fix: issue visit permission

2021-09-17 14:56:34 +08:00 · 2021-09-17 14:56:34 +08:00 · 12681b0842
parent 76268c4952
commit 12681b0842
1 changed files with 5 additions and 5 deletions
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@ -399,22 +399,22 @@ class IssuesController < ApplicationController
  def check_project_public
    unless @project.is_public || @project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id)
-      normal_status(-1, "您没有权限")
+      return render_forbidden
    end
  end
  def set_issue
    @issue = Issue.find_by_id(params[:id])
    if @issue.blank?
-      normal_status(-1, "标签不存在")
+      return render_not_found
-    elsif @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?)
+    elsif !(@project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id))))
-      normal_status(-1, "您没有权限")
+      return render_forbidden
    end
  end
  def check_issue_permission
    unless @project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id)))
-      normal_status(-1, "您没有权限")
+      return render_forbidden
    end
  end