diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index 27851e435..a38d9f9c8 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -630,7 +630,13 @@ class CoursesController < ApplicationController :with_subprojects => false, :author => @author) @activity.scope_select {|t| has["show_#{t}"]} - events = @activity.events(@date_from, @date_to) + # modify by nwb + # 添加私密性判断 + if User.current.member_of_course?(@course)|| User.current.admin? + events = @activity.events(@date_from, @date_to) + else + events = @activity.events(@date_from, @date_to, :is_public => 1) + end @offset, @limit = api_offset_and_limit({:limit => 10}) @events_count = events.count diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 464c4a2b8..89bd9dc92 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -23,6 +23,7 @@ class DocumentsController < ApplicationController before_filter :find_model_object, :except => [:index, :new, :create] before_filter :find_project_from_association, :except => [:index, :new, :create] before_filter :authorize , :except => [:index]#Added by young + before_filter :authorize_document helper :attachments @@ -100,4 +101,12 @@ class DocumentsController < ApplicationController end redirect_to document_path(@document) end + + # 权限判断 + # add by nwb + def authorize_document + if !(User.current.admin? || User.current.member_of?(@project) || @document.is_public==1) + render_403 :message => :notice_not_authorized + end + end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a840ee934..1d3f0ec42 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -697,8 +697,14 @@ class ProjectsController < ApplicationController @activity.scope_select {|t| !has["show_#{t}"].nil?} # logger.debug "=========================================#{@activity.scope}" # @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty? - #Added by young - events = @activity.events(@date_from, @date_to) + + # modify by nwb + # 添加私密性判断 + if User.current.member_of?(@project)|| User.current.admin? + events = @activity.events(@date_from, @date_to) + else + events = @activity.events(@date_from, @date_to, :is_public => 1) + end @offset, @limit = api_offset_and_limit({:limit => 10}) @events_count = events.count diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 0eb3e7666..b301ba73c 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -39,19 +39,22 @@ class Attachment < ActiveRecord::Base #课程资源文件 acts_as_activity_provider :type => 'course_files', + :is_public => 'attachments.is_public', :permission => :view_files, :author_key => :author_id, :find_options => {:select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Course.table_name} ON ( #{Attachment.table_name}.container_type='Course' AND #{Attachment.table_name}.container_id = #{Course.table_name}.id )"} acts_as_activity_provider :type => 'files', + :is_public => 'attachments.is_public', :permission => :view_files, :author_key => :author_id, - :find_options => {:select => "#{Attachment.table_name}.*", + :find_options => { :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " + "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"} acts_as_activity_provider :type => 'documents', + :is_public => 'documents.is_public', :permission => :view_documents, :author_key => :author_id, :find_options => {:select => "#{Attachment.table_name}.*", diff --git a/app/models/document.rb b/app/models/document.rb index 661949ca9..5cfce896b 100644 --- a/app/models/document.rb +++ b/app/models/document.rb @@ -30,7 +30,8 @@ class Document < ActiveRecord::Base acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"}, :author => Proc.new {|o| o.attachments.reorder("#{Attachment.table_name}.created_on ASC").first.try(:author) }, :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}} - acts_as_activity_provider :find_options => {:include => :project} + acts_as_activity_provider :find_options => {:include => :project}, + :is_public => 'documents.is_public' validates_presence_of :project, :title, :category validates_length_of :title, :maximum => 60 diff --git a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb index 3875d5c04..e671c3e22 100644 --- a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb +++ b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb @@ -29,7 +29,7 @@ module Redmine send :include, Redmine::Acts::ActivityProvider::InstanceMethods end - options.assert_valid_keys(:type, :permission, :timestamp, :author_key, :find_options, :func) + options.assert_valid_keys(:type, :permission, :timestamp, :author_key, :find_options, :func,:is_public) self.activity_provider_options ||= {} # One model can provide different event types @@ -65,6 +65,11 @@ module Redmine scope = scope.scoped(:conditions => ["#{provider_options[:author_key]} = ?", options[:author].id]) end + # add by nwb + if options[:is_public] && !provider_options[:is_public].nil? + scope = scope.scoped(:conditions => ["#{provider_options[:is_public]} = ?", options[:is_public]]) + end + if options[:limit] # id and creation time should be in same order in most cases scope = scope.scoped(:order => "#{table_name}.id DESC", :limit => options[:limit]) diff --git a/lib/redmine/activity/fetcher.rb b/lib/redmine/activity/fetcher.rb index b95ae2bc3..2caef48b8 100644 --- a/lib/redmine/activity/fetcher.rb +++ b/lib/redmine/activity/fetcher.rb @@ -82,6 +82,8 @@ module Redmine def events(from = nil, to = nil, options={}) e = [] @options[:limit] = options[:limit] + # modify by nwb + @options[:is_public] = options[:is_public] @scope.each do |event_type| constantized_providers(event_type).each do |provider|