Commit f6cc71bc authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Per project protection

parent 4821aa6c
class FilesController < ApplicationController class FilesController < ApplicationController
def download def download
uploader = Note.find(params[:id]).attachment note = Note.find(params[:id])
if can?(current_user, :read_project, note.project)
uploader = note.attachment
send_file uploader.file.path, disposition: 'attachment' send_file uploader.file.path, disposition: 'attachment'
else
not_found!
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment