diff --git a/app/models/dmsf_query.rb b/app/models/dmsf_query.rb index f6eade5f..0eb66686 100644 --- a/app/models/dmsf_query.rb +++ b/app/models/dmsf_query.rb @@ -154,11 +154,20 @@ class DmsfQuery < Query order_option[1].gsub!(',', " #{$1},") end end - base_scope. + items = base_scope. where(statement). order(order_option). limit(options[:limit]). - offset(options[:offset]) + offset(options[:offset]).to_a + items.each do |item| + if item.type == 'folder' + dmsf_folder = DmsfFolder.find_by(id: item.id) + if dmsf_folder && (!DmsfFolder.permissions?(dmsf_folder, false)) + items.delete item + end + end + end + items end def extra_columns diff --git a/lib/redmine_dmsf/webdav/dmsf_resource.rb b/lib/redmine_dmsf/webdav/dmsf_resource.rb index 32c5df56..a251181f 100644 --- a/lib/redmine_dmsf/webdav/dmsf_resource.rb +++ b/lib/redmine_dmsf/webdav/dmsf_resource.rb @@ -49,8 +49,10 @@ module RedmineDmsf @children = [] if folder # Folders - folder.dmsf_folders.visible.pluck(:title).each do |title| - @children.push child(title) + folder.dmsf_folders.visible.each do |f| + if DmsfFolder.permissions?(f, false) + @children.push child(f.title) + end end # Files folder.dmsf_files.visible.pluck(:name).each do |name| @@ -62,8 +64,10 @@ module RedmineDmsf if subproject.module_enabled?(:dmsf) # Folders if User.current.allowed_to?(:view_dmsf_folders, project) - subproject.dmsf_folders.visible.pluck(:title).each do |title| - @children.push child(title) + subproject.dmsf_folders.visible.each do |f| + if DmsfFolder.permissions?(f, false) + @children.push child(f.title) + end end end # Files @@ -95,6 +99,9 @@ module RedmineDmsf unless @folder @folder = DmsfFolder.visible.find_by(project_id: project&.id, title: basename, dmsf_folder_id: parent&.folder&.id) + if @folder && (!DmsfFolder.permissions?(@folder, false)) + @folder = nil + end end @folder end