diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index d6ee5a56a..a3b5fe923 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -12,6 +12,7 @@ class IssuesController < ApplicationController include TagChosenHelper def index + return render_not_found unless @project.has_menu_permission("issues") @user_admin_or_member = current_user.present? && current_user.logged? && (current_user.admin || @project.member?(current_user)) issues = @project.issues.issue_issue.issue_index_includes issues = issues.where(is_private: false) unless @user_admin_or_member diff --git a/app/controllers/pull_requests_controller.rb b/app/controllers/pull_requests_controller.rb index df3e484f6..126639015 100644 --- a/app/controllers/pull_requests_controller.rb +++ b/app/controllers/pull_requests_controller.rb @@ -8,6 +8,7 @@ class PullRequestsController < ApplicationController def index + return render_not_found unless @project.has_menu_permission("pulls") # @issues = Gitea::PullRequest::ListService.new(@user,@repository.try(:identifier)).call #通过gitea获取 issues = @project.issues.issue_pull_request.issue_index_includes.includes(pull_request: :user) issues = issues.where(is_private: false) unless current_user.present? && (current_user.admin? || @project.member?(current_user)) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index cd07803d6..b66a53736 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -18,6 +18,7 @@ class RepositoriesController < ApplicationController # 新版项目详情 def detail + return render_not_found unless @project.has_menu_permission("code") @user = current_user @result = Repositories::DetailService.call(@owner, @repository, @user) @project_fork_id = @project.try(:forked_from_project_id) diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 5ec769e94..02700fdf5 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -5,6 +5,7 @@ class VersionsController < ApplicationController before_action :set_version, only: [:edit, :update, :destroy, :show,:update_status] def index + return render_not_found unless @project.has_menu_permission("versions") @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user)) order_name = params[:order_name] || "created_on" order_type = params[:order_type] || "desc"