课程实践模块权限判断不全面
This commit is contained in:
parent
26ff74a798
commit
2238c42826
|
@ -470,9 +470,7 @@ class CoursesController < ApplicationController
|
|||
end
|
||||
|
||||
def homework
|
||||
if @course.is_public == 0
|
||||
render_403
|
||||
else
|
||||
if @course.is_public != 0 || User.current.member_of_course?(@course)
|
||||
@offset, @limit = api_offset_and_limit({:limit => 10})
|
||||
@bids = @course.homeworks.order('deadline DESC')
|
||||
@bids = @bids.like(params[:name]) if params[:name].present?
|
||||
|
@ -490,6 +488,8 @@ class CoursesController < ApplicationController
|
|||
@bids = @bids.offset(@offset).limit(limit).all.reverse
|
||||
end
|
||||
render :layout => 'base_courses'
|
||||
else
|
||||
render_403
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue