fixed issue描述里的附件解析关联，增强附件访问权限控制

2023-10-18 15:16:14 +08:00 · 2023-10-18 15:16:14 +08:00 · 467a4f0b94
parent 6a057dedd0
commit 467a4f0b94
3 changed files with 16 additions and 2 deletions
--- a/app/controllers/api/v1/issues_controller.rb
+++ b/app/controllers/api/v1/issues_controller.rb
@ -23,7 +23,8 @@ class Api::V1::IssuesController < Api::V1::BaseController
  before_action :load_issue, only: [:show, :update, :destroy]
  before_action :check_issue_operate_permission, only: [:update, :destroy]

-  def show 
+  def show
+    @issue.associate_attachment_container
    @user_permission = current_user.present? && current_user.logged? && (@project.member?(current_user) || current_user.admin? || @issue.user == current_user)
  end

--- a/app/controllers/issues_controller.rb
+++ b/app/controllers/issues_controller.rb
@ -321,6 +321,7 @@ class IssuesController < ApplicationController
    @issue_user = @issue.user
    @issue_assign_to = @issue.get_assign_user
    @join_users = join_users(@issue)
+    @issue.associate_attachment_container
    #总耗时
    # cost_time(@issue)

--- a/app/models/issue.rb
+++ b/app/models/issue.rb
@ -94,7 +94,7 @@ class Issue < ApplicationRecord
  scope :closed, ->{where(status_id: 5)}
  scope :opened, ->{where.not(status_id: 5)}
  after_create :incre_project_common, :incre_user_statistic, :incre_platform_statistic
-  after_save :change_versions_count, :send_update_message_to_notice_system
+  after_save :change_versions_count, :send_update_message_to_notice_system, :associate_attachment_container
  after_destroy :update_closed_issues_count_in_project!, :decre_project_common, :decre_user_statistic, :decre_platform_statistic

  def incre_project_common
@ -222,6 +222,18 @@ class Issue < ApplicationRecord
    SendTemplateMessageJob.perform_later('IssueExpire', self.id) if Site.has_notice_menu? && self.due_date == Date.today + 1.days
  end

+  # 关附件到功能
+  def associate_attachment_container
+    att_ids = []
+    # 附件的格式为（/api/attachments/ + 附件id）的形式，提取出id进行附件属性关联，做附件访问权限控制
+    att_ids += self.description.to_s.scan(/\(\/api\/attachments\/.+\)/).map{|s|s.match(/\d+/)[0]}
+    att_ids += self.description.to_s.scan(/\/api\/attachments\/.+\"/).map{|s|s.match(/\d+/)[0]}
+    att_ids += self.description.to_s.scan(/\/api\/attachments\/\d+/).map{|s|s.match(/\d+/)[0]}
+    if att_ids.present?
+      Attachment.where(id: att_ids).where(container_type: nil).update_all(container_id: self.id, container_type: self.class.name)
+    end
+  end
+
  def to_builder 
    Jbuilder.new do |issue|
      issue.(self, :id, :project_issues_index, :subject, :description, :branch_name, :start_date, :due_date)