diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 4f731e580..0b4309ef5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -254,6 +254,28 @@ class ApplicationController < ActionController::Base end end + def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false) + if @attachment.container_type == "Memo" + allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true) + elsif @attachment.container_type == "Project" + + elsif @attachment.container_type == "course" + + elsif @attachment.container_type == "contest" + + end + + if allowed + true + else + if @project && @project.archived? + render_403 :message => :notice_not_authorized_archived_project + else + deny_access + end + end + end + def authorize_course(ctrl = params[:controller], action = params[:action], global = false) allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @course, :global => global) if allowed diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 2d5149c09..7ce9646c6 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -21,7 +21,7 @@ class AttachmentsController < ApplicationController before_filter :file_readable, :read_authorize, :only => [:show, :thumbnail]#Modified by young before_filter :delete_authorize, :only => :destroy before_filter :authorize_global, :only => :upload - + before_filter :authorize_attachment_download, :only => :download before_filter :login_without_softapplication, only: [:download] accept_api_auth :show, :download, :upload require 'iconv' diff --git a/config/locales/zh.yml b/config/locales/zh.yml index e2ed6a045..1e3bd0098 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -492,7 +492,10 @@ zh: permission_select_contest_modules: 选择竞赛模块 permission_manage_contestnotifications: 管理竞赛通知 permission_notificationcomment_contestnotifications: 添加竞赛通知评论 - + permission_memos_attachments_download: 下载贴吧附件 + permission_projects_attachments_download: 项目附件下载 + permission_course_attachments_download: 课程附件下载 + permission_contest_attachments_download: 竞赛附件下载 project_module_issue_tracking: 问题跟踪 project_module_time_tracking: 时间跟踪 diff --git a/db/schema.rb b/db/schema.rb index 817104aa9..e13ff4942 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended to check this file into your version control system. -ActiveRecord::Schema.define(:version => 20140922032830) do +ActiveRecord::Schema.define(:version => 20140916005319) do create_table "activities", :force => true do |t| t.integer "act_id", :null => false @@ -437,9 +437,9 @@ ActiveRecord::Schema.define(:version => 20140922032830) do t.string "web_title" t.string "title" t.text "description" - t.string "page_type" t.datetime "created_at", :null => false t.datetime "updated_at", :null => false + t.string "page_type" t.integer "sort_type" t.integer "image_width", :default => 107 t.integer "image_height", :default => 63 @@ -878,18 +878,18 @@ ActiveRecord::Schema.define(:version => 20140922032830) do create_table "relative_memos", :force => true do |t| t.integer "osp_id" t.integer "parent_id" - t.string "subject", :null => false - t.text "content", :limit => 16777215, :null => false + t.string "subject", :null => false + t.text "content", :null => false t.integer "author_id" - t.integer "replies_count", :default => 0 + t.integer "replies_count", :default => 0 t.integer "last_reply_id" - t.boolean "lock", :default => false - t.boolean "sticky", :default => false - t.boolean "is_quote", :default => false - t.datetime "created_at", :null => false - t.datetime "updated_at", :null => false - t.integer "viewed_count_crawl", :default => 0 - t.integer "viewed_count_local", :default => 0 + t.boolean "lock", :default => false + t.boolean "sticky", :default => false + t.boolean "is_quote", :default => false + t.datetime "created_at", :null => false + t.datetime "updated_at", :null => false + t.integer "viewed_count_crawl", :default => 0 + t.integer "viewed_count_local", :default => 0 t.string "url" t.string "username" t.string "userhomeurl" diff --git a/lib/redmine.rb b/lib/redmine.rb index e0a14c7e9..c96464abc 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -113,7 +113,10 @@ Redmine::AccessControl.map do |map| map.permission :close_course, {:courses => [:close, :reopen]}, :require => :member, :read => true ,:belong_to_course => true map.permission :select_course_modules, {:courses => :modules}, :require => :member ,:belong_to_course => true map.permission :view_course_journals_for_messages, {:courses => :feedback}, :require => :member,:read => true ,:belong_to_course => true - + map.permission :memos_attachments_download,{:attachments => :download} + map.permission :projects_attachments_download,{:attachments => :download},:belong_to_project => true + map.permission :course_attachments_download,{:attachments => :download},:belong_to_course => true + map.permission :contest_attachments_download,{:attachments => :download},:belong_to_contest => true #与项目一致,注释掉 #map.course_module :files do |map| # map.permission :manage_files, {:files => [:new, :create]}, :require => :loggedin @@ -125,7 +128,7 @@ Redmine::AccessControl.map do |map| # map.permission :view_course_news, {:news => [:index, :show]}, :public => true, :read => true # map.permission :comment_news, {:comments => :create} # end - #作业模块权限 + map.course_module :bids do |map| map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true,:belong_to_course => true map.permission :paret_in_homework,{},:require => :member ,:belong_to_course => true