fixed issue和评论里的附件解析关联，增强附件访问权限控制,切换到 项目保护

app/controllers/attachments_controller.rb

@@ -224,6 +224,9 @@ class AttachmentsController < ApplicationController
         elsif @file.container.is_a?(Journal)
           project = @file.container.issue.project
           candown = project.is_public || (current_user.logged? && project.member?(current_user))
+        elsif @file.container.is_a?(Project)
+          project = @file.container
+          candown = project.is_public || (current_user.logged? && project.member?(current_user))
         else
           project = nil
         end

app/models/issue.rb

@@ -230,7 +230,7 @@ class Issue < ApplicationRecord
     att_ids += self.description.to_s.scan(/\/api\/attachments\/.+\"/).map{|s|s.match(/\d+/)[0]}
     att_ids += self.description.to_s.scan(/\/api\/attachments\/\d+/).map{|s|s.match(/\d+/)[0]}
     if att_ids.present?
-      Attachment.where(id: att_ids).where(container_type: nil).update_all(container_id: self.id, container_type: self.class.name)
+      Attachment.where(id: att_ids).where("container_type IS NULL OR container_type = 'Issue'").update_all(container_id: self.project_id, container_type: "Project")
     end
   end
 

app/models/journal.rb

@@ -67,7 +67,7 @@ class Journal < ApplicationRecord
     att_ids += self.notes.to_s.scan(/\/api\/attachments\/.+\"/).map{|s|s.match(/\d+/)[0]}
     att_ids += self.notes.to_s.scan(/\/api\/attachments\/\d+/).map{|s|s.match(/\d+/)[0]}
     if att_ids.present?
-      Attachment.where(id: att_ids).where(container_type: nil).update_all(container_id: self.id, container_type: self.class.name)
+      Attachment.where(id: att_ids).where("container_type IS NULL OR container_type = 'Journal'").update_all(container_id: self.issue.project_id, container_type: "Project")
     end
   end