app/controllers/traces/pictures_controller.rb

   1 # frozen_string_literal: true
   2
   3 module Traces
   4   class PicturesController < ApplicationController
   5     before_action :authorize_web
   6     before_action :check_database_readable
   7
   8     authorize_resource :trace
   9
  10     def show
  11       trace = Trace.visible.imported.find(params[:trace_id])
  12
  13       if trace.public? || (current_user && current_user == trace.user)
  14         redirect_to rails_blob_path(trace.image, :disposition => "inline")
  15       else
  16         head :forbidden
  17       end
  18     rescue ActiveRecord::RecordNotFound
  19       head :not_found
  20     end
  21   end
  22 end