From ea82a52b7bc2dede2ff93a1a3680f6ed1a00a2f9 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 14:45:41 +0800 Subject: [PATCH 1/7] fix: version issues count --- app/controllers/versions_controller.rb | 27 ++++++++++++++++++++------ app/views/versions/index.json.jbuilder | 4 ++-- app/views/versions/show.json.jbuilder | 6 +++--- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index f5d09ed3..34ad6412 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -31,11 +31,7 @@ class VersionsController < ApplicationController # @close_issues_size = version_issues.where(status_id: 5).size # @open_issues_size = version_issues.size - @close_issues_size - if status_type.to_s == "1" #表示开启中的 - version_issues = version_issues.where.not(status_id: 5) - else - version_issues = version_issues.where(status_id: 5) - end + version_issues = version_issues.where(author_id: params[:author_id]) if params[:author_id].present? && params[:author_id].to_s != "all" version_issues = version_issues.where(assigned_to_id: params[:assigned_to_id]) if params[:assigned_to_id].present? && params[:assigned_to_id].to_s != "all" version_issues = version_issues.where(tracker_id: params[:tracker_id]) if params[:tracker_id].present? && params[:tracker_id].to_s != "all" @@ -47,10 +43,29 @@ class VersionsController < ApplicationController version_issues = version_issues.joins(:issue_tags).where(issue_tags: {id: params[:issue_tag_id].to_i}) if params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all" version_issues = version_issues.reorder("#{order_name} #{order_type}") + has_filter_params = (params[:author_id].present? && params[:author_id].to_s != "all") || + (params[:assigned_to_id].present? && params[:assigned_to_id].to_s != "all") || + (params[:tracker_id].present? && params[:tracker_id].to_s != "all") || + (params[:status_id].present? && params[:status_id].to_s != "all") || + (params[:priority_id].present? && params[:priority_id].to_s != "all") || + (params[:fixed_version_id].present? && params[:fixed_version_id].to_s != "all") || + (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || + (params[:issue_type].present? && params[:issue_type].to_s != "all") || + (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") + puts has_filter_params + @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size + @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size + puts @version_close_issues_size + puts @version_issues_size + if status_type.to_s == "1" #表示开启中的 + version_issues = version_issues.where.not(status_id: 5) + else + version_issues = version_issues.where(status_id: 5) + end @page = params[:page] || 1 @limit = params[:limit] || 15 - @version_issues_size = version_issues.size + # @version_issues_size = version_issues.size @version_issues = version_issues.page(@page).per(@limit) end diff --git a/app/views/versions/index.json.jbuilder b/app/views/versions/index.json.jbuilder index 044d4c5f..fbff16a3 100644 --- a/app/views/versions/index.json.jbuilder +++ b/app/views/versions/index.json.jbuilder @@ -7,8 +7,8 @@ json.versions do json.array! @versions.each.to_a do |version| json.extract! version, :id, :name, :description, :effective_date,:status,:percent - json.open_issues_count (version.issues_count - version.closed_issues_count) - json.close_issues_count version.closed_issues_count + json.open_issues_count (version.issues_count - version.issues.closed.size) + json.close_issues_count version.issues.closed.size json.created_at format_time(version.created_on) json.updated_at format_time(version.updated_on) json.user_name version.version_user.try(:show_real_name) diff --git a/app/views/versions/show.json.jbuilder b/app/views/versions/show.json.jbuilder index 23f4fbb9..fe8606b2 100644 --- a/app/views/versions/show.json.jbuilder +++ b/app/views/versions/show.json.jbuilder @@ -1,7 +1,7 @@ json.partial! "commons/success" -json.issues_count @version.issues_count -json.open_issues_count @version.issues_count - @version.closed_issues_count -json.close_issues_count @version.closed_issues_count +json.issues_count @version_issues_size +json.open_issues_count @version_issues_size - @version_close_issues_size +json.close_issues_count @version_close_issues_size json.limit @limit json.user_name @version.version_user.try(:show_real_name) json.user_login @version.version_user.try(:login) From 0af08bc9674d8ecd98d7174ccdd150e1a286cb1b Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 17:05:51 +0800 Subject: [PATCH 2/7] fix: projects load by project language slowly --- app/controllers/versions_controller.rb | 4 +--- app/models/project.rb | 3 +++ .../cache/platform_project_languages_count_service.rb | 4 ++-- ...0210621090005_add_project_language_index_to_projects.rb | 7 +++++++ 4 files changed, 13 insertions(+), 5 deletions(-) create mode 100644 db/migrate/20210621090005_add_project_language_index_to_projects.rb diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 34ad6412..5eb9ee27 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -52,16 +52,14 @@ class VersionsController < ApplicationController (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || (params[:issue_type].present? && params[:issue_type].to_s != "all") || (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") - puts has_filter_params @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size - puts @version_close_issues_size - puts @version_issues_size if status_type.to_s == "1" #表示开启中的 version_issues = version_issues.where.not(status_id: 5) else version_issues = version_issues.where(status_id: 5) end + puts cookies.to_json @page = params[:page] || 1 @limit = params[:limit] || 15 diff --git a/app/models/project.rb b/app/models/project.rb index eb8a0bbf..251b40de 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -64,8 +64,11 @@ # index_projects_on_invite_code (invite_code) # index_projects_on_is_public (is_public) # index_projects_on_lft (lft) +# index_projects_on_license_id (license_id) # index_projects_on_name (name) # index_projects_on_platform (platform) +# index_projects_on_project_category_id (project_category_id) +# index_projects_on_project_language_id (project_language_id) # index_projects_on_project_type (project_type) # index_projects_on_recommend (recommend) # index_projects_on_rgt (rgt) diff --git a/app/services/cache/platform_project_languages_count_service.rb b/app/services/cache/platform_project_languages_count_service.rb index 2b4f0fae..0c6ffab1 100644 --- a/app/services/cache/platform_project_languages_count_service.rb +++ b/app/services/cache/platform_project_languages_count_service.rb @@ -46,11 +46,11 @@ class Cache::PlatformProjectLanguagesCountService < ApplicationService def reset_platform_project_language_count_by_key return if key.nil? - $redis_cache.hset(platform_project_language_count_key, key, Project.joins(:project_language).where(project_languages: {name: key}).count) + $redis_cache.hset(platform_project_language_count_key, key, ProjectLanguage.where(name: key).projects_count) end def reset_platform_project_language_count - Project.joins(:project_language).group("project_languages.name").count.each do |k, v| + ProjectLanguage.where.not(projects_count: 0).group("project_languages.name").sum(:projects_count).each do |k, v| $redis_cache.hset(platform_project_language_count_key, k, v) end end diff --git a/db/migrate/20210621090005_add_project_language_index_to_projects.rb b/db/migrate/20210621090005_add_project_language_index_to_projects.rb new file mode 100644 index 00000000..d0959168 --- /dev/null +++ b/db/migrate/20210621090005_add_project_language_index_to_projects.rb @@ -0,0 +1,7 @@ +class AddProjectLanguageIndexToProjects < ActiveRecord::Migration[5.2] + def change + add_index :projects, :project_category_id + add_index :projects, :project_language_id + add_index :projects, :license_id + end +end From 2d37df1c00ee9cfb82f99100875e558ee88068d0 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 17:12:13 +0800 Subject: [PATCH 3/7] fix: set cache user nil --- app/jobs/reset_user_cache_job.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/jobs/reset_user_cache_job.rb b/app/jobs/reset_user_cache_job.rb index 3562475c..7b2c5c63 100644 --- a/app/jobs/reset_user_cache_job.rb +++ b/app/jobs/reset_user_cache_job.rb @@ -2,6 +2,7 @@ class ResetUserCacheJob < ApplicationJob queue_as :cache def perform(user) + return if user.nil? Cache::UserFollowCountService.new(user).reset Cache::UserIssueCountService.new(user).reset Cache::UserProjectCountService.new(user).reset From 526920f5648777d250a3ae7f975588decdf49817 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Mon, 21 Jun 2021 18:50:45 +0800 Subject: [PATCH 4/7] fix: version issues count except pull requests count --- app/controllers/issues_controller.rb | 2 +- app/controllers/versions_controller.rb | 7 +++---- app/views/versions/index.json.jbuilder | 4 ++-- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 4b073415..5fb45a0b 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -303,7 +303,7 @@ class IssuesController < ApplicationController if issue_ids.present? if update_hash.blank? normal_status(-1, "请选择批量更新内容") - elsif Issue.where(id: issue_ids).update_all(update_hash) + elsif Issue.where(id: issue_ids)&.update(update_hash) normal_status(0, "批量更新成功") else normal_status(-1, "批量更新失败") diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 5eb9ee27..58cd9e87 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -25,7 +25,7 @@ class VersionsController < ApplicationController end def show - version_issues = @version.issues.issue_includes + version_issues = @version.issues.issue_issue.issue_includes status_type = params[:status_type] || "1" # @close_issues_size = version_issues.where(status_id: 5).size @@ -52,14 +52,13 @@ class VersionsController < ApplicationController (params[:done_ratio].present? && params[:done_ratio].to_s != "all") || (params[:issue_type].present? && params[:issue_type].to_s != "all") || (params[:issue_tag_id].present? && params[:issue_tag_id].to_s != "all") - @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_includes.closed.size - @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_includes.size + @version_close_issues_size = has_filter_params ? version_issues.closed.size : @version.issues.issue_issue.issue_includes.closed.size + @version_issues_size = has_filter_params ? version_issues.size : @version.issues.issue_issue.issue_includes.size if status_type.to_s == "1" #表示开启中的 version_issues = version_issues.where.not(status_id: 5) else version_issues = version_issues.where(status_id: 5) end - puts cookies.to_json @page = params[:page] || 1 @limit = params[:limit] || 15 diff --git a/app/views/versions/index.json.jbuilder b/app/views/versions/index.json.jbuilder index fbff16a3..4c15d45e 100644 --- a/app/views/versions/index.json.jbuilder +++ b/app/views/versions/index.json.jbuilder @@ -7,8 +7,8 @@ json.versions do json.array! @versions.each.to_a do |version| json.extract! version, :id, :name, :description, :effective_date,:status,:percent - json.open_issues_count (version.issues_count - version.issues.closed.size) - json.close_issues_count version.issues.closed.size + json.open_issues_count (version.issues.issue_issue.size - version.issues.issue_issue.closed.size) + json.close_issues_count version.issues.issue_issue.closed.size json.created_at format_time(version.created_on) json.updated_at format_time(version.updated_on) json.user_name version.version_user.try(:show_real_name) From fff21a1bc8280d7e0620581c271815d47a9ff367 Mon Sep 17 00:00:00 2001 From: jasder Date: Tue, 22 Jun 2021 09:39:44 +0800 Subject: [PATCH 5/7] =?UTF-8?q?FIX=20=E5=A4=84=E7=90=86=E7=89=88=E6=9C=AC?= =?UTF-8?q?=E5=BA=93zip=E3=80=81gzip=E5=8C=85=E9=93=BE=E6=8E=A5=E4=B8=BA?= =?UTF-8?q?=E6=97=A0=E6=95=88=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/projects_controller.rb | 2 +- app/controllers/repositories_controller.rb | 19 +++++++-- app/helpers/projects_helper.rb | 8 ++-- .../gitea/repository/archive_service.rb | 40 +++++++++++++++++++ app/views/projects/branches.json.jbuilder | 4 +- app/views/repositories/entries.json.jbuilder | 5 ++- config/routes.rb | 2 +- 7 files changed, 67 insertions(+), 13 deletions(-) create mode 100644 app/services/gitea/repository/archive_service.rb diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 3e40619c..c9e1a3a1 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -5,7 +5,7 @@ class ProjectsController < ApplicationController include Acceleratorable before_action :require_login, except: %i[index branches group_type_list simple show fork_users praise_users watch_users recommend about menu_list] - before_action :load_project, except: %i[index group_type_list migrate create recommend] + before_action :load_repository, except: %i[index group_type_list migrate create recommend] before_action :authorizate_user_can_edit_project!, only: %i[update] before_action :project_public?, only: %i[fork_users praise_users watch_users] diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 93ba02a9..062a8f04 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -5,9 +5,9 @@ class RepositoriesController < ApplicationController before_action :require_login, only: %i[edit update create_file update_file delete_file sync_mirror] before_action :load_repository - before_action :authorizate!, except: [:sync_mirror, :tags, :commit] + before_action :authorizate!, except: [:sync_mirror, :tags, :commit, :archive] before_action :authorizate_user_can_edit_repo!, only: %i[sync_mirror] - before_action :get_ref, only: %i[entries sub_entries top_counts file] + before_action :get_ref, only: %i[entries sub_entries top_counts file archive] before_action :get_latest_commit, only: %i[entries sub_entries top_counts] before_action :get_statistics, only: %i[top_counts] @@ -192,6 +192,19 @@ class RepositoriesController < ApplicationController render json: languages_precentagable end + def archive + domain = Gitea.gitea_config[:domain] + api_url = Gitea.gitea_config[:base_url] + archive_url = "/repos/#{@owner.login}/#{@repository.identifier}/archive/#{params[:archive]}" + + file_path = [domain, api_url, archive_url].join + file_path = [file_path, "access_token=#{current_user&.gitea_token}"].join("?") if @repository.hidden? + + return render_not_found if !request.format.zip? && !request.format.gzip? + + redirect_to file_path + end + private def find_project @@ -266,7 +279,7 @@ class RepositoriesController < ApplicationController # uploadPushInfo end - + def create_new_pr(params) if params[:new_branch].present? && params[:new_branch] != params[:branch] local_params = { diff --git a/app/helpers/projects_helper.rb b/app/helpers/projects_helper.rb index 226096c2..12a0097b 100644 --- a/app/helpers/projects_helper.rb +++ b/app/helpers/projects_helper.rb @@ -13,12 +13,12 @@ module ProjectsHelper end end - def render_zip_url(project, archive_name) - [gitea_domain, project.owner.login, project.identifier, "archive", "#{archive_name}.zip"].join('/') + def render_zip_url(owner, repository, archive) + [base_url, archive_repositories_path(owner&.login, repository, "#{archive}.zip")].join end - def render_tar_url(project, archive_name) - [gitea_domain, project.owner.login, project.identifier, "archive", "#{archive_name}.tar.gz"].join('/') + def render_tar_url(owner, repository, archive) + [base_url, archive_repositories_path(owner&.login, repository, "#{archive}.tar.gz")].join end def render_http_url(project) diff --git a/app/services/gitea/repository/archive_service.rb b/app/services/gitea/repository/archive_service.rb new file mode 100644 index 00000000..1b5e1e2a --- /dev/null +++ b/app/services/gitea/repository/archive_service.rb @@ -0,0 +1,40 @@ +class Gitea::Repository::ArchiveService < Gitea::ClientService + attr_reader :owner, :repo, :archive, :token + + def initialize(owner, repo, archive, token=nil) + @owner = owner + @repo = repo + @archive = archive + @token = token + end + + def call + response = get(url, params) + response_payload(response) + end + + private + def params + Hash.new.merge(token: token) + end + + def url + "/repos/#{owner}/#{repo}/archive/#{archive}".freeze + end + + def response_payload(response) + status = response.status + body = response&.body + + log_error(status, body) + status_payload(status, body) + end + + def status_payload(status, body) + case status + when 200 then success + when 404 then error("你操作的链接不存在!") + else error("系统错误!") + end + end +end diff --git a/app/views/projects/branches.json.jbuilder b/app/views/projects/branches.json.jbuilder index d6f45137..dd722c9d 100644 --- a/app/views/projects/branches.json.jbuilder +++ b/app/views/projects/branches.json.jbuilder @@ -4,8 +4,8 @@ json.array! @branches do |branch| json.user_can_merge branch['user_can_merge'] json.protected branch['protected'] json.http_url render_http_url(@project) - json.zip_url render_zip_url(@project, branch['name']) - json.tar_url render_tar_url(@project, branch['name']) + json.zip_url render_zip_url(@owner, @repository, branch['name']) + json.tar_url render_tar_url(@owner, @repository, branch['name']) json.last_commit do json.sha branch['commit']['id'] json.message branch['commit']['message'] diff --git a/app/views/repositories/entries.json.jbuilder b/app/views/repositories/entries.json.jbuilder index a12c088b..8c028e6a 100644 --- a/app/views/repositories/entries.json.jbuilder +++ b/app/views/repositories/entries.json.jbuilder @@ -42,8 +42,9 @@ if @project.forge? #json.tags_count @tags_count #json.branches_count @branches_count json.commits_count @commits_count - json.zip_url render_zip_url(@project, @ref) - json.tar_url render_tar_url(@project, @ref) + # json.zip_url archive_repositories_path(@owner&.login, @repository, @ref) + json.zip_url render_zip_url(@owner, @repository, @ref) + json.tar_url render_tar_url(@owner, @repository, @ref) json.entries do json.array! @entries do |entry| json.name entry['name'] diff --git a/config/routes.rb b/config/routes.rb index 5a883fcb..de2206fd 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -416,7 +416,6 @@ Rails.application.routes.draw do member do get :files get :detail - get :archive get :entries match :sub_entries, :via => [:get, :put] get :commits @@ -431,6 +430,7 @@ Rails.application.routes.draw do get 'commits/:sha', to: 'repositories#commit', as: 'commit' get 'readme' get 'languages' + get 'archive/:archive', to: 'repositories#archive', as: "archive", constraints: { archive: /.+/, format: /(zip|gzip)/ } end end From 0bfed83bc0cb08776c75b7bfe496cd329b03ace5 Mon Sep 17 00:00:00 2001 From: jasder Date: Tue, 22 Jun 2021 15:05:10 +0800 Subject: [PATCH 6/7] =?UTF-8?q?FIX=20=E8=A7=A3=E5=86=B3=E8=8E=B7=E5=8F=96?= =?UTF-8?q?=E5=B9=B3=E5=8F=B0base=20url=E5=AF=BC=E8=87=B4=E7=9A=84https?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 2 +- config/configuration.yml.example | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 8b98a920..7ef5879a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -771,7 +771,7 @@ class ApplicationController < ActionController::Base end def base_url - request.base_url + Rails.application.config_for(:configuration)['platform_url'] || request.base_url end def convert_image! diff --git a/config/configuration.yml.example b/config/configuration.yml.example index b45c9532..c8fe96ca 100644 --- a/config/configuration.yml.example +++ b/config/configuration.yml.example @@ -1,6 +1,7 @@ default: &default # 用户登入的时候设置/登出的时候清空 autologin_cookie_name: 'autologin_trustie' + platform_url: 'http://localhost:3000' #附件上传路径 From 4126ea7b4e3806b9789070204d5908d22ca79632 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Tue, 22 Jun 2021 15:54:42 +0800 Subject: [PATCH 7/7] fix: some bug from security --- app/controllers/issues_controller.rb | 5 +++++ app/models/concerns/project_operable.rb | 2 +- app/services/projects/create_service.rb | 5 +++++ app/services/projects/migrate_service.rb | 5 +++++ config/initializers/session_store.rb | 2 +- 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index 5fb45a0b..9780d472 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -3,6 +3,7 @@ class IssuesController < ApplicationController before_action :load_project before_action :set_user before_action :check_issue_permission + before_action :operate_issue_permission, only:[:create, :update, :destroy, :clean, :series_update] before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue] before_action :set_issue, only: [:edit, :update, :destroy, :show, :copy, :close_issue, :lock_issue] @@ -412,6 +413,10 @@ class IssuesController < ApplicationController end end + def operate_issue_permission + return render_forbidden("您没有权限进行此操作.") unless current_user.admin? || @project.member?(current_user) + end + def export_issues(issues) @table_columns = %w(ID 类型 标题 描述 状态 指派给 优先级 标签 发布人 创建时间 里程碑 开始时间 截止时间 完成度 分类 金额 属于) @export_issues = [] diff --git a/app/models/concerns/project_operable.rb b/app/models/concerns/project_operable.rb index 79d099a2..a228a702 100644 --- a/app/models/concerns/project_operable.rb +++ b/app/models/concerns/project_operable.rb @@ -94,7 +94,7 @@ module ProjectOperable end def operator?(user) - user.admin? || !reporter?(user) + user.admin? || (member?(user.id) && !reporter?(user)) end def set_developer_role(member, role_name) diff --git a/app/services/projects/create_service.rb b/app/services/projects/create_service.rb index f014b8d7..e7e4924a 100644 --- a/app/services/projects/create_service.rb +++ b/app/services/projects/create_service.rb @@ -8,6 +8,7 @@ class Projects::CreateService < ApplicationService def call Rails.logger.info("#############__________project_params______###########{project_params}") + raise Error, "user_id不正确." unless authroize_user_id_success @project = Project.new(project_params) ActiveRecord::Base.transaction do @@ -27,6 +28,10 @@ class Projects::CreateService < ApplicationService private + def authroize_user_id_success + (user.id == params[:user_id].to_i) || (user.organizations.find_by_id(params[:user_id]).present?) + end + def project_params { name: params[:name], diff --git a/app/services/projects/migrate_service.rb b/app/services/projects/migrate_service.rb index 7df08f9e..68ed9f64 100644 --- a/app/services/projects/migrate_service.rb +++ b/app/services/projects/migrate_service.rb @@ -8,6 +8,8 @@ class Projects::MigrateService < ApplicationService end def call + raise Error, "user_id不正确." unless authroize_user_id_success + @project = Project.new(project_params) if @project.save! ProjectUnit.init_types(@project.id, project.project_type) @@ -24,6 +26,9 @@ class Projects::MigrateService < ApplicationService end private + def authroize_user_id_success + (user.id == params[:user_id].to_i) || (user.organizations.find_by_id(params[:user_id]).present?) + end def project_params { diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index def30285..12faf10f 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -4,5 +4,5 @@ # Rails.application.config.session_store :active_record_store # Be sure to restart your server when you modify this file. -Rails.application.config.session_store :cache_store, :expire_after => 24.hours, :httponly => false, :secure => false, key: '_educoder_session', domain: :all +Rails.application.config.session_store :cache_store, :expire_after => 24.hours, :httponly => true, :secure => false, key: '_educoder_session', domain: :all