提交 7bba2a19 编写于 作者: H Hannes Rosenögger

remove access control for images

This commit removes the access control for uploaded images.
This is needed to display the images in emails again.
上级 ed94cde2
class Projects::UploadsController < Projects::ApplicationController
layout 'project'
before_filter :project
skip_before_filter :project, :repository, :authenticate_user!, only: [:show]
before_filter :authorize_uploads, only: [:show]
def create
link_to_file = ::Projects::UploadService.new(project, params[:file]).
......@@ -21,15 +23,32 @@ class Projects::UploadsController < Projects::ApplicationController
end
def show
uploader = FileUploader.new(project, params[:secret])
uploader = get_file
return not_found! if uploader.nil? || !uploader.file.exists?
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
end
def get_file
namespace = params[:namespace_id]
id = params[:project_id]
return redirect_to uploader.url unless uploader.file_storage?
file_project = Project.find_with_namespace("#{namespace}/#{id}")
return nil if file_project.nil?
uploader = FileUploader.new(file_project, params[:secret])
uploader.retrieve_from_store!(params[:filename])
return not_found! unless uploader.file.exists?
uploader
end
disposition = uploader.image? ? 'inline' : 'attachment'
send_file uploader.file.path, disposition: disposition
def authorize_uploads
uploader = get_file
unless uploader && uploader.image?
project
end
end
end
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册