summaryrefslogtreecommitdiff
path: root/app/uploaders/attachment_uploader.rb
diff options
context:
space:
mode:
authorHannes Rosenögger <Hannes.Rosenoegger@bva.bund.de>2015-02-09 14:35:48 +0100
committerDouwe Maan <douwe@gitlab.com>2015-02-16 20:10:15 +0100
commit7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 (patch)
tree43f9cf4d556b95f73481df0e6f258600b59f5a51 /app/uploaders/attachment_uploader.rb
parent87b413592499ddcf1149d9e2b580f76a13bf625c (diff)
downloadgitlab-ce-7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.tar.gz
Fix broken access control and refactor avatar upload
This commit moves the note folder from /public/uploads/note to /uploads/note and changes the uploader accordingly. Now it's no longer possible to avoid the access control by modifing the url. The Avatar upload has been refactored to use an own uploader as well to cleanly seperate the two upload types.
Diffstat (limited to 'app/uploaders/attachment_uploader.rb')
-rw-r--r--app/uploaders/attachment_uploader.rb8
1 files changed, 1 insertions, 7 deletions
diff --git a/app/uploaders/attachment_uploader.rb b/app/uploaders/attachment_uploader.rb
index b122b6c8658..22742d287a4 100644
--- a/app/uploaders/attachment_uploader.rb
+++ b/app/uploaders/attachment_uploader.rb
@@ -3,10 +3,8 @@
class AttachmentUploader < CarrierWave::Uploader::Base
storage :file
- after :store, :reset_events_cache
-
def store_dir
- "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
+ "#{Rails.root}/uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
end
def image?
@@ -29,8 +27,4 @@ class AttachmentUploader < CarrierWave::Uploader::Base
def file_storage?
self.class.storage == CarrierWave::Storage::File
end
-
- def reset_events_cache(file)
- model.reset_events_cache if model.is_a?(User)
- end
end