diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index 27851e435..a38d9f9c8 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -630,7 +630,13 @@ class CoursesController < ApplicationController :with_subprojects => false, :author => @author) @activity.scope_select {|t| has["show_#{t}"]} - events = @activity.events(@date_from, @date_to) + # modify by nwb + # 添加私密性判断 + if User.current.member_of_course?(@course)|| User.current.admin? + events = @activity.events(@date_from, @date_to) + else + events = @activity.events(@date_from, @date_to, :is_public => 1) + end @offset, @limit = api_offset_and_limit({:limit => 10}) @events_count = events.count diff --git a/app/controllers/documents_controller.rb b/app/controllers/documents_controller.rb index 464c4a2b8..89bd9dc92 100644 --- a/app/controllers/documents_controller.rb +++ b/app/controllers/documents_controller.rb @@ -23,6 +23,7 @@ class DocumentsController < ApplicationController before_filter :find_model_object, :except => [:index, :new, :create] before_filter :find_project_from_association, :except => [:index, :new, :create] before_filter :authorize , :except => [:index]#Added by young + before_filter :authorize_document helper :attachments @@ -100,4 +101,12 @@ class DocumentsController < ApplicationController end redirect_to document_path(@document) end + + # 权限判断 + # add by nwb + def authorize_document + if !(User.current.admin? || User.current.member_of?(@project) || @document.is_public==1) + render_403 :message => :notice_not_authorized + end + end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index a840ee934..1d3f0ec42 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -697,8 +697,14 @@ class ProjectsController < ApplicationController @activity.scope_select {|t| !has["show_#{t}"].nil?} # logger.debug "=========================================#{@activity.scope}" # @activity.scope = (@author.nil? ? :default : :all) if @activity.scope.empty? - #Added by young - events = @activity.events(@date_from, @date_to) + + # modify by nwb + # 添加私密性判断 + if User.current.member_of?(@project)|| User.current.admin? + events = @activity.events(@date_from, @date_to) + else + events = @activity.events(@date_from, @date_to, :is_public => 1) + end @offset, @limit = api_offset_and_limit({:limit => 10}) @events_count = events.count diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 0eb3e7666..b301ba73c 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -39,19 +39,22 @@ class Attachment < ActiveRecord::Base #课程资源文件 acts_as_activity_provider :type => 'course_files', + :is_public => 'attachments.is_public', :permission => :view_files, :author_key => :author_id, :find_options => {:select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Course.table_name} ON ( #{Attachment.table_name}.container_type='Course' AND #{Attachment.table_name}.container_id = #{Course.table_name}.id )"} acts_as_activity_provider :type => 'files', + :is_public => 'attachments.is_public', :permission => :view_files, :author_key => :author_id, - :find_options => {:select => "#{Attachment.table_name}.*", + :find_options => { :select => "#{Attachment.table_name}.*", :joins => "LEFT JOIN #{Version.table_name} ON #{Attachment.table_name}.container_type='Version' AND #{Version.table_name}.id = #{Attachment.table_name}.container_id " + "LEFT JOIN #{Project.table_name} ON #{Version.table_name}.project_id = #{Project.table_name}.id OR ( #{Attachment.table_name}.container_type='Project' AND #{Attachment.table_name}.container_id = #{Project.table_name}.id )"} acts_as_activity_provider :type => 'documents', + :is_public => 'documents.is_public', :permission => :view_documents, :author_key => :author_id, :find_options => {:select => "#{Attachment.table_name}.*", diff --git a/app/models/document.rb b/app/models/document.rb index 7c2730682..5cfce896b 100644 --- a/app/models/document.rb +++ b/app/models/document.rb @@ -30,7 +30,8 @@ class Document < ActiveRecord::Base acts_as_event :title => Proc.new {|o| "#{l(:label_document)}: #{o.title}"}, :author => Proc.new {|o| o.attachments.reorder("#{Attachment.table_name}.created_on ASC").first.try(:author) }, :url => Proc.new {|o| {:controller => 'documents', :action => 'show', :id => o.id}} - acts_as_activity_provider :find_options => {:include => :project} + acts_as_activity_provider :find_options => {:include => :project}, + :is_public => 'documents.is_public' validates_presence_of :project, :title, :category validates_length_of :title, :maximum => 60 @@ -39,7 +40,7 @@ class Document < ActiveRecord::Base includes(:project).where(Project.allowed_to_condition(args.shift || User.current, :view_documents, *args)) } - safe_attributes 'category_id', 'title', 'description' + safe_attributes 'category_id', 'title', 'description','is_public' def visible?(user=User.current) !user.nil? && user.allowed_to?(:view_documents, project) diff --git a/app/models/first_page.rb b/app/models/first_page.rb index 8d8bbcff6..b284c8fdc 100644 --- a/app/models/first_page.rb +++ b/app/models/first_page.rb @@ -1,3 +1,3 @@ class FirstPage < ActiveRecord::Base - attr_accessible :description, :title, :web_title + attr_accessible :description, :title, :web_title,:page_type end diff --git a/app/views/contests/_contest_list.html.erb b/app/views/contests/_contest_list.html.erb index 8b5e34975..61dd6192c 100644 --- a/app/views/contests/_contest_list.html.erb +++ b/app/views/contests/_contest_list.html.erb @@ -2,11 +2,19 @@ <% contests.each do |contest|%> - +
<%= link_to(image_tag(url_to_avatar(contest.author), :class => 'avatar'), user_path(contest.author), :class => "avatar") %> + <% unless contest.author.nil? %> + <%= link_to(image_tag(url_to_avatar(contest.author), :class => 'avatar'), user_path(contest.author), :class => "avatar") %> + <% end %> + - +
<%= link_to(contest.author, user_path(contest.author), :class => 'bid_user') %>:  <%= link_to(contest.name, show_contest_contest_path(contest), :class => 'bid_path', :target => "_blank") %> + <% unless contest.author.nil? %> + <%= link_to(contest.author, user_path(contest.author), :class => 'bid_user') %>: + <% end %> +  <%= link_to(contest.name, show_contest_contest_path(contest), :class => 'bid_path', :target => "_blank") %>
diff --git a/app/views/documents/_form.html.erb b/app/views/documents/_form.html.erb index 53d8fc3bb..72361b9ab 100644 --- a/app/views/documents/_form.html.erb +++ b/app/views/documents/_form.html.erb @@ -1,7 +1,10 @@ <%= error_messages_for @document %>
-

<%= f.select :category_id, DocumentCategory.active.collect {|c| [c.name, c.id]} %>

+

<%= f.select :category_id, DocumentCategory.active.collect {|c| [c.name, c.id]} %>

+

<%= f.check_box :is_public, :style => "margin-left:10px;" %> + <%= l(:label_document_public_info) %> +

<%= f.text_field :title, :required => true, :size => 60 %>

<%= f.text_area :description, :cols => 60, :rows => 15, :class => 'wiki-edit' %>

diff --git a/app/views/forums/_forum_list.html.erb b/app/views/forums/_forum_list.html.erb index 0bbb0ddd4..2b8f98494 100644 --- a/app/views/forums/_forum_list.html.erb +++ b/app/views/forums/_forum_list.html.erb @@ -3,7 +3,11 @@ <% if forums.any? %> <% forums.each do |forum| %>
-
<%= link_to image_tag(url_to_avatar(forum.creator), :class => "avatar"), user_path(forum.creator) %>
+
+ <% unless forum.creator.nil? %> + <%= link_to image_tag(url_to_avatar(forum.creator), :class => "avatar"), user_path(forum.creator) %> + <% end %> +

<%= link_to h(forum.name), forum_path(forum) %>

<%= forum.description%>

diff --git a/config/locales/en.yml b/config/locales/en.yml index 6566564c9..db673c69c 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -537,6 +537,7 @@ en: label_document_new: New document label_document_plural: Documents label_document_added: Document added + label_document_public_info: "If you don't choose public, only the project's members can see the document." label_role: Role label_role_plural: Roles label_role_new: New role diff --git a/config/locales/zh.yml b/config/locales/zh.yml index d3377fca9..276d09336 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -537,6 +537,7 @@ zh: label_document_new: 新建文档 label_document_plural: 文档 label_document_added: 文档已添加 + label_document_public_info: (打钩为公开,不打钩则不公开,若不公开,仅项目成员可见该文档。) label_role: 角色 label_role_plural: 角色 label_role_new: 新建角色 diff --git a/db/migrate/20140714021812_add_is_public_to_documents.rb b/db/migrate/20140714021812_add_is_public_to_documents.rb new file mode 100644 index 000000000..2c21c7d03 --- /dev/null +++ b/db/migrate/20140714021812_add_is_public_to_documents.rb @@ -0,0 +1,5 @@ +class AddIsPublicToDocuments < ActiveRecord::Migration + def change + add_column :documents, :is_public, :integer,:default => 1 + end +end diff --git a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb index 3875d5c04..e671c3e22 100644 --- a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb +++ b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb @@ -29,7 +29,7 @@ module Redmine send :include, Redmine::Acts::ActivityProvider::InstanceMethods end - options.assert_valid_keys(:type, :permission, :timestamp, :author_key, :find_options, :func) + options.assert_valid_keys(:type, :permission, :timestamp, :author_key, :find_options, :func,:is_public) self.activity_provider_options ||= {} # One model can provide different event types @@ -65,6 +65,11 @@ module Redmine scope = scope.scoped(:conditions => ["#{provider_options[:author_key]} = ?", options[:author].id]) end + # add by nwb + if options[:is_public] && !provider_options[:is_public].nil? + scope = scope.scoped(:conditions => ["#{provider_options[:is_public]} = ?", options[:is_public]]) + end + if options[:limit] # id and creation time should be in same order in most cases scope = scope.scoped(:order => "#{table_name}.id DESC", :limit => options[:limit]) diff --git a/lib/redmine/activity/fetcher.rb b/lib/redmine/activity/fetcher.rb index b95ae2bc3..2caef48b8 100644 --- a/lib/redmine/activity/fetcher.rb +++ b/lib/redmine/activity/fetcher.rb @@ -82,6 +82,8 @@ module Redmine def events(from = nil, to = nil, options={}) e = [] @options[:limit] = options[:limit] + # modify by nwb + @options[:is_public] = options[:is_public] @scope.each do |event_type| constantized_providers(event_type).each do |provider|