From a1731f91a917b87bcc3ab1b7298679ebb92b93f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9Cxxq250=E2=80=9D?= <“xxq250@qq.com”> Date: Tue, 15 Nov 2022 17:12:10 +0800 Subject: [PATCH] =?UTF-8?q?fixed=20=E9=99=84=E4=BB=B6=E4=B8=8B=E8=BD=BD?= =?UTF-8?q?=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 1f5d5f459..4409f04a9 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -213,20 +213,17 @@ class AttachmentsController < ApplicationController def attachment_candown unless current_user.admin? || current_user.business? candown = true - unless params[:type] == 'history' - if @file.container && current_user.logged? - if @file.container.is_a?(Issue) - course = @file.container.project - candown = course.member?(current_user) || course.is_public - elsif @file.container.is_a?(Journal) - course = @file.container.issue.project - candown = course.member?(current_user) || course.is_public - else - course = nil - end - tip_exception(403, "您没有权限进入") if course.present? && !candown - tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication) + if @file.container + if @file.container.is_a?(Issue) + project = @file.container.project + candown = project.is_public || (current_user.logged? && project.member?(current_user)) + elsif @file.container.is_a?(Journal) + project = @file.container.issue.project + candown = project.is_public || (current_user.logged? && project.member?(current_user)) + else + project = nil end + tip_exception(403, "您没有权限进入") if project.present? && !candown end end end