diff options
| author | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-27 13:01:57 -0800 |
|---|---|---|
| committer | Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> | 2015-02-27 13:01:57 -0800 |
| commit | 0d22b75b03496ced3d783f8fee9584098602ea1c (patch) | |
| tree | c7ddec6072c716fd63a8703f2dfeb0e4234a633f /app/controllers/uploads_controller.rb | |
| parent | 5f682094d9b7c985ad62ebe29664bb6fe87b54be (diff) | |
| parent | d4aab6528cb80b0f41bdac2240dd9cc32543481d (diff) | |
| download | gitlab-ce-0d22b75b03496ced3d783f8fee9584098602ea1c.tar.gz | |
Merge branch 'master' into mmonaco/gitlab-ce-api-user-noconfirm
Conflicts:
lib/api/users.rb
Diffstat (limited to 'app/controllers/uploads_controller.rb')
| -rw-r--r-- | app/controllers/uploads_controller.rb | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb new file mode 100644 index 00000000000..b096c3913e1 --- /dev/null +++ b/app/controllers/uploads_controller.rb @@ -0,0 +1,24 @@ +class UploadsController < ApplicationController + skip_before_filter :authenticate_user!, :reject_blocked! + before_filter :authorize_access + + def show + model = params[:model].camelize.constantize.find(params[:id]) + uploader = model.send(params[:mounted_as]) + + return not_found! if model.respond_to?(:project) && !can?(current_user, :read_project, model.project) + + return redirect_to uploader.url unless uploader.file_storage? + + return not_found! unless uploader.file.exists? + + disposition = uploader.image? ? 'inline' : 'attachment' + send_file uploader.file.path, disposition: disposition + end + + def authorize_access + unless params[:mounted_as] == 'avatar' + authenticate_user! && reject_blocked! + end + end +end |