SECURITY: do not delete avatars uploads when deleting accounts

We rely on the clean up uploads job to do this safely
2025-01-19 11:12:46 +08:00 · 2018-12-13 16:32:35 +11:00 · 2018-12-13 16:32:35 +11:00 · d535e1ce6d
commit d535e1ce6d
parent 1b34a8b48a
1 changed files with 2 additions and 3 deletions
--- a/app/models/user_avatar.rb
+++ b/app/models/user_avatar.rb
@ -3,8 +3,8 @@ require_dependency 'upload_creator'

 class UserAvatar < ActiveRecord::Base
  belongs_to :user
-  belongs_to :gravatar_upload, class_name: 'Upload', dependent: :destroy
-  belongs_to :custom_upload, class_name: 'Upload', dependent: :destroy
+  belongs_to :gravatar_upload, class_name: 'Upload'
+  belongs_to :custom_upload, class_name: 'Upload'

  def contains_upload?(id)
    gravatar_upload_id == id || custom_upload_id == id
@ -50,7 +50,6 @@ class UserAvatar < ActiveRecord::Base
                user.update!(uploaded_avatar_id: upload_id)
              end

-              gravatar_upload&.destroy!
              self.gravatar_upload = upload
              save!
            end