remove access control for images

This commit removes the access control for uploaded images.
This is needed to display the images in emails again.
This commit is contained in:
Hannes Rosenögger 2015-04-14 17:02:17 +02:00
parent ed94cde2b2
commit 7bba2a19ab

View file

@ -1,7 +1,9 @@
class Projects::UploadsController < Projects::ApplicationController
layout 'project'
before_filter :project
skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
before_filter :authorize_uploads, only: [:show]
def create
link_to_file = ::Projects::UploadService.new(project, params[:file]).
@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
end
def show
uploader = FileUploader.new(project, params[:secret])
uploader = get_file
return redirect_to uploader.url unless uploader.file_storage?
uploader.retrieve_from_store!(params[:filename])
return not_found! unless uploader.file.exists?
return not_found! if uploader.nil? || !uploader.file.exists?
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
end
def get_file
namespace = params[:namespace_id]
id = params[:project_id]
file_project = Project.find_with_namespace("#{namespace}/#{id}")
return nil if file_project.nil?
uploader = FileUploader.new(file_project, params[:secret])
uploader.retrieve_from_store!(params[:filename])
uploader
end
def authorize_uploads
uploader = get_file
unless uploader && uploader.image?
project
end
end
end