From 4432e6568324191b7b3ccd123ad65bef3389a497 Mon Sep 17 00:00:00 2001
From: yystopf <yystopf@163.com>
Date: Mon, 27 Dec 2021 17:32:35 +0800
Subject: [PATCH] fix: operate issue permission reset

---
 app/controllers/issues_controller.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb
index 6ea8fb8ef..872263d86 100644
--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@@ -486,7 +486,8 @@ class IssuesController < ApplicationController
   end
 
   def operate_issue_permission
-    return render_forbidden("您没有权限进行此操作.") unless current_user.present? && current_user.logged? && (current_user.admin? || @project.member?(current_user) || @project.is_public?)
+    set_issue unless @issue.present?
+    return render_forbidden("您没有权限进行此操作.") unless current_user.present? && current_user.logged? && (current_user.admin? || @project.member?(current_user) || (@project.is_public && @issue.nil?) || (@project.is_public && @issue.present? && @issue.author_id == current_user.id))
   end
 
   def export_issues(issues)