From 402b0e9c24fc613f642d086f08f7f4ff4149fe7b Mon Sep 17 00:00:00 2001
From: ouyangxuhua <ouyangxuhua167@163.com>
Date: Mon, 14 Mar 2016 23:15:08 +0800
Subject: [PATCH 1/3] =?UTF-8?q?=E5=9F=9F=E5=90=8D=E9=83=BD=E4=BD=BF?=
 =?UTF-8?q?=E7=94=A8Setting.host=5Fname=E8=8E=B7=E5=8F=96=E4=B8=BB?=
 =?UTF-8?q?=E6=9C=BA=E5=90=8D?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/helpers/application_helper.rb | 16 ++--------------
 1 file changed, 2 insertions(+), 14 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 31decde59..1aca4fb0b 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -2943,21 +2943,9 @@ int main(int argc, char** argv){
 end
 
 def user_url_in_org(user_id)
-  if Rails.env.development?
-    return "http://localhost:3000/users/" + user_id.to_s
-  elsif Rails.env.test?
-    return "https://www.test.forge.trustie.net/users/" + user_id.to_s
-  else
-    return "https://www.trustie.net/users/" + user_id.to_s
-  end
+    return Setting.host_name + "/users/" + user_id.to_s
 end
 
 def logout_url_without_domain
-  if Rails.env.development?
-    return "http://localhost:3000/logout"
-  elsif Rails.env.test?
-    return "https://test.forge.trustie.net/logout"
-  else
-    return "https://www.trustie.net/logout"
-  end
+  return Setting.host_name + "/logout"
 end

From 9bac560906abd2bc2016caf11fc3d33eae6b6dfe Mon Sep 17 00:00:00 2001
From: ouyangxuhua <ouyangxuhua167@163.com>
Date: Wed, 16 Mar 2016 10:00:21 +0800
Subject: [PATCH 2/3] =?UTF-8?q?=E8=B6=85=E7=BA=A7=E7=AE=A1=E7=90=86?=
 =?UTF-8?q?=E5=91=98=E6=9C=89=E7=BC=96=E8=BE=91=E5=92=8C=E5=88=A0=E9=99=A4?=
 =?UTF-8?q?=E5=8D=9A=E5=AE=A2=E7=9A=84=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/blog_comments_controller.rb |  8 ++++++--
 app/views/blog_comments/edit.html.erb       | 11 +++++------
 app/views/blog_comments/show.html.erb       |  6 +++---
 app/views/blogs/_article.html.erb           |  6 +++---
 4 files changed, 17 insertions(+), 14 deletions(-)

diff --git a/app/controllers/blog_comments_controller.rb b/app/controllers/blog_comments_controller.rb
index f5e3314bb..7220eec27 100644
--- a/app/controllers/blog_comments_controller.rb
+++ b/app/controllers/blog_comments_controller.rb
@@ -91,8 +91,12 @@ class BlogCommentsController < ApplicationController
 
   def edit
     @article = BlogComment.find(params[:id])
-    respond_to do |format|
-      format.html {render :layout=>'new_base_user'}
+    if User.current.admin? || User.current.id == @article.author_id
+      respond_to do |format|
+        format.html { render :layout => 'new_base_user' }
+      end
+    else
+      render_403
     end
   end
 
diff --git a/app/views/blog_comments/edit.html.erb b/app/views/blog_comments/edit.html.erb
index 704342fc0..1e29d0a14 100644
--- a/app/views/blog_comments/edit.html.erb
+++ b/app/views/blog_comments/edit.html.erb
@@ -1,6 +1,5 @@
-<% if User.current.logged? && User.current.id == @user.id %>
-    <%= form_for @article, :url =>{:controller=>'blog_comments',:action => 'update',:user_id=>@user.id , :blog_id => @article.id, :is_homepage => params[:is_homepage],:in_act => params[:in_act]},:method=>'PUT',
-                          :html => {:nhname=>'form',:multipart => true, :id => 'message-form'} do |f| %>
-        <%= render :partial => 'blog_comments/edit', :locals => {:f => f, :article => @article, :edit_mode => true, :user => @user} %>
-    <% end %>
-<% end %>
\ No newline at end of file
+
+<%= form_for @article, :url =>{:controller=>'blog_comments',:action => 'update',:user_id=>@user.id , :blog_id => @article.id, :is_homepage => params[:is_homepage],:in_act => params[:in_act]},:method=>'PUT',
+                       :html => {:nhname=>'form',:multipart => true, :id => 'message-form'} do |f| %>
+     <%= render :partial => 'blog_comments/edit', :locals => {:f => f, :article => @article, :edit_mode => true, :user => @user} %>
+<% end %>
diff --git a/app/views/blog_comments/show.html.erb b/app/views/blog_comments/show.html.erb
index c80274db4..de7f1647d 100644
--- a/app/views/blog_comments/show.html.erb
+++ b/app/views/blog_comments/show.html.erb
@@ -38,7 +38,7 @@
       <%= link_to image_tag(url_to_avatar(@article.author),:width=>50,:height => 50,:alt=>'图像' ),user_path(@article.author) %>
     </div>
     <div class="postThemeWrap">
-      <% if @article.author.id == User.current.id%>
+      <% if @article.author.id == User.current.id || User.current.admin? %>
           <div class="homepagePostSetting" id="message_setting_<%= @article.id%>" style="display: none">
             <ul>
               <li class="homepagePostSettingIcon">
@@ -48,7 +48,7 @@
                                 l(:button_edit),
                                 {:action => 'edit', :id => @article.id,:in_act => params[:in_act]},
                                 :class => 'postOptionLink'
-                        ) if User.current && User.current.id == @article.author.id %>
+                        ) if User.current.admin? || User.current.id == @article.author.id %>
                   </li>
                   <li>
                     <%= link_to(
@@ -57,7 +57,7 @@
                                 :method => :delete,
                                 :data => {:confirm => l(:text_are_you_sure)},
                                 :class => 'postOptionLink'
-                        ) if User.current && User.current.id == @article.author.id %>
+                        ) if User.current.admin? || User.current.id == @article.author.id %>
                   </li>
                   <li>
                     <% if @article.id == @article.blog.homepage_id %>
diff --git a/app/views/blogs/_article.html.erb b/app/views/blogs/_article.html.erb
index a5aa8b780..edbce26d3 100644
--- a/app/views/blogs/_article.html.erb
+++ b/app/views/blogs/_article.html.erb
@@ -4,7 +4,7 @@
       <%= link_to image_tag(url_to_avatar(activity.author), :width => "50", :height => "50"), user_path(activity.author_id,:host=>Setting.host_user), :alt => "用户头像" %>
     </div>
     <div class="homepagePostDes">
-      <% if activity.author.id == User.current.id%>
+      <% if activity.author.id == User.current.id || User.current.admin? %>
           <div class="homepagePostSetting" id="message_setting_<%= activity.id%>" style="display: none">
             <ul>
               <li class="homepagePostSettingIcon">
@@ -14,7 +14,7 @@
                                 l(:button_edit),
                                 {:controller => 'blog_comments',:action => 'edit',:user_id=>activity.author_id,:blog_id=>activity.blog_id, :id => activity.id},
                                 :class => 'postOptionLink'
-                        ) if User.current && User.current.id == activity.author.id %>
+                        ) if User.current.admin? || User.current.id == activity.author.id %>
                   </li>
                   <li>
                     <%= link_to(
@@ -23,7 +23,7 @@
                                 :method => :delete,
                                 :data => {:confirm => l(:text_are_you_sure)},
                                 :class => 'postOptionLink'
-                        ) if User.current && User.current.id == activity.author.id %>
+                        ) if User.current.admin? || User.current.id == activity.author.id %>
                   </li>
                   <li>
                     <% if activity.id == activity.blog.homepage_id %>

From dcadadae0394cafaf7de67c33083c759a528ce44 Mon Sep 17 00:00:00 2001
From: ouyangxuhua <ouyangxuhua167@163.com>
Date: Wed, 16 Mar 2016 11:24:55 +0800
Subject: [PATCH 3/3] =?UTF-8?q?=E9=80=80=E5=87=BA=E5=92=8C=E7=94=A8?=
 =?UTF-8?q?=E6=88=B7=E7=9A=84=E9=93=BE=E6=8E=A5=E4=BD=BF=E7=94=A8https://?=
 =?UTF-8?q?=20+Setting.host=5Fname?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/helpers/application_helper.rb | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index b899a010c..d238235ed 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -2943,11 +2943,19 @@ int main(int argc, char** argv){
 end
 
 def user_url_in_org(user_id)
-    return Setting.host_name + "/users/" + user_id.to_s
+  if Rails.env.development?
+    return "http://localhost:3000/users/" + user_id.to_s
+  else
+    return "https://" +  Setting.host_name + "/users/" + user_id.to_s
+  end
 end
 
 def logout_url_without_domain
-  return Setting.host_name + "/logout"
+  if Rails.env.development?
+    return "http://localhost:3000/logout"
+  else
+    return "https://" + Setting.host_name + "/logout"
+  end
 end
 
 def signin_url_without_domain