diff options
| -rw-r--r-- | app/controllers/uploads_controller.rb | 2 | ||||
| -rw-r--r-- | changelogs/unreleased/fix-allow-accessing-appearance-images.yml | 4 | ||||
| -rw-r--r-- | spec/controllers/uploads_controller_spec.rb | 40 |
3 files changed, 46 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index 21a964fb391..eef53730291 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -21,6 +21,8 @@ class UploadsController < ApplicationController can?(current_user, :read_project, model.project) when User true + when Appearance + true else permission = "read_#{model.class.to_s.underscore}".to_sym diff --git a/changelogs/unreleased/fix-allow-accessing-appearance-images.yml b/changelogs/unreleased/fix-allow-accessing-appearance-images.yml new file mode 100644 index 00000000000..81118162bab --- /dev/null +++ b/changelogs/unreleased/fix-allow-accessing-appearance-images.yml @@ -0,0 +1,4 @@ +--- +title: Fixes the 500 when accessing customized appearance logos +merge_request: 11479 +author: Alexis Reigel diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb index 7dedfe160a6..8000c9dec61 100644 --- a/spec/controllers/uploads_controller_spec.rb +++ b/spec/controllers/uploads_controller_spec.rb @@ -473,5 +473,45 @@ describe UploadsController do end end end + + context 'Appearance' do + context 'when viewing a custom header logo' do + let!(:appearance) { create :appearance, header_logo: fixture_file_upload(Rails.root.join('spec/fixtures/dk.png'), 'image/png') } + + context 'when not signed in' do + it 'responds with status 200' do + get :show, model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png' + + expect(response).to have_http_status(200) + end + + it_behaves_like 'content not cached without revalidation' do + subject do + get :show, model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png' + response + end + end + end + end + + context 'when viewing a custom logo' do + let!(:appearance) { create :appearance, logo: fixture_file_upload(Rails.root.join('spec/fixtures/dk.png'), 'image/png') } + + context 'when not signed in' do + it 'responds with status 200' do + get :show, model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png' + + expect(response).to have_http_status(200) + end + + it_behaves_like 'content not cached without revalidation' do + subject do + get :show, model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png' + response + end + end + end + end + end end end |