私有项目讨论区非项目成员、未登录情况不能访问

app/controllers/boards_controller.rb

@@ -32,13 +32,17 @@ class BoardsController < ApplicationController
     #modify by nwb
     @flag = params[:flag] || false
     if @project
-      @boards = @project.boards.includes(:last_message => :author).all
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
-      @boards = [] << @boards[0] if @boards.any?
+        render_403
-      if @boards.size == 1
+      else
-        @board = @boards.first
+        @boards = @project.boards.includes(:last_message => :author).all
-        show and return
+        @boards = [] << @boards[0] if @boards.any?
+        if @boards.size == 1
+          @board = @boards.first
+          show and return
+        end
+        render :layout => false if request.xhr?
       end
-      render :layout => false if request.xhr?
     elsif @course
       if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
         @boards = @course.boards.includes(:last_message => :author).all

app/controllers/projects_controller.rb

@@ -677,7 +677,7 @@ class ProjectsController < ApplicationController
   end
 
   def watcherlist
-    if !@project.is_public? && !User.current.member_of?(@project)
+    if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
       render_403
     else
       @users -= watched.watcher_users if  @watched