remove access control for images

This commit removes the access control for uploaded images.
This is needed to display the images in emails again.

app/controllers/projects/uploads_controller.rb

@@ -1,7 +1,9 @@
 class Projects::UploadsController < Projects::ApplicationController
   layout 'project'
 
-  before_filter :project
+  skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
+
+  before_filter :authorize_uploads, only: [:show]
 
   def create
     link_to_file = ::Projects::UploadService.new(project, params[:file]).
@@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
   end
 
   def show
-    uploader = FileUploader.new(project, params[:secret])
-
-    return redirect_to uploader.url unless uploader.file_storage?
-
-    uploader.retrieve_from_store!(params[:filename])
-
-    return not_found! unless uploader.file.exists?
+    uploader = get_file
+    
+    return not_found! if uploader.nil? || !uploader.file.exists?
 
     disposition = uploader.image? ? 'inline' : 'attachment'
     send_file uploader.file.path, disposition: disposition
   end
+
+  def get_file
+    namespace = params[:namespace_id]
+    id = params[:project_id]
+
+    file_project = Project.find_with_namespace("#{namespace}/#{id}")
+
+    return nil if file_project.nil?
+
+    uploader = FileUploader.new(file_project, params[:secret])
+    uploader.retrieve_from_store!(params[:filename])
+
+    uploader
+  end
+
+  def authorize_uploads
+    uploader = get_file
+    unless uploader && uploader.image?
+      project
+    end
+  end
 end