Commit f6cc71bc36283223a10f3004121be34f06547d94
1 parent
4821aa6c
Exists in
master
and in
4 other branches
Per project protection
Showing
1 changed file
with
8 additions
and
2 deletions
Show diff stats
app/controllers/files_controller.rb
| 1 | class FilesController < ApplicationController | 1 | class FilesController < ApplicationController |
| 2 | def download | 2 | def download |
| 3 | - uploader = Note.find(params[:id]).attachment | ||
| 4 | - send_file uploader.file.path, disposition: 'attachment' | 3 | + note = Note.find(params[:id]) |
| 4 | + | ||
| 5 | + if can?(current_user, :read_project, note.project) | ||
| 6 | + uploader = note.attachment | ||
| 7 | + send_file uploader.file.path, disposition: 'attachment' | ||
| 8 | + else | ||
| 9 | + not_found! | ||
| 10 | + end | ||
| 5 | end | 11 | end |
| 6 | end | 12 | end |
| 7 | 13 |