From 74de064cca5bc69cace56578f83d45a95839eb9e Mon Sep 17 00:00:00 2001
From: nwb <nwb5@hotmail.com>
Date: Mon, 28 Jul 2014 11:29:55 +0800
Subject: [PATCH] =?UTF-8?q?1.=E6=96=87=E4=BB=B6=E5=88=A0=E9=99=A4=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E5=88=A4=E6=96=AD=E4=BC=98=E5=8C=96=202.=E8=AF=BE?=
 =?UTF-8?q?=E7=A8=8B=E9=80=9A=E7=9F=A5=E9=99=84=E4=BB=B6=E5=88=A0=E9=99=A4?=
 =?UTF-8?q?BUG=E4=BF=AE=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/attachments_controller.rb                | 4 +++-
 app/helpers/application_helper.rb                        | 4 ++++
 app/views/attachments/_links.html.erb                    | 2 +-
 app/views/news/_course_show.html.erb                     | 2 +-
 lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb | 9 +++++++--
 5 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb
index 026a12e9a..36dd61105 100644
--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@@ -174,7 +174,9 @@ class AttachmentsController < ApplicationController
     respond_to do |format|
       # modify by nwb
       if !@attachment.container.nil? && (@attachment.container.is_a?(Course) || @attachment.container.course)
-        if @course.nil?
+        if @attachment.container.is_a?(News)
+          format.html { redirect_to_referer_or news_path(@attachment.container) }
+        elsif @course.nil?
           format.html { redirect_to_referer_or forum_memo_path(@attachment.container.forum, @attachment.container) }
         else
           format.html { redirect_to_referer_or course_path(@course) }
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index b6cd47924..77741e5e5 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -68,6 +68,10 @@ module ApplicationHelper
     link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for(options[:controller] || params[:controller], options[:action])
   end
 
+  def link_to_if_authorized_course(name, options = {}, html_options = nil, *parameters_for_method_reference)
+    link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for_course(options[:controller] || params[:controller], options[:action])
+  end
+
   def link_to_if_authorized_contest(name, options = {}, html_options = nil, *parameters_for_method_reference)
     link_to(name, options, html_options, *parameters_for_method_reference) if authorize_for_contest(options[:controller] || params[:controller], options[:action])
   end
diff --git a/app/views/attachments/_links.html.erb b/app/views/attachments/_links.html.erb
index 52b090bd8..99ecab35d 100644
--- a/app/views/attachments/_links.html.erb
+++ b/app/views/attachments/_links.html.erb
@@ -15,7 +15,7 @@
                                          :method => :delete,
                                          :class => 'delete',
                                          :title => l(:button_delete) %>
-    <% else %>                                  
+    <% else %>
     <%= link_to image_tag('delete.png'), attachment_path(attachment),
                                          :data => {:confirm => l(:text_are_you_sure)},
                                          :method => :delete,
diff --git a/app/views/news/_course_show.html.erb b/app/views/news/_course_show.html.erb
index 7b5d17e43..727c9eb7a 100644
--- a/app/views/news/_course_show.html.erb
+++ b/app/views/news/_course_show.html.erb
@@ -75,7 +75,7 @@
               </tr>
               <tr>
                 <td align="left"><span class="font_lighter"> <%= format_time(comment.created_on) %></span></td>
-                <td width="200" align="right" class="a"><%= link_to_if_authorized image_tag('delete.png'), {:controller => 'comments', :action => 'destroy', :id => @news, :comment_id => comment},
+                <td width="200" align="right" class="a"><%= link_to_if_authorized_course image_tag('delete.png'), {:controller => 'comments', :action => 'destroy', :id => @news, :comment_id => comment},
                                                                                   :data => {:confirm => l(:text_are_you_sure)}, :method => :delete, :title => l(:button_delete) %></td>
               </tr>
             </table></td>
diff --git a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
index b9e6174ae..9f85dc49f 100644
--- a/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
+++ b/lib/plugins/acts_as_attachable/lib/acts_as_attachable.rb
@@ -48,8 +48,13 @@ module Redmine
         end
 
         def attachments_deletable?(user=User.current)
-          (respond_to?(:visible?) ? visible?(user) : true) &&
-            user.allowed_to?(self.class.attachable_options[:delete_permission], self.project)
+          if (self.has_attribute?(:course) ||self.has_attribute?(:course_id)) && self.course
+            (respond_to?(:visible?) ? visible?(user) : true) &&
+                user.allowed_to?(self.class.attachable_options[:delete_permission], self.course)
+          else
+            (respond_to?(:visible?) ? visible?(user) : true) &&
+                user.allowed_to?(self.class.attachable_options[:delete_permission], self.project)
+          end
         end
 
         def saved_attachments