diff --git a/.gitignore b/.gitignore index e9f6c8b13..ba7890841 100644 --- a/.gitignore +++ b/.gitignore @@ -33,3 +33,4 @@ vendor/cache /tags /config/initializers/gitlab_config.rb 1234567 +public/javascripts/wechat/node_modules/ diff --git a/app/api/mobile/api.rb b/app/api/mobile/api.rb index 23014b0c1..c86a36d05 100644 --- a/app/api/mobile/api.rb +++ b/app/api/mobile/api.rb @@ -1,3 +1,5 @@ +#coding=utf-8 + module Mobile require_relative 'middleware/error_handler' require_relative 'apis/auth' @@ -29,16 +31,22 @@ module Mobile end def authenticate! - raise('Unauthorized. Invalid or expired token.') unless current_user + raise('Unauthorized. 用户认证失败.') unless current_user end def current_user + openid = params[:openid] + if openid + uw = UserWechat.find_by_openid(params[:openid]) + return uw.user if uw + end + token = ApiKey.where(access_token: params[:token]).first if token && !token.expired? - @current_user = User.find(token.user_id) - else - nil + return User.find(token.user_id) end + + nil end end diff --git a/app/api/mobile/apis/activities.rb b/app/api/mobile/apis/activities.rb index af17e0f44..49fdaff8f 100644 --- a/app/api/mobile/apis/activities.rb +++ b/app/api/mobile/apis/activities.rb @@ -12,7 +12,9 @@ module Mobile requires :openid, type: String end post do - user = UserWechat.find_by_openid(params[:openid]).user + authenticate! + + user = current_user shield_project_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Project'").map(&:shield_id) shield_course_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Course'").map(&:shield_id) diff --git a/app/api/mobile/apis/courses.rb b/app/api/mobile/apis/courses.rb index 591a4e288..3a36a9e37 100644 --- a/app/api/mobile/apis/courses.rb +++ b/app/api/mobile/apis/courses.rb @@ -97,7 +97,6 @@ module Mobile desc "加入课程" params do - requires :token, type: String requires :course_password, type: String end post ":id" do diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cbce67618..b1aae9b26 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -916,4 +916,11 @@ class ApplicationController < ActionController::Base call_hook(:controller_account_success_authentication_after, {:user => user }) end + def user_unlogged_check + if !User.current.logged? + render(:partial => 'organizations/unlogged_tip') + return false + end + true + end end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index fe3c3272a..960bc61e6 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -265,6 +265,10 @@ class AttachmentsController < ApplicationController @history.save #历史记录保存完毕 #将最新保存的记录 数据替换到 需要修改的文件记录 @old_attachment.attributes = @attachment.attributes.dup.except("id","container_id","container_type","is_public","downloads", "quotes") + # 如果附件描述被修改,则保存附件 + unless params[:description] == @attachment.description + @old_attachment.description = params[:description] + end @old_attachment.save #删除当前记录 @attachment.delete diff --git a/app/controllers/org_subfields_controller.rb b/app/controllers/org_subfields_controller.rb index 159648f34..34e996494 100644 --- a/app/controllers/org_subfields_controller.rb +++ b/app/controllers/org_subfields_controller.rb @@ -56,6 +56,10 @@ class OrgSubfieldsController < ApplicationController @org_subfield = OrgSubfield.find_by_sql("select distinct org_subfields.* from org_subfields,"+ "subfield_subdomain_dirs where org_subfields.id = subfield_subdomain_dirs.org_subfield_id and "+ " org_subfields.organization_id=#{@organization.id} and subfield_subdomain_dirs.name='#{params[:sub_dir_name]}'").first + if @org_subfield.nil? + render_404 + return + end if @org_subfield.field_type == 'Post' @org_subfield_ids = @org_subfield.org_document_comments.map(&:id) << 0 @org_activities = OrgActivity.where("(org_act_type='OrgDocumentComment'and org_act_id in (#{@org_subfield_ids.join(",")})) || (container_type='OrgSubfield' and container_id=#{@org_subfield.id})").order('updated_at desc').page(params[:page] || 1).per(10) diff --git a/app/controllers/praise_tread_controller.rb b/app/controllers/praise_tread_controller.rb index 0c665341a..b6eb54d2f 100644 --- a/app/controllers/praise_tread_controller.rb +++ b/app/controllers/praise_tread_controller.rb @@ -1,12 +1,12 @@ class PraiseTreadController < ApplicationController accept_api_auth :tread_plus,:praise_plus - before_filter :require_login,:only => [:praise_plus,:tread_plus] + # before_filter :require_login,:only => [:praise_plus,:tread_plus] + before_filter :user_unlogged_check,:only => [:praise_plus,:tread_plus,:praise_minus] def praise_plus @obj = nil @activity = false - if request.get? @obj_id = params[:obj_id] @obj_type = params[:obj_type] diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index 857f98afc..9e785c562 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -360,7 +360,7 @@ update # ip = RepositoriesHelper::REPO_IP_ADDRESS gitlab_address = Redmine::Configuration['gitlab_address'] # REDO:需优化,仅测试用 - @zip_path = gitlab_address.to_s + "/api/v3/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=YTyCv4978MXmdL2B9C62" + @zip_path = Gitlab.endpoint.to_s + "/projects/" + @project.gpid.to_s + "/repository/archive?&private_token=" + Gitlab.private_token if @repository.type.to_s == "Repository::Gitlab" @repos_url = gitlab_address.to_s+"/"+@project.owner.to_s+"/"+@repository.identifier+"."+"git" else diff --git a/app/views/attachments/_show_attachment_history.html.erb b/app/views/attachments/_show_attachment_history.html.erb index fb2afd308..6e2994a8d 100644 --- a/app/views/attachments/_show_attachment_history.html.erb +++ b/app/views/attachments/_show_attachment_history.html.erb @@ -39,6 +39,15 @@ +
+- <%= render :partial => 'layouts/user_brief_introduction', :locals => {:user => @user} %> -
+