diff options
author | Hannes Rosenögger <Hannes.Rosenoegger@bva.bund.de> | 2015-02-09 14:35:48 +0100 |
---|---|---|
committer | Douwe Maan <douwe@gitlab.com> | 2015-02-16 20:10:15 +0100 |
commit | 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 (patch) | |
tree | 43f9cf4d556b95f73481df0e6f258600b59f5a51 /app/models/project.rb | |
parent | 87b413592499ddcf1149d9e2b580f76a13bf625c (diff) | |
download | gitlab-ce-7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.tar.gz |
Fix broken access control and refactor avatar upload
This commit moves the note folder from
/public/uploads/note
to
/uploads/note
and changes the uploader accordingly.
Now it's no longer possible to avoid the access control by modifing the url.
The Avatar upload has been refactored to use an own uploader as well
to cleanly seperate the two upload types.
Diffstat (limited to 'app/models/project.rb')
-rw-r--r-- | app/models/project.rb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project.rb b/app/models/project.rb index 56e1aa29040..e2c7f76eb09 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -138,7 +138,7 @@ class Project < ActiveRecord::Base if: ->(project) { project.avatar && project.avatar_changed? } validates :avatar, file_size: { maximum: 200.kilobytes.to_i } - mount_uploader :avatar, AttachmentUploader + mount_uploader :avatar, AvatarUploader # Scopes scope :sorted_by_activity, -> { reorder(last_activity_at: :desc) } |