Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/controllers/uploads_controller.rb
diff options
context:
space:
mode:
authorDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-02-24 06:35:42 +0300
committerDmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>2015-02-24 06:35:42 +0300
commit897a2de54c1d5cbead4589d44a3d173c14849f23 (patch)
treecc3c684f7bb97bacc974c4f3dad5106881f94b49 /app/controllers/uploads_controller.rb
parenta4118ca445871c04625edee6463cffd838772b13 (diff)
Allow non authenticated access to avatars
Diffstat (limited to 'app/controllers/uploads_controller.rb')
-rw-r--r--app/controllers/uploads_controller.rb9
1 files changed, 9 insertions, 0 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index d5877977258..73b124bb34c 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -1,4 +1,7 @@
class UploadsController < ApplicationController
+ skip_before_filter :authenticate_user!, :reject_blocked
+ before_filter :authorize_access
+
def show
model = params[:model].camelize.constantize.find(params[:id])
uploader = model.send(params[:mounted_as])
@@ -14,4 +17,10 @@ class UploadsController < ApplicationController
redirect_to uploader.url
end
end
+
+ def authorize_access
+ unless params[:mounted_as] == 'avatar'
+ authenticate_user! && reject_blocked
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-19 06:06:37 +0300