floraachy/gitlink-forgeplus
1
0
Fork 0
mirror of https://gitlink.org.cn/Gitlink/forgeplus.git synced 2026-05-17 18:25:56 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

新增:操作权限

Browse Source
This commit is contained in:
yystopf
2023-02-20 16:47:19 +08:00
parent 656d5b69b6
commit cb3bb23e79
7 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
app/controllers/api/v1/issues_controller.rb
View File

@@ -1,6 +1,8 @@
class Api::V1::IssuesController < Api::V1::BaseController
before_action :require_public_and_member_above, only: [:index, :show, :create, :update, :destroy, :batch_update, :batch_destroy]
before_action :require_public_and_member_above, only: [:index, :show, :create, :update, :destroy]
before_action :require_operate_above, only: [:batch_update, :batch_destroy]
before_action :check_issue_operate_permission, only: [:update, :destroy]
def index
@object_results = Api::V1::Issues::ListService.call(@project, query_params, current_user)
@@ -17,6 +19,7 @@ class Api::V1::IssuesController < Api::V1::BaseController
before_action :load_issue, only: [:show, :update, :destroy]
def show
@user_permission = current_user.present? && current_user.logged? && (@project.member?(current_user) || current_user.admin? || @issue.user == current_user)
end
def update
@@ -58,8 +61,6 @@ class Api::V1::IssuesController < Api::V1::BaseController
@issue = @project.issues.where(project_issues_index: params[:id]).where.not(id: params[:id]).take || Issue.find_by_id(params[:id])
if @issue.blank?
render_not_found("疑修不存在!")
elsif @issue.present? && @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?)
render_forbidden("您没有权限操作!")
end
end
@@ -69,13 +70,14 @@ class Api::V1::IssuesController < Api::V1::BaseController
@issue = Issue.find_by_id(id)
if @issue.blank?
return render_not_found("ID为#{id}的疑修不存在!")
elsif @issue.present? && @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?)
return render_forbidden("ID为#{id}的疑修您没有权限操作!")
end
end
@issues = Issue.where(id: params[:ids])
end
def check_issue_operate_permission
return render_forbidden("您没有操作权限!") unless current_user.present? && current_user.logged? && (@project.member?(current_user) || current_user.admin? || @issue.user == current_user)
end
private