PR数据访问权限控制

app/controllers/projects_controller.rb

@@ -289,7 +289,7 @@ class ProjectsController < ApplicationController
   def project_params
     params.permit(:user_id, :name, :description, :repository_name, :website, :lesson_url, :default_branch, :identifier,
                   :project_category_id, :project_language_id, :license_id, :ignore_id, :private,
-                  :blockchain, :blockchain_token_all, :blockchain_init_token)
+                  :blockchain, :blockchain_token_all, :blockchain_init_token, :pr_view_admin)
   end
 
   def mirror_params

app/controllers/pull_requests_controller.rb

@@ -12,21 +12,28 @@ class PullRequestsController < ApplicationController
 
 
   def index
-    # @issues = Gitea::PullRequest::ListService.new(@user,@repository.try(:identifier)).call   #通过gitea获取
-    issues = @project.issues.issue_pull_request.issue_index_includes.includes(pull_request: :user)
-    issues = issues.where(is_private: false) unless current_user.present? && (current_user.admin? || @project.member?(current_user))
-    @all_issues = issues.distinct
-    @filter_issues = @all_issues
-    @filter_issues = @filter_issues.where("issues.subject LIKE ? OR issues.description LIKE ? ", "%#{params[:search]}%", "%#{params[:search]}%") if params[:search].present?
-    @open_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::OPEN})
-    @close_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::CLOSED})
-    @merged_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::MERGED})
     @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user))
     @user_admin_or_developer = current_user.present? && (current_user.admin || @project.all_developers.include?(current_user))
+    if @project.pr_view_admin? && !@project.manager?(current_user)
+      @open_issues = []
+      @close_issues = []
+      @merged_issues = []
+      @issues_size = 0
+      @issues = []
+    else
+      issues = @project.issues.issue_pull_request.issue_index_includes.includes(pull_request: :user)
+      issues = issues.where(is_private: false) unless current_user.present? && (current_user.admin? || @project.member?(current_user))
+      @all_issues = issues.distinct
+      @filter_issues = @all_issues
+      @filter_issues = @filter_issues.where("issues.subject LIKE ? OR issues.description LIKE ? ", "%#{params[:search]}%", "%#{params[:search]}%") if params[:search].present?
+      @open_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::OPEN})
+      @close_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::CLOSED})
+      @merged_issues = @filter_issues.joins(:pull_request).where(pull_requests: {status: PullRequest::MERGED})
 
-    scopes = Issues::ListQueryService.call(issues,params.delete_if{|k,v| v.blank?}, "PullRequest")
-    @issues_size = scopes.size
-    @issues = paginate(scopes)
+      scopes = Issues::ListQueryService.call(issues,params.delete_if{|k,v| v.blank?}, "PullRequest")
+      @issues_size = scopes.size
+      @issues = paginate(scopes)
+    end
   end
 
   def new
@@ -192,6 +199,7 @@ class PullRequestsController < ApplicationController
   end
 
   def show
+    tip_exception(403, "你没有权限访问") if @project.pr_view_admin? && !@project.manager?(current_user)
     @issue_user = @issue.user
     @issue_assign_to = @issue.get_assign_user
     @gitea_pull = Gitea::PullRequest::GetService.call(@owner.login, 

db/migrate/20230530353459_add_project_pr_admin.rb

@@ -0,0 +1,5 @@
+class AddUserActionIndex < ActiveRecord::Migration[5.2]
+  def change
+    add_column :projects, :pr_view_admin, :boolean, default: false
+  end
+end