Fix Group avatar API endpoint

Instead of using `avatar.file.file`, which is a private API when using object storage, rely on `avatar.filename` which is the public API to fetch the avatar filename regardless of it being in the object storage or locally in the system. Changelog: fixed MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64804

Fix Group avatar API endpoint
Instead of using `avatar.file.file`, which is a private API when using object storage, rely on `avatar.filename` which is the public API to fetch the avatar filename regardless of it being in the object storage or locally in the system. Changelog: fixed MR: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/64804
ea3f7bd4 · Kassio Borges · 613ec6e6 · ea3f7bd4 · ea3f7bd4
Commit ea3f7bd4 authored Jun 24, 2021 by Kassio Borges
Show whitespace changes
Inline Side-by-side

Showing with 20 additions and 6 deletions

lib/api/group_avatar.rb lib/api/group_avatar.rb +2 -4

spec/requests/api/group_avatar_spec.rb spec/requests/api/group_avatar_spec.rb +18 -2

No files found.
--- a/lib/api/group_avatar.rb
+++ b/lib/api/group_avatar.rb
@@ -18,17 +18,15 @@ module API
        not_found!('Avatar') if avatar.blank?
-        filename = File.basename(avatar.file.file)
        header(
          'Content-Disposition',
          ActionDispatch::Http::ContentDisposition.format(
            disposition: 'attachment',
-            filename: filename
+            filename: avatar.filename
          )
        )
-        present_carrierwave_file!(user_group.avatar)
+        present_carrierwave_file!(avatar)
      end
    end
  end

--- a/spec/requests/api/group_avatar_spec.rb
+++ b/spec/requests/api/group_avatar_spec.rb
@@ -9,9 +9,9 @@ RSpec.describe API::GroupAvatar do
  describe 'GET /groups/:id/avatar' do
    context 'when the group is public' do
-      it 'retrieves the avatar successfully' do
+      let(:group) { create(:group, :public, :with_avatar) }
-        group = create(:group, :public, :with_avatar)
+      it 'retrieves the avatar successfully' do
        get api(avatar_path(group))
        expect(response).to have_gitlab_http_status(:ok)
@@ -19,6 +19,22 @@ RSpec.describe API::GroupAvatar do
          .to eq(%(attachment; filename="dk.png"; filename*=UTF-8''dk.png))
      end
+      context 'when the avatar is in the object storage' do
+        before do
+          stub_uploads_object_storage(AvatarUploader)
+          group.avatar.migrate!(ObjectStorage::Store::REMOTE)
+        end
+        it 'redirects to the file in the object storage' do
+          get api(avatar_path(group))
+          expect(response).to have_gitlab_http_status(:found)
+          expect(response.headers['Content-Disposition'])
+            .to eq(%(attachment; filename="dk.png"; filename*=UTF-8''dk.png))
+        end
+      end
      context 'when the group does not have avatar' do
        it 'returns :not_found' do
          group = create(:group, :public)