diff options
author | Douwe Maan <douwe@gitlab.com> | 2015-04-17 11:33:53 +0200 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-04-17 11:33:53 +0200 |
commit | 305725f8d513d1584aa3f65b482012725e6a1aea (patch) | |
tree | 63be48eb1a4d39b7f6f8a9520dbb90c63df298b1 | |
parent | dccd79d288584868fc554ef693f419a1fdd4a0e2 (diff) | |
download | gitlab-ce-305725f8d513d1584aa3f65b482012725e6a1aea.tar.gz |
Correctly handle blocked users.
-rw-r--r-- | app/controllers/projects/uploads_controller.rb | 29 |
1 files changed, 14 insertions, 15 deletions
diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index 69d02affec2..c43d82f1288 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -1,9 +1,8 @@ class Projects::UploadsController < Projects::ApplicationController layout 'project' - skip_before_filter :project, :repository, :authenticate_user!, only: [:show] - - before_filter :authorize_uploads, only: [:show] + skip_before_filter :authenticate_user!, :reject_blocked!, :project, :repository, only: [:show] + before_filter :authenticate_user!, :reject_blocked!, :project, :repository, only: [:show], unless: :image? def create link_to_file = ::Projects::UploadService.new(project, params[:file]). @@ -23,32 +22,32 @@ class Projects::UploadsController < Projects::ApplicationController end def show - uploader = get_file - return not_found! if uploader.nil? || !uploader.file.exists? disposition = uploader.image? ? 'inline' : 'attachment' send_file uploader.file.path, disposition: disposition end - def get_file + def uploader + return @uploader if defined?(@uploader) + namespace = params[:namespace_id] id = params[:project_id] file_project = Project.find_with_namespace("#{namespace}/#{id}") - return nil if file_project.nil? + if file_project.nil? + @uploader = nil + return + end - uploader = FileUploader.new(file_project, params[:secret]) - uploader.retrieve_from_store!(params[:filename]) + @uploader = FileUploader.new(file_project, params[:secret]) + @uploader.retrieve_from_store!(params[:filename]) - uploader + @uploader end - def authorize_uploads - uploader = get_file - unless uploader && uploader.image? - project - end + def image? + uploader && uploader.file.exists? && uploader.image? end end |