1.组织文章和成员访问权限控制；

2.修改编辑文章不能提交的问题。
2015-11-20 11:12:45 +08:00 · 2015-11-20 11:12:45 +08:00 · b10ff36c51
parent faa99a5df4
commit b10ff36c51
3 changed files with 11 additions and 3 deletions
--- a/app/controllers/org_document_comments_controller.rb
+++ b/app/controllers/org_document_comments_controller.rb
@ -24,7 +24,11 @@ class OrgDocumentCommentsController < ApplicationController
  end

  def index
-    @documents = @organization.org_document_comments.where("parent_id is null").order("created_at desc")
+    if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
+      @documents = @organization.org_document_comments.where("parent_id is null").order("created_at desc")
+    else
+      render_403
+    end
  end
  def update
    @org_document =  OrgDocumentComment.find(params[:id])
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@ -151,7 +151,11 @@ class OrganizationsController < ApplicationController
  end

  def members
-    @members = OrgMember.where("organization_id =?", @organization.id)
+    if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
+      @members = OrgMember.where("organization_id =?", @organization.id)
+    else
+      render_403
+    end
  end

  def  more_org_projects
--- a/app/views/org_document_comments/edit.html.erb
+++ b/app/views/org_document_comments/edit.html.erb
@ -26,7 +26,7 @@
      <div class="cl"></div>
      <div id="org_document_editor" >
        <div class="mt10">
-          <%= kindeditor_tag 'org_document_comment[content]',@org_document.content, :editor_id => 'org1_document_description_editor', :height => "150px" %>
+          <%= kindeditor_tag 'org_document_comment[content]',@org_document.content, :editor_id => 'org_document_description_editor', :height => "150px" %>
        </div>
        <div class="cl"></div>