From b77b63bbf17d240ab257560a0ebc5cede213114c Mon Sep 17 00:00:00 2001 From: ouyangxuhua Date: Mon, 7 Mar 2016 10:29:37 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A7=A3=E5=86=B3=E7=A7=81=E6=9C=89=E7=BB=84?= =?UTF-8?q?=E7=BB=87=E6=A0=8F=E7=9B=AE=E9=80=9A=E8=BF=87url=E8=83=BD?= =?UTF-8?q?=E8=AE=BF=E9=97=AE=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/files_controller.rb | 12 ++- app/controllers/org_subfields_controller.rb | 96 +++++++++++---------- 2 files changed, 58 insertions(+), 50 deletions(-) diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index ca37e445c..16fee2dae 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -406,10 +406,14 @@ class FilesController < ApplicationController @container_type = 2 @containers = [ OrgSubfield.includes(:attachments).reorder(sort).find(@org_subfield.id)] @organization = Organization.find(@containers.first.organization_id) - show_attachments @containers - @tag_list = attachment_tag_list @all_attachments - @page = params[:page] || 1 - render :layout => 'base_org' + if @organization.is_public? or User.current.admin? or User.current.member_of_org?(@organization) + show_attachments @containers + @tag_list = attachment_tag_list @all_attachments + @page = params[:page] || 1 + render :layout => 'base_org' + else + render_403 + end # @subfield = params[:org_subfield_id] end diff --git a/app/controllers/org_subfields_controller.rb b/app/controllers/org_subfields_controller.rb index 2a4bcf9c8..9337c5fd2 100644 --- a/app/controllers/org_subfields_controller.rb +++ b/app/controllers/org_subfields_controller.rb @@ -33,61 +33,65 @@ class OrgSubfieldsController < ApplicationController domain = Secdomain.where("subname=?", request.subdomain).first @organization = Organization.find(domain.pid) end - @org_subfield = OrgSubfield.find_by_sql("select distinct org_subfields.* from org_subfields,"+ - "subfield_subdomain_dirs where org_subfields.id = subfield_subdomain_dirs.org_subfield_id and "+ - " org_subfields.organization_id=#{@organization.id} and subfield_subdomain_dirs.name='#{params[:sub_dir_name]}'").first - if @org_subfield.field_type == 'Post' + if @organization.is_public? or User.current.admin? or User.current.member_of_org?(@organization) + @org_subfield = OrgSubfield.find_by_sql("select distinct org_subfields.* from org_subfields,"+ + "subfield_subdomain_dirs where org_subfields.id = subfield_subdomain_dirs.org_subfield_id and "+ + " org_subfields.organization_id=#{@organization.id} and subfield_subdomain_dirs.name='#{params[:sub_dir_name]}'").first + if @org_subfield.field_type == 'Post' @org_subfield_ids = @org_subfield.org_document_comments.map(&:id) << 0 @org_activities = OrgActivity.where("(org_act_type='OrgDocumentComment'and org_act_id in (#{@org_subfield_ids.join(",")})) || (container_type='OrgSubfield' and container_id=#{@org_subfield.id})").order('updated_at desc').page(params[:page] || 1).per(10) #redirect_to organization_path(@organization, :org_subfield_id => @org_subfield.id) - else - if params[:sort] - params[:sort].split(",").each do |sort_type| - order_by = sort_type.split(":") - case order_by[0] - when "filename" - attribute = "filename" - when "size" - attribute = "filesize" - when "attach_type" - attribute = "attachtype" - when "content_type" - attribute = "created_on" - when "field_file_dense" - attribute = "is_public" - when "downloads" - attribute = "downloads" - when "created_on" - attribute = "created_on" - when "quotes" - attribute = "quotes" - else - attribute = "created_on" - end - @sort = order_by[0] - @order = order_by[1] - if order_by.count == 1 && attribute - sort += "#{Attachment.table_name}.#{attribute} asc " - if sort_type != params[:sort].split(",").last - sort += "," + else + if params[:sort] + params[:sort].split(",").each do |sort_type| + order_by = sort_type.split(":") + case order_by[0] + when "filename" + attribute = "filename" + when "size" + attribute = "filesize" + when "attach_type" + attribute = "attachtype" + when "content_type" + attribute = "created_on" + when "field_file_dense" + attribute = "is_public" + when "downloads" + attribute = "downloads" + when "created_on" + attribute = "created_on" + when "quotes" + attribute = "quotes" + else + attribute = "created_on" end - elsif order_by.count == 2 && order_by[1] - sort += "#{Attachment.table_name}.#{attribute} #{order_by[1]} " - if sort_type != params[:sort].split(",").last - sort += "," + @sort = order_by[0] + @order = order_by[1] + if order_by.count == 1 && attribute + sort += "#{Attachment.table_name}.#{attribute} asc " + if sort_type != params[:sort].split(",").last + sort += "," + end + elsif order_by.count == 2 && order_by[1] + sort += "#{Attachment.table_name}.#{attribute} #{order_by[1]} " + if sort_type != params[:sort].split(",").last + sort += "," + end end end + else + sort = "#{Attachment.table_name}.created_on desc" end - else - sort = "#{Attachment.table_name}.created_on desc" + @container_type = 2 + @containers = [OrgSubfield.includes(:attachments).reorder(sort).find(@org_subfield.id)] + @organization = Organization.find(@containers.first.organization_id) + show_attachments @containers + @tag_list = attachment_tag_list @all_attachments end - @container_type = 2 - @containers = [ OrgSubfield.includes(:attachments).reorder(sort).find(@org_subfield.id)] - @organization = Organization.find(@containers.first.organization_id) - show_attachments @containers - @tag_list = attachment_tag_list @all_attachments + @page = params[:page] || 1 + else + render_403 end - @page = params[:page] || 1 #render :layout => 'base_org' end