diff --git a/app/controllers/system_messages_controller.rb b/app/controllers/system_messages_controller.rb index 21b9ae9b8..588e13c5e 100644 --- a/app/controllers/system_messages_controller.rb +++ b/app/controllers/system_messages_controller.rb @@ -33,6 +33,10 @@ class SystemMessagesController < ApplicationController # POST /products # POST /products.json def create + unless User.current.admin? + render_403 + return + end @system_messages = SystemMessage.new @system_messages.content = params[:system_message][:content] @system_messages.user_id = User.current.id diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 5680a333e..23106c954 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -114,8 +114,10 @@ class UsersController < ApplicationController message_new_time.save else message_new_time = OnclickTime.where("user_id =?", User.current).first + message_last_time = message_new_time.onclick_time message_new_time.update_attributes(:onclick_time => Time.now) end + @user_system_messages = SystemMessage.where("created_at >?", message_last_time) # 当前用户查看消息,则设置消息为已读 if params[:viewed] == "all" course_querys = @user.course_messages diff --git a/app/views/users/user_messages.html.erb b/app/views/users/user_messages.html.erb index a37ce30ff..e36fd4f32 100644 --- a/app/views/users/user_messages.html.erb +++ b/app/views/users/user_messages.html.erb @@ -39,6 +39,18 @@ <% end %> <% end %> + <%# 系统消息 %> + <% @user_system_messages.each do |usm| %> + + <% end %> <%# 课程消息 %> <% unless @message_alls.nil? %> <% @message_alls.each do |ma| %>