From 468c5a3c416c78350da179a0a314834a6dd7a535 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=91=B1=E5=91=B1=E5=91=B1?= Date: Thu, 2 Nov 2023 11:38:52 +0800 Subject: [PATCH 1/2] =?UTF-8?q?add=20pm=20issue=20=E7=9A=84=20pm=5Fproject?= =?UTF-8?q?=5Fid=20=E5=88=A4=E5=AE=9A?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/api/pm/base_controller.rb | 1 + app/controllers/api/pm/issues_controller.rb | 10 ++-------- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/app/controllers/api/pm/base_controller.rb b/app/controllers/api/pm/base_controller.rb index 3fcc1cfb7..a78d29b38 100644 --- a/app/controllers/api/pm/base_controller.rb +++ b/app/controllers/api/pm/base_controller.rb @@ -30,6 +30,7 @@ class Api::Pm::BaseController < ApplicationController end def load_issue + return render_parameter_missing if params[:pm_project_id].blank? @issue = @project.issues.issue_issue.where(pm_project_id: params[:pm_project_id]).find_by_id(params[:id]) render_not_found('疑修不存在!') if @issue.blank? end diff --git a/app/controllers/api/pm/issues_controller.rb b/app/controllers/api/pm/issues_controller.rb index 4b76783d2..45bc29e3c 100644 --- a/app/controllers/api/pm/issues_controller.rb +++ b/app/controllers/api/pm/issues_controller.rb @@ -2,8 +2,8 @@ class Api::Pm::IssuesController < Api::Pm::BaseController before_action :require_login, except: [:index] before_action :load_project before_action :load_issue, only: %i[show update destroy] - before_action :load_issues, only: [:batch_update, :batch_destroy] - before_action :check_issue_operate_permission, only: [:update, :destroy] + before_action :load_issues, only: %i[batch_update batch_destroy] + before_action :check_issue_operate_permission, only: %i[update destroy] def index @object_result = Api::V1::Issues::ListService.call(@project, query_params, current_user) @@ -94,12 +94,6 @@ class Api::Pm::IssuesController < Api::Pm::BaseController return if params[:project_id].zero? render_forbidden('您没有操作权限!') unless @project.member?(current_user) || current_user.admin? || @issue.user == current_user end - - def load_issue - @issue = @project.issues.issue_issue.where(pm_project_id: params[:pm_project_id]).find_by_id(params[:id]) - render_not_found('疑修不存在!') if @issue.blank? - end - def load_issues return render_error('请输入正确的ID数组!') unless params[:ids].is_a?(Array) params[:ids].each do |id| From dd30341f6ecf516c0402d99b6bca46886ad97eb4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=91=B1=E5=91=B1=E5=91=B1?= Date: Thu, 2 Nov 2023 14:41:33 +0800 Subject: [PATCH 2/2] fix bug --- app/controllers/api/pm/issues_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/api/pm/issues_controller.rb b/app/controllers/api/pm/issues_controller.rb index 45bc29e3c..788951413 100644 --- a/app/controllers/api/pm/issues_controller.rb +++ b/app/controllers/api/pm/issues_controller.rb @@ -91,7 +91,7 @@ class Api::Pm::IssuesController < Api::Pm::BaseController private def check_issue_operate_permission - return if params[:project_id].zero? + return if params[:project_id].to_i.zero? render_forbidden('您没有操作权限!') unless @project.member?(current_user) || current_user.admin? || @issue.user == current_user end def load_issues