From 0633d5661eabadaf9e3ba99315be12501ab31671 Mon Sep 17 00:00:00 2001 From: z9hang Date: Fri, 10 Oct 2014 17:13:06 +0800 Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E8=AF=BE=E7=A8=8B=E8=AE=A8=E8=AE=BA?= =?UTF-8?q?=E5=8C=BA=EF=BC=8C=E9=A1=B9=E7=9B=AE=E8=AE=A8=E8=AE=BA=E5=8C=BA?= =?UTF-8?q?=E8=B5=84=E6=BA=90=E4=B8=8B=E8=BD=BD=E6=9D=83=E9=99=90=E6=8E=A7?= =?UTF-8?q?=E5=88=B6=E6=B7=BB=E5=8A=A0=E3=80=822=E3=80=81=E8=AF=BE?= =?UTF-8?q?=E7=A8=8B=E8=AE=A8=E8=AE=BA=E5=8C=BA=E3=80=81=E9=A1=B9=E7=9B=AE?= =?UTF-8?q?=E8=AE=A8=E8=AE=BA=E5=8C=BA=E9=99=84=E4=BB=B6=E5=85=AC=E5=BC=80?= =?UTF-8?q?=E7=A7=81=E6=9C=89=E8=AE=BE=E7=BD=AE=E6=97=A0=E6=95=88=E9=97=AE?= =?UTF-8?q?=E9=A2=98=EF=BC=8C=E5=8E=9F=E5=9B=A0=E4=BB=A3=E7=A0=81=E4=B8=AD?= =?UTF-8?q?=E6=9C=AA=E5=A4=84=E7=90=86=E8=AE=A8=E8=AE=BA=E9=99=84=E4=BB=B6?= =?UTF-8?q?=E6=83=85=E5=86=B5=EF=BC=8C=E8=A7=A3=E5=86=B3=E6=B7=BB=E5=8A=A0?= =?UTF-8?q?=E5=88=A4=E6=96=AD=E5=B9=B6=E5=A4=84=E7=90=86?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 10 +++++----- app/controllers/attachments_controller.rb | 15 +++++++++++++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 3ab894c69..0d9fe62a8 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -257,12 +257,12 @@ class ApplicationController < ActionController::Base def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false) if @attachment.container_type == "Memo" allowed = User.current.allowed_to?(:memos_attachments_download,nil,:global => true) - elsif @attachment.container_type == "Project" - return true - elsif @attachment.container_type == "course" - return true + elsif @attachment.container_type == "Message" && !@project.nil? + allowed = User.current.allowed_to?(:projects_attachments_download,@project,:global => false) + elsif @attachment.container_type == "Message" && !@course.nil? + allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false) elsif @attachment.container_type == "contest" - return true + return true else return true end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index c511b5ace..08469ac48 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -22,7 +22,7 @@ class AttachmentsController < ApplicationController before_filter :delete_authorize, :only => :destroy before_filter :authorize_global, :only => :upload before_filter :authorize_attachment_download, :only => :download - before_filter :login_without_softapplication, only: [:download] + #before_filter :login_without_softapplication, only: [:download] accept_api_auth :show, :download, :upload require 'iconv' @@ -68,12 +68,20 @@ class AttachmentsController < ApplicationController elsif @attachment.container.is_a?(Project) project = @attachment.container candown= User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) + elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.project + project = @attachment.container.board.project + candown = User.current.member_of?(project) || (project.is_public && @attachment.is_public == 1) elsif (@attachment.container.has_attribute?(:course) ||@attachment.container.has_attribute?(:course_id) ) && @attachment.container.course course = @attachment.container.course candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) elsif @attachment.container.is_a?(Course) course = @attachment.container candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) + elsif (@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.course + course = @attachment.container.board.course + candown= User.current.member_of_course?(course) || (course.is_public==1 && @attachment.is_public == 1) elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3 candown = true else @@ -321,8 +329,11 @@ private raise ActiveRecord::RecordNotFound if params[:filename] && params[:filename] != @attachment.filename if @attachment.container_type == 'Course' @course = @attachment.course - elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course)) && @attachment.container.course + elsif !@attachment.container.nil? && (@attachment.container.has_attribute?(:course) || @attachment.container.has_attribute?(:course_id)) && @attachment.container.course @course = @attachment.container.course + elsif !@attachment.container.nil? && ((@attachment.container.has_attribute?(:board) || @attachment.container.has_attribute?(:board_id)) && @attachment.container.board && + @attachment.container.board.course) + @course = @attachment.container.board.course else unless @attachment.container_type == 'Bid' || @attachment.container_type == 'HomeworkAttach' || @attachment.container_type == 'Memo' || @attachment.container_type == 'Softapplication' @project = @attachment.project