Eeeros
/
forgeplus
forked from Gitlink/forgeplus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: issue visit permission

This commit is contained in:
yystopf 2021-09-17 14:56:34 +08:00
parent 76268c4952
commit 12681b0842
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/issues_controller.rb
View File

@ -399,22 +399,22 @@ class IssuesController < ApplicationController
def check_project_public
unless @project.is_public || @project.member?(current_user) || current_user.admin? || (@project.user_id == current_user.id)
normal_status(-1, "您没有权限")
return render_forbidden
end
end
def set_issue
@issue = Issue.find_by_id(params[:id])
if @issue.blank?
normal_status(-1, "标签不存在")
elsif @issue.is_lock &&!(@project.member?(current_user) || current_user.admin?)
normal_status(-1, "您没有权限")
return render_not_found
elsif !(@project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id))))
return render_forbidden
end
end
def check_issue_permission
unless @project.is_public || (current_user.present? && (@project.member?(current_user) || current_user&.admin? || (@project.user_id == current_user&.id)))
normal_status(-1, "您没有权限")
return render_forbidden
end
end