Commit 7bba2a19 authored by Hannes Rosenögger's avatar Hannes Rosenögger

remove access control for images

This commit removes the access control for uploaded images.
This is needed to display the images in emails again.
parent ed94cde2
class Projects::UploadsController < Projects::ApplicationController class Projects::UploadsController < Projects::ApplicationController
layout 'project' layout 'project'
before_filter :project skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
before_filter :authorize_uploads, only: [:show]
def create def create
link_to_file = ::Projects::UploadService.new(project, params[:file]). link_to_file = ::Projects::UploadService.new(project, params[:file]).
...@@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController ...@@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
end end
def show def show
uploader = FileUploader.new(project, params[:secret]) uploader = get_file
return not_found! if uploader.nil? || !uploader.file.exists?
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
end
def get_file
namespace = params[:namespace_id]
id = params[:project_id]
return redirect_to uploader.url unless uploader.file_storage? file_project = Project.find_with_namespace("#{namespace}/#{id}")
return nil if file_project.nil?
uploader = FileUploader.new(file_project, params[:secret])
uploader.retrieve_from_store!(params[:filename]) uploader.retrieve_from_store!(params[:filename])
return not_found! unless uploader.file.exists? uploader
end
disposition = uploader.image? ? 'inline' : 'attachment' def authorize_uploads
send_file uploader.file.path, disposition: disposition uploader = get_file
unless uploader && uploader.image?
project
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment