课程实践模块权限判断不全面

This commit is contained in:
sw 2014-10-08 11:42:34 +08:00
parent 26ff74a798
commit 2238c42826
1 changed files with 3 additions and 3 deletions

View File

@ -470,9 +470,7 @@ class CoursesController < ApplicationController
end
def homework
if @course.is_public == 0
render_403
else
if @course.is_public != 0 || User.current.member_of_course?(@course)
@offset, @limit = api_offset_and_limit({:limit => 10})
@bids = @course.homeworks.order('deadline DESC')
@bids = @bids.like(params[:name]) if params[:name].present?
@ -490,6 +488,8 @@ class CoursesController < ApplicationController
@bids = @bids.offset(@offset).limit(limit).all.reverse
end
render :layout => 'base_courses'
else
render_403
end
end