diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 7fd5cec17..b283b4792 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -50,19 +50,39 @@ class AttachmentsController < ApplicationController end def download - if true || @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) + # modify by nwb + # 下载添加权限设置 + candown = false + if @attachment.container.has_attribute?(:project) && @attachment.container.project + project = @attachment.container.project + candown= User.current.member_of?(project) + elsif @attachment.container.is_a?(Project) + project = @attachment.container + candown= User.current.member_of?(project) + elsif @attachment.container.has_attribute?(:course) && @attachment.container.course + course = @attachment.container.course + candown= User.current.member_of_course?(course) + elsif @attachment.container.is_a?(Course) + course = @attachment.container + candown= User.current.member_of_course?(course) + elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3 + candown = true + end + if candown || User.current.admin? @attachment.increment_download + else + render_403 :message => :notice_not_authorized end + if stale?(:etag => @attachment.digest) # images are sent inline send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), - :type => detect_content_type(@attachment), - :disposition => (@attachment.image? ? 'inline' : 'attachment') + :type => detect_content_type(@attachment), + :disposition => (@attachment.image? ? 'inline' : 'attachment') end rescue => e redirect_to "http://" + (Setting.host_name.to_s) +"/file_not_found.html" - return end #更新资源文件类型