修改工单权限

app/controllers/issues_controller.rb

@@ -2,8 +2,9 @@ class IssuesController < ApplicationController
   before_action :require_login, except: [:index, :show, :index_chosen]
   before_action :find_project_with_id
   before_action :set_project_and_user
+  before_action :check_issue_permission
   before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue]
-  before_action :check_issue_permission, except: [:index, :show, :index_chosen, :create]
+
   before_action :set_issue, only: [:edit, :update, :destroy, :show, :copy, :close_issue, :lock_issue]
   before_action :get_branches, only: [:new, :edit]
 
@@ -388,7 +389,7 @@ class IssuesController < ApplicationController
   end
 
   def check_issue_permission
-    unless @project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id)
+    unless @project.is_private && (@project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id))
       normal_status(-1, "您没有权限")
     end
   end

app/models/issue.rb

@@ -42,7 +42,7 @@ class Issue < ApplicationRecord
         new_attachment_name = self.attachments.select(:filename,:id).where(id: issue_files).pluck(:filename).join(",")
         journal.journal_details.create(property: "attachment", prop_key: "#{issue_files.size}", old_value: old_attachment_names, value: new_attachment_name)
       end
-      change_values = %w(subject description is_private assigned_to_id tracker_id status_id priority_id fixed_version_id start_date due_date estimated_hours done_ratio issue_tags_value issue_type token branch_name)
+      change_values = %w(subject is_private assigned_to_id tracker_id status_id priority_id fixed_version_id start_date due_date estimated_hours done_ratio issue_tags_value issue_type token branch_name)
       change_values.each do |at|
         if self.send("saved_change_to_#{at}?")
           journal.journal_details.create(property: "attr", prop_key: "#{at}", old_value: self.send("#{at}_before_last_save"), value: self.send(at))