fixed 解决安全问题访问附件，id改为uuid,id查询修改

app/models/attachment.rb

@@ -69,7 +69,7 @@ class Attachment < ApplicationRecord
   scope :simple_columns,                -> { select(:id, :filename, :filesize, :created_on, :cloud_url, :author_id, :content_type, :container_type, :container_id) }
   scope :search_by_container,           -> (ids) {where(container_id: ids)}
   scope :unified_setting, -> {where("unified_setting = ? ", 1)}
-  scope :where_id_or_uuid, -> (id) { where("id = ? or uuid= ? ", id, id) }
+  scope :where_id_or_uuid, -> (id) { (Float(id) rescue nil).present? ? where(id: id) : where(uuid: id) }
 
   validates_length_of :description, maximum: 100, message: "不能超过100个字符"
 

app/models/identity_verification.rb

@@ -24,7 +24,7 @@ class IdentityVerification < ApplicationRecord
     belongs_to :user
     enum state: { "待审核": 0, "已通过": 1, "已拒绝": 2}
     after_create do
-        Attachment.where(id:[card_front,card_back,hold_card_front,hold_card_back]).update_all(is_public:0)
+        Attachment.where(uuid:[card_front,card_back,hold_card_front,hold_card_back]).update_all(is_public:0)
     end
     
     after_save do

app/services/api/v1/issues/concerns/checkable.rb

@@ -31,7 +31,7 @@ module Api::V1::Issues::Concerns::Checkable
   def check_attachments (attachment_ids)
     raise ApplicationService::Error, "请输入正确的附件ID数组！" unless attachment_ids.is_a?(Array)
     attachment_ids.each do |aid|
-      raise ApplicationService::Error, "请输入正确的附件ID！" unless Attachment.where("id=? or uuid=?", aid, aid).exists?
+      raise ApplicationService::Error, "请输入正确的附件ID！" unless Attachment.where_id_or_uuid(aid).exists?
     end
   end