Allow non authenticated access to avatars

author: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-02-23 19:35:42 -0800
committer: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2015-02-23 23:28:50 -0800
commit: 3c858eff0c65c7269ee9c560faaa6b0c98f31e2a (patch)
tree: cc1c511d707208ecc57b886fbbabdb1087dda78d /app
parent: 7257940c52b05040c44f0aba300c7a787d0c275e (diff)
download: gitlab-ce-3c858eff0c65c7269ee9c560faaa6b0c98f31e2a.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index d5877977258..73b124bb34c 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -1,4 +1,7 @@
 class UploadsController < ApplicationController
+  skip_before_filter :authenticate_user!, :reject_blocked
+  before_filter :authorize_access
+
   def show
     model = params[:model].camelize.constantize.find(params[:id])
     uploader = model.send(params[:mounted_as])
@@ -14,4 +17,10 @@ class UploadsController < ApplicationController
       redirect_to uploader.url
     end
   end
+
+  def authorize_access
+    unless params[:mounted_as] == 'avatar'
+      authenticate_user! && reject_blocked
+    end
+  end
 end
author	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-02-23 19:35:42 -0800
committer	Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>	2015-02-23 23:28:50 -0800
commit	3c858eff0c65c7269ee9c560faaa6b0c98f31e2a (patch)
tree	cc1c511d707208ecc57b886fbbabdb1087dda78d /app
parent	7257940c52b05040c44f0aba300c7a787d0c275e (diff)
download	gitlab-ce-3c858eff0c65c7269ee9c560faaa6b0c98f31e2a.tar.gz