diff options
Diffstat (limited to 'app/controllers/uploads_controller.rb')
-rw-r--r-- | app/controllers/uploads_controller.rb | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb deleted file mode 100644 index c5f3da54ea2..00000000000 --- a/app/controllers/uploads_controller.rb +++ /dev/null @@ -1,71 +0,0 @@ -class UploadsController < ApplicationController - skip_before_filter :authenticate_user! - before_filter :find_model, :authorize_access! - - def show - uploader = @model.send(upload_mount) - - unless uploader.file_storage? - return redirect_to uploader.url - end - - unless uploader.file && uploader.file.exists? - return not_found! - end - - disposition = uploader.image? ? 'inline' : 'attachment' - send_file uploader.file.path, disposition: disposition - end - - private - - def find_model - unless upload_model && upload_mount - return not_found! - end - - @model = upload_model.find(params[:id]) - end - - def authorize_access! - authorized = - case @model - when Project - can?(current_user, :read_project, @model) - when Group - can?(current_user, :read_group, @model) - when Note - can?(current_user, :read_project, @model.project) - else - # No authentication required for user avatars. - true - end - - return if authorized - - if current_user - not_found! - else - authenticate_user! - end - end - - def upload_model - upload_models = { - user: User, - project: Project, - note: Note, - group: Group - } - - upload_models[params[:model].to_sym] - end - - def upload_mount - upload_mounts = %w(avatar attachment file) - - if upload_mounts.include?(params[:mounted_as]) - params[:mounted_as] - end - end -end |