Add latest changes from gitlab-org/gitlab@13-0-stable-ee

3 files changed, 97 insertions, 0 deletions

diff --git a/app/controllers/projects/design_management/designs/raw_images_controller.rb b/app/controllers/projects/design_management/designs/raw_images_controller.rb
new file mode 100644
index 00000000000..beb7e9d294b
--- /dev/null
+++ b/app/controllers/projects/design_management/designs/raw_images_controller.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+# Returns full-size design images
+module Projects
+  module DesignManagement
+    module Designs
+      class RawImagesController < Projects::DesignManagement::DesignsController
+        include SendsBlob
+
+        skip_before_action :default_cache_headers, only: :show
+
+        def show
+          blob = design_repository.blob_at(ref, design.full_path)
+
+          send_blob(design_repository, blob, inline: false, allow_caching: project.public?)
+        end
+
+        private
+
+        def design_repository
+          @design_repository ||= project.design_repository
+        end
+
+        def ref
+          sha || design_repository.root_ref
+        end
+      end
+    end
+  end
+end
diff --git a/app/controllers/projects/design_management/designs/resized_image_controller.rb b/app/controllers/projects/design_management/designs/resized_image_controller.rb
new file mode 100644
index 00000000000..50a997f32db
--- /dev/null
+++ b/app/controllers/projects/design_management/designs/resized_image_controller.rb
@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+# Returns smaller sized design images
+module Projects
+  module DesignManagement
+    module Designs
+      class ResizedImageController < Projects::DesignManagement::DesignsController
+        include SendFileUpload
+
+        before_action :validate_size!
+
+        skip_before_action :default_cache_headers, only: :show
+
+        def show
+          relation = design.actions
+          relation = relation.up_to_version(sha) if sha
+          action = relation.most_recent.first
+
+          return render_404 unless action
+
+          # This controller returns a 404 if the  the `size` param
+          # is not one of our specific sizes, so using `send` here is safe.
+          uploader = action.public_send(:"image_#{size}") # rubocop:disable GitlabSecurity/PublicSend
+
+          return render_404 unless uploader.file # The image has not been processed
+
+          if stale?(etag: action.cache_key)
+            workhorse_set_content_type!
+
+            send_upload(uploader, attachment: design.filename)
+          end
+        end
+
+        private
+
+        def validate_size!
+          render_404 unless ::DesignManagement::DESIGN_IMAGE_SIZES.include?(size)
+        end
+
+        def size
+          params[:id]
+        end
+      end
+    end
+  end
+end
diff --git a/app/controllers/projects/design_management/designs_controller.rb b/app/controllers/projects/design_management/designs_controller.rb
new file mode 100644
index 00000000000..fec09fa9515
--- /dev/null
+++ b/app/controllers/projects/design_management/designs_controller.rb
@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class Projects::DesignManagement::DesignsController < Projects::ApplicationController
+  before_action :authorize_read_design!
+
+  private
+
+  def authorize_read_design!
+    unless can?(current_user, :read_design, design)
+      access_denied!
+    end
+  end
+
+  def design
+    @design ||= project.designs.find(params[:design_id])
+  end
+
+  def sha
+    params[:sha].presence
+  end
+end