From b10ff36c5172db0f6d9e3a3af21a7d06b2d2ee4a Mon Sep 17 00:00:00 2001
From: ouyangxuhua <ouyangxuhua167@163.com>
Date: Fri, 20 Nov 2015 11:12:45 +0800
Subject: [PATCH] =?UTF-8?q?1.=E7=BB=84=E7=BB=87=E6=96=87=E7=AB=A0=E5=92=8C?=
 =?UTF-8?q?=E6=88=90=E5=91=98=E8=AE=BF=E9=97=AE=E6=9D=83=E9=99=90=E6=8E=A7?=
 =?UTF-8?q?=E5=88=B6=EF=BC=9B=202.=E4=BF=AE=E6=94=B9=E7=BC=96=E8=BE=91?=
 =?UTF-8?q?=E6=96=87=E7=AB=A0=E4=B8=8D=E8=83=BD=E6=8F=90=E4=BA=A4=E7=9A=84?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/org_document_comments_controller.rb | 6 +++++-
 app/controllers/organizations_controller.rb         | 6 +++++-
 app/views/org_document_comments/edit.html.erb       | 2 +-
 3 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/app/controllers/org_document_comments_controller.rb b/app/controllers/org_document_comments_controller.rb
index 5b02a4e9b..82a25cb01 100644
--- a/app/controllers/org_document_comments_controller.rb
+++ b/app/controllers/org_document_comments_controller.rb
@@ -24,7 +24,11 @@ class OrgDocumentCommentsController < ApplicationController
   end
 
   def index
-    @documents = @organization.org_document_comments.where("parent_id is null").order("created_at desc")
+    if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
+      @documents = @organization.org_document_comments.where("parent_id is null").order("created_at desc")
+    else
+      render_403
+    end
   end
   def update
     @org_document =  OrgDocumentComment.find(params[:id])
diff --git a/app/controllers/organizations_controller.rb b/app/controllers/organizations_controller.rb
index 3713beb22..0d22ab461 100644
--- a/app/controllers/organizations_controller.rb
+++ b/app/controllers/organizations_controller.rb
@@ -151,7 +151,11 @@ class OrganizationsController < ApplicationController
   end
 
   def members
-    @members = OrgMember.where("organization_id =?", @organization.id)
+    if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
+      @members = OrgMember.where("organization_id =?", @organization.id)
+    else
+      render_403
+    end
   end
 
   def  more_org_projects
diff --git a/app/views/org_document_comments/edit.html.erb b/app/views/org_document_comments/edit.html.erb
index e0224afea..4b50c1064 100644
--- a/app/views/org_document_comments/edit.html.erb
+++ b/app/views/org_document_comments/edit.html.erb
@@ -26,7 +26,7 @@
       <div class="cl"></div>
       <div id="org_document_editor" >
         <div class="mt10">
-          <%= kindeditor_tag 'org_document_comment[content]',@org_document.content, :editor_id => 'org1_document_description_editor', :height => "150px" %>
+          <%= kindeditor_tag 'org_document_comment[content]',@org_document.content, :editor_id => 'org_document_description_editor', :height => "150px" %>
         </div>
         <div class="cl"></div>