Skip to content

G
gitlab-ce
Commit 7bba2a19 authored by Hannes Rosenögger's avatar Hannes Rosenögger
Browse files
Options

remove access control for images 

This commit removes the access control for uploaded images.
This is needed to display the images in emails again.
parent ed94cde2
Hide whitespace changes
Inline Side-by-side
Showing with 25 additions and 6 deletions
app/controllers/projects/uploads_controller.rb
View file @ 7bba2a19
class Projects::UploadsController < Projects::ApplicationController
layout 'project'
before_filter :project
skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
before_filter :authorize_uploads, only: [:show]
def create
link_to_file = ::Projects::UploadService.new(project, params[:file]).
......@@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
end
def show
uploader = FileUploader.new(project, params[:secret])
uploader = get_file
return not_found! if uploader.nil? || !uploader.file.exists?
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
end
def get_file
namespace = params[:namespace_id]
id = params[:project_id]
return redirect_to uploader.url unless uploader.file_storage?
file_project = Project.find_with_namespace("#{namespace}/#{id}")
return nil if file_project.nil?
uploader = FileUploader.new(file_project, params[:secret])
uploader.retrieve_from_store!(params[:filename])
return not_found! unless uploader.file.exists?
uploader
end
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
def authorize_uploads
uploader = get_file
unless uploader && uploader.image?
project
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7