From 0633d5661eabadaf9e3ba99315be12501ab31671 Mon Sep 17 00:00:00 2001 From: z9hang Date: Fri, 10 Oct 2014 17:13:06 +0800 Subject: [PATCH 1/4] =?UTF-8?q?1=E3=80=81=E8=AF=BE=E7=A8=8B=E8=AE=A8?= =?UTF-8?q?=E8=AE=BA=E5=8C=BA=EF=BC=8C=E9=A1=B9=E7=9B=AE=E8=AE=A8=E8=AE=BA?= =?UTF-8?q?=E5=8C=BA=E8=B5=84=E6=BA=90=E4=B8=8B=E8=BD=BD=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=8E=A7=E5=88=B6=E6=B7=BB=E5=8A=A0=E3=80=822=E3=80=81?= =?UTF-8?q?=E8=AF=BE=E7=A8=8B=E8=AE=A8=E8=AE=BA=E5=8C=BA=E3=80=81=E9=A1=B9?= =?UTF-8?q?=E7=9B=AE=E8=AE=A8=E8=AE=BA=E5=8C=BA=E9=99=84=E4=BB=B6=E5=85=AC?= =?UTF-8?q?=E5=BC=80=E7=A7=81=E6=9C=89=E8=AE=BE=E7=BD=AE=E6=97=A0=E6=95=88?= =?UTF-8?q?=E9=97=AE=E9=A2=98=EF=BC=8C=E5=8E=9F=E5=9B=A0=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=E4=B8=AD=E6=9C=AA=E5=A4=84=E7=90=86=E8=AE=A8=E8=AE=BA=E9=99=84?= =?UTF-8?q?=E4=BB=B6=E6=83=85=E5=86=B5=EF=BC=8C=E8=A7=A3=E5=86=B3=E6=B7=BB?= =?UTF-8?q?=E5=8A=A0=E5=88=A4=E6=96=AD=E5=B9=B6=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 10 +++++----- app/controllers/attachments_controller.rb | 15 +++++++++++++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3ab894c69..0d9fe62a8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -257,12 +257,12 @@ class ApplicationController < ActionController::Base def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false) if @attachment.container_type == "Memo" allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true) - elsif @attachment.container_type == "Project" - return true - elsif @attachment.container_type == "course" - return true + elsif @attachment.container_type == "Message" && !@project.nil? + allowed = User.current.allowed_to?(:projects_attachments_download,@project,:global => false) + elsif @attachment.container_type == "Message" && !@course.nil? + allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false) elsif @attachment.container_type == "contest" - return true + return true else return true end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index c511b5ace..08469ac48 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -22,7 +22,7 @@ class AttachmentsController < ApplicationController before_filter :delete_authorize, :only => :destroy before_filter :authorize_global, :only => :upload before_filter :authorize_attachment_download, :only => :download - before_filter :login_without_softapplication, only: [:download] + #before_filter :login_without_softapplication, only: [:download] accept_api_auth :show, :download, :upload require 'iconv' @@ -68,12 +68,20 @@ class AttachmentsController < ApplicationController elsif @attachment.container.is_a?(Project) project = @attachment.container candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) + elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.project + project = @attachment.container.board.project + candown = User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course course = @attachment.container.course candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) elsif @attachment.container.is_a?(Course) course = @attachment.container candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) + elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.course + course = @attachment.container.board.course + candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3 candown = true else @@ -321,8 +329,11 @@ private raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename if @attachment.container_type == 'Course' @course = @attachment.course - elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course)) && @attachment.container.course + elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course_id)) && @attachment.container.course @course = @attachment.container.course + elsif !@attachment.container.nil? && ((@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.course) + @course = @attachment.container.board.course else unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication' @project = @attachment.project From ef3e0798cc527d9d21c83661c8e48ca43d899fb0 Mon Sep 17 00:00:00 2001 From: z9hang Date: Sat, 11 Oct 2014 11:06:37 +0800 Subject: [PATCH 2/4] =?UTF-8?q?1=E3=80=81=E8=AF=BE=E7=A8=8B=E3=80=81?= =?UTF-8?q?=E9=A1=B9=E7=9B=AE=E8=AE=A8=E8=AE=BA=E5=8C=BA=E7=BC=96=E8=BE=91?= =?UTF-8?q?=E9=99=84=E4=BB=B6=E6=B2=A1=E6=9C=89=E5=85=AC=E5=BC=80=E5=AD=97?= =?UTF-8?q?=E6=A0=B7=E9=97=AE=E9=A2=98=E3=80=822=E3=80=81=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE=E9=99=84=E4=BB=B6=E7=A7=81=E6=9C=89=E5=B1=9E=E6=80=A7?= =?UTF-8?q?=E9=81=97=E6=BC=8F=E8=AE=A8=E8=AE=BA=E5=8C=BA=E7=9A=84=E9=99=84?= =?UTF-8?q?=E4=BB=B6=E7=9A=84=E6=83=85=E5=86=B5=E6=B7=BB=E5=8A=A0=E3=80=82?= =?UTF-8?q?3=E3=80=81=E7=BC=96=E8=BE=91=E9=99=84=E4=BB=B6=E7=9A=84?= =?UTF-8?q?=E6=8F=8F=E8=BF=B0=E3=80=81=E5=85=AC=E5=BC=80=E5=B1=9E=E6=80=A7?= =?UTF-8?q?=E6=97=A0=E6=95=88=E7=9A=84=E9=97=AE=E9=A2=98=EF=BC=8C=E5=8E=9F?= =?UTF-8?q?=E5=9B=A0=E7=BC=96=E8=BE=91=E4=BF=9D=E5=AD=98=E9=80=BB=E8=BE=91?= =?UTF-8?q?=E5=AD=98=E5=9C=A8=E9=97=AE=E9=A2=98=EF=BC=8C=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/models/attachment.rb | 11 +++++++ app/views/attachments/_form_course.html.erb | 2 ++ .../lib/acts_as_attachable.rb | 30 +++++++++++-------- 3 files changed, 31 insertions(+), 12 deletions(-) diff --git a/app/models/attachment.rb b/app/models/attachment.rb index e25434e6e..90cfed429 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -411,6 +411,17 @@ class Attachment < ActiveRecord::Base end end + # Finds an attachment that matches the given token + def self.find_by_token_only(token) + if token.to_s =~ /^(\d+)\.([0-9a-f]+)$/ + attachment_id, attachment_digest = $1, $2 + attachment = Attachment.where(:id => attachment_id, :digest => attachment_digest).first + if attachment + attachment + end + end + end + # Bulk attaches a set of files to an object # # Returns a Hash of the results: diff --git a/app/views/attachments/_form_course.html.erb b/app/views/attachments/_form_course.html.erb index e5fbd3f82..a56c5d1d4 100644 --- a/app/views/attachments/_form_course.html.erb +++ b/app/views/attachments/_form_course.html.erb @@ -7,6 +7,7 @@ <%= text_field_tag("attachments[p#{i}][description]", attachment.description, :maxlength => 255, :placeholder => l(:label_optional_description), :class => 'description', :style=>"display: inline-block;") + link_to(' '.html_safe, attachment_path(attachment, :attachment_id => "p#{i}", :format => 'js'), :method => 'delete', :remote => true, :class => 'remove-upload') %> <%#= render :partial => 'tags/tag', :locals => {:obj => attachment, :object_flag => "6"} %> + <%= l(:field_is_public)%>: <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public, :class => 'is_public')%> <%= hidden_field_tag "attachments[p#{i}][token]", "#{attachment.token}" %> @@ -18,6 +19,7 @@ <%= text_field_tag("attachments[p#{i}][description]", attachment.description, :maxlength => 255, :placeholder => l(:label_optional_description), :class => 'description', :style=>"display: inline-block;") + link_to(' '.html_safe, attachment_path(attachment, :attachment_id => "p#{i}", :format => 'js'), :method => 'delete', :remote => true, :class => 'remove-upload') %> <%#= render :partial => 'tags/tag', :locals => {:obj => attachment, :object_flag => "6"} %> + <%= l(:field_is_public)%>: <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public, :class => 'is_public')%> <%= hidden_field_tag "attachments[p#{i}][token]", "#{attachment.token}" %> diff --git a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb index f6dc31c64..5e344d735 100644 --- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb +++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb @@ -79,9 +79,11 @@ module Redmine if res.is_public if( (self.class.to_s=="Project" && self.is_public == false) || (self.has_attribute?(:project) && self.project && self.project.is_public == false) || + (self.has_attribute?(:board) && self.board.project && self.board.project.is_public == false) || (self.class.to_s=="HomeworkAttach" && self.bid.reward_type == 3) || (self.class.to_s=="Course" && self.is_public == false) || - (self.has_attribute?(:course) && self.course && self.course.is_public == false) + (self.has_attribute?(:course) && self.course && self.course.is_public == false) || + (self.has_attribute?(:board) && self.board.course && self.board.course.is_public == false) ) res.is_public = false end @@ -120,18 +122,22 @@ module Redmine end if attachments.is_a?(Array) attachments.each do |attachment| - next unless attachment.is_a?(Hash) - a = nil - if file = attachment['file'] - next unless file.size > 0 - a = Attachment.create(:file => file, :author => author) - elsif token = attachment['token'] - a = Attachment.find_by_token(token) - next unless a - a.filename = attachment['filename'] unless attachment['filename'].blank? - a.content_type = attachment['content_type'] + if attachment.is_a?(Hash) + a = nil + file = attachment['file'] + token = attachment['token'] + t = file && file.size > 0 + if file && file.size > 0 + a = Attachment.create(:file => file, :author => author) + elsif token + a = Attachment.find_by_token_only(token) + if a + a.filename = attachment['filename'] unless attachment['filename'].blank? + a.content_type = attachment['content_type'] + end + end end - if !attachment[:is_public] + if a && !attachment[:is_public] a.is_public = false end set_attachment_public(a) From dfc536bff963f8d93b7d0386bca0d1c0326dd634 Mon Sep 17 00:00:00 2001 From: z9hang Date: Sat, 11 Oct 2014 11:55:25 +0800 Subject: [PATCH 3/4] =?UTF-8?q?=E9=99=84=E4=BB=B6=E7=BC=96=E8=BE=91?= =?UTF-8?q?=E6=97=B6=E8=AE=BE=E7=BD=AE=E7=A7=81=E6=9C=89=E4=B8=BA=E5=85=AC?= =?UTF-8?q?=E5=BC=80=E6=97=A0=E6=95=88=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/attachments/_form_course.html.erb | 4 ++-- lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/views/attachments/_form_course.html.erb b/app/views/attachments/_form_course.html.erb index a56c5d1d4..0446db37d 100644 --- a/app/views/attachments/_form_course.html.erb +++ b/app/views/attachments/_form_course.html.erb @@ -8,7 +8,7 @@ link_to(' '.html_safe, attachment_path(attachment, :attachment_id => "p#{i}", :format => 'js'), :method => 'delete', :remote => true, :class => 'remove-upload') %> <%#= render :partial => 'tags/tag', :locals => {:obj => attachment, :object_flag => "6"} %> <%= l(:field_is_public)%>: - <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public, :class => 'is_public')%> + <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public,attachment.is_public == 1 ? true : false, :class => 'is_public')%> <%= hidden_field_tag "attachments[p#{i}][token]", "#{attachment.token}" %> <% end %> @@ -20,7 +20,7 @@ link_to(' '.html_safe, attachment_path(attachment, :attachment_id => "p#{i}", :format => 'js'), :method => 'delete', :remote => true, :class => 'remove-upload') %> <%#= render :partial => 'tags/tag', :locals => {:obj => attachment, :object_flag => "6"} %> <%= l(:field_is_public)%>: - <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public, :class => 'is_public')%> + <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public,attachment.is_public == 1 ? true : false, :class => 'is_public')%> <%= hidden_field_tag "attachments[p#{i}][token]", "#{attachment.token}" %> <% end %> diff --git a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb index 5e344d735..85871a19c 100644 --- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb +++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb @@ -137,8 +137,10 @@ module Redmine end end end - if a && !attachment[:is_public] + if a && !attachment['is_public_checkbox'] a.is_public = false + elsif a && attachment['is_public_checkbox'] + a.is_public = true end set_attachment_public(a) next unless a From 0d6116d216fc9e21dd2d795f952a9371faa3b266 Mon Sep 17 00:00:00 2001 From: z9hang Date: Sat, 11 Oct 2014 14:47:48 +0800 Subject: [PATCH 4/4] =?UTF-8?q?=E5=85=AC=E5=85=B1=E8=B4=B4=E5=90=A7?= =?UTF-8?q?=E7=BC=96=E8=BE=91=E9=99=84=E4=BB=B6=E6=97=B6=E5=85=AC=E5=BC=80?= =?UTF-8?q?=E4=B8=8E=E5=90=A6=E5=B1=9E=E6=80=A7=E7=9A=84=E6=98=BE=E7=A4=BA?= =?UTF-8?q?=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/attachments/_form.html.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/attachments/_form.html.erb b/app/views/attachments/_form.html.erb index 16de21226..52050ee06 100644 --- a/app/views/attachments/_form.html.erb +++ b/app/views/attachments/_form.html.erb @@ -5,7 +5,7 @@ <%= text_field_tag("attachments[p#{i}][filename]", attachment.filename, :class => 'filename readonly', :readonly=>'readonly')%> <%= text_field_tag("attachments[p#{i}][description]", attachment.description, :maxlength => 254, :placeholder => l(:label_optional_description), :class => 'description', :style=>"display: inline-block;") %> <%= l(:field_is_public)%>: - <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public, :class => 'is_public')%> + <%= check_box_tag("attachments[p#{i}][is_public_checkbox]", attachment.is_public,attachment.is_public == 1 ? true : false,:class => 'is_public')%> <%= if attachment.id.nil? #待补充代码 else