Merge branch 'fix-avatar-access' into 'master'

Allow non authenticated access to avatars For #2047 cc @douwe See merge request !1583

Merge branch 'fix-avatar-access' into 'master'
Allow non authenticated access to avatars For #2047 cc @douwe See merge request !1583
14117c23 · Dmitriy Zaporozhets · 64ca07c3 · 897a2de5 · 14117c23
Commit 14117c23 authored Feb 24, 2015 by Dmitriy Zaporozhets
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 0 deletions

app/controllers/uploads_controller.rb app/controllers/uploads_controller.rb +9 -0

No files found.
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
 class UploadsController < ApplicationController
+  skip_before_filter :authenticate_user!, :reject_blocked
+  before_filter :authorize_access
+
  def show
    model = params[:model].camelize.constantize.find(params[:id])
    uploader = model.send(params[:mounted_as])
@@ -14,4 +17,10 @@ class UploadsController < ApplicationController
      redirect_to uploader.url
    end
  end
+
+  def authorize_access
+    unless params[:mounted_as] == 'avatar'
+      authenticate_user! && reject_blocked
+    end
+  end
 end