diff options
Diffstat (limited to 'app/controllers/uploads_controller.rb')
-rw-r--r-- | app/controllers/uploads_controller.rb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index eef53730291..5cb3de3d4f5 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -9,6 +9,8 @@ class UploadsController < ApplicationController private def find_model + return nil unless params[:id] + return render_404 unless upload_model && upload_mount @model = upload_model.find(params[:id]) @@ -33,6 +35,8 @@ class UploadsController < ApplicationController end def authorize_create_access! + return unless model + # for now we support only personal snippets comments authorized = can?(current_user, :comment_personal_snippet, model) |