Merge branch 'fix-avatar-access' into 'master'

Allow non authenticated access to avatars For #2047 cc @douwe See merge request !1583
author: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-02-24 05:29:38 +0000
committer: Dmitriy Zaporozhets <dzaporozhets@gitlab.com> 2015-02-24 05:29:38 +0000
commit: 14117c23af8da2e1d2e4956aaa86536bb4c0c78d (patch)
tree: bc30fc33d34e5d0dcd1f504f79dc1e21490b0355
parent: 64ca07c3b95c6b1e9444d9139858b11a6097c1ca (diff)
parent: 897a2de54c1d5cbead4589d44a3d173c14849f23 (diff)
download: gitlab-ce-14117c23af8da2e1d2e4956aaa86536bb4c0c78d.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index d5877977258..73b124bb34c 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -1,4 +1,7 @@
 class UploadsController < ApplicationController
+  skip_before_filter :authenticate_user!, :reject_blocked
+  before_filter :authorize_access
+
   def show
     model = params[:model].camelize.constantize.find(params[:id])
     uploader = model.send(params[:mounted_as])
@@ -14,4 +17,10 @@ class UploadsController < ApplicationController
       redirect_to uploader.url
     end
   end
+
+  def authorize_access
+    unless params[:mounted_as] == 'avatar'
+      authenticate_user! && reject_blocked
+    end
+  end
 end
author	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-02-24 05:29:38 +0000
committer	Dmitriy Zaporozhets <dzaporozhets@gitlab.com>	2015-02-24 05:29:38 +0000
commit	14117c23af8da2e1d2e4956aaa86536bb4c0c78d (patch)
tree	bc30fc33d34e5d0dcd1f504f79dc1e21490b0355
parent	64ca07c3b95c6b1e9444d9139858b11a6097c1ca (diff)
parent	897a2de54c1d5cbead4589d44a3d173c14849f23 (diff)
download	gitlab-ce-14117c23af8da2e1d2e4956aaa86536bb4c0c78d.tar.gz