From 9a15b112377e305bd55e2c539786aee7db569e29 Mon Sep 17 00:00:00 2001
From: Alexis Reigel <mail@koffeinfrei.org>
Date: Fri, 19 May 2017 09:20:51 +0000
Subject: Fixes the 500 for custom apearance header logo and logo

---
 app/controllers/uploads_controller.rb              |  2 ++
 .../fix-allow-accessing-appearance-images.yml      |  4 +++
 spec/controllers/uploads_controller_spec.rb        | 40 ++++++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 changelogs/unreleased/fix-allow-accessing-appearance-images.yml

diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 21a964fb391..eef53730291 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -21,6 +21,8 @@ class UploadsController < ApplicationController
         can?(current_user, :read_project, model.project)
       when User
         true
+      when Appearance
+        true
       else
         permission = "read_#{model.class.to_s.underscore}".to_sym
 
diff --git a/changelogs/unreleased/fix-allow-accessing-appearance-images.yml b/changelogs/unreleased/fix-allow-accessing-appearance-images.yml
new file mode 100644
index 00000000000..81118162bab
--- /dev/null
+++ b/changelogs/unreleased/fix-allow-accessing-appearance-images.yml
@@ -0,0 +1,4 @@
+---
+title: Fixes the 500 when accessing customized appearance logos
+merge_request: 11479
+author: Alexis Reigel
diff --git a/spec/controllers/uploads_controller_spec.rb b/spec/controllers/uploads_controller_spec.rb
index 7dedfe160a6..8000c9dec61 100644
--- a/spec/controllers/uploads_controller_spec.rb
+++ b/spec/controllers/uploads_controller_spec.rb
@@ -473,5 +473,45 @@ describe UploadsController do
         end
       end
     end
+
+    context 'Appearance' do
+      context 'when viewing a custom header logo' do
+        let!(:appearance) { create :appearance, header_logo: fixture_file_upload(Rails.root.join('spec/fixtures/dk.png'), 'image/png') }
+
+        context 'when not signed in' do
+          it 'responds with status 200' do
+            get :show, model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png'
+
+            expect(response).to have_http_status(200)
+          end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'appearance', mounted_as: 'header_logo', id: appearance.id, filename: 'dk.png'
+              response
+            end
+          end
+        end
+      end
+
+      context 'when viewing a custom logo' do
+        let!(:appearance) { create :appearance, logo: fixture_file_upload(Rails.root.join('spec/fixtures/dk.png'), 'image/png') }
+
+        context 'when not signed in' do
+          it 'responds with status 200' do
+            get :show, model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png'
+
+            expect(response).to have_http_status(200)
+          end
+
+          it_behaves_like 'content not cached without revalidation' do
+            subject do
+              get :show, model: 'appearance', mounted_as: 'logo', id: appearance.id, filename: 'dk.png'
+              response
+            end
+          end
+        end
+      end
+    end
   end
 end
-- 
cgit v1.2.1