Merge branch 'master' into extend_markdown_upload

# Conflicts:
#	app/views/projects/issues/_form.html.haml
#	app/views/projects/merge_requests/_form.html.haml
#	app/views/projects/merge_requests/_new_submit.html.haml
#	app/views/projects/milestones/_form.html.haml
#	app/views/projects/notes/_form.html.haml
#	app/views/projects/wikis/_form.html.haml
#	config/routes.rb
#	spec/controllers/projects_controller_spec.rb

1 files changed, 9 insertions, 0 deletions

diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index 508c2a6221a..b096c3913e1 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -1,4 +1,7 @@
 class UploadsController < ApplicationController
+  skip_before_filter :authenticate_user!, :reject_blocked!
+  before_filter :authorize_access
+
   def show
     model = params[:model].camelize.constantize.find(params[:id])
     uploader = model.send(params[:mounted_as])
@@ -12,4 +15,10 @@ class UploadsController < ApplicationController
     disposition = uploader.image? ? 'inline' : 'attachment'
     send_file uploader.file.path, disposition: disposition
   end
+
+  def authorize_access
+    unless params[:mounted_as] == 'avatar'
+      authenticate_user! && reject_blocked!
+    end
+  end
 end