redmine_plugins/redmine_dmsf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Persmissions fix

Browse Source
This commit is contained in:
Karel Pičman 2019-05-20 13:35:36 +02:00
parent e916c7c046
commit 06bbff4d7c
2 changed files with 16 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
app/controllers/dmsf_controller.rb
View File

@ -363,6 +363,7 @@ class DmsfController < ApplicationController
end
def email_entries(selected_folders, selected_files)
raise DmsfAccessError unless User.current.allowed_to?(:email_documents, @project)
zip = Zip.new
zip_entries(zip, selected_folders, selected_files)
@ -506,6 +507,7 @@ class DmsfController < ApplicationController
deleted_files = []
not_deleted_files = []
selected_files.each do |id|
raise DmsfAccessError unless User.current.allowed_to?(:file_delete, @project)
file = DmsfFile.find_by(id: id)
if file
if file.delete(commit)
@ -536,7 +538,13 @@ class DmsfController < ApplicationController
flash[:warning] = l(:warning_some_entries_were_not_deleted, :entries => not_deleted_files.map{|e| e.title}.join(', '))
end
# Links
(selected_dir_links + selected_file_links + selected_url_links).each do |id|
selected_dir_links.each do |id|
raise DmsfAccessError unless User.current.allowed_to?(:folder_manipulation, @project)
link = DmsfLink.find_by(id: id)
link.delete commit if link
end
(selected_file_links + selected_url_links).each do |id|
raise DmsfAccessError unless User.current.allowed_to?(:file_delete, @project)
link = DmsfLink.find_by(id: id)
link.delete commit if link
end
@ -680,11 +688,12 @@ class DmsfController < ApplicationController
@ajax_upload_size = Setting.plugin_redmine_dmsf['dmsf_max_ajax_upload_filesize'].presence || 100
# Trash
@trash_visible = @folder_manipulation_allowed && @file_manipulation_allowed &&
visible = @folder_manipulation_allowed && @file_manipulation_allowed &&
@file_delete_allowed && !@locked_for_user && !@folder
@trash_enabled = DmsfFolder.deleted.where(project_id: @project.id).exists? ||
enabled = DmsfFolder.deleted.where(project_id: @project.id).exists? ||
DmsfFile.deleted.where(project_id: @project.id).exists? ||
DmsfLink.deleted.where(project_id: @project.id).exists?
@trash_enabled = visible && enabled
end
end

6
app/views/dmsf_context_menus/dmsf.html.erb
View File

@ -29,12 +29,14 @@
<li>
<%= context_menu_link l(:field_mail), entries_operations_dmsf_path(:id => @project, :folder_id => @folder,
:ids => params[:ids], :email_entries => true), :method => :post, :class => 'icon icon-email',
:disabled => @disabled %>
:disabled => @disabled || (!User.current.allowed_to?(:email_documents, @project)) %>
</li>
<li>
<%= context_menu_link l(:button_delete), entries_operations_dmsf_path(:id => @project, :folder_id => @folder,
:ids => params[:ids], :delete_entries => true), :method => :post, :class => 'icon icon-del',
:data => { :confirm => l(:text_are_you_sure) }, :id => 'dmsf-cm-delete', :disabled => @disabled %>
:data => { :confirm => l(:text_are_you_sure) }, :id => 'dmsf-cm-delete',
:disabled => @disabled || ((!User.current.allowed_to?(:folder_manipulation, @project)) &&
(!User.current.allowed_to?(:file_delete, @project)))%>
</li>
<% if @file %>
<li>