fix: add user login and release authorize

2021-09-30 17:40:18 +08:00 · 2021-09-30 17:40:18 +08:00 · 9685c97177
parent 689f265858
commit 9685c97177
2 changed files with 6 additions and 0 deletions
--- a/app/controllers/version_releases_controller.rb
+++ b/app/controllers/version_releases_controller.rb
@ -2,6 +2,7 @@ class VersionReleasesController < ApplicationController
  before_action :load_repository
  before_action :set_user
  before_action :require_login, except: [:index, :show]
+  before_action :check_release_authorize, except: [:index, :show]
  before_action :find_version , only: [:show, :edit, :update, :destroy]

  def index
@ -161,4 +162,8 @@ class VersionReleasesController < ApplicationController
    end
  end

+  def check_release_authorize
+    return render_forbidden("您没有权限进行此操作.") unless current_user.admin? || @project.manager?(current_user)
+  end
+
 end
--- a/app/views/version_releases/_version_release.json.jbuilder
+++ b/app/views/version_releases/_version_release.json.jbuilder
@ -12,6 +12,7 @@ json.draft version&.draft ? "草稿" : (version&.prerelease ? "预发行" : "稳
 json.created_at format_time(version.created_at.to_s.to_time)
 json.published_at format_time(version.created_at.to_s.to_time)
 json.user_name user.present? ? user.try(:show_real_name) : ""
+json.user_login user&.login
 json.image_url user.present? ? url_to_avatar(user) : ""
 json.attachments do
  json.array! version.try(:attachments) do |attachment|