FIX: Always allow admins upload selectable avatars.

2024-11-23 01:47:22 +08:00 · 2018-12-05 14:35:59 +02:00 · 2018-12-05 14:35:59 +02:00 · 1a4f592749
commit 1a4f592749
parent aea2d8bbeb
2 changed files with 9 additions and 1 deletions
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@ -13,7 +13,7 @@ class UploadsController < ApplicationController
    # 50 characters ought to be enough for the upload type
    type = params.require(:type).parameterize(separator: "_")[0..50]

-    if type == "avatar" && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
+    if type == "avatar" && !me.admin? && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
      return render json: failed_json, status: 422
    end

--- a/spec/requests/uploads_controller_spec.rb
+++ b/spec/requests/uploads_controller_spec.rb
@ -111,6 +111,14 @@ describe UploadsController do
        expect(response.status).to eq(422)
      end

+      it 'always allows admins to upload avatars' do
+        sign_in(Fabricate(:admin))
+        SiteSetting.allow_uploaded_avatars = false
+
+        post "/uploads.json", params: { file: logo, type: "avatar" }
+        expect(response.status).to eq(200)
+      end
+
      it 'allows staff to upload any file in PM' do
        SiteSetting.authorized_extensions = "jpg"
        SiteSetting.allow_staff_to_upload_any_file_in_pm = true