Commit f6cc71bc36283223a10f3004121be34f06547d94
1 parent
4821aa6c
Exists in
master
and in
4 other branches
Per project protection
Showing
1 changed file
with
8 additions
and
2 deletions
Show diff stats
app/controllers/files_controller.rb
| 1 | 1 | class FilesController < ApplicationController |
| 2 | 2 | def download |
| 3 | - uploader = Note.find(params[:id]).attachment | |
| 4 | - send_file uploader.file.path, disposition: 'attachment' | |
| 3 | + note = Note.find(params[:id]) | |
| 4 | + | |
| 5 | + if can?(current_user, :read_project, note.project) | |
| 6 | + uploader = note.attachment | |
| 7 | + send_file uploader.file.path, disposition: 'attachment' | |
| 8 | + else | |
| 9 | + not_found! | |
| 10 | + end | |
| 5 | 11 | end |
| 6 | 12 | end |
| 7 | 13 | ... | ... |