From 0123ea32bf09cbb04457d800f99ffe43f4cc5283 Mon Sep 17 00:00:00 2001
From: huang <huang.jingquan@163.com>
Date: Tue, 19 May 2015 14:13:28 +0800
Subject: [PATCH] =?UTF-8?q?=E7=A7=81=E6=9C=89=E9=A1=B9=E7=9B=AE=E8=AE=A8?=
 =?UTF-8?q?=E8=AE=BA=E5=8C=BA=E9=9D=9E=E9=A1=B9=E7=9B=AE=E6=88=90=E5=91=98?=
 =?UTF-8?q?=E3=80=81=E6=9C=AA=E7=99=BB=E5=BD=95=E6=83=85=E5=86=B5=E4=B8=8D?=
 =?UTF-8?q?=E8=83=BD=E8=AE=BF=E9=97=AE?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/boards_controller.rb   | 16 ++++++++++------
 app/controllers/projects_controller.rb |  2 +-
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb
index 7ccfb0e10..4a27f02ff 100644
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@@ -32,13 +32,17 @@ class BoardsController < ApplicationController
     #modify by nwb
     @flag = params[:flag] || false
     if @project
-      @boards = @project.boards.includes(:last_message => :author).all
-      @boards = [] << @boards[0] if @boards.any?
-      if @boards.size == 1
-        @board = @boards.first
-        show and return
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
+        render_403
+      else
+        @boards = @project.boards.includes(:last_message => :author).all
+        @boards = [] << @boards[0] if @boards.any?
+        if @boards.size == 1
+          @board = @boards.first
+          show and return
+        end
+        render :layout => false if request.xhr?
       end
-      render :layout => false if request.xhr?
     elsif @course
       if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
         @boards = @course.boards.includes(:last_message => :author).all
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 041fa8529..06a157c0f 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -677,7 +677,7 @@ class ProjectsController < ApplicationController
   end
 
   def watcherlist
-    if !@project.is_public? && !User.current.member_of?(@project)
+    if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
       render_403
     else
       @users -= watched.watcher_users if  @watched