diff options
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/uploads_actions.rb | 10 | ||||
-rw-r--r-- | app/controllers/groups/uploads_controller.rb | 4 | ||||
-rw-r--r-- | app/controllers/projects/uploads_controller.rb | 4 |
3 files changed, 16 insertions, 2 deletions
diff --git a/app/controllers/concerns/uploads_actions.rb b/app/controllers/concerns/uploads_actions.rb index 170bca8b56f..e83fe27f899 100644 --- a/app/controllers/concerns/uploads_actions.rb +++ b/app/controllers/concerns/uploads_actions.rb @@ -39,6 +39,16 @@ module UploadsActions send_upload(uploader, attachment: uploader.filename, disposition: disposition) end + def authorize + set_workhorse_internal_api_content_type + + authorized = uploader_class.workhorse_authorize( + has_length: false, + maximum_size: Gitlab::CurrentSettings.max_attachment_size.megabytes.to_i) + + render json: authorized + end + private def uploader_class diff --git a/app/controllers/groups/uploads_controller.rb b/app/controllers/groups/uploads_controller.rb index f1578f75e88..74760194a1f 100644 --- a/app/controllers/groups/uploads_controller.rb +++ b/app/controllers/groups/uploads_controller.rb @@ -1,9 +1,11 @@ class Groups::UploadsController < Groups::ApplicationController include UploadsActions + include WorkhorseRequest skip_before_action :group, if: -> { action_name == 'show' && image_or_video? } - before_action :authorize_upload_file!, only: [:create] + before_action :authorize_upload_file!, only: [:create, :authorize] + before_action :verify_workhorse_api!, only: [:authorize] private diff --git a/app/controllers/projects/uploads_controller.rb b/app/controllers/projects/uploads_controller.rb index f5cf089ad98..7a85046164c 100644 --- a/app/controllers/projects/uploads_controller.rb +++ b/app/controllers/projects/uploads_controller.rb @@ -1,11 +1,13 @@ class Projects::UploadsController < Projects::ApplicationController include UploadsActions + include WorkhorseRequest # These will kick you out if you don't have access. skip_before_action :project, :repository, if: -> { action_name == 'show' && image_or_video? } - before_action :authorize_upload_file!, only: [:create] + before_action :authorize_upload_file!, only: [:create, :authorize] + before_action :verify_workhorse_api!, only: [:authorize] private |