jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

修改一些删除权限问题

This commit is contained in:
yanxd 2013-11-26 16:55:46 +08:00
parent b06abd0b83
commit f0b6c33217
2 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
app/controllers/memos_controller.rb
View File

@ -3,6 +3,8 @@ class MemosController < ApplicationController
before_filter :find_forum, :only => [:new, :preview]
before_filter :find_attachments, :only => [:preview]
before_filter :find_memo, :except => [:new, :create , :preview, :update]
before_filter :authenticate_user_edit, :only => [:edit, :update]
before_filter :authenticate_user_destroy, :only => [:destroy]
helper :attachments
include AttachmentsHelper
@ -144,4 +146,15 @@ class MemosController < ApplicationController
render_404
nil
end
def authenticate_user_edit
find_memo
render_403 unless @memo.editable_by? User.current
end
def authenticate_user_destroy
find_memo
render_403 unless @memo.destroyable_by? User.current
end
end

4
app/models/memo.rb
View File

@ -85,11 +85,11 @@ class Memo < ActiveRecord::Base
def editable_by? user
# user && user.logged? || (self.author == usr && usr.allowed_to?(:edit_own_messages, project))
(user && self.author == user && !self.lock || user.admin?) && true
user.admin?
end
def destroyable_by? user
user.admin?
user && user.logged? && Forum.find(self.forum_id).creator_id == user.id || user.admin?
#self.author == user || user.admin?
end