FEATURE: Make allow_uploaded_avatars accept TL (#14091)

This gives admins more control over who can upload custom profile pictures.
2025-06-02 04:08:41 +08:00 · 2021-08-24 10:46:28 +03:00
parent eb6d66fe6f
commit ff367e22fb
12 changed files with 122 additions and 14 deletions
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@ -29,7 +29,7 @@ class UploadsController < ApplicationController
    # 50 characters ought to be enough for the upload type
    type = (params[:upload_type].presence || params[:type].presence).parameterize(separator: "_")[0..50]

-    if type == "avatar" && !me.admin? && (SiteSetting.discourse_connect_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
+    if type == "avatar" && !me.admin? && (SiteSetting.discourse_connect_overrides_avatar || !TrustLevelAndStaffAndDisabledSetting.matches?(SiteSetting.allow_uploaded_avatars, me))
      return render json: failed_json, status: 422
    end

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -1138,7 +1138,7 @@ class UsersController < ApplicationController

    if type.blank? || type == 'system'
      upload_id = nil
-    elsif !SiteSetting.allow_uploaded_avatars
+    elsif !TrustLevelAndStaffAndDisabledSetting.matches?(SiteSetting.allow_uploaded_avatars, user)
      return render json: failed_json, status: 422
    else
      upload_id = params[:upload_id]