Commit 14117c23 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Merge branch 'fix-avatar-access' into 'master'

Allow non authenticated access to avatars

For #2047

cc @douwe

See merge request !1583
parents 64ca07c3 897a2de5
class UploadsController < ApplicationController class UploadsController < ApplicationController
skip_before_filter :authenticate_user!, :reject_blocked
before_filter :authorize_access
def show def show
model = params[:model].camelize.constantize.find(params[:id]) model = params[:model].camelize.constantize.find(params[:id])
uploader = model.send(params[:mounted_as]) uploader = model.send(params[:mounted_as])
...@@ -14,4 +17,10 @@ class UploadsController < ApplicationController ...@@ -14,4 +17,10 @@ class UploadsController < ApplicationController
redirect_to uploader.url redirect_to uploader.url
end end
end end
def authorize_access
unless params[:mounted_as] == 'avatar'
authenticate_user! && reject_blocked
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment