竞赛管理员有权限访问竞赛作品关联的私有项目，但访问关联项目的讨论区却报403

2016-12-30 20:59:13 +08:00 · 2016-12-30 20:59:13 +08:00 · 9d6f75fb3e
parent 055b05bac9
commit 9d6f75fb3e
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@ -33,7 +33,7 @@ class BoardsController < ApplicationController
    #modify by nwb
    @flag = params[:flag] || false
    if @project
-      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin? && !User.current.allowed_to?(:view_messages, @project)
        render_403
      else
        @boards = @project.boards.includes(:last_message => :author).all