FIX: Always allow admins upload selectable avatars.

FIX: Always allow admins upload selectable avatars.
From 1a4f592749c98e256e32bfebe3e452a7fee12646 Mon Sep 17 00:00:00 2001
From: Bianca Nenciu <nenciu.bianca@gmail.com>
Date: Wed, 5 Dec 2018 14:35:59 +0200
Subject: [PATCH] FIX: Always allow admins upload selectable avatars.


diff --git a/app/controllers/uploads_controller.rb b/app/controllers/uploads_controller.rb
index b04b393..64d08d4 100644
--- a/app/controllers/uploads_controller.rb
+++ b/app/controllers/uploads_controller.rb
@@ -13,7 +13,7 @@ class UploadsController < ApplicationController
     # 50 characters ought to be enough for the upload type
     type = params.require(:type).parameterize(separator: "_")[0..50]
 
-    if type == "avatar" && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
+    if type == "avatar" && !me.admin? && (SiteSetting.sso_overrides_avatar || !SiteSetting.allow_uploaded_avatars)
       return render json: failed_json, status: 422
     end
 
diff --git a/spec/requests/uploads_controller_spec.rb b/spec/requests/uploads_controller_spec.rb
index f6e7693..db79aab 100644
--- a/spec/requests/uploads_controller_spec.rb
+++ b/spec/requests/uploads_controller_spec.rb
@@ -111,6 +111,14 @@ describe UploadsController do
         expect(response.status).to eq(422)
       end
 
+      it 'always allows admins to upload avatars' do
+        sign_in(Fabricate(:admin))
+        SiteSetting.allow_uploaded_avatars = false
+
+        post "/uploads.json", params: { file: logo, type: "avatar" }
+        expect(response.status).to eq(200)
+      end
+
       it 'allows staff to upload any file in PM' do
         SiteSetting.authorized_extensions = "jpg"
         SiteSetting.allow_staff_to_upload_any_file_in_pm = true

GitHub