1、课程讨论区,项目讨论区资源下载权限控制添加。2、课程讨论区、项目讨论区附件公开私有设置无效问题,原因代码中未处理讨论附件情况,解决添加判断并处理
This commit is contained in:
parent
a6efe10984
commit
0633d5661e
|
@ -257,10 +257,10 @@ class ApplicationController < ActionController::Base
|
||||||
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
|
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
|
||||||
if @attachment.container_type == "Memo"
|
if @attachment.container_type == "Memo"
|
||||||
allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
|
allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
|
||||||
elsif @attachment.container_type == "Project"
|
elsif @attachment.container_type == "Message" && !@project.nil?
|
||||||
return true
|
allowed = User.current.allowed_to?(:projects_attachments_download,@project,:global => false)
|
||||||
elsif @attachment.container_type == "course"
|
elsif @attachment.container_type == "Message" && !@course.nil?
|
||||||
return true
|
allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false)
|
||||||
elsif @attachment.container_type == "contest"
|
elsif @attachment.container_type == "contest"
|
||||||
return true
|
return true
|
||||||
else
|
else
|
||||||
|
|
|
@ -22,7 +22,7 @@ class AttachmentsController < ApplicationController
|
||||||
before_filter :delete_authorize, :only => :destroy
|
before_filter :delete_authorize, :only => :destroy
|
||||||
before_filter :authorize_global, :only => :upload
|
before_filter :authorize_global, :only => :upload
|
||||||
before_filter :authorize_attachment_download, :only => :download
|
before_filter :authorize_attachment_download, :only => :download
|
||||||
before_filter :login_without_softapplication, only: [:download]
|
#before_filter :login_without_softapplication, only: [:download]
|
||||||
accept_api_auth :show, :download, :upload
|
accept_api_auth :show, :download, :upload
|
||||||
require 'iconv'
|
require 'iconv'
|
||||||
|
|
||||||
|
@ -68,12 +68,20 @@ class AttachmentsController < ApplicationController
|
||||||
elsif @attachment.container.is_a?(Project)
|
elsif @attachment.container.is_a?(Project)
|
||||||
project = @attachment.container
|
project = @attachment.container
|
||||||
candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
|
candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
|
||||||
|
elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
|
||||||
|
@attachment.container.board.project
|
||||||
|
project = @attachment.container.board.project
|
||||||
|
candown = User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
|
||||||
elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course
|
elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course
|
||||||
course = @attachment.container.course
|
course = @attachment.container.course
|
||||||
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
|
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
|
||||||
elsif @attachment.container.is_a?(Course)
|
elsif @attachment.container.is_a?(Course)
|
||||||
course = @attachment.container
|
course = @attachment.container
|
||||||
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
|
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
|
||||||
|
elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
|
||||||
|
@attachment.container.board.course
|
||||||
|
course = @attachment.container.board.course
|
||||||
|
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
|
||||||
elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3
|
elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3
|
||||||
candown = true
|
candown = true
|
||||||
else
|
else
|
||||||
|
@ -321,8 +329,11 @@ private
|
||||||
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
|
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
|
||||||
if @attachment.container_type == 'Course'
|
if @attachment.container_type == 'Course'
|
||||||
@course = @attachment.course
|
@course = @attachment.course
|
||||||
elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course)) && @attachment.container.course
|
elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course_id)) && @attachment.container.course
|
||||||
@course = @attachment.container.course
|
@course = @attachment.container.course
|
||||||
|
elsif !@attachment.container.nil? && ((@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
|
||||||
|
@attachment.container.board.course)
|
||||||
|
@course = @attachment.container.board.course
|
||||||
else
|
else
|
||||||
unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication'
|
unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication'
|
||||||
@project = @attachment.project
|
@project = @attachment.project
|
||||||
|
|
Loading…
Reference in New Issue