floraachy
/
gitlink-forgeplus
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

fixed 附件下载权限

This commit is contained in:
“xxq250” 2022-11-15 17:12:10 +08:00
parent ea7cf1cd1f
commit a1731f91a9
1 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
app/controllers/attachments_controller.rb
View File

@ -213,20 +213,17 @@ class AttachmentsController < ApplicationController
def attachment_candown def attachment_candown
unless current_user.admin? || current_user.business? unless current_user.admin? || current_user.business?
candown = true candown = true
unless params[:type] == 'history' if @file.container
if @file.container && current_user.logged? if @file.container.is_a?(Issue)
if @file.container.is_a?(Issue) project = @file.container.project
course = @file.container.project candown = project.is_public || (current_user.logged? && project.member?(current_user))
candown = course.member?(current_user) || course.is_public elsif @file.container.is_a?(Journal)
elsif @file.container.is_a?(Journal) project = @file.container.issue.project
course = @file.container.issue.project candown = project.is_public || (current_user.logged? && project.member?(current_user))
candown = course.member?(current_user) || course.is_public else
else project = nil
course = nil
end
tip_exception(403, "您没有权限进入") if course.present? && !candown
tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication)
end end
tip_exception(403, "您没有权限进入") if project.present? && !candown
end end
end end
end end