From f1ed61c68733514b06e182f0d4e14f1b26423d49 Mon Sep 17 00:00:00 2001 From: "vilet.yy" Date: Fri, 19 Mar 2021 18:01:29 +0800 Subject: [PATCH] add: menu permission control --- app/controllers/issues_controller.rb | 1 + app/controllers/pull_requests_controller.rb | 1 + app/controllers/repositories_controller.rb | 1 + app/controllers/versions_controller.rb | 1 + 4 files changed, 4 insertions(+) diff --git a/app/controllers/issues_controller.rb b/app/controllers/issues_controller.rb index d6ee5a56..a3b5fe92 100644 --- a/app/controllers/issues_controller.rb +++ b/app/controllers/issues_controller.rb @@ -12,6 +12,7 @@ class IssuesController < ApplicationController include TagChosenHelper def index + return render_not_found unless @project.has_menu_permission("issues") @user_admin_or_member = current_user.present? && current_user.logged? && (current_user.admin || @project.member?(current_user)) issues = @project.issues.issue_issue.issue_index_includes issues = issues.where(is_private: false) unless @user_admin_or_member diff --git a/app/controllers/pull_requests_controller.rb b/app/controllers/pull_requests_controller.rb index df3e484f..12663901 100644 --- a/app/controllers/pull_requests_controller.rb +++ b/app/controllers/pull_requests_controller.rb @@ -8,6 +8,7 @@ class PullRequestsController < ApplicationController def index + return render_not_found unless @project.has_menu_permission("pulls") # @issues = Gitea::PullRequest::ListService.new(@user,@repository.try(:identifier)).call #通过gitea获取 issues = @project.issues.issue_pull_request.issue_index_includes.includes(pull_request: :user) issues = issues.where(is_private: false) unless current_user.present? && (current_user.admin? || @project.member?(current_user)) diff --git a/app/controllers/repositories_controller.rb b/app/controllers/repositories_controller.rb index cd07803d..b66a5373 100644 --- a/app/controllers/repositories_controller.rb +++ b/app/controllers/repositories_controller.rb @@ -18,6 +18,7 @@ class RepositoriesController < ApplicationController # 新版项目详情 def detail + return render_not_found unless @project.has_menu_permission("code") @user = current_user @result = Repositories::DetailService.call(@owner, @repository, @user) @project_fork_id = @project.try(:forked_from_project_id) diff --git a/app/controllers/versions_controller.rb b/app/controllers/versions_controller.rb index 5ec769e9..02700fdf 100644 --- a/app/controllers/versions_controller.rb +++ b/app/controllers/versions_controller.rb @@ -5,6 +5,7 @@ class VersionsController < ApplicationController before_action :set_version, only: [:edit, :update, :destroy, :show,:update_status] def index + return render_not_found unless @project.has_menu_permission("versions") @user_admin_or_member = current_user.present? && (current_user.admin || @project.member?(current_user)) order_name = params[:order_name] || "created_on" order_type = params[:order_type] || "desc"