summaryrefslogtreecommitdiff
path: root/app/controllers/files_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/files_controller.rb')
-rw-r--r--app/controllers/files_controller.rb10
1 files changed, 8 insertions, 2 deletions
diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb
index 09f1e5512d6..3cd2e77322c 100644
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@@ -1,7 +1,13 @@
class FilesController < ApplicationController
def download
- uploader = Note.find(params[:id]).attachment
- send_file uploader.file.path, disposition: 'attachment'
+ note = Note.find(params[:id])
+
+ if can?(current_user, :read_project, note.project)
+ uploader = note.attachment
+ send_file uploader.file.path, disposition: 'attachment'
+ else
+ not_found!
+ end
end
end
View Lorry Controller Status