diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index cfbd8a624..266d746d7 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,6 +3,7 @@ class IssuesController < ApplicationController before_action :require_profile_completed, only: [:create] before_action :load_project before_action :set_user + before_action :check_menu_authorize, except: [:index_chosen] before_action :check_issue_permission before_action :operate_issue_permission, only:[:create, :update, :destroy, :clean, :series_update, :copy] before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue] @@ -14,7 +15,6 @@ class IssuesController < ApplicationController include TagChosenHelper def index - return render_not_found unless @project.has_menu_permission("issues") @user_admin_or_member = current_user.present? && current_user.logged? && (current_user.admin || @project.member?(current_user)) issues = @project.issues.issue_issue.issue_index_includes issues = issues.where(is_private: false) unless @user_admin_or_member @@ -500,4 +500,8 @@ class IssuesController < ApplicationController return normal_status(-1, "您的token值不足") if JSON.parse(response.body)["balance"].to_i < params[:token].to_i end end + + def check_menu_authorize + return render_not_found unless @project.has_menu_permission("issues") + end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 02403bbd9..9b3909690 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -22,7 +22,7 @@ class ProjectsController < ApplicationController menu.append(menu_hash_by_name("versions")) if @project.has_menu_permission("versions") menu.append(menu_hash_by_name("resources")) if @project.has_menu_permission("resources") menu.append(menu_hash_by_name("activity")) - menu.append(menu_hash_by_name("setting")) if current_user.admin? || @project.manager?(current_user) + menu.append(menu_hash_by_name("settings")) if current_user.admin? || @project.manager?(current_user) render json: menu end diff --git a/app/controllers/pull_requests_controller.rb b/app/controllers/pull_requests_controller.rb index e1639969a..79221a665 100644 --- a/app/controllers/pull_requests_controller.rb +++ b/app/controllers/pull_requests_controller.rb @@ -2,6 +2,7 @@ class PullRequestsController < ApplicationController before_action :require_login, except: [:index, :show, :files, :commits] before_action :require_profile_completed, only: [:create] before_action :load_repository + before_action :check_menu_authorize before_action :find_pull_request, except: [:index, :new, :create, :check_can_merge,:get_branches,:create_merge_infos, :files, :commits] before_action :load_pull_request, only: [:files, :commits] include TagChosenHelper @@ -9,7 +10,6 @@ class PullRequestsController < ApplicationController def index - return render_not_found unless @project.has_menu_permission("pulls") # @issues = Gitea::PullRequest::ListService.new(@user,@repository.try(:identifier)).call #通过gitea获取 issues = @project.issues.issue_pull_request.issue_index_includes.includes(pull_request: :user) issues = issues.where(is_private: false) unless current_user.present? && (current_user.admin? || @project.member?(current_user)) @@ -261,4 +261,8 @@ class PullRequestsController < ApplicationController status_id: 1, } end + + def check_menu_authorize + return render_not_found unless @project.has_menu_permission("pulls") + end end diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 062a8f046..8e3f496be 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -4,6 +4,7 @@ class RepositoriesController < ApplicationController include Repository::LanguagesPercentagable before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror] + before_action :require_profile_completed, only: [:create_file] before_action :load_repository before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive] before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror] diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index cf5b3b9f1..4e515db71 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -2,11 +2,11 @@ class VersionsController < ApplicationController before_action :require_login, except: [:index, :show] before_action :require_profile_completed, only: [:create] before_action :load_repository + before_action :check_menu_authorize before_action :check_issue_permission, except: [:show, :index] before_action :set_version, only: [:edit, :update, :destroy, :show,:update_status] def index - return render_not_found unless @project.has_menu_permission("versions") @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user)) status = params[:status] versions = @project.versions.version_includes @@ -183,4 +183,8 @@ class VersionsController < ApplicationController %w(desc asc).include?(params[:order_type]) ? params[:order_type] : 'desc' end + def check_menu_authorize + return render_not_found unless @project.has_menu_permission("versions") + end + end diff --git a/app/forms/projects/create_form.rb b/app/forms/projects/create_form.rb index 0b57f215b..8265f323e 100644 --- a/app/forms/projects/create_form.rb +++ b/app/forms/projects/create_form.rb @@ -15,6 +15,8 @@ class Projects::CreateForm < BaseForm validate do check_project_category(project_category_id) check_project_language(project_language_id) + check_project_name(user_id, name) unless name.blank? + check_repository_name(user_id, repository_name) unless repository_name.blank? end def check_license