Files
fizzy/app/controllers/users/avatars_controller.rb
T
Rosa Gutierrez 527ffc42b9 Use relative URLs where possible across all the app
Skipping API responses, where we need absolute URLs, and those that are
intended for sharing or external use:

- account/join_codes/show.html.erb - Join code URL for sharing
- boards/edit/_publication.html.erb - Publication URL for sharing
- public/* views - Public page URLs and og:url meta tags
- pwa/manifest.json.erb - PWA manifest needs absolute URLs

For this, we had to replace `url_for` used with Active Storage variants
and previews with the specific path helper (for Active Storage
representations).
2026-01-14 11:01:42 +01:00

43 lines
992 B
Ruby

class Users::AvatarsController < ApplicationController
allow_unauthenticated_access only: :show
before_action :set_user
before_action :ensure_permission_to_administer_user, only: :destroy
def show
if @user.system?
redirect_to view_context.image_path("system_user.png")
elsif @user.avatar.attached?
redirect_to rails_blob_path(@user.avatar_thumbnail, disposition: "inline")
elsif stale? @user, cache_control: cache_control
render_initials
end
end
def destroy
@user.avatar.destroy
redirect_to @user
end
private
def set_user
@user = Current.account.users.find(params[:user_id])
end
def ensure_permission_to_administer_user
head :forbidden unless Current.user.can_change?(@user)
end
def cache_control
if @user == Current.user
{}
else
{ max_age: 30.minutes, stale_while_revalidate: 1.week }
end
end
def render_initials
render formats: :svg
end
end