remove access control for images
This commit removes the access control for uploaded images. This is needed to display the images in emails again.
This commit is contained in:
parent
ed94cde2b2
commit
7bba2a19ab
1 changed files with 27 additions and 8 deletions
|
@ -1,7 +1,9 @@
|
||||||
class Projects::UploadsController < Projects::ApplicationController
|
class Projects::UploadsController < Projects::ApplicationController
|
||||||
layout 'project'
|
layout 'project'
|
||||||
|
|
||||||
before_filter :project
|
skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
|
||||||
|
|
||||||
|
before_filter :authorize_uploads, only: [:show]
|
||||||
|
|
||||||
def create
|
def create
|
||||||
link_to_file = ::Projects::UploadService.new(project, params[:file]).
|
link_to_file = ::Projects::UploadService.new(project, params[:file]).
|
||||||
|
@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
uploader = FileUploader.new(project, params[:secret])
|
uploader = get_file
|
||||||
|
|
||||||
return redirect_to uploader.url unless uploader.file_storage?
|
return not_found! if uploader.nil? || !uploader.file.exists?
|
||||||
|
|
||||||
uploader.retrieve_from_store!(params[:filename])
|
|
||||||
|
|
||||||
return not_found! unless uploader.file.exists?
|
|
||||||
|
|
||||||
disposition = uploader.image? ? 'inline' : 'attachment'
|
disposition = uploader.image? ? 'inline' : 'attachment'
|
||||||
send_file uploader.file.path, disposition: disposition
|
send_file uploader.file.path, disposition: disposition
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def get_file
|
||||||
|
namespace = params[:namespace_id]
|
||||||
|
id = params[:project_id]
|
||||||
|
|
||||||
|
file_project = Project.find_with_namespace("#{namespace}/#{id}")
|
||||||
|
|
||||||
|
return nil if file_project.nil?
|
||||||
|
|
||||||
|
uploader = FileUploader.new(file_project, params[:secret])
|
||||||
|
uploader.retrieve_from_store!(params[:filename])
|
||||||
|
|
||||||
|
uploader
|
||||||
|
end
|
||||||
|
|
||||||
|
def authorize_uploads
|
||||||
|
uploader = get_file
|
||||||
|
unless uploader && uploader.image?
|
||||||
|
project
|
||||||
|
end
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue