From b93808dddf02f318905d289c92607376efff06ff Mon Sep 17 00:00:00 2001
From: zouap <zouap@pcl.ac.cn>
Date: Thu, 5 Aug 2021 10:48:03 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=B8=B8=E5=AE=A2=E8=AE=BF?=
 =?UTF-8?q?=E9=97=AE=E6=97=B6=EF=BC=8C=E7=94=A8=E6=88=B7=E4=BF=A1=E6=81=AF?=
 =?UTF-8?q?=E4=B8=BA=E7=A9=BA=E7=9A=84=E6=83=85=E5=86=B5=E5=88=A4=E6=96=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: zouap <zouap@pcl.ac.cn>
---
 routers/repo/attachment.go | 19 ++++++++++---------
 routers/repo/dataset.go    |  4 ++--
 2 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/routers/repo/attachment.go b/routers/repo/attachment.go
index 830f193ee..6fa89420d 100755
--- a/routers/repo/attachment.go
+++ b/routers/repo/attachment.go
@@ -151,18 +151,19 @@ func DownloadUserIsOrgOrCollaboration(ctx *context.Context, attach *models.Attac
 			log.Info("query repo error.")
 		} else {
 			repo.GetOwner()
-			if repo.Owner.IsOrganization() {
-				//log.Info("ower is org.")
-				if repo.Owner.IsUserPartOfOrg(ctx.User.ID) {
-					log.Info("org user may visit the attach.")
+			if ctx.User != nil {
+				if repo.Owner.IsOrganization() {
+					if repo.Owner.IsUserPartOfOrg(ctx.User.ID) {
+						log.Info("org user may visit the attach.")
+						return true
+					}
+				}
+				isCollaborator, _ := repo.IsCollaborator(ctx.User.ID)
+				if isCollaborator {
+					log.Info("Collaborator user may visit the attach.")
 					return true
 				}
 			}
-			isCollaborator, _ := repo.IsCollaborator(ctx.User.ID)
-			if isCollaborator {
-				log.Info("Collaborator user may visit the attach.")
-				return true
-			}
 		}
 	}
 	return false
diff --git a/routers/repo/dataset.go b/routers/repo/dataset.go
index bdadd2066..b2da4b8d8 100755
--- a/routers/repo/dataset.go
+++ b/routers/repo/dataset.go
@@ -32,13 +32,13 @@ func newFilterPrivateAttachments(ctx *context.Context, list []*models.Attachment
 			repo.GetOwner()
 		}
 		permission := false
-		if repo.Owner.IsOrganization() {
+		if repo.Owner.IsOrganization() && ctx.User != nil {
 			if repo.Owner.IsUserPartOfOrg(ctx.User.ID) {
 				log.Info("user is member of org.")
 				permission = true
 			}
 		}
-		if !permission {
+		if !permission && ctx.User != nil {
 			isCollaborator, _ := repo.IsCollaborator(ctx.User.ID)
 			if isCollaborator {
 				log.Info("Collaborator user may visit the attach.")