添加贴吧资源下载权限控制

This commit is contained in:
z9hang 2014-09-28 11:31:12 +08:00
parent 79f3c8efb3
commit 045a09e2ed
5 changed files with 44 additions and 16 deletions

View File

@ -254,6 +254,28 @@ class ApplicationController < ActionController::Base
end end
end end
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
if @attachment.container_type == "Memo"
allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
elsif @attachment.container_type == "Project"
elsif @attachment.container_type == "course"
elsif @attachment.container_type == "contest"
end
if allowed
true
else
if @project && @project.archived?
render_403 :message => :notice_not_authorized_archived_project
else
deny_access
end
end
end
def authorize_course(ctrl = params[:controller], action = params[:action], global = false) def authorize_course(ctrl = params[:controller], action = params[:action], global = false)
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @course, :global => global) allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @course, :global => global)
if allowed if allowed

View File

@ -21,7 +21,7 @@ class AttachmentsController < ApplicationController
before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young
before_filter :delete_authorize, :only => :destroy before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload before_filter :authorize_global, :only => :upload
before_filter :authorize_attachment_download, :only => :download
before_filter :login_without_softapplication, only: [:download] before_filter :login_without_softapplication, only: [:download]
accept_api_auth :show, :download, :upload accept_api_auth :show, :download, :upload
require 'iconv' require 'iconv'

View File

@ -492,7 +492,10 @@ zh:
permission_select_contest_modules: 选择竞赛模块 permission_select_contest_modules: 选择竞赛模块
permission_manage_contestnotifications: 管理竞赛通知 permission_manage_contestnotifications: 管理竞赛通知
permission_notificationcomment_contestnotifications: 添加竞赛通知评论 permission_notificationcomment_contestnotifications: 添加竞赛通知评论
permission_memos_attachments_download: 下载贴吧附件
permission_projects_attachments_download: 项目附件下载
permission_course_attachments_download: 课程附件下载
permission_contest_attachments_download: 竞赛附件下载
project_module_issue_tracking: 问题跟踪 project_module_issue_tracking: 问题跟踪
project_module_time_tracking: 时间跟踪 project_module_time_tracking: 时间跟踪

View File

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20140922032830) do ActiveRecord::Schema.define(:version => 20140916005319) do
create_table "activities", :force => true do |t| create_table "activities", :force => true do |t|
t.integer "act_id", :null => false t.integer "act_id", :null => false
@ -437,9 +437,9 @@ ActiveRecord::Schema.define(:version => 20140922032830) do
t.string "web_title" t.string "web_title"
t.string "title" t.string "title"
t.text "description" t.text "description"
t.string "page_type"
t.datetime "created_at", :null => false t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false t.datetime "updated_at", :null => false
t.string "page_type"
t.integer "sort_type" t.integer "sort_type"
t.integer "image_width", :default => 107 t.integer "image_width", :default => 107
t.integer "image_height", :default => 63 t.integer "image_height", :default => 63
@ -879,7 +879,7 @@ ActiveRecord::Schema.define(:version => 20140922032830) do
t.integer "osp_id" t.integer "osp_id"
t.integer "parent_id" t.integer "parent_id"
t.string "subject", :null => false t.string "subject", :null => false
t.text "content", :limit => 16777215, :null => false t.text "content", :null => false
t.integer "author_id" t.integer "author_id"
t.integer "replies_count", :default => 0 t.integer "replies_count", :default => 0
t.integer "last_reply_id" t.integer "last_reply_id"

View File

@ -113,7 +113,10 @@ Redmine::AccessControl.map do |map|
map.permission :close_course, {:courses => [:close, :reopen]}, :require => :member, :read => true ,:belong_to_course => true map.permission :close_course, {:courses => [:close, :reopen]}, :require => :member, :read => true ,:belong_to_course => true
map.permission :select_course_modules, {:courses => :modules}, :require => :member ,:belong_to_course => true map.permission :select_course_modules, {:courses => :modules}, :require => :member ,:belong_to_course => true
map.permission :view_course_journals_for_messages, {:courses => :feedback}, :require => :member,:read => true ,:belong_to_course => true map.permission :view_course_journals_for_messages, {:courses => :feedback}, :require => :member,:read => true ,:belong_to_course => true
map.permission :memos_attachments_download,{:attachments => :download}
map.permission :projects_attachments_download,{:attachments => :download},:belong_to_project => true
map.permission :course_attachments_download,{:attachments => :download},:belong_to_course => true
map.permission :contest_attachments_download,{:attachments => :download},:belong_to_contest => true
#与项目一致,注释掉 #与项目一致,注释掉
#map.course_module :files do |map| #map.course_module :files do |map|
# map.permission :manage_files, {:files => [:new, :create]}, :require => :loggedin # map.permission :manage_files, {:files => [:new, :create]}, :require => :loggedin
@ -125,7 +128,7 @@ Redmine::AccessControl.map do |map|
# map.permission :view_course_news, {:news => [:index, :show]}, :public => true, :read => true # map.permission :view_course_news, {:news => [:index, :show]}, :public => true, :read => true
# map.permission :comment_news, {:comments => :create} # map.permission :comment_news, {:comments => :create}
# end # end
#作业模块权限
map.course_module :bids do |map| map.course_module :bids do |map|
map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true,:belong_to_course => true map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true,:belong_to_course => true
map.permission :paret_in_homework,{},:require => :member ,:belong_to_course => true map.permission :paret_in_homework,{},:require => :member ,:belong_to_course => true