Validate existence of artifacts in ArtifactsController, render 404 if not found

author: Kamil Trzcinski <ayufan@ayufan.eu> 2016-06-10 14:39:36 +0200
committer: Phil Hughes <me@iamphill.com> 2016-06-13 11:03:30 +0100
commit: c59947112f352a12e74563453a1bec3082baab41 (patch)
tree: 1f9a3bb411b0f40e2818e4aaa7f6d307a95cde61 /app/controllers
parent: 86800bf51aec25eef970eac82838bcba087703f8 (diff)
download: gitlab-ce-c59947112f352a12e74563453a1bec3082baab41.tar.gz
1 files changed, 5 insertions, 6 deletions
diff --git a/app/controllers/projects/artifacts_controller.rb b/app/controllers/projects/artifacts_controller.rb
index 028e1f77119..0ab95cd9518 100644
--- a/app/controllers/projects/artifacts_controller.rb
+++ b/app/controllers/projects/artifacts_controller.rb
@@ -1,22 +1,17 @@
 class Projects::ArtifactsController < Projects::ApplicationController
   layout 'project'
   before_action :authorize_read_build!
+  before_action :validate_artifacts!
 
   def download
     unless artifacts_file.file_storage?
       return redirect_to artifacts_file.url
     end
 
-    unless artifacts_file.exists?
-      return render_404
-    end
-
     send_file artifacts_file.path, disposition: 'attachment'
   end
 
   def browse
-    return render_404 unless build.artifacts?
-
     directory = params[:path] ? "#{params[:path]}/" : ''
     @entry = build.artifacts_metadata_entry(directory)
 
@@ -41,6 +36,10 @@ class Projects::ArtifactsController < Projects::ApplicationController
 
   private
 
+  def validate_artifacts!
+    render_404 unless build.artifacts?
+  end
+
   def build
     @build ||= project.builds.find_by!(id: params[:build_id])
   end
author	Kamil Trzcinski <ayufan@ayufan.eu>	2016-06-10 14:39:36 +0200
committer	Phil Hughes <me@iamphill.com>	2016-06-13 11:03:30 +0100
commit	c59947112f352a12e74563453a1bec3082baab41 (patch)
tree	1f9a3bb411b0f40e2818e4aaa7f6d307a95cde61 /app/controllers
parent	86800bf51aec25eef970eac82838bcba087703f8 (diff)
download	gitlab-ce-c59947112f352a12e74563453a1bec3082baab41.tar.gz