diff --git a/cloud/__pycache__/views.cpython-38.pyc b/cloud/__pycache__/views.cpython-38.pyc
index d137def..8ed2c76 100644
Binary files a/cloud/__pycache__/views.cpython-38.pyc and b/cloud/__pycache__/views.cpython-38.pyc differ
diff --git a/cloud/templates/cloud/cloud_main.html b/cloud/templates/cloud/cloud_main.html
index da6481f..a0df428 100644
--- a/cloud/templates/cloud/cloud_main.html
+++ b/cloud/templates/cloud/cloud_main.html
@@ -197,6 +197,26 @@ a.disabled {
   </div>
 </div>
 
+<!-- FILE FORBIDDEN DELETE FILE -->
+<div class="modal fade" id="forbiddenFileType" tabindex="-1" role="dialog" data-backdrop="static" aria-labelledby="groupDelFunction" aria-hidden="true">
+  <div class="modal-dialog " role="document">
+    <div class="modal-content">
+      <div class="modal-header">
+        <h5 class="modal-title" id="exampleModalLongTitle">Datei nicht erlaubt</h5>
+        <button type="button" class="close" data-dismiss="modal" aria-label="Schließen">
+          <span aria-hidden="true">&times;</span>
+        </button>
+      </div>
+      <div class="modal-body">        
+        Diesen Dateitypen dürfen Sie nicht hochladen.
+      </div>
+      <div class="modal-footer">        
+        <button type="button" class="btn btn-success" data-dismiss="modal">Schließen</button>
+      </div>
+    </div>
+  </div>
+</div>
+
 <!-- CONFIRMA DELETE FILE -->
 <div class="modal fade" id="delDataFile" tabindex="-1" role="dialog" data-backdrop="static" aria-labelledby="groupDelFunction" aria-hidden="true">
   <div class="modal-dialog " role="document">
@@ -481,10 +501,16 @@ $('.droppable_div').on('dragleave', function (e) {
         $("#{{parentid}}_div").removeClass('bg-secondary');         
     });    
 
+allowedtypes = "application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, text/plain, application/pdf, image/*"
+
+
 function uploadAction(filetodo, parid){
   var formData = new FormData($("#uploadFileForm")[0]);
-  formData.append("uploadedfile", filetodo);  
-  $.ajax({
+  formData.append("uploadedfile", filetodo); 
+
+  console.log(filetodo.type);
+  if(allowedtypes.includes(filetodo.type) && filetodo.type.length > 0){
+    $.ajax({
         url: "{% url 'cloud-adddir' %}" + parid,
         headers: {
                       "X-CSRFTOKEN": "{{ csrf_token }}"
@@ -494,10 +520,21 @@ function uploadAction(filetodo, parid){
         cache: false,
         processData: false,
         contentType: false,
-        success: function() {
-          window.location = window.location;
+        success: function(data) {
+          console.log(data);
+          if(data["success"] == true){
+            window.location = window.location;  
+          }
+          else{
+            $("#forbiddenFileType").modal("toggle")
+          }
+          
         }
-     });
+     });  
+  }
+  else{
+    $("#forbiddenFileType").modal("toggle")
+  }
 }
 </script>
 {% endif %}
diff --git a/cloud/views.py b/cloud/views.py
index 36d8a3c..79b426f 100644
--- a/cloud/views.py
+++ b/cloud/views.py
@@ -152,8 +152,21 @@ def adddirbyajax(request, parent):
 	elif request.method == 'POST':
 		tempdir = False		
 		tempdir = DataDir.objects.get(pk=parent)
-		tempdatafile = DataFile(file=request.FILES['uploadedfile'], name=request.FILES['uploadedfile'].name, owner=request.user, parent=tempdir, agency=request.user.profile.agency)
-		tempdatafile.save()		
+
+		# VALIDATE FILE-TYPE
+		file_ext = request.FILES['uploadedfile'].name.split(".")[1]
+
+		allowed_types = ["txt", "TXT", "png", "PNG", "jpeg", "JPEG", "jpg", "JPG", "PDF", "pdf", "csv", "CSV", "DOC", "doc", "DOCX", "docx", "ODT", "odt", "PPT", "ppt", "PPTX", "pptx"]
+		file_ok = False
+		for t in allowed_types:
+			if t == file_ext:
+				file_ok = True
+
+		if(file_ok):
+			tempdatafile = DataFile(file=request.FILES['uploadedfile'], name=request.FILES['uploadedfile'].name, owner=request.user, parent=tempdir, agency=request.user.profile.agency)
+			tempdatafile.save()		
+		else:
+			success = False
 		
 	return JsonResponse({"success" : success, "data" : data})