I recently came across a client requirement to create a candidate registration system integrated using canvas apps. The client, a third-party hiring company, wanted to securely store candidate details and along with their resumes in CRM. They specifically asked for uploaded files to be limited to formats such as JPG, docx, or PDF due to security concerns. Allowing unrestricted file uploads poses significant risks, including the potential for malicious files like .exe to execute harmful actions, compromise sensitive data, or harm systems.
To address this issue, I conducted thorough research and discovered methods for implementing file type validation in the Power Apps’ attachment control. This ensures that only approved file extensions are allowed, thereby reducing security risks and protecting the application’s integrity and data.
Below is the approach to fulfil the client’s requirement to create a candidate registration system with users only able to attach restricted format files as resumes:
1. After creating the canvas app, creating a table named “Candidate Registrations” and adding data from “Candidate Registrations”, my screen will look like the below screenshot.
Note: The fields you are seeing on the screen are the fields of the “Candidate Registrations” table.
2. Now to validate the file extension as per the client’s requirement, you need to add the below formula under the “OnAddFile” property of your attachment control which will limit the uploaded file type.
With(
{
RequiredExtensions: [
“.pdf”,
“.docx”,
“.jpg”
],
FileName: Lower(Last(Self.Attachments).Name)
},
If(
CountIf(
RequiredExtensions,
EndsWith(
FileName,
ThisRecord.Value
)
) = 0,
Notify(
FileName & ” is not allowed. You can add resumes only of ” & Concat(
RequiredExtensions,
Value,
“, “
) & ” formats”,
NotificationType.Error
)
)
)
3. Click on Save and then click on Publish to save changes.
4. Now if you open the “Candidate Registration” app on your tablet it will look like below attached screenshot.
Now, if you attempt to upload a file that is not of type pdf, docx, or jpg, you will receive an error.
Conclusion:
The process described demonstrates how to validate attachments and restrict the upload of files to specific types in canvas apps. This is valuable for ensuring that only files with specific file types are uploaded, reducing security risks and protecting the application’s integrity and data.