From ea82a52b7bc2dede2ff93a1a3680f6ed1a00a2f9 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 14:45:41 +0800 Subject: [PATCH 1/5] fix: version issues count --- app/controllers/versions_controller.rb | 27 ++++++++++++++++++++------ app/views/versions/index.json.jbuilder | 4 ++-- app/views/versions/show.json.jbuilder | 6 +++--- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index f5d09ed3b..34ad64120 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -31,11 +31,7 @@ class VersionsController < ApplicationController # @close_issues_size = version_issues.where(status_id: 5).size # @open_issues_size = version_issues.size - @close_issues_size - if status_type.to_s == "1" #表示开启中的 - version_issues = version_issues.where.not(status_id: 5) - else - version_issues = version_issues.where(status_id: 5) - end + version_issues = version_issues.where(author_id: params[:author_id]) if params[:author_id].present? && params[:author_id].to_s != "all" version_issues = version_issues.where(assigned_to_id: params[:assigned_to_id]) if params[:assigned_to_id].present? && params[:assigned_to_id].to_s != "all" version_issues = version_issues.where(tracker_id: params[:tracker_id]) if params[:tracker_id].present? && params[:tracker_id].to_s != "all" @@ -47,10 +43,29 @@ class VersionsController < ApplicationController version_issues = version_issues.joins(:issue_tags).where(issue_tags: {id: params[:issue_tag_id].to_i}) if params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all" version_issues = version_issues.reorder("#{order_name} #{order_type}") + has_filter_params = (params[:author_id].present? && params[:author_id].to_s != "all") || + (params[:assigned_to_id].present? && params[:assigned_to_id].to_s != "all") || + (params[:tracker_id].present? && params[:tracker_id].to_s != "all") || + (params[:status_id].present? && params[:status_id].to_s != "all") || + (params[:priority_id].present? && params[:priority_id].to_s != "all") || + (params[:fixed_version_id].present? && params[:fixed_version_id].to_s != "all") || + (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || + (params[:issue_type].present? && params[:issue_type].to_s != "all") || + (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") + puts has_filter_params + @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size + @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size + puts @version_close_issues_size + puts @version_issues_size + if status_type.to_s == "1" #表示开启中的 + version_issues = version_issues.where.not(status_id: 5) + else + version_issues = version_issues.where(status_id: 5) + end @page = params[:page] || 1 @limit = params[:limit] || 15 - @version_issues_size = version_issues.size + # @version_issues_size = version_issues.size @version_issues = version_issues.page(@page).per(@limit) end diff --git a/app/views/versions/index.json.jbuilder b/app/views/versions/index.json.jbuilder index 044d4c5f6..fbff16a39 100644 --- a/app/views/versions/index.json.jbuilder +++ b/app/views/versions/index.json.jbuilder @@ -7,8 +7,8 @@ json.versions do json.array! @versions.each.to_a do |version| json.extract! version, :id, :name, :description, :effective_date,:status,:percent - json.open_issues_count (version.issues_count - version.closed_issues_count) - json.close_issues_count version.closed_issues_count + json.open_issues_count (version.issues_count - version.issues.closed.size) + json.close_issues_count version.issues.closed.size json.created_at format_time(version.created_on) json.updated_at format_time(version.updated_on) json.user_name version.version_user.try(:show_real_name) diff --git a/app/views/versions/show.json.jbuilder b/app/views/versions/show.json.jbuilder index 23f4fbb94..fe8606b22 100644 --- a/app/views/versions/show.json.jbuilder +++ b/app/views/versions/show.json.jbuilder @@ -1,7 +1,7 @@ json.partial! "commons/success" -json.issues_count @version.issues_count -json.open_issues_count @version.issues_count - @version.closed_issues_count -json.close_issues_count @version.closed_issues_count +json.issues_count @version_issues_size +json.open_issues_count @version_issues_size - @version_close_issues_size +json.close_issues_count @version_close_issues_size json.limit @limit json.user_name @version.version_user.try(:show_real_name) json.user_login @version.version_user.try(:login) From 0af08bc9674d8ecd98d7174ccdd150e1a286cb1b Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 17:05:51 +0800 Subject: [PATCH 2/5] fix: projects load by project language slowly --- app/controllers/versions_controller.rb | 4 +--- app/models/project.rb | 3 +++ .../cache/platform_project_languages_count_service.rb | 4 ++-- ...0210621090005_add_project_language_index_to_projects.rb | 7 +++++++ 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 db/migrate/20210621090005_add_project_language_index_to_projects.rb diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 34ad64120..5eb9ee271 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -52,16 +52,14 @@ class VersionsController < ApplicationController (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || (params[:issue_type].present? && params[:issue_type].to_s != "all") || (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") - puts has_filter_params @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size - puts @version_close_issues_size - puts @version_issues_size if status_type.to_s == "1" #表示开启中的 version_issues = version_issues.where.not(status_id: 5) else version_issues = version_issues.where(status_id: 5) end + puts cookies.to_json @page = params[:page] || 1 @limit = params[:limit] || 15 diff --git a/app/models/project.rb b/app/models/project.rb index eb8a0bbf4..251b40de1 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -64,8 +64,11 @@ # index_projects_on_invite_code (invite_code) # index_projects_on_is_public (is_public) # index_projects_on_lft (lft) +# index_projects_on_license_id (license_id) # index_projects_on_name (name) # index_projects_on_platform (platform) +# index_projects_on_project_category_id (project_category_id) +# index_projects_on_project_language_id (project_language_id) # index_projects_on_project_type (project_type) # index_projects_on_recommend (recommend) # index_projects_on_rgt (rgt) diff --git a/app/services/cache/platform_project_languages_count_service.rb b/app/services/cache/platform_project_languages_count_service.rb index 2b4f0fae4..0c6ffab19 100644 --- a/app/services/cache/platform_project_languages_count_service.rb +++ b/app/services/cache/platform_project_languages_count_service.rb @@ -46,11 +46,11 @@ class Cache::PlatformProjectLanguagesCountService < ApplicationService def reset_platform_project_language_count_by_key return if key.nil? - $redis_cache.hset(platform_project_language_count_key, key, Project.joins(:project_language).where(project_languages: {name: key}).count) + $redis_cache.hset(platform_project_language_count_key, key, ProjectLanguage.where(name: key).projects_count) end def reset_platform_project_language_count - Project.joins(:project_language).group("project_languages.name").count.each do |k, v| + ProjectLanguage.where.not(projects_count: 0).group("project_languages.name").sum(:projects_count).each do |k, v| $redis_cache.hset(platform_project_language_count_key, k, v) end end diff --git a/db/migrate/20210621090005_add_project_language_index_to_projects.rb b/db/migrate/20210621090005_add_project_language_index_to_projects.rb new file mode 100644 index 000000000..d0959168e --- /dev/null +++ b/db/migrate/20210621090005_add_project_language_index_to_projects.rb @@ -0,0 +1,7 @@ +class AddProjectLanguageIndexToProjects < ActiveRecord::Migration[5.2] + def change + add_index :projects, :project_category_id + add_index :projects, :project_language_id + add_index :projects, :license_id + end +end From 2d37df1c00ee9cfb82f99100875e558ee88068d0 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 17:12:13 +0800 Subject: [PATCH 3/5] fix: set cache user nil --- app/jobs/reset_user_cache_job.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/jobs/reset_user_cache_job.rb b/app/jobs/reset_user_cache_job.rb index 3562475ce..7b2c5c63b 100644 --- a/app/jobs/reset_user_cache_job.rb +++ b/app/jobs/reset_user_cache_job.rb @@ -2,6 +2,7 @@ class ResetUserCacheJob < ApplicationJob queue_as :cache def perform(user) + return if user.nil? Cache::UserFollowCountService.new(user).reset Cache::UserIssueCountService.new(user).reset Cache::UserProjectCountService.new(user).reset From 526920f5648777d250a3ae7f975588decdf49817 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 18:50:45 +0800 Subject: [PATCH 4/5] fix: version issues count except pull requests count --- app/controllers/issues_controller.rb | 2 +- app/controllers/versions_controller.rb | 7 +++---- app/views/versions/index.json.jbuilder | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 4b073415a..5fb45a0b4 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -303,7 +303,7 @@ class IssuesController < ApplicationController if issue_ids.present? if update_hash.blank? normal_status(-1, "请选择批量更新内容") - elsif Issue.where(id: issue_ids).update_all(update_hash) + elsif Issue.where(id: issue_ids)&.update(update_hash) normal_status(0, "批量更新成功") else normal_status(-1, "批量更新失败") diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 5eb9ee271..58cd9e87f 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -25,7 +25,7 @@ class VersionsController < ApplicationController end def show - version_issues = @version.issues.issue_includes + version_issues = @version.issues.issue_issue.issue_includes status_type = params[:status_type] || "1" # @close_issues_size = version_issues.where(status_id: 5).size @@ -52,14 +52,13 @@ class VersionsController < ApplicationController (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || (params[:issue_type].present? && params[:issue_type].to_s != "all") || (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") - @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size - @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size + @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_issue.issue_includes.closed.size + @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_issue.issue_includes.size if status_type.to_s == "1" #表示开启中的 version_issues = version_issues.where.not(status_id: 5) else version_issues = version_issues.where(status_id: 5) end - puts cookies.to_json @page = params[:page] || 1 @limit = params[:limit] || 15 diff --git a/app/views/versions/index.json.jbuilder b/app/views/versions/index.json.jbuilder index fbff16a39..4c15d45e1 100644 --- a/app/views/versions/index.json.jbuilder +++ b/app/views/versions/index.json.jbuilder @@ -7,8 +7,8 @@ json.versions do json.array! @versions.each.to_a do |version| json.extract! version, :id, :name, :description, :effective_date,:status,:percent - json.open_issues_count (version.issues_count - version.issues.closed.size) - json.close_issues_count version.issues.closed.size + json.open_issues_count (version.issues.issue_issue.size - version.issues.issue_issue.closed.size) + json.close_issues_count version.issues.issue_issue.closed.size json.created_at format_time(version.created_on) json.updated_at format_time(version.updated_on) json.user_name version.version_user.try(:show_real_name) From 4126ea7b4e3806b9789070204d5908d22ca79632 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Tue, 22 Jun 2021 15:54:42 +0800 Subject: [PATCH 5/5] fix: some bug from security --- app/controllers/issues_controller.rb | 5 +++++ app/models/concerns/project_operable.rb | 2 +- app/services/projects/create_service.rb | 5 +++++ app/services/projects/migrate_service.rb | 5 +++++ config/initializers/session_store.rb | 2 +- 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 5fb45a0b4..9780d4729 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,6 +3,7 @@ class IssuesController < ApplicationController before_action :load_project before_action :set_user before_action :check_issue_permission + before_action :operate_issue_permission, only:[:create, :update, :destroy, :clean, :series_update] before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue] before_action :set_issue, only: [:edit, :update, :destroy, :show, :copy, :close_issue, :lock_issue] @@ -412,6 +413,10 @@ class IssuesController < ApplicationController end end + def operate_issue_permission + return render_forbidden("您没有权限进行此操作.") unless current_user.admin? || @project.member?(current_user) + end + def export_issues(issues) @table_columns = %w(ID 类型 标题 描述 状态 指派给 优先级 标签 发布人 创建时间 里程碑 开始时间 截止时间 完成度 分类 金额 属于) @export_issues = [] diff --git a/app/models/concerns/project_operable.rb b/app/models/concerns/project_operable.rb index 79d099a2e..a228a7028 100644 --- a/app/models/concerns/project_operable.rb +++ b/app/models/concerns/project_operable.rb @@ -94,7 +94,7 @@ module ProjectOperable end def operator?(user) - user.admin? || !reporter?(user) + user.admin? || (member?(user.id) && !reporter?(user)) end def set_developer_role(member, role_name) diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index f014b8d7f..e7e4924ae 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -8,6 +8,7 @@ class Projects::CreateService < ApplicationService def call Rails.logger.info("#############__________project_params______###########{project_params}") + raise Error, "user_id不正确." unless authroize_user_id_success @project = Project.new(project_params) ActiveRecord::Base.transaction do @@ -27,6 +28,10 @@ class Projects::CreateService < ApplicationService private + def authroize_user_id_success + (user.id == params[:user_id].to_i) || (user.organizations.find_by_id(params[:user_id]).present?) + end + def project_params { name: params[:name], diff --git a/app/services/projects/migrate_service.rb b/app/services/projects/migrate_service.rb index 7df08f9eb..68ed9f642 100644 --- a/app/services/projects/migrate_service.rb +++ b/app/services/projects/migrate_service.rb @@ -8,6 +8,8 @@ class Projects::MigrateService < ApplicationService end def call + raise Error, "user_id不正确." unless authroize_user_id_success + @project = Project.new(project_params) if @project.save! ProjectUnit.init_types(@project.id, project.project_type) @@ -24,6 +26,9 @@ class Projects::MigrateService < ApplicationService end private + def authroize_user_id_success + (user.id == params[:user_id].to_i) || (user.organizations.find_by_id(params[:user_id]).present?) + end def project_params { diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index def30285a..12faf10f2 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -4,5 +4,5 @@ # Rails.application.config.session_store :active_record_store # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cache_store, :expire_after => 24.hours, :httponly => false, :secure => false, key: '_educoder_session', domain: :all +Rails.application.config.session_store :cache_store, :expire_after => 24.hours, :httponly => true, :secure => false, key: '_educoder_session', domain: :all