From 12681b0842578a23a92bb2267777e63d3b178c8e Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Fri, 17 Sep 2021 14:56:34 +0800
Subject: [PATCH] fix: issue visit permission

---
 app/controllers/issues_controller.rb | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index bbde2ecb3..43e901956 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -399,22 +399,22 @@ class IssuesController < ApplicationController
 
   def check_project_public
     unless @project.is_public || @project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id)
-      normal_status(-1, "您没有权限")
+      return render_forbidden
     end
   end
 
   def set_issue
     @issue = Issue.find_by_id(params[:id])
     if @issue.blank?
-      normal_status(-1, "标签不存在")
-    elsif @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?)
-      normal_status(-1, "您没有权限")
+      return render_not_found
+    elsif !(@project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id))))
+      return render_forbidden
     end
   end
 
   def check_issue_permission
     unless @project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id)))
-      normal_status(-1, "您没有权限")
+      return render_forbidden
     end
   end