Merge branch 'develop' of http://git.trustie.net/jasder/forgeplus into develop

app/controllers/issue_tags_controller.rb

@@ -1,5 +1,5 @@
 class IssueTagsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, except: [:index]
   before_action :find_project_with_id
   before_action :set_project
   before_action :check_issue_permission, except: :index

app/controllers/issues_controller.rb

@@ -1,5 +1,5 @@
 class IssuesController < ApplicationController
-  before_action :require_login, except: [:index, :show]
+  before_action :require_login, except: [:index, :show, :index_chosen]
   before_action :find_project_with_id
   before_action :set_project_and_user
   before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue]
@@ -11,7 +11,7 @@ class IssuesController < ApplicationController
   include TagChosenHelper
 
   def index
-    @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user))
+    @user_admin_or_member = current_user.present? && current_user.logged? && (current_user.admin || @project.member?(current_user))
     issues = @project.issues.issue_issue.includes(:user,:tracker, :priority, :version, :issue_status, :journals, :issue_times)
     issues = issues.where(is_private: false) unless @user_admin_or_member
     @all_issues_size = issues.size
@@ -276,7 +276,7 @@ class IssuesController < ApplicationController
   end
 
   def show
-    @user_permission = current_user.present? && (!@issue.is_lock || @project.member?(current_user) || current_user.admin? || @issue.user == current_user)
+    @user_permission = current_user.present? && current_user.logged? && (!@issue.is_lock || @project.member?(current_user) || current_user.admin? || @issue.user == current_user)
     @issue_attachments = @issue.attachments
     @issue_user = @issue.user
     @issue_assign_to = @issue.get_assign_user

app/controllers/journals_controller.rb

@@ -1,5 +1,5 @@
 class JournalsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, except: :index
   before_action :set_issue
   before_action :check_issue_permission
   before_action :set_journal, only: [:destroy, :edit, :update]

app/controllers/pull_requests_controller.rb

@@ -1,5 +1,5 @@
 class PullRequestsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, except: [:index, :show]
   before_action :find_project_with_id
   before_action :set_repository
   before_action :find_pull_request, except: [:index, :new, :create, :check_can_merge]
@@ -243,7 +243,7 @@ class PullRequestsController < ApplicationController
   end
 
   def show
-    @user_permission = current_user.present? && (!@issue.is_lock || @project.member?(current_user) || current_user.admin? || @issue.user == current_user)
+    @user_permission = current_user.logged? && (!@issue.is_lock || @project.member?(current_user) || current_user.admin? || @issue.user == current_user)
     @issue_attachments = @issue.attachments
     @issue_user = @issue.user
     @issue_assign_to = @issue.get_assign_user

app/controllers/versions_controller.rb

@@ -1,5 +1,5 @@
 class VersionsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, except: [:index, :show]
   before_action :find_project_with_id
   before_action :check_issue_permission, except: [:show, :index]
   before_action :set_version, only: [:edit, :update, :destroy, :show,:update_status]

app/models/project.rb

@@ -100,7 +100,7 @@ class Project < ApplicationRecord
   end
 
   def self.list_user_projects(user_id)
-    user_not_show = Project.joins(:members).where("projects.is_public = ? and (projects.user_id != ? or members.user_id != ?)", false, user_id,user_id).pluck(:id).uniq
+    user_not_show = Project.joins(:members).where("projects.is_public = ? and projects.user_id != ? and members.user_id != ?", false, user_id,user_id).pluck(:id).uniq
     Project.where.not(id: user_not_show)
   end