私有项目讨论区非项目成员、未登录情况不能访问

2015-05-19 14:13:28 +08:00 · 2015-05-19 14:13:28 +08:00 · 0123ea32bf
parent be834dd334
commit 0123ea32bf
2 changed files with 11 additions and 7 deletions
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@ -32,13 +32,17 @@ class BoardsController < ApplicationController
    #modify by nwb
    @flag = params[:flag] || false
    if @project
-      @boards = @project.boards.includes(:last_message => :author).all
-      @boards = [] << @boards[0] if @boards.any?
-      if @boards.size == 1
-        @board = @boards.first
-        show and return
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
+        render_403
+      else
+        @boards = @project.boards.includes(:last_message => :author).all
+        @boards = [] << @boards[0] if @boards.any?
+        if @boards.size == 1
+          @board = @boards.first
+          show and return
+        end
+        render :layout => false if request.xhr?
      end
-      render :layout => false if request.xhr?
    elsif @course
      if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
        @boards = @course.boards.includes(:last_message => :author).all
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -677,7 +677,7 @@ class ProjectsController < ApplicationController
  end

  def watcherlist
-    if !@project.is_public? && !User.current.member_of?(@project)
+    if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
      render_403
    else
      @users -= watched.watcher_users if  @watched