diff options
| author | Douwe Maan <douwe@gitlab.com> | 2015-02-24 14:54:32 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-02-24 14:54:39 +0100 |
| commit | 0283fff5914f74d9435ab2097b2770dfdf635941 (patch) | |
| tree | 8bcf91cb5639d3d06a15cabb1d08e408b4ba9d43 /app/controllers/uploads_controller.rb | |
| parent | aba12515942d588f1a0aa0b32cc16837e5d04fef (diff) | |
| parent | 7561b1c2a486ae57e9fbebadadbe1269bfdba6a0 (diff) | |
| download | gitlab-ce-0283fff5914f74d9435ab2097b2770dfdf635941.tar.gz | |
Merge branch 'master' into extend_markdown_upload
# Conflicts:
# app/views/projects/issues/_form.html.haml
# app/views/projects/merge_requests/_form.html.haml
# app/views/projects/merge_requests/_new_submit.html.haml
# app/views/projects/milestones/_form.html.haml
# app/views/projects/notes/_form.html.haml
# app/views/projects/wikis/_form.html.haml
# config/routes.rb
# spec/controllers/projects_controller_spec.rb
Diffstat (limited to 'app/controllers/uploads_controller.rb')
| -rw-r--r-- | app/controllers/uploads_controller.rb | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 508c2a6221a..b096c3913e1 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -1,4 +1,7 @@ class UploadsController < ApplicationController + skip_before_filter :authenticate_user!, :reject_blocked! + before_filter :authorize_access + def show model = params[:model].camelize.constantize.find(params[:id]) uploader = model.send(params[:mounted_as]) @@ -12,4 +15,10 @@ class UploadsController < ApplicationController disposition = uploader.image? ? 'inline' : 'attachment' send_file uploader.file.path, disposition: disposition end + + def authorize_access + unless params[:mounted_as] == 'avatar' + authenticate_user! && reject_blocked! + end + end end |