forgeplus/app/controllers/commons_controller.rb

class CommonsController < ApplicationController
  OBJECT_TYPE = %W[message journals_for_message]

  before_action :require_login, :check_auth
  before_action :validate_object_type
  before_action :find_object
  before_action :validate_power

  def delete
    begin
      @object.destroy!
    rescue Exception => e
      uid_logger_error(e.message)
      tip_exception(e.message)
      raise ActiveRecord::Rollback
    end
  end

  def hidden
    action(true)
  end

  def unhidden
    action(false)
  end

  private
  def find_object
    begin
      @object = params[:object_type].strip.classify.constantize.find params[:object_id]
    rescue Exception => e
      uid_logger_error(e.message)
      tip_exception(e.message)
      return
    end
  end

  def validate_object_type
    return normal_status(2, "缺少object_id参数") if params[:object_id].blank?
    return normal_status(2, "缺少object_type参数") if params[:object_type].blank?
    return normal_status(2, "object_type参数格式错误") unless OBJECT_TYPE.include? params[:object_type].strip
  end

  def validate_power
    code =
      case params[:object_type].strip
      when 'message'
        if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user
          403
        else
          200
        end
      when 'journals_for_message'
        course = @object&.jour_type.to_s == "StudentWorksScore" ? @object.jour&.student_work&.homework_common&.course : @object.jour&.course
        if current_user.course_identity(course)  >= Course::STUDENT && @object.user != current_user
          403
        else
          200
        end
      else
        current_user.admin_or_business? ? 200 : 403
      end
    return normal_status(code, "你没有权限操作！") if code == 403
  end

  def action(flag)
    begin
      @object.has_attribute?(:is_hidden) ? @object.update_attributes(:is_hidden => flag )
          : @object.update_attributes(:hidden => flag )
    rescue Exception => e
      uid_logger_error(e.message)
      tip_exception(e.message)
      raise ActiveRecord::Rollback
    end
  end
end