From 884a0a3823a41af6398395db097934101221caff Mon Sep 17 00:00:00 2001
From: Jasder <2053003901@@qq.com>
Date: Fri, 17 Jul 2020 18:17:51 +0800
Subject: [PATCH] =?UTF-8?q?FIX=20=E8=A7=A3=E5=86=B3=E7=82=B9=E8=B5=9E?=
 =?UTF-8?q?=E3=80=81=E5=85=B3=E6=B3=A8=E3=80=81fork=E7=94=A8=E6=88=B7?=
 =?UTF-8?q?=E8=AE=BF=E9=97=AE=E5=88=97=E8=A1=A8=E7=9A=84=E6=9D=83=E9=99=90?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/projects_controller.rb | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 20752bb1e..eb6c79777 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -5,7 +5,7 @@ class ProjectsController < ApplicationController
   before_action :require_login, except: %i[index branches group_type_list simple]
   before_action :find_project_with_id, only: %i[show branches update destroy fork_users praise_users watch_users]
   before_action :authorizate_user_can_edit_project!, only: %i[update]
-  before_action :project_public?, only: %i[fork_users praise_users watch_user]
+  before_action :project_public?, only: %i[fork_users praise_users watch_users]
 
   def index
     scope = Projects::ListQuery.call(params)
@@ -116,8 +116,13 @@ class ProjectsController < ApplicationController
   end
 
   def project_public?
-    unless @project.is_public || current_user&admin?
-      tip_exception(403, "..")
+    return if @project.is_public?
+
+    if current_user
+      return if current_user.admin? || @project.member?(current_user.id)
+      render_forbidden('你没有权限访问.')
+    else
+      render_unauthorized('你还未登录.')
     end
   end
 end