|
|
|
@@ -213,20 +213,17 @@ class AttachmentsController < ApplicationController |
|
|
|
def attachment_candown |
|
|
|
unless current_user.admin? || current_user.business? |
|
|
|
candown = true |
|
|
|
unless params[:type] == 'history' |
|
|
|
if @file.container && current_user.logged? |
|
|
|
if @file.container.is_a?(Issue) |
|
|
|
course = @file.container.project |
|
|
|
candown = course.member?(current_user) || course.is_public |
|
|
|
elsif @file.container.is_a?(Journal) |
|
|
|
course = @file.container.issue.project |
|
|
|
candown = course.member?(current_user) || course.is_public |
|
|
|
else |
|
|
|
course = nil |
|
|
|
end |
|
|
|
tip_exception(403, "您没有权限进入") if course.present? && !candown |
|
|
|
tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication) |
|
|
|
if @file.container |
|
|
|
if @file.container.is_a?(Issue) |
|
|
|
project = @file.container.project |
|
|
|
candown = project.is_public || (current_user.logged? && project.member?(current_user)) |
|
|
|
elsif @file.container.is_a?(Journal) |
|
|
|
project = @file.container.issue.project |
|
|
|
candown = project.is_public || (current_user.logged? && project.member?(current_user)) |
|
|
|
else |
|
|
|
project = nil |
|
|
|
end |
|
|
|
tip_exception(403, "您没有权限进入") if project.present? && !candown |
|
|
|
end |
|
|
|
end |
|
|
|
end |
|
|
|
|
“xxq250”
3 years ago