From 89d699987664cc6e5334886517fe4fc10c5a56a9 Mon Sep 17 00:00:00 2001
From: zouap <zouap@pcl.ac.cn>
Date: Tue, 3 Aug 2021 16:51:44 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E6=8F=90=E4=BA=A4=E4=BB=A3=E7=A0=81?=
 =?UTF-8?q?=EF=BC=8C=E4=BF=AE=E6=AD=A3=E6=96=B9=E6=B3=95=E5=91=BD=E5=90=8D?=
 =?UTF-8?q?=E5=B8=A6=E4=BA=86=E8=BF=94=E5=9B=9E=E5=80=BC=E6=B7=B7=E6=B7=86?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: zouap <zouap@pcl.ac.cn>
---
 routers/repo/attachment.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go
index a79955e8c..3e92471bb 100755
--- a/routers/repo/attachment.go
+++ b/routers/repo/attachment.go
@@ -152,15 +152,15 @@ func DownloadUserIsOrg(ctx *context.Context, attach *models.Attachment) bool {
 		} else {
 			repo.GetOwner()
 			if repo.Owner.IsOrganization() {
-				log.Info("ower is org.")
+				//log.Info("ower is org.")
 				if repo.Owner.IsUserPartOfOrg(ctx.User.ID) {
-					log.Info("user may be visit the attach.")
-					return false
+					log.Info("user may visit the attach.")
+					return true
 				}
 			}
 		}
 	}
-	return true
+	return false
 }
 
 // GetAttachment serve attachements
@@ -190,7 +190,7 @@ func GetAttachment(ctx *context.Context) {
 
 	if repository == nil { //If not linked
 		//if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && attach.IsPrivate { //We block if not the uploader
-		if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && DownloadUserIsOrg(ctx, attach) { //We block if not the uploader
+		if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) && !DownloadUserIsOrg(ctx, attach) { //We block if not the uploader
 			ctx.Error(http.StatusNotFound)
 			return
 		}

From a36d39ce4dfe7aaf0ce52b8cb8a9fe4de7c193e8 Mon Sep 17 00:00:00 2001
From: zouap <zouap@pcl.ac.cn>
Date: Tue, 3 Aug 2021 16:56:33 +0800
Subject: [PATCH 2/2] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=97=A0=E7=94=A8?=
 =?UTF-8?q?=E7=9A=84=E6=96=B9=E6=B3=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: zouap <zouap@pcl.ac.cn>
---
 routers/repo/dataset.go | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/routers/repo/dataset.go b/routers/repo/dataset.go
index e5bc54b7d..53a2969fb 100755
--- a/routers/repo/dataset.go
+++ b/routers/repo/dataset.go
@@ -22,20 +22,6 @@ func MustEnableDataset(ctx *context.Context) {
 	}
 }
 
-func filterPrivateAttachments(ctx *context.Context, list []*models.Attachment) []*models.Attachment {
-	if ctx.Repo.CanWrite(models.UnitTypeDatasets) {
-		return list
-	} else {
-		var publicList []*models.Attachment
-		for _, attach := range list {
-			if !attach.IsPrivate {
-				publicList = append(publicList, attach)
-			}
-		}
-		return publicList
-	}
-}
-
 func newFilterPrivateAttachments(ctx *context.Context, list []*models.Attachment, repo *models.Repository) []*models.Attachment {
 
 	if ctx.Repo.CanWrite(models.UnitTypeDatasets) {