From 6d698cb5d8fa00faf3cb59a1c657c419bd2da6d5 Mon Sep 17 00:00:00 2001 From: nwb Date: Fri, 11 Jul 2014 11:36:00 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=8B=E8=BD=BD=E6=B7=BB=E5=8A=A0=E6=9D=83?= =?UTF-8?q?=E9=99=90=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 28 +++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 7fd5cec17..b283b4792 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -50,19 +50,39 @@ class AttachmentsController < ApplicationController end def download - if true || @attachment.container.is_a?(Version) || @attachment.container.is_a?(Project) + # modify by nwb + # 下载添加权限设置 + candown = false + if @attachment.container.has_attribute?(:project) && @attachment.container.project + project = @attachment.container.project + candown= User.current.member_of?(project) + elsif @attachment.container.is_a?(Project) + project = @attachment.container + candown= User.current.member_of?(project) + elsif @attachment.container.has_attribute?(:course) && @attachment.container.course + course = @attachment.container.course + candown= User.current.member_of_course?(course) + elsif @attachment.container.is_a?(Course) + course = @attachment.container + candown= User.current.member_of_course?(course) + elsif @attachment.container.class.to_s=="HomeworkAttach" && @attachment.container.bid.reward_type == 3 + candown = true + end + if candown || User.current.admin? @attachment.increment_download + else + render_403 :message => :notice_not_authorized end + if stale?(:etag => @attachment.digest) # images are sent inline send_file @attachment.diskfile, :filename => filename_for_content_disposition(@attachment.filename), - :type => detect_content_type(@attachment), - :disposition => (@attachment.image? ? 'inline' : 'attachment') + :type => detect_content_type(@attachment), + :disposition => (@attachment.image? ? 'inline' : 'attachment') end rescue => e redirect_to "http://" + (Setting.host_name.to_s) +"/file_not_found.html" - return end #更新资源文件类型