From 1a4f592749c98e256e32bfebe3e452a7fee12646 Mon Sep 17 00:00:00 2001 From: Bianca Nenciu Date: Wed, 5 Dec 2018 14:35:59 +0200 Subject: [PATCH] FIX: Always allow admins upload selectable avatars. --- app/controllers/uploads_controller.rb | 2 +- spec/requests/uploads_controller_spec.rb | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb index b04b393cc56..64d08d4e1a9 100644 --- a/app/controllers/uploads_controller.rb +++ b/app/controllers/uploads_controller.rb @@ -13,7 +13,7 @@ class UploadsController < ApplicationController # 50 characters ought to be enough for the upload type type = params.require(:type).parameterize(separator: "_")[0..50] - if type == "avatar" && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars) + if type == "avatar" && !me.admin? && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars) return render json: failed_json, status: 422 end diff --git a/spec/requests/uploads_controller_spec.rb b/spec/requests/uploads_controller_spec.rb index f6e76930e3e..db79aabdadf 100644 --- a/spec/requests/uploads_controller_spec.rb +++ b/spec/requests/uploads_controller_spec.rb @@ -111,6 +111,14 @@ describe UploadsController do expect(response.status).to eq(422) end + it 'always allows admins to upload avatars' do + sign_in(Fabricate(:admin)) + SiteSetting.allow_uploaded_avatars = false + + post "/uploads.json", params: { file: logo, type: "avatar" } + expect(response.status).to eq(200) + end + it 'allows staff to upload any file in PM' do SiteSetting.authorized_extensions = "jpg" SiteSetting.allow_staff_to_upload_any_file_in_pm = true