1.文件删除权限判断优化

2.课程通知附件删除BUG修改

app/controllers/attachments_controller.rb

@@ -174,7 +174,9 @@ class AttachmentsController < ApplicationController
     respond_to do |format|
       # modify by nwb
       if !@attachment.container.nil? && (@attachment.container.is_a?(Course) || @attachment.container.course)
-        if @course.nil?
+        if @attachment.container.is_a?(News)
+          format.html { redirect_to_referer_or news_path(@attachment.container) }
+        elsif @course.nil?
           format.html { redirect_to_referer_or forum_memo_path(@attachment.container.forum, @attachment.container) }
         else
           format.html { redirect_to_referer_or course_path(@course) }

app/helpers/application_helper.rb

@@ -68,6 +68,10 @@ module ApplicationHelper
     link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
   end
 
+  def link_to_if_authorized_course(name, options = {}, html_options = nil, *parameters_for_method_reference)
+    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for_course(options[:controller] || params[:controller], options[:action])
+  end
+
   def link_to_if_authorized_contest(name, options = {}, html_options = nil, *parameters_for_method_reference)
     link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for_contest(options[:controller] || params[:controller], options[:action])
   end

app/views/attachments/_links.html.erb

@@ -15,7 +15,7 @@
                                          :method => :delete,
                                          :class => 'delete',
                                          :title => l(:button_delete) %>
-    <% else %>                                  
+    <% else %>
     <%= link_to image_tag('delete.png'), attachment_path(attachment),
                                          :data => {:confirm => l(:text_are_you_sure)},
                                          :method => :delete,

app/views/news/_course_show.html.erb

@@ -75,7 +75,7 @@
               </tr>
               <tr>
                 <td align="left"><span class="font_lighter"> <%= format_time(comment.created_on) %></span></td>
-                <td width="200" align="right" class="a"><%= link_to_if_authorized image_tag('delete.png'), {:controller => 'comments', :action => 'destroy', :id => @news, :comment_id => comment},
+                <td width="200" align="right" class="a"><%= link_to_if_authorized_course image_tag('delete.png'), {:controller => 'comments', :action => 'destroy', :id => @news, :comment_id => comment},
                                                                                   :data => {:confirm => l(:text_are_you_sure)}, :method => :delete, :title => l(:button_delete) %></td>
               </tr>
             </table></td>

lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb

@@ -48,8 +48,13 @@ module Redmine
         end
 
         def attachments_deletable?(user=User.current)
-          (respond_to?(:visible?) ? visible?(user) : true) &&
-            user.allowed_to?(self.class.attachable_options[:delete_permission], self.project)
+          if (self.has_attribute?(:course) ||self.has_attribute?(:course_id)) && self.course
+            (respond_to?(:visible?) ? visible?(user) : true) &&
+                user.allowed_to?(self.class.attachable_options[:delete_permission], self.course)
+          else
+            (respond_to?(:visible?) ? visible?(user) : true) &&
+                user.allowed_to?(self.class.attachable_options[:delete_permission], self.project)
+          end
         end
 
         def saved_attachments