SECURITY: do not delete avatars uploads when deleting accounts

We rely on the clean up uploads job to do this safely
2025-02-25 18:55:32 -06:00 · 2018-12-13 16:26:07 +11:00
parent f74ef71130
commit 7ee9a6a7ec
2 changed files with 9 additions and 4 deletions
--- a/app/models/user_avatar.rb
+++ b/app/models/user_avatar.rb
@@ -3,8 +3,8 @@ require_dependency 'upload_creator'

 class UserAvatar < ActiveRecord::Base
  belongs_to :user
-  belongs_to :gravatar_upload, class_name: 'Upload', dependent: :destroy
-  belongs_to :custom_upload, class_name: 'Upload', dependent: :destroy
+  belongs_to :gravatar_upload, class_name: 'Upload'
+  belongs_to :custom_upload, class_name: 'Upload'

  def contains_upload?(id)
    gravatar_upload_id == id || custom_upload_id == id
@@ -46,7 +46,6 @@ class UserAvatar < ActiveRecord::Base
                user.update!(uploaded_avatar_id: upload.id)
              end

-              gravatar_upload&.destroy!
              self.update!(gravatar_upload: upload)
            end
          end