forgeplus/app/controllers/commons_controller.rb

77 lines
2.2 KiB
Ruby
Raw Normal View History

2020-03-09 00:40:16 +08:00
class CommonsController < ApplicationController
OBJECT_TYPE = %W[message journals_for_message]
before_action :require_login, :check_auth
before_action :validate_object_type
before_action :find_object
before_action :validate_power
def delete
begin
@object.destroy!
rescue Exception => e
uid_logger_error(e.message)
tip_exception(e.message)
raise ActiveRecord::Rollback
end
end
def hidden
action(true)
end
def unhidden
action(false)
end
private
def find_object
begin
@object = params[:object_type].strip.classify.constantize.find params[:object_id]
rescue Exception => e
uid_logger_error(e.message)
tip_exception(e.message)
return
end
end
def validate_object_type
return normal_status(2, "缺少object_id参数") if params[:object_id].blank?
return normal_status(2, "缺少object_type参数") if params[:object_type].blank?
return normal_status(2, "object_type参数格式错误") unless OBJECT_TYPE.include? params[:object_type].strip
end
def validate_power
code =
case params[:object_type].strip
when 'message'
if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user
403
else
200
end
when 'journals_for_message'
course = @object&.jour_type.to_s == "StudentWorksScore" ? @object.jour&.student_work&.homework_common&.course : @object.jour&.course
if current_user.course_identity(course) >= Course::STUDENT && @object.user != current_user
403
else
200
end
else
current_user.admin_or_business? ? 200 : 403
end
return normal_status(code, "你没有权限操作!") if code == 403
end
def action(flag)
begin
@object.has_attribute?(:is_hidden) ? @object.update_attributes(:is_hidden => flag )
: @object.update_attributes(:hidden => flag )
rescue Exception => e
uid_logger_error(e.message)
tip_exception(e.message)
raise ActiveRecord::Rollback
end
end
end