竞赛：作品列表的关联项目页面中，管理员有权限访问相关项目

2016-12-27 14:53:52 +08:00 · 2016-12-27 14:53:52 +08:00 · 3dbb955f1b
parent 1de4b48d34
commit 3dbb955f1b
3 changed files with 14 additions and 1 deletions
--- a/app/models/contest.rb
+++ b/app/models/contest.rb
@ -13,6 +13,7 @@ class Contest < ActiveRecord::Base
  has_many :users, :through => :members
  has_many :contestants, :class_name => 'ContestantForContest', :source => :user
  has_many :works
+  has_many :contestant_work_projects, :dependent => :destroy

  has_many :news, :dependent => :destroy, :include => :author

--- a/app/models/project.rb
+++ b/app/models/project.rb
@ -43,7 +43,8 @@ class Project < ActiveRecord::Base
    end
  end

-  has_many :student_work_projects,:dependent => :destroy
+  has_many :student_work_projects, :dependent => :destroy
+  has_many :contestant_work_projects, :dependent => :destroy
  has_many :student_works
  has_many :time_entry_activities
  has_many :members, :include => [:principal, :roles], :conditions => "#{Principal.table_name}.type='User' AND #{Principal.table_name}.status=#{Principal::STATUS_ACTIVE}"
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1063,6 +1063,7 @@ class User < Principal
      # Admin users are authorized for anything else
      return true if admin?

+      # 课程：作品关联项目的老师也可以访问私有项目
      course_ids = context.student_work_projects.blank? ? "(-1)" : "(" + context.student_work_projects.map{|swp| swp.course_id}.join(",") + ")"
      courses = Course.where("id in #{course_ids}")
      courses.each do |course|
@ -1070,6 +1071,16 @@ class User < Principal
          return true
        end
      end
+
+      # 竞赛：作品关联项目的管理员也可以访问私有项目
+      contest_ids = context.contestant_work_projects.map{|swp| swp.contest_id}
+      contests = Contest.where(:id => contest_ids)
+      contests.each do |contest|
+        if self.admin_of_contest?(contest)
+          return true
+        end
+      end
+
      roles = roles_for_project(context)
      return false unless roles
      roles.any? {|role|