From ae0eb3b9189db01de1989a972e245885288d67f5 Mon Sep 17 00:00:00 2001 From: lealife Date: Sat, 10 Oct 2015 14:38:18 +0800 Subject: [PATCH] =?UTF-8?q?get=20all=20attachs=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=9C=AA=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/init.go | 2 +- app/service/AttachService.go | 13 +++++++++++-- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/app/controllers/init.go b/app/controllers/init.go index 11c1761..3e49cb5 100644 --- a/app/controllers/init.go +++ b/app/controllers/init.go @@ -68,7 +68,7 @@ var commonUrl = map[string]map[string]bool{"Index": map[string]bool{"Index": tru }, "Oauth": map[string]bool{"GithubCallback": true}, "File": map[string]bool{"OutputImage": true, "OutputFile": true}, - "Attach": map[string]bool{"Download": true, "DownloadAll": true}, + "Attach": map[string]bool{"Download": true/*, "DownloadAll": true*/}, } func needValidate(controller, method string) bool { diff --git a/app/service/AttachService.go b/app/service/AttachService.go index 8649bd2..e736dda 100644 --- a/app/service/AttachService.go +++ b/app/service/AttachService.go @@ -63,10 +63,19 @@ func (this *AttachService) updateNoteAttachNum(noteId bson.ObjectId, addNum int) // list attachs func (this *AttachService) ListAttachs(noteId, userId string) []info.Attach { attachs := []info.Attach{} - // 判断是否有权限为笔记添加附件 - if !shareService.HasUpdateNotePerm(noteId, userId) { + + // 判断是否有权限为笔记添加附件, userId为空时表示是分享笔记的附件 + if userId != "" && !shareService.HasUpdateNotePerm(noteId, userId) { return attachs } + + // 笔记是否是自己的 + note := noteService.GetNoteByIdAndUserId(noteId, userId) + if note.NoteId == "" { + return attachs + } + + // TODO 这里, 优化权限控制 db.ListByQ(db.Attachs, bson.M{"NoteId": bson.ObjectIdHex(noteId)}, &attachs)