redmine not administrator account can not download the dmsf doctuments,it shows Internal error. #791

2017-10-24 10:35:40 +02:00 · 2017-10-24 10:35:40 +02:00 · f7266c2efc
commit f7266c2efc
parent f1bee8bc93
3 changed files with 9 additions and 7 deletions
--- a/app/controllers/dmsf_controller.rb
+++ b/app/controllers/dmsf_controller.rb
@ -39,7 +39,7 @@ class DmsfController < ApplicationController
  helper :dmsf_folder_permissions

  def permissions
-    render_403 unless DmsfFolder.permissions?(@folder)
+    render_403 unless DmsfFolder.permissions?(@folder, false)
    true
  end

@ -663,7 +663,8 @@ class DmsfController < ApplicationController
          @locked_for_user = false
        end
      end
-      # Remove system folders you are not allowed to see because you are not allowed to see the issue
+      # Remove system folders you are not allowed to see because you are not allowed to see the issue or you are not
+      # permitted to see system folders
      @subfolders = DmsfHelper.visible_folders(@subfolders, @project)
    end

--- a/app/helpers/dmsf_helper.rb
+++ b/app/helpers/dmsf_helper.rb
@ -93,7 +93,8 @@ module DmsfHelper

  def self.visible_folders(folders, project)
    allowed = Setting.plugin_redmine_dmsf['dmsf_act_as_attachable'] &&
-      (project.dmsf_act_as_attachable == Project::ATTACHABLE_DMS_AND_ATTACHMENTS)
+      (project.dmsf_act_as_attachable == Project::ATTACHABLE_DMS_AND_ATTACHMENTS) &&
+      User.current.allowed_to?(:display_system_folders, project)
    folders.reject{ |folder|
      if folder.system
        unless allowed
--- a/app/models/dmsf_folder.rb
+++ b/app/models/dmsf_folder.rb
@ -110,11 +110,11 @@ class DmsfFolder < ActiveRecord::Base
    return true if (User.current.admin? || folder.nil?)
    # System folder?
    if folder && folder.system
-      return false if (!allow_system || !User.current.allowed_to?(:display_system_folders, folder.project))
-      return false unless self.issue && self.issue.visible?(User.current)
+      return false if !(allow_system || User.current.allowed_to?(:display_system_folders, folder.project))
+      return false if folder.issue && !folder.issue.visible?(User.current)
    end
    # Permissions?
-    if !folder.dmsf_folder || permissions?(folder.dmsf_folder, allow_system)
+    if !folder.dmsf_folder || DmsfFolder.permissions?(folder.dmsf_folder, allow_system)
      if folder.dmsf_folder_permissions.any?
        role_ids = User.current.roles_for_project(folder.project).map{ |r| r.id }
        role_permission_ids = folder.dmsf_folder_permissions.roles.map{ |p| p.object_id }
@ -125,8 +125,8 @@ class DmsfFolder < ActiveRecord::Base
        return true if (principal_ids & user_group_ids).any?
        return false
      end
-      true
    end
+    true
  end

  def default_values