),this.itemDeleted=!0}},created:function(){this.requests=biigle.$require("user-storage.requests"),this.expireDate=new Date(biigle.$require("user-storage.expireDate")),this.usedQuotaBytes=biigle.$require("user-storage.usedQuota"),this.availableQuotaBytes=biigle.$require("user-storage.availableQuota")}},undefined,undefined,!1,null,null,null).exports;const f=l({mixins:[r],components:{fileBrowser:s},data:function(){return{request:null,rejecting:!1,rejectReason:"",approved:!1,rejected:!1}},computed:{requestRoot:function(){return a(this.request)},cannotReject:function(){return this.loading||!this.rejectReason},finished:function(){return this.approved||this.rejected}},methods:{handleApprove:function(){this.startLoading(),i.approve({id:this.request.id},{}).then(this.handleApproved,n).finally(this.finishLoading)},handleApproved:function(){this.approved=!0},handleRejecting:function(){this.rejecting=!0},handleCancelReject:function(){this.rejecting=!1,this.rejectReason=""},handleReject:function(){this.startLoading(),i.reject({id:this.request.id},{reason:this.rejectReason}).then(this.handleRejected,n).finally(this.finishLoading)},handleRejected:function(){this.rejected=!0}},created:function(){this.request=biigle.$require("user-storage.request")}},undefined,undefined,!1,null,null,null).exports;biigle.$mount("create-storage-request-container",u),biigle.$mount("index-storage-request-container",h),biigle.$mount("review-storage-request-container",f)},401:()=>{}},i={};function s(e){var n=i[e];if(void 0!==n)return n.exports;var r=i[e]={exports:{}};return t[e](r,r.exports,s),r.exports}s.m=t,e=[],s.O=(t,i,n,r)=>{if(!i){var o=1/0;for(d=0;d<e.length;d++){for(var[i,n,r]=e[d],a=!0,l=0;l<i.length;l++)(!1&r||o>=r)&&Object.keys(s.O).every((e=>s.O[e](i[l])))?i.splice(l--,1):(a=!1,r<o&&(o=r));if(a){e.splice(d--,1);var u=n();void 0!==u&&(t=u)}}return t}r=r||0;for(var d=e.length;d>0&&e[d-1][2]>r;d--)e[d]=e[d-1];e[d]=[i,n,r]},s.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{var e={355:0,392:0};s.O.j=t=>0===e[t];var t=(t,i)=>{var n,r,[o,a,l]=i,u=0;if(o.some((t=>0!==e[t]))){for(n in a)s.o(a,n)&&(s.m[n]=a[n]);if(l)var d=l(s)}for(t&&t(i);u<o.length;u++)r=o[u],s.o(e,r)&&e[r]&&e[r][0](),e[r]=0;return s.O(d)},i=self.webpackChunkbiigle_user_storage=self.webpackChunkbiigle_user_storage||[];i.forEach(t.bind(null,0)),i.push=t.bind(null,i.push.bind(i))})(),s.O(void 0,[392],(()=>s(591)));var n=s.O(void 0,[392],(()=>s(401)));n=s.O(n)})();
\ No newline at end of file
+(()=>{"use strict";var e,t={591:()=>{const e=Vue.resource("api/v1/storage-requests{/id}/directories"),t=Vue.resource("api/v1/storage-requests{/id}/files"),i=Vue.resource("api/v1/storage-requests{/id}",{},{approve:{method:"POST",url:"api/v1/storage-requests{/id}/approve"},reject:{method:"POST",url:"api/v1/storage-requests{/id}/reject"},extend:{method:"POST",url:"api/v1/storage-requests{/id}/extend"}});var s=biigle.$require("core.components.fileBrowser"),r=biigle.$require("messages").handleErrorResponse,n=biigle.$require("core.mixins.loader"),o=function(e){var t="",i=["kB","MB","GB","TB"];do{e/=1e3,t=i.shift()}while(e>1e3&&i.length>0);return"".concat(e.toFixed(2)," ").concat(t)},a=function(e){var t={name:"",directories:{},files:[]};return e.files&&e.files.forEach((function(e){var i=e.split("/"),s=i.pop(),r=t;i.forEach((function(e){r.directories.hasOwnProperty(e)||(r.directories[e]={name:e,directories:{},files:[]}),r=r.directories[e]})),r.files.push({name:s})})),t};function l(e,t,i,s,r,n,o,a){var l,u="function"==typeof e?e.options:e;if(t&&(u.render=t,u.staticRenderFns=i,u._compiled=!0),s&&(u.functional=!0),n&&(u._scopeId="data-v-"+n),o?(l=function(e){(e=e||this.$vnode&&this.$vnode.ssrContext||this.parent&&this.parent.$vnode&&this.parent.$vnode.ssrContext)||"undefined"==typeof __VUE_SSR_CONTEXT__||(e=__VUE_SSR_CONTEXT__),r&&r.call(this,e),e&&e._registeredComponents&&e._registeredComponents.add(o)},u._ssrRegister=l):r&&(l=a?function(){r.call(this,(u.functional?this.parent:this).$root.$options.shadowRoot)}:r),l)if(u.functional){u._injectStyles=l;var d=u.render;u.render=function(e,t){return l.call(t),d(e,t)}}else{var c=u.beforeCreate;u.beforeCreate=c?[].concat(c,l):[l]}return{exports:e,options:u}}const u=l({mixins:[n],components:{fileBrowser:s},data:function(){return{currentUploadedSize:0,files:[],finished:!1,finishedUploadedSize:0,loadedUnfinishedRequest:!1,maxSize:-1,rootDirectory:{name:"",directories:{},files:[],selected:!1},selectedDirectory:null,storageRequest:null,usedQuotaBytes:0,availableQuotaBytes:0,maxFilesizeBytes:0,exceedsMaxFilesize:!1}},computed:{hasSelectedDirectory:function(){return null!==this.selectedDirectory},selectedDirectoryName:function(){return this.selectedDirectory.name},hasFiles:function(){return this.files.length>0},totalSize:function(){return this.files.reduce((function(e,t){return e+t.size}),0)},totalSizeForHumans:function(){return o(this.totalSize)},uploadedSize:function(){return this.currentUploadedSize+this.finishedUploadedSize},uploadedPercent:function(){return Math.round(this.uploadedSize/this.totalSize*100)},uploadedSizeForHumans:function(){return o(this.uploadedSize)},editable:function(){return!this.loading&&!this.finished},exceedsMaxSize:function(){return-1!==this.availableQuotaBytes&&this.totalSize>this.availableQuotaBytes},canSubmit:function(){return this.hasFiles&&!this.exceedsMaxSize},usedQuota:function(){return o(this.usedQuotaBytes)},availableQuota:function(){return o(this.availableQuotaBytes)},usedQuotaPercent:function(){return Math.round(this.usedQuotaBytes/this.availableQuotaBytes*100)},maxFilesize:function(){return o(this.maxFilesizeBytes)}},methods:{handleFilesChosen:function(e){var t=this;if(this.hasSelectedDirectory){var i=Array.from(e.target.files).filter((function(e){return e.size<=t.maxFilesizeBytes}));i.length<e.target.files.length&&(this.exceedsMaxFilesize=!0);var s=this.selectedDirectory.files,r=0,n=[];for(r=0;r<i.length;r++)n.push(i[r].name);for(r=s.length;r--;)n.includes(s[r].name)&&s.splice(r,1);for(r=0;r<i.length;r++)s.push(i[r]);this.syncFiles()}},getNewDirectory:function(e){return{name:e,directories:{},files:[],selected:!1}},handleNewDirectory:function(e,t){var i,s=this,r=this.rootDirectory.directories;this.hasSelectedDirectory&&(t||(r=this.selectedDirectory.directories),this.selectedDirectory.selected=!1),e.split("/").forEach((function(e){r.hasOwnProperty(e)||(i=Vue.set(r,e,s.getNewDirectory(e))),r=r[e].directories})),i.selected=!0,this.selectedDirectory=i},addDirectory:function(e){var t=prompt("Please enter the new directory name");t&&this.handleNewDirectory(t,!0===e)},addRootDirectory:function(){this.addDirectory(!0)},addFiles:function(){this.$refs.fileInput.click()},selectDirectory:function(e){this.hasSelectedDirectory&&(this.selectedDirectory.selected=!1),this.selectedDirectory=e,this.selectedDirectory.selected=!0},unselectDirectory:function(){this.hasSelectedDirectory&&(this.selectedDirectory.selected=!1,this.selectedDirectory=null)},removeDirectory:function(t,i){var s=this;i=i.slice(1);var n=this.rootDirectory.directories;i.split("/").slice(0,-1).forEach((function(e){n=n[e].directories})),(n[t.name].saved?e.delete({id:this.storageRequest.id},{directories:[i]}):Vue.Promise.resolve()).then((function(){Vue.delete(n,t.name),s.hasSelectedSubdirectory(t)&&(s.selectedDirectory=null),s.syncFiles()}),r)},hasSelectedSubdirectory:function(e){var t=this;return Object.keys(e.directories).reduce((function(i,s){return i||t.hasSelectedSubdirectory(e.directories[s])}),e.selected)},removeFile:function(e,i){i=i.slice(1);var s=this.rootDirectory;i.split("/").forEach((function(e){s=s.directories[e]}));var n,o=s.files;if(e.saved){var a=["".concat(i,"/").concat(e.name)];n=t.delete({id:this.storageRequest.id},{files:a})}else n=Vue.Promise.resolve();n.then((function(){var t=o.indexOf(e);-1!==t&&o.splice(t,1),this.syncFiles()}),r)},extractFiles:function(e,t){t=t?"".concat(t,"/").concat(e.name):e.name;var i=[];for(var s in e.directories)i=i.concat(this.extractFiles(e.directories[s],t));return i.concat(e.files.map((function(i){return{prefix:t,size:i.size,file:i,directory:e}})))},syncFiles:function(){this.files=this.extractFiles(this.rootDirectory)},handleSubmit:function(){this.canSubmit&&(this.startLoading(),(this.storageRequest?Promise.resolve({body:this.storageRequest}):i.save()).then(this.proceedWithUpload).then(this.finishSubmission).catch(r).finally(this.finishLoading))},proceedWithUpload:function(e){return this.storageRequest=e.body,this.uploadAllFiles()},uploadAllFiles:function(){var e=this,t=this.files.filter((function(e){return!0!==e.file.saved}));return function i(){if(0!==t.length)return e.uploadFile(t.shift()).then(i)}()},uploadFile:function(e){var t=this,i="api/v1/storage-requests/".concat(this.storageRequest.id,"/files"),s=new FormData;return s.append("file",e.file),s.append("prefix",e.prefix),this.$http.post(i,s,{uploadProgress:this.updateCurrentUploadedSize}).then((function(){t.currentUploadedSize=0,t.finishedUploadedSize+=e.file.size,e.file.saved=!0,e.directory.saved=!0}))},updateCurrentUploadedSize:function(e){e.lengthComputable&&(this.currentUploadedSize=e.loaded)},finishSubmission:function(){var e=this;return i.update({id:this.storageRequest.id},{}).then((function(){return e.finished=!0}))},addExistingFiles:function(e){e.forEach(this.addExistingFile),this.syncFiles()},addExistingFile:function(e){var t=this,i=e.split("/"),s=i.pop(),r=this.rootDirectory;i.forEach((function(e){r.directories.hasOwnProperty(e)||Vue.set(r.directories,e,t.getNewDirectory(e)),(r=r.directories[e]).saved=!0})),r.files.push({saved:!0,name:s,size:0})}},created:function(){var e=this;this.usedQuotaBytes=biigle.$require("user-storage.usedQuota"),this.availableQuotaBytes=biigle.$require("user-storage.availableQuota"),this.maxFilesizeBytes=biigle.$require("user-storage.maxFilesize"),this.storageRequest=biigle.$require("user-storage.previousRequest"),this.storageRequest&&this.storageRequest.files.length>0&&(this.addExistingFiles(this.storageRequest.files),this.loadedUnfinishedRequest=!0),window.addEventListener("beforeunload",(function(t){if(e.loading)return t.preventDefault(),t.returnValue="","This page is asking you to confirm that you want to leave - the file upload is still in progress."}))}},undefined,undefined,!1,null,null,null).exports;var d=l({props:{request:{type:Object,required:!0},expireDate:{type:Date,default:null},selected:{type:Boolean,default:!1}},computed:{pending:function(){return!this.request.expires_at},expired:function(){return Date.parse(this.request.expires_at)<Date.now()},expiresSoon:function(){return!(!this.request.expires_at||!this.expireDate)&&Date.parse(this.request.expires_at)<this.expireDate.getTime()},expiresTitle:function(){return"Expires ".concat(this.request.expires_at_for_humans)},filesCount:function(){return this.request.files?this.request.files.length:this.request.files_count||0},classObject:function(){return{active:this.selected}}},methods:{handleSelect:function(){this.$emit("select",this.request)},handleDelete:function(){this.$emit("delete",this.request)},handleExtend:function(){this.expiresSoon&&this.$emit("extend",this.request)}}},(function(){var e=this,t=e.$createElement,i=e._self._c||t;return i("a",{staticClass:"list-group-item",class:e.classObject,attrs:{href:"#"},on:{click:function(t){return t.preventDefault(),e.handleSelect.apply(null,arguments)}}},[e._v("\n    #"),i("span",{domProps:{textContent:e._s(e.request.id)}}),e._v(" created "),i("span",{domProps:{textContent:e._s(e.request.created_at_for_humans)}}),e._v(" with "),i("span",{domProps:{textContent:e._s(e.request.files_count)}}),e._v(" file(s).\n    "),e.pending?i("span",[i("span",{staticClass:"label label-default",attrs:{title:"Waiting for review"}},[e._v("pending")])]):i("span",[e.expired?i("span",[i("span",{staticClass:"label label-danger",attrs:{title:"The storage request is expired and will be deleted soon"}},[e._v("expired")])]):i("span",[e.expiresSoon?i("span",{staticClass:"label label-warning",attrs:{title:e.expiresTitle}},[e._v("\n                expires "),i("span",{domProps:{textContent:e._s(this.request.expires_at_for_humans)}})]):i("span",{staticClass:"label label-success",attrs:{title:e.expiresTitle}},[e._v("\n                approved\n            ")])])]),e._v(" "),i("span",{staticClass:"pull-right"},[i("button",{staticClass:"btn btn-default btn-xs delete-button",attrs:{title:"Delete this storage request"},on:{click:function(t){return t.preventDefault(),e.handleDelete.apply(null,arguments)}}},[i("i",{staticClass:"fa fa-trash"})]),e._v(" "),e.expiresSoon?i("button",{staticClass:"btn btn-default btn-xs",attrs:{title:"Extend this storage request"},on:{click:function(t){return t.preventDefault(),e.handleExtend.apply(null,arguments)}}},[i("i",{staticClass:"fa fa-redo"})]):e._e()])])}),[],!1,null,null,null);var c=l({components:{listItem:d.exports},props:{requests:{type:Array,required:!0},expireDate:{type:Date,default:null},selectedRequest:{type:Object,default:null}},computed:{noItems:function(){return 0===this.requests.length}},methods:{emitDelete:function(e){this.$emit("delete",e)},emitExtend:function(e){this.$emit("extend",e)},emitSelect:function(e){this.$emit("select",e)},isSelectedRequest:function(e){return!!this.selectedRequest&&this.selectedRequest.id===e.id}}},(function(){var e=this,t=e.$createElement,i=e._self._c||t;return i("div",{staticClass:"list-group storage-request-list"},[e._l(e.requests,(function(t){return i("list-item",{key:t.id,attrs:{request:t,"expire-date":e.expireDate,selected:e.isSelectedRequest(t)},on:{select:e.emitSelect,delete:e.emitDelete,extend:e.emitExtend}})})),e._v(" "),e.noItems?i("span",{staticClass:"list-group-item text-muted"},[e._v("\n        no storage requests\n    ")]):e._e()],2)}),[],!1,null,null,null);const h=l({mixins:[n],components:{requestList:c.exports,fileBrowser:s},data:function(){return{requests:[],expireDate:0,usedQuotaBytes:0,availableQuotaBytes:0,selectedRequest:null,itemDeleted:!1}},computed:{usedQuota:function(){return o(this.usedQuotaBytes)},availableQuota:function(){return o(this.availableQuotaBytes)},usedQuotaPercent:function(){return Math.round(this.usedQuotaBytes/this.availableQuotaBytes*100)},hasSelectedRequest:function(){return null!==this.selectedRequest},selectedRequestRoot:function(){return a(this.selectedRequest)}},methods:{handleSelectRequest:function(e){this.loading||(e.files?this.selectedRequest=e:(this.startLoading(),i.get({id:e.id}).then(this.setFilesAndSelectRequest,r).finally(this.finishLoading)))},setFilesAndSelectRequest:function(e){var t=this.requests.find((function(t){return t.id===e.body.id}));Vue.set(t,"files",e.body.files),t.files_count=e.body.files_count,this.selectedRequest=t},handleDeleteRequest:function(e){var t=this;this.loading||confirm("Do you really want to delete the storage request with all files?")&&(this.startLoading(),i.delete({id:e.id},{}).then((function(){return t.handleRequestDeleted(e)}),r).finally(this.finishLoading))},handleRequestDeleted:function(e){var t=this.requests.indexOf(e);-1!==t&&this.requests.splice(t,1),this.selectedRequest&&this.selectedRequest.id===e.id&&(this.selectedRequest=null),this.itemDeleted=!0},handleExtendRequest:function(e){this.loading||(this.startLoading(),i.extend({id:e.id},{}).then(this.handleRequestExtended,r).finally(this.finishLoading))},handleRequestExtended:function(e){var t=this.requests.find((function(t){return t.id===e.body.id}));t.expires_at=e.body.expires_at,t.expires_at_for_humans=e.body.expires_at_for_humans},removeDirectory:function(t,i){var s=this;this.loading||confirm("Do you really want to delete the directory with all files?")&&(this.startLoading(),i=i.slice(1),e.delete({id:this.selectedRequest.id},{directories:[i]}).then((function(){return s.directoryRemoved(i)}),r).finally(this.finishLoading))},directoryRemoved:function(e){this.selectedRequest.files=this.selectedRequest.files.filter((function(t){return!t.startsWith(e+"/")})),this.selectedRequest.files_count=this.selectedRequest.files.length,this.itemDeleted=!0},removeFile:function(e,i){var s=this;this.loading||confirm("Do you really want to delete the file?")&&(this.startLoading(),i="".concat(i.slice(1),"/").concat(e.name),t.delete({id:this.selectedRequest.id},{files:[i]}).then((function(){return s.fileRemoved(i)}),r).finally(this.finishLoading))},fileRemoved:function(e){var t=this.selectedRequest.files.indexOf(e);-1!==t&&(this.selectedRequest.files.splice(t,1),this.selectedRequest.files_count-=1),this.itemDeleted=!0}},created:function(){this.requests=biigle.$require("user-storage.requests"),this.expireDate=new Date(biigle.$require("user-storage.expireDate")),this.usedQuotaBytes=biigle.$require("user-storage.usedQuota"),this.availableQuotaBytes=biigle.$require("user-storage.availableQuota")}},undefined,undefined,!1,null,null,null).exports;const f=l({mixins:[n],components:{fileBrowser:s},data:function(){return{request:null,rejecting:!1,rejectReason:"",approved:!1,rejected:!1}},computed:{requestRoot:function(){return a(this.request)},cannotReject:function(){return this.loading||!this.rejectReason},finished:function(){return this.approved||this.rejected}},methods:{handleApprove:function(){this.startLoading(),i.approve({id:this.request.id},{}).then(this.handleApproved,r).finally(this.finishLoading)},handleApproved:function(){this.approved=!0},handleRejecting:function(){this.rejecting=!0},handleCancelReject:function(){this.rejecting=!1,this.rejectReason=""},handleReject:function(){this.startLoading(),i.reject({id:this.request.id},{reason:this.rejectReason}).then(this.handleRejected,r).finally(this.finishLoading)},handleRejected:function(){this.rejected=!0}},created:function(){this.request=biigle.$require("user-storage.request")}},undefined,undefined,!1,null,null,null).exports;biigle.$mount("create-storage-request-container",u),biigle.$mount("index-storage-request-container",h),biigle.$mount("review-storage-request-container",f)},401:()=>{}},i={};function s(e){var r=i[e];if(void 0!==r)return r.exports;var n=i[e]={exports:{}};return t[e](n,n.exports,s),n.exports}s.m=t,e=[],s.O=(t,i,r,n)=>{if(!i){var o=1/0;for(d=0;d<e.length;d++){for(var[i,r,n]=e[d],a=!0,l=0;l<i.length;l++)(!1&n||o>=n)&&Object.keys(s.O).every((e=>s.O[e](i[l])))?i.splice(l--,1):(a=!1,n<o&&(o=n));if(a){e.splice(d--,1);var u=r();void 0!==u&&(t=u)}}return t}n=n||0;for(var d=e.length;d>0&&e[d-1][2]>n;d--)e[d]=e[d-1];e[d]=[i,r,n]},s.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{var e={355:0,392:0};s.O.j=t=>0===e[t];var t=(t,i)=>{var r,n,[o,a,l]=i,u=0;if(o.some((t=>0!==e[t]))){for(r in a)s.o(a,r)&&(s.m[r]=a[r]);if(l)var d=l(s)}for(t&&t(i);u<o.length;u++)n=o[u],s.o(e,n)&&e[n]&&e[n][0](),e[n]=0;return s.O(d)},i=self.webpackChunkbiigle_user_storage=self.webpackChunkbiigle_user_storage||[];i.forEach(t.bind(null,0)),i.push=t.bind(null,i.push.bind(i))})(),s.O(void 0,[392],(()=>s(591)));var r=s.O(void 0,[392],(()=>s(401)));r=s.O(r)})();
\ No newline at end of file
diff --git a/src/public/mix-manifest.json b/src/public/mix-manifest.json
index bbce26f..922046c 100644
--- a/src/public/mix-manifest.json
+++ b/src/public/mix-manifest.json
@@ -1,4 +1,4 @@
 {
-    "/assets/scripts/main.js": "/assets/scripts/main.js?id=f81abff4cf8ef6ae04d46776d5f83b25",
+    "/assets/scripts/main.js": "/assets/scripts/main.js?id=95755e02993c18b779164b925a9db6e5",
     "/assets/styles/main.css": "/assets/styles/main.css?id=16bca02d88eeae2a4e45dba3d77b7757"
 }
diff --git a/src/resources/assets/js/createContainer.vue b/src/resources/assets/js/createContainer.vue
index 99d2c14..044f02c 100644
--- a/src/resources/assets/js/createContainer.vue
+++ b/src/resources/assets/js/createContainer.vue
@@ -28,6 +28,8 @@ export default {
             storageRequest: null,
             usedQuotaBytes: 0,
             availableQuotaBytes: 0,
+            maxFilesizeBytes: 0,
+            exceedsMaxFilesize: false,
         };
     },
     computed: {
@@ -75,6 +77,9 @@ export default {
         usedQuotaPercent() {
             return Math.round(this.usedQuotaBytes / this.availableQuotaBytes * 100);
         },
+        maxFilesize() {
+            return sizeForHumans(this.maxFilesizeBytes);
+        },
     },
     methods: {
         handleFilesChosen(event) {
@@ -85,7 +90,14 @@ export default {
                 return;
             }
 
-            let newFiles = event.target.files;
+            let newFiles = Array.from(event.target.files).filter((file) => {
+                return file.size <= this.maxFilesizeBytes;
+            });
+
+            if (newFiles.length < event.target.files.length) {
+                this.exceedsMaxFilesize = true;
+            }
+
             let files = this.selectedDirectory.files;
             let i = 0;
 
@@ -333,6 +345,7 @@ export default {
     created() {
         this.usedQuotaBytes = biigle.$require('user-storage.usedQuota');
         this.availableQuotaBytes = biigle.$require('user-storage.availableQuota');
+        this.maxFilesizeBytes = biigle.$require('user-storage.maxFilesize');
         // This remains null if no previous request exists.
         this.storageRequest = biigle.$require('user-storage.previousRequest');
         if (this.storageRequest && this.storageRequest.files.length > 0) {
diff --git a/src/resources/views/create.blade.php b/src/resources/views/create.blade.php
index b07e6b2..4e951c1 100644
--- a/src/resources/views/create.blade.php
+++ b/src/resources/views/create.blade.php
@@ -8,6 +8,7 @@
         biigle.$declare('user-storage.previousRequest', {!! $previousRequest ?? 'null' !!});
         biigle.$declare('user-storage.usedQuota', {!! $usedQuota !!});
         biigle.$declare('user-storage.availableQuota', {!! $availableQuota !!});
+        biigle.$declare('user-storage.maxFilesize', {!! $maxFilesize !!});
     </script>
 @endpush
 
@@ -57,7 +58,7 @@ class="hidden"
             v-on:input="handleFilesChosen"
             >
 
-        <div v-if="!finished" class="create-storage-request-buttons">
+        <div v-if="!finished" class="create-storage-request-buttons clearfix">
             <div v-cloak v-if="loading" class="text-info">
                 <loader v-bind:active="true"></loader>
                 Uploaded <span v-text="uploadedSizeForHumans"></span> of <span v-text="totalSizeForHumans"></span>
@@ -118,7 +119,6 @@ class="btn btn-success"
                         v-bind:disabled="exceedsMaxSize"
                         >
                         <i class="fa fa-upload"></i> Submit
-                        <span v-text="totalSizeForHumans"></span>
                     </button>
                     <button
                         v-else
@@ -136,9 +136,16 @@ class="btn btn-success"
             You have selected more than the <span v-text="availableQuota"></span> of storage available to you.
         </p>
 
+        <p v-cloak v-if="exceedsMaxFilesize" class="text-danger">
+            Files larger than the maximum allowed size of <span v-text="maxFilesize"></span> have been ignored.
+        </p>
+
         <p v-cloak v-if="finished" class="text-success">
             The storage request has been submitted. You will be notified when it has been reviewed.
         </p>
+        <p v-cloak v-else v-if="hasFiles" class="text-muted">
+            Selected files with a total size of <span v-text="totalSizeForHumans"></span>.
+        </p>
 
         <file-browser
             v-cloak
@@ -150,6 +157,7 @@ class="btn btn-success"
             v-on:remove-directory="removeDirectory"
             v-on:remove-file="removeFile"
             ></file-browser>
+
       </div>
     </div>
 </div>
diff --git a/tests/Http/Controllers/Api/StorageRequestFileControllerTest.php b/tests/Http/Controllers/Api/StorageRequestFileControllerTest.php
index aad7cf0..058732c 100644
--- a/tests/Http/Controllers/Api/StorageRequestFileControllerTest.php
+++ b/tests/Http/Controllers/Api/StorageRequestFileControllerTest.php
@@ -87,7 +87,7 @@ public function testStorePrefix()
         $this->assertSame(['abc/def/test.jpg'], $request->fresh()->files);
     }
 
-    public function testStoreTooLarge()
+    public function testStoreTooLargeQuota()
     {
         config(['user_storage.pending_disk' => 'test']);
         config(['user_storage.user_quota' => 10000]);
@@ -102,6 +102,21 @@ public function testStoreTooLarge()
             ->assertStatus(422);
     }
 
+    public function testStoreTooLargeFile()
+    {
+        config(['user_storage.pending_disk' => 'test']);
+        config(['user_storage.max_file_size' => 10000]);
+        $disk = Storage::fake('test');
+
+        $request = StorageRequest::factory()->create();
+        $id = $request->id;
+
+        $file = new UploadedFile(__DIR__."/../../../files/test.jpg", 'test.jpg', 'image/jpeg', null, true);
+        $this->be($request->user);
+        $this->postJson("/api/v1/storage-requests/{$id}/files", ['file' => $file])
+            ->assertStatus(422);
+    }
+
     public function testStoreMimeType()
     {
         config(['user_storage.pending_disk' => 'test']);