| @@ -2,8 +2,9 @@ class IssuesController < ApplicationController | |||||
| before_action :require_login, except: [:index, :show, :index_chosen] | before_action :require_login, except: [:index, :show, :index_chosen] | ||||
| before_action :find_project_with_id | before_action :find_project_with_id | ||||
| before_action :set_project_and_user | before_action :set_project_and_user | ||||
| before_action :check_issue_permission | |||||
| before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue] | before_action :check_project_public, only: [:index ,:show, :copy, :index_chosen, :close_issue] | ||||
| before_action :check_issue_permission, except: [:index, :show, :index_chosen, :create] | |||||
| before_action :set_issue, only: [:edit, :update, :destroy, :show, :copy, :close_issue, :lock_issue] | before_action :set_issue, only: [:edit, :update, :destroy, :show, :copy, :close_issue, :lock_issue] | ||||
| before_action :get_branches, only: [:new, :edit] | before_action :get_branches, only: [:new, :edit] | ||||
| @@ -388,7 +389,7 @@ class IssuesController < ApplicationController | |||||
| end | end | ||||
| def check_issue_permission | def check_issue_permission | ||||
| unless @project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id) | |||||
| unless @project.is_private && (@project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id)) | |||||
| normal_status(-1, "您没有权限") | normal_status(-1, "您没有权限") | ||||
| end | end | ||||
| end | end | ||||
| @@ -42,7 +42,7 @@ class Issue < ApplicationRecord | |||||
| new_attachment_name = self.attachments.select(:filename,:id).where(id: issue_files).pluck(:filename).join(",") | new_attachment_name = self.attachments.select(:filename,:id).where(id: issue_files).pluck(:filename).join(",") | ||||
| journal.journal_details.create(property: "attachment", prop_key: "#{issue_files.size}", old_value: old_attachment_names, value: new_attachment_name) | journal.journal_details.create(property: "attachment", prop_key: "#{issue_files.size}", old_value: old_attachment_names, value: new_attachment_name) | ||||
| end | end | ||||
| change_values = %w(subject description is_private assigned_to_id tracker_id status_id priority_id fixed_version_id start_date due_date estimated_hours done_ratio issue_tags_value issue_type token branch_name) | |||||
| change_values = %w(subject is_private assigned_to_id tracker_id status_id priority_id fixed_version_id start_date due_date estimated_hours done_ratio issue_tags_value issue_type token branch_name) | |||||
| change_values.each do |at| | change_values.each do |at| | ||||
| if self.send("saved_change_to_#{at}?") | if self.send("saved_change_to_#{at}?") | ||||
| journal.journal_details.create(property: "attr", prop_key: "#{at}", old_value: self.send("#{at}_before_last_save"), value: self.send(at)) | journal.journal_details.create(property: "attr", prop_key: "#{at}", old_value: self.send("#{at}_before_last_save"), value: self.send(at)) | ||||