jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

1、课程讨论区,项目讨论区资源下载权限控制添加。2、课程讨论区、项目讨论区附件公开私有设置无效问题,原因代码中未处理讨论附件情况,解决添加判断并处理

This commit is contained in:
z9hang 2014-10-10 17:13:06 +08:00
parent a6efe10984
commit 0633d5661e
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/application_controller.rb
View File

@ -257,12 +257,12 @@ class ApplicationController < ActionController::Base
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false) def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
if @attachment.container_type == "Memo" if @attachment.container_type == "Memo"
allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true) allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true)
elsif @attachment.container_type == "Project" elsif @attachment.container_type == "Message" && !@project.nil?
return true allowed = User.current.allowed_to?(:projects_attachments_download,@project,:global => false)
elsif @attachment.container_type == "course" elsif @attachment.container_type == "Message" && !@course.nil?
return true allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false)
elsif @attachment.container_type == "contest" elsif @attachment.container_type == "contest"
return true return true
else else
return true return true
end end

15
app/controllers/attachments_controller.rb
View File

@ -22,7 +22,7 @@ class AttachmentsController < ApplicationController
before_filter :delete_authorize, :only => :destroy before_filter :delete_authorize, :only => :destroy
before_filter :authorize_global, :only => :upload before_filter :authorize_global, :only => :upload
before_filter :authorize_attachment_download, :only => :download before_filter :authorize_attachment_download, :only => :download
before_filter :login_without_softapplication, only: [:download] #before_filter :login_without_softapplication, only: [:download]
accept_api_auth :show, :download, :upload accept_api_auth :show, :download, :upload
require 'iconv' require 'iconv'
@ -68,12 +68,20 @@ class AttachmentsController < ApplicationController
elsif @attachment.container.is_a?(Project) elsif @attachment.container.is_a?(Project)
project = @attachment.container project = @attachment.container
candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
@attachment.container.board.project
project = @attachment.container.board.project
candown = User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1)
elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course
course = @attachment.container.course course = @attachment.container.course
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
elsif @attachment.container.is_a?(Course) elsif @attachment.container.is_a?(Course)
course = @attachment.container course = @attachment.container
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
@attachment.container.board.course
course = @attachment.container.board.course
candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1)
elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3 elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3
candown = true candown = true
else else
@ -321,8 +329,11 @@ private
raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename
if @attachment.container_type == 'Course' if @attachment.container_type == 'Course'
@course = @attachment.course @course = @attachment.course
elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course)) && @attachment.container.course elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course_id)) && @attachment.container.course
@course = @attachment.container.course @course = @attachment.container.course
elsif !@attachment.container.nil? && ((@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board &&
@attachment.container.board.course)
@course = @attachment.container.board.course
else else
unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication' unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication'
@project = @attachment.project @project = @attachment.project