diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 1f5d5f459..4409f04a9 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -213,20 +213,17 @@ class AttachmentsController < ApplicationController
   def attachment_candown
     unless current_user.admin? || current_user.business?
       candown = true
-      unless params[:type] == 'history'
-        if @file.container && current_user.logged?
-          if @file.container.is_a?(Issue)
-            course = @file.container.project
-            candown = course.member?(current_user) || course.is_public
-          elsif @file.container.is_a?(Journal)
-            course = @file.container.issue.project
-            candown = course.member?(current_user) || course.is_public
-          else
-            course = nil
-          end
-          tip_exception(403, "您没有权限进入") if course.present? && !candown
-          tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication)
+      if @file.container
+        if @file.container.is_a?(Issue)
+          project = @file.container.project
+          candown = project.is_public || (current_user.logged? && project.member?(current_user))
+        elsif @file.container.is_a?(Journal)
+          project = @file.container.issue.project
+          candown = project.is_public || (current_user.logged? && project.member?(current_user))
+        else
+          project = nil
         end
+        tip_exception(403, "您没有权限进入") if project.present? && !candown
       end
     end
   end