diff --git a/Gemfile.lock b/Gemfile.lock index 4ba8ecf6c..6916219a9 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -125,6 +125,7 @@ GEM mocha (1.1.0) metaclass (~> 0.0.1) multi_json (1.10.1) + mysql2 (0.3.11) mysql2 (0.3.11-x86-mingw32) net-ldap (0.3.1) nokogiri (1.6.3) diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb index b5975e452..279e89f13 100644 --- a/app/controllers/account_controller.rb +++ b/app/controllers/account_controller.rb @@ -312,8 +312,8 @@ class AccountController < ApplicationController else #by young #redirect_back_or_default my_page_path - #sredirect_back_or_default User.current - redirect_to my_account_url + redirect_back_or_default User.current + #redirect_to my_account_url #redirect_to User.current end end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 5c3503718..6572e079d 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -64,7 +64,7 @@ class AttachmentsController < ApplicationController # modify by nwb # 下载添加权限设置 candown = false - if (@attachment.container.has_attribute?(:project) || @attachment.container.has_attribute?(:project_id)) && @attachment.container.project + if @attachment.container.class.to_s != "HomeworkAttach" &&(@attachment.container.has_attribute?(:project) || @attachment.container.has_attribute?(:project_id)) && @attachment.container.project project = @attachment.container.project candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) elsif @attachment.container.is_a?(Project) @@ -89,7 +89,6 @@ class AttachmentsController < ApplicationController elsif @attachment.container_type == "Bid" && @attachment.container && @attachment.container.courses candown = User.current.member_of_course?(@attachment.container.courses.first) || (course.is_public == 1 && @attachment.is_public == 1) else - candown = @attachment.is_public == 1 end if candown || User.current.admin? || User.current.id == @attachment.author_id diff --git a/public/javascripts/application.js b/public/javascripts/application.js index 57e3e32b8..fcc2455f9 100644 --- a/public/javascripts/application.js +++ b/public/javascripts/application.js @@ -2,6 +2,8 @@ /* Redmine - project management software Copyright (C) 2006-2013 Jean-Philippe Lang */ + + function cleanArray (actual){ var newArray = new Array(); for (var i = 0; i< actual.length; i++){ @@ -389,6 +391,7 @@ function submitPreview(url, form, target) { $.ajax({ url: url, type: 'post', + beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}, data: $('#'+form).serialize(), success: function(data){ $('#'+target).html(data); @@ -454,6 +457,7 @@ function randomKey(size) { function updateIssueFrom(url) { $.ajax({ url: url, + beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}, type: 'post', data: $('#issue-form').serialize() }); @@ -462,6 +466,7 @@ function updateIssueFrom(url) { function updateBulkEditFrom(url) { $.ajax({ url: url, + beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}, type: 'post', data: $('#bulk_edit_form').serialize() }); @@ -540,6 +545,7 @@ function initMyPageSortable(list, url) { $.ajax({ url: url, type: 'post', + beforeSend: function(xhr) {xhr.setRequestHeader('X-CSRF-Token', $('meta[name="csrf-token"]').attr('content'))}, data: {'blocks': $.map($('#list-'+list).children(), function(el){return $(el).attr('id');})} }); } @@ -621,6 +627,14 @@ function transpotUrl (scope) { $(document).ready(setupAjaxIndicator); $(document).ready(hideOnLoad); $(document).ready(addFormObserversForDoubleSubmit); +$(document).ready(function(){ + $.ajaxSetup({ + headers: { + 'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content') + } + }); + } +) function img_thumbnails() { $('.thumbnails a').colorbox({rel:'nofollow'});