| @@ -213,20 +213,17 @@ class AttachmentsController < ApplicationController | |||||
| def attachment_candown | def attachment_candown | ||||
| unless current_user.admin? || current_user.business? | unless current_user.admin? || current_user.business? | ||||
| candown = true | candown = true | ||||
| unless params[:type] == 'history' | |||||
| if @file.container && current_user.logged? | |||||
| if @file.container.is_a?(Issue) | |||||
| course = @file.container.project | |||||
| candown = course.member?(current_user) || course.is_public | |||||
| elsif @file.container.is_a?(Journal) | |||||
| course = @file.container.issue.project | |||||
| candown = course.member?(current_user) || course.is_public | |||||
| else | |||||
| course = nil | |||||
| end | |||||
| tip_exception(403, "您没有权限进入") if course.present? && !candown | |||||
| tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication) | |||||
| if @file.container | |||||
| if @file.container.is_a?(Issue) | |||||
| project = @file.container.project | |||||
| candown = project.is_public || (current_user.logged? && project.member?(current_user)) | |||||
| elsif @file.container.is_a?(Journal) | |||||
| project = @file.container.issue.project | |||||
| candown = project.is_public || (current_user.logged? && project.member?(current_user)) | |||||
| else | |||||
| project = nil | |||||
| end | end | ||||
| tip_exception(403, "您没有权限进入") if project.present? && !candown | |||||
| end | end | ||||
| end | end | ||||
| end | end | ||||