diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 1d94d9a7c..67948a8e1 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -499,19 +499,19 @@ class ApplicationController < ActionController::Base
 
   def render_403(options={})
     @project = nil
-    #render_error({:message => :notice_not_authorized, :status => 403}.merge(options))
-    render :template => 'common/403'
+    render_error({:message => :notice_not_authorized, :status => 403}.merge(options),'common/403')
+    #render :template => 'common/403'
     return false
   end
 
   def render_404(options={})
-    #render_error({:message => :notice_file_not_found, :status => 404}.merge(options))
-    render :template => 'common/404'
+    render_error({:message => :notice_file_not_found, :status => 404}.merge(options),'common/404')
+    #render :template => 'common/404'
     return false
   end
 
   # Renders an error response
-  def render_error(arg)
+  def render_error(arg,template = 'common/error')
     arg = {:message => arg} unless arg.is_a?(Hash)
     @message = arg[:message]
     @lay = arg[:layout]
@@ -521,9 +521,9 @@ class ApplicationController < ActionController::Base
     respond_to do |format|
       format.html {
         if @lay
-          render :template => 'common/error', :layout => @lay,:status => @status
+          render :template => template, :layout => @lay,:status => @status
         else
-          render :template => 'common/error', :layout => use_layout, :status => @status
+          render :template => template, :layout => use_layout, :status => @status
         end
 
       }
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 0f1e03ee0..e7cf73511 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -499,7 +499,7 @@ en:
   permission_view_students: View students
   permission_export_homeworks: Export homeworks
   permission_notificationcomment_contestnotifications: Add the notice of contest comments
-
+  permission_upload_attachments: Uploading resource
 
   project_module_issue_tracking: Issue tracking
   project_module_time_tracking: Time tracking
diff --git a/config/locales/zh.yml b/config/locales/zh.yml
index f453b21c3..d20bb6e6d 100644
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@@ -497,6 +497,7 @@ zh:
   permission_projects_attachments_download: 项目附件下载
   permission_course_attachments_download: 课程附件下载
   permission_contest_attachments_download: 竞赛附件下载
+  permission_upload_attachments: 资源上传
 
   project_module_issue_tracking: 问题跟踪
   project_module_time_tracking: 时间跟踪
diff --git a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
index 85871a19c..bdd28079f 100644
--- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
+++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
@@ -142,7 +142,7 @@ module Redmine
               elsif a && attachment['is_public_checkbox']
                 a.is_public = true
               end
-              set_attachment_public(a)
+              set_attachment_public(a) if a
               next unless a
               a.description = attachment['description'].to_s.strip
               a.attachtype = @curattachment_type;
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 3ec7b114c..cd855e01a 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map|
   map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member ,:belong_to_project => true
   #错的权限，先注释掉
   #map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
+  map.permission :upload_attachments,{:attachments => :upload},:require => :loggedin
 
   map.permission :quote_project, {},:require => :member,:belong_to_contest => true
   map.permission :is_manager,{},:require => :member ,:belong_to_project => true
@@ -159,13 +160,13 @@ Redmine::AccessControl.map do |map|
                                   :queries => :index,
                                   :reports => [:issue_report, :issue_report_details]},
                                   :read => true
-    map.permission :add_issues, {:issues => [:new, :create, :update_form], :attachments => :upload}
-    map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update, :update_form], :journals => [:new], :attachments => :upload}
+    map.permission :add_issues, {:issues => [:new, :create, :update_form]}
+    map.permission :edit_issues, {:issues => [:edit, :update, :bulk_edit, :bulk_update, :update_form], :journals => [:new]}
     map.permission :manage_issue_relations, {:issue_relations => [:index, :show, :create, :destroy]}
     map.permission :manage_subtasks, {}
     map.permission :set_issues_private, {}
     map.permission :set_own_issues_private, {}, :require => :loggedin
-    map.permission :add_issue_notes, {:issues => [:edit, :update, :update_form], :journals => [:new], :attachments => :upload}
+    map.permission :add_issue_notes, {:issues => [:edit, :update, :update_form], :journals => [:new]}
     map.permission :edit_issue_notes, {:journals => :edit}, :require => :loggedin
     map.permission :edit_own_issue_notes, {:journals => :edit}, :require => :loggedin
     map.permission :view_private_notes, {}, :read => true, :require => :member