diff options
| author | Hannes Rosenögger <Hannes.Rosenoegger@bva.bund.de> | 2015-02-09 14:35:48 +0100 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2015-02-16 20:10:15 +0100 |
| commit | 7d5f86f6cbd187e75a6ba164ad6bfd036977dd07 (patch) | |
| tree | 43f9cf4d556b95f73481df0e6f258600b59f5a51 /features | |
| parent | 87b413592499ddcf1149d9e2b580f76a13bf625c (diff) | |
| download | gitlab-ce-7d5f86f6cbd187e75a6ba164ad6bfd036977dd07.tar.gz | |
Fix broken access control and refactor avatar upload
This commit moves the note folder from
/public/uploads/note
to
/uploads/note
and changes the uploader accordingly.
Now it's no longer possible to avoid the access control by modifing the url.
The Avatar upload has been refactored to use an own uploader as well
to cleanly seperate the two upload types.
Diffstat (limited to 'features')
| -rw-r--r-- | features/steps/groups.rb | 2 | ||||
| -rw-r--r-- | features/steps/profile/profile.rb | 2 | ||||
| -rw-r--r-- | features/steps/project/project.rb | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/features/steps/groups.rb b/features/steps/groups.rb index 610e7fd3a48..0a9b4ccba53 100644 --- a/features/steps/groups.rb +++ b/features/steps/groups.rb @@ -110,7 +110,7 @@ class Spinach::Features::Groups < Spinach::FeatureSteps end step 'I should see new group "Owned" avatar' do - Group.find_by(name: "Owned").avatar.should be_instance_of AttachmentUploader + Group.find_by(name: "Owned").avatar.should be_instance_of AvatarUploader Group.find_by(name: "Owned").avatar.url.should == "/uploads/group/avatar/#{ Group.find_by(name:"Owned").id }/gitlab_logo.png" end diff --git a/features/steps/profile/profile.rb b/features/steps/profile/profile.rb index a907b0b7dcf..4efd2176782 100644 --- a/features/steps/profile/profile.rb +++ b/features/steps/profile/profile.rb @@ -29,7 +29,7 @@ class Spinach::Features::Profile < Spinach::FeatureSteps end step 'I should see new avatar' do - @user.avatar.should be_instance_of AttachmentUploader + @user.avatar.should be_instance_of AvatarUploader @user.avatar.url.should == "/uploads/user/avatar/#{ @user.id }/gitlab_logo.png" end diff --git a/features/steps/project/project.rb b/features/steps/project/project.rb index 033d45e0253..d39c8e7d2db 100644 --- a/features/steps/project/project.rb +++ b/features/steps/project/project.rb @@ -35,7 +35,7 @@ class Spinach::Features::Project < Spinach::FeatureSteps end step 'I should see new project avatar' do - @project.avatar.should be_instance_of AttachmentUploader + @project.avatar.should be_instance_of AvatarUploader url = @project.avatar.url url.should == "/uploads/project/avatar/#{ @project.id }/gitlab_logo.png" end |