diff --git a/.gitignore b/.gitignore index 0727a920a..38f29a661 100644 --- a/.gitignore +++ b/.gitignore @@ -30,4 +30,6 @@ vendor/cache /public/files /tags /config/initializers/gitlab_config.rb +/config/wechat.yml +/config/menu.yml 1234567 diff --git a/Client.html b/Client.html deleted file mode 100644 index fbb7cec52..000000000 --- a/Client.html +++ /dev/null @@ -1,25 +0,0 @@ - - - - -Client - - - - -
-

这是一张图片

-

photo Share A

-
- -

这是一段视频

-

Text Share B

-
- -

这是一篇文章

-

Text Share C

-
- - - - \ No newline at end of file diff --git a/Gemfile.lock~ b/Gemfile.lock~ deleted file mode 100644 index 7d6563465..000000000 --- a/Gemfile.lock~ +++ /dev/null @@ -1,386 +0,0 @@ -GIT - remote: http://github.com/guange2015/wechat.git - revision: a18c3d6603cb1aa7bd1fe887b17f67426be01f35 - specs: - wechat (0.7.1) - activerecord (>= 3.2, < 5.1.x) - http (~> 1.0, >= 1.0.1) - nokogiri (>= 1.6.0) - thor - -PATH - remote: lib/gitlab-cli - specs: - gitlab (3.2.0) - httparty - terminal-table - -PATH - remote: lib/grack - specs: - grack (2.0.2) - rack (~> 1.4.5) - -PATH - remote: lib/rails_kindeditor - specs: - rails_kindeditor (0.4.5) - carrierwave - mini_magick - -GEM - remote: https://ruby.taobao.org/ - specs: - actionmailer (3.2.22.2) - actionpack (= 3.2.22.2) - mail (~> 2.5.4) - actionpack (3.2.22.2) - activemodel (= 3.2.22.2) - activesupport (= 3.2.22.2) - builder (~> 3.0.0) - erubis (~> 2.7.0) - journey (~> 1.0.4) - rack (~> 1.4.5) - rack-cache (~> 1.2) - rack-test (~> 0.6.1) - sprockets (~> 2.2.1) - activemodel (3.2.22.2) - activesupport (= 3.2.22.2) - builder (~> 3.0.0) - activerecord (3.2.22.2) - activemodel (= 3.2.22.2) - activesupport (= 3.2.22.2) - arel (~> 3.0.2) - tzinfo (~> 0.3.29) - activeresource (3.2.22.2) - activemodel (= 3.2.22.2) - activesupport (= 3.2.22.2) - activesupport (3.2.22.2) - i18n (~> 0.6, >= 0.6.4) - multi_json (~> 1.0) - acts-as-taggable-on (2.4.1) - rails (>= 3, < 5) - addressable (2.4.0) - ansi (1.5.0) - arel (3.0.3) - axiom-types (0.1.1) - descendants_tracker (~> 0.0.4) - ice_nine (~> 0.11.0) - thread_safe (~> 0.3, >= 0.3.1) - better_errors (1.1.0) - coderay (>= 1.0.0) - erubis (>= 2.6.6) - binding_of_caller (0.7.2) - debug_inspector (>= 0.0.1) - builder (3.0.0) - byebug (8.2.2) - carrierwave (0.10.0) - activemodel (>= 3.2.0) - activesupport (>= 3.2.0) - json (>= 1.7) - mime-types (>= 1.16) - chinese_pinyin (1.0.0) - climate_control (0.0.3) - activesupport (>= 3.0) - cocaine (0.5.8) - climate_control (>= 0.0.3, < 1.0) - coderay (1.1.1) - coercible (1.0.0) - descendants_tracker (~> 0.0.1) - coffee-rails (3.2.2) - coffee-script (>= 2.2.0) - railties (~> 3.2.0) - coffee-script (2.4.1) - coffee-script-source - execjs - coffee-script-source (1.10.0) - daemons (1.2.3) - debug_inspector (0.0.2) - delayed_job (4.1.1) - activesupport (>= 3.0, < 5.0) - delayed_job_active_record (4.1.0) - activerecord (>= 3.0, < 5) - delayed_job (>= 3.0, < 5) - descendants_tracker (0.0.4) - thread_safe (~> 0.3, >= 0.3.1) - diff-lcs (1.2.5) - domain_name (0.5.20160216) - unf (>= 0.0.5, < 1.0.0) - elasticsearch (1.0.15) - elasticsearch-api (= 1.0.15) - elasticsearch-transport (= 1.0.15) - elasticsearch-api (1.0.15) - multi_json - elasticsearch-model (0.1.8) - activesupport (> 3) - elasticsearch (> 0.4) - hashie - elasticsearch-rails (0.1.8) - elasticsearch-transport (1.0.15) - faraday - multi_json - equalizer (0.0.11) - erubis (2.7.0) - execjs (2.6.0) - factory_girl (4.5.0) - activesupport (>= 3.0.0) - factory_girl_rails (4.6.0) - factory_girl (~> 4.5.0) - railties (>= 3.0.0) - faraday (0.9.2) - multipart-post (>= 1.2, < 3) - fastercsv (1.5.5) - grape (0.9.0) - activesupport - builder - hashie (>= 2.1.0) - multi_json (>= 1.3.2) - multi_xml (>= 0.5.2) - rack (>= 1.3.0) - rack-accept - rack-mount - virtus (>= 1.0.0) - grape-entity (0.4.8) - activesupport - multi_json (>= 1.3.2) - grape-swagger (0.10.4) - grape (>= 0.8.0) - grape-entity (< 0.5.0) - hashie (3.4.3) - hike (1.2.3) - htmlentities (4.3.4) - http (1.0.2) - addressable (~> 2.3) - http-cookie (~> 1.0) - http-form_data (~> 1.0.1) - http_parser.rb (~> 0.6.0) - http-cookie (1.0.2) - domain_name (~> 0.5) - http-form_data (1.0.1) - http_parser.rb (0.6.0) - httparty (0.13.7) - json (~> 1.8) - multi_xml (>= 0.5.2) - i18n (0.6.11) - ice_nine (0.11.2) - iconv (1.0.4) - journey (1.0.4) - jquery-rails (2.0.3) - railties (>= 3.1.0, < 5.0) - thor (~> 0.14) - json (1.8.3) - kaminari (0.16.3) - actionpack (>= 3.0.0) - activesupport (>= 3.0.0) - libv8 (3.16.14.13) - mail (2.5.4) - mime-types (~> 1.16) - treetop (~> 1.4.8) - method_source (0.8.2) - mime-types (1.25.1) - mini_magick (4.4.0) - mini_portile2 (2.0.0) - multi_json (1.11.2) - multi_xml (0.5.5) - multipart-post (2.0.0) - mysql2 (0.3.18) - net-ldap (0.3.1) - netrc (0.11.0) - nokogiri (1.6.7.2) - mini_portile2 (~> 2.0.0.rc2) - paperclip (3.5.4) - activemodel (>= 3.0.0) - activesupport (>= 3.0.0) - cocaine (~> 0.5.3) - mime-types - polyglot (0.3.5) - pry (0.10.3) - coderay (~> 1.1.0) - method_source (~> 0.8.1) - slop (~> 3.4) - pry-byebug (3.3.0) - byebug (~> 8.0) - pry (~> 0.10) - pry-rails (0.3.4) - pry (>= 0.9.10) - pry-stack_explorer (0.4.9.2) - binding_of_caller (>= 0.7) - pry (>= 0.9.11) - rack (1.4.7) - rack-accept (0.4.5) - rack (>= 0.4) - rack-cache (1.6.1) - rack (>= 0.4) - rack-cors (0.4.0) - rack-mount (0.8.3) - rack (>= 1.0.0) - rack-openid (1.4.2) - rack (>= 1.1.0) - ruby-openid (>= 2.1.8) - rack-raw-upload (1.1.1) - multi_json - rack-ssl (1.3.4) - rack - rack-test (0.6.3) - rack (>= 1.0) - rails (3.2.22.2) - actionmailer (= 3.2.22.2) - actionpack (= 3.2.22.2) - activerecord (= 3.2.22.2) - activeresource (= 3.2.22.2) - activesupport (= 3.2.22.2) - bundler (~> 1.0) - railties (= 3.2.22.2) - railties (3.2.22.2) - actionpack (= 3.2.22.2) - activesupport (= 3.2.22.2) - rack-ssl (~> 1.3.2) - rake (>= 0.8.7) - rdoc (~> 3.4) - thor (>= 0.14.6, < 2.0) - rake (10.5.0) - rdoc (3.12.2) - json (~> 1.4) - redis (3.2.2) - redis-actionpack (3.2.4) - actionpack (~> 3.2.0) - redis-rack (~> 1.4.4) - redis-store (~> 1.1.4) - redis-activesupport (3.2.5) - activesupport (~> 3.2.0) - redis-store (~> 1.1.0) - redis-rack (1.4.4) - rack (~> 1.4.0) - redis-store (~> 1.1.4) - redis-rails (3.2.4) - redis-actionpack (~> 3.2.4) - redis-activesupport (~> 3.2.4) - redis-store (~> 1.1.4) - redis-store (1.1.7) - redis (>= 2.2) - ref (2.0.0) - rest-client (1.8.0) - http-cookie (>= 1.0.2, < 2.0) - mime-types (>= 1.16, < 3.0) - netrc (~> 0.7) - rich (1.4.6) - jquery-rails - kaminari - mime-types - paperclip - rack-raw-upload - rails (>= 3.2.0) - sass-rails - rspec-core (3.4.3) - rspec-support (~> 3.4.0) - rspec-expectations (3.4.0) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.4.0) - rspec-mocks (3.4.1) - diff-lcs (>= 1.2.0, < 2.0) - rspec-support (~> 3.4.0) - rspec-rails (3.4.2) - actionpack (>= 3.0, < 4.3) - activesupport (>= 3.0, < 4.3) - railties (>= 3.0, < 4.3) - rspec-core (~> 3.4.0) - rspec-expectations (~> 3.4.0) - rspec-mocks (~> 3.4.0) - rspec-support (~> 3.4.0) - rspec-support (3.4.1) - ruby-ole (1.2.12) - ruby-openid (2.1.8) - rubyzip (1.2.0) - sass (3.4.21) - sass-rails (3.2.6) - railties (~> 3.2.0) - sass (>= 3.1.10) - tilt (~> 1.3) - seems_rateable (1.0.13) - jquery-rails - rails - slop (3.6.0) - spreadsheet (1.1.1) - ruby-ole (>= 1.0) - sprockets (2.2.3) - hike (~> 1.2) - multi_json (~> 1.0) - rack (~> 1.0) - tilt (~> 1.1, != 1.3.0) - terminal-table (1.5.2) - therubyracer (0.12.2) - libv8 (~> 3.16.14.0) - ref - thor (0.19.1) - thread_safe (0.3.5) - tilt (1.4.1) - treetop (1.4.15) - polyglot - polyglot (>= 0.3.1) - tzinfo (0.3.46) - uglifier (2.7.2) - execjs (>= 0.3.0) - json (>= 1.8.0) - unf (0.1.4) - unf_ext - unf_ext (0.0.7.2) - virtus (1.0.5) - axiom-types (~> 0.1) - coercible (~> 1.0) - descendants_tracker (~> 0.0, >= 0.0.3) - equalizer (~> 0.0, >= 0.0.9) - -PLATFORMS - ruby - -DEPENDENCIES - acts-as-taggable-on (= 2.4.1) - ansi - better_errors (~> 1.1.0) - binding_of_caller - builder (= 3.0.0) - chinese_pinyin - coderay (~> 1.1.0) - coffee-rails (~> 3.2.1) - daemons - delayed_job_active_record - elasticsearch-model - elasticsearch-rails - factory_girl_rails - fastercsv (~> 1.5.0) - gitlab! - grack! - grape (~> 0.9.0) - grape-entity - grape-swagger - htmlentities - i18n (~> 0.6.0) - iconv - jquery-rails (~> 2.0.2) - kaminari - mysql2 (= 0.3.18) - net-ldap (~> 0.3.1) - paperclip (~> 3.5.4) - pry-byebug - pry-rails - pry-stack_explorer - rack-cors - rack-openid - rails (~> 3.2) - rails_kindeditor! - redis-rails - rest-client - rich (= 1.4.6) - rspec-rails (~> 3.0) - ruby-ole - ruby-openid (~> 2.1.4) - rubyzip - sass-rails (~> 3.2.3) - seems_rateable (~> 1.0.13) - spreadsheet - therubyracer - uglifier (>= 1.0.3) - wechat! - -BUNDLED WITH - 1.10.6 diff --git a/Gemfile~ b/Gemfile~ deleted file mode 100644 index 24869e72b..000000000 --- a/Gemfile~ +++ /dev/null @@ -1,112 +0,0 @@ -source 'http://rubygems.org/' -### ִbundle config mirror.https://rubygems.org https://gems.ruby-china.org лruby-chinaԴ - -unless RUBY_PLATFORM =~ /w32/ - # unix-like only - gem 'iconv' -end - -gem 'certified' - -gem 'wechat',path: 'lib/wechat' -gem 'grack', path:'lib/grack' -gem 'gitlab', path: 'lib/gitlab-cli' -gem 'rest-client' -gem "mysql2", "= 0.3.18" -gem 'redis-rails' -gem 'rubyzip' -gem 'delayed_job_active_record'#, :group => :production -gem 'daemons' -gem 'grape', '~> 0.9.0' -gem 'grape-entity' -gem 'rack-cors', :require => 'rack/cors' -gem 'seems_rateable', '~> 1.0.13' -gem 'rails', '~> 3.2' -gem "jquery-rails", "~> 2.0.2" -gem "i18n", "~> 0.6.0" -gem 'coderay', '~> 1.1.0' -gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby] -gem "builder", "3.0.0" -gem 'acts-as-taggable-on', '2.4.1' -gem 'spreadsheet' -gem 'ruby-ole' -gem 'rails_kindeditor',path:'lib/rails_kindeditor' -#gem "rmagick", ">= 2.0.0" -gem 'binding_of_caller' -gem 'chinese_pinyin' -# gem 'sunspot_rails', '~> 1.3.3' -# gem 'sunspot_solr' -# gem 'sunspot' -# gem 'progress_bar' -gem 'ansi' - -gem 'kaminari' -gem 'elasticsearch-model' -gem 'elasticsearch-rails' - - -### profile -#gem 'oneapm_rpm' - -group :development do - gem 'grape-swagger' - gem 'better_errors', '~> 1.1.0' - # gem "query_reviewer" - # gem 'rack-mini-profiler', '~> 0.9.3' - if RUBY_PLATFORM =~ /w32/ - gem 'win32console' - end -end - -group :development, :test do - unless RUBY_PLATFORM =~ /w32/ - gem 'pry-rails' - if RUBY_VERSION >= '2.0.0' - gem 'pry-byebug' - end - gem 'pry-stack_explorer' - if RUBY_PLATFORM =~ /darwin/ - gem 'puma' - end - end - - gem 'rspec-rails', '~> 3.0' - gem 'factory_girl_rails' -end - -# Gems used only for assets and not required -# in production environments by default. -group :assets do - gem 'sass-rails', '~> 3.2.3' - gem 'coffee-rails', '~> 3.2.1' - - # See https://github.com/sstephenson/execjs#readme for more supported runtimes - gem 'therubyracer', :platforms => :ruby - - gem 'uglifier', '>= 1.0.3' -end - -# Optional gem for LDAP authentication -group :ldap do - gem "net-ldap", "~> 0.3.1" -end - - -# Optional gem for OpenID authentication -group :openid do - gem "ruby-openid", "~> 2.1.4", :require => "openid" - gem "rack-openid" -end - - -database_file = File.join(File.dirname(__FILE__), "config/database.yml") -if File.exist?(database_file) -else - warn("Please configure your config/database.yml first") -end - -# Load plugins' Gemfiles -Dir.glob File.expand_path("../plugins/*/Gemfile", __FILE__) do |file| - puts "Loading #{file} ..." if $DEBUG # `ruby -d` or `bundle -v` - instance_eval File.read(file) -end diff --git a/app/api/mobile/apis/activities.rb b/app/api/mobile/apis/activities.rb index cbd43bb79..af17e0f44 100644 --- a/app/api/mobile/apis/activities.rb +++ b/app/api/mobile/apis/activities.rb @@ -13,34 +13,18 @@ module Mobile end post do user = UserWechat.find_by_openid(params[:openid]).user -=begin - shield_project_ids = ShieldActivity.where("container_type='User' and container_id=#{user.id} and shield_type='Project'").map(&:shield_id) - shield_course_ids = ShieldActivity.where("container_type='User' and container_id=#{user.id} and shield_type='Course'").map(&:shield_id) - page = params[:page] ? params[:page] : 0 - user_project_ids = (user.projects.visible.map{|project| project.id}-shield_project_ids).empty? ? "(-1)" : "(" + (user.projects.visible.map{|project| project.id}-shield_project_ids).join(",") + ")" - user_course_ids = (user.courses.visible.map{|course| course.id}-shield_course_ids).empty? ? "(-1)" : "(" + (user.courses.visible.map{|course| course.id}-shield_course_ids).join(",") + ")" - course_types = "('Message','News','HomeworkCommon','Poll','Course')" - project_types = "('Message','Issue','ProjectCreateInfo')" - principal_types = "JournalsForMessage" - - blog_ids = "("+user.blog.id.to_s+","+((User.watched_by(user.id).count == 0 )? '0' :User.watched_by(user.id).map{|u| u.blog.id}.join(','))+")" - activities = UserActivity.where("(container_type = 'Project' and container_id in #{user_project_ids} and act_type in #{project_types})" + - "or (container_type = 'Course' and container_id in #{user_course_ids} and act_type in #{course_types}) "+ - "or (container_type = 'Principal' and act_type= '#{principal_types}' and container_id = #{user.id}) " + - "or (container_type = 'Blog' and act_type= 'BlogComment' and container_id in #{blog_ids})").order('updated_at desc') -=end shield_project_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Project'").map(&:shield_id) shield_course_ids = ShieldActivity.select("shield_id").where("container_type='User' and container_id=#{user.id} and shield_type='Course'").map(&:shield_id) page = params[:page] ? params[:page] : 0 - user_project_ids = (user.projects.visible.map{|project| project.id}-shield_project_ids).empty? ? "(-1)" : "(" + (user.projects.map{|project| project.id}-shield_project_ids).join(",") + ")" - user_course_ids = (user.courses.visible.where("is_delete = 0").map{|course| course.id}-shield_course_ids).empty? ? "(-1)" : "(" + (user.courses.map{|course| course.id}-shield_course_ids).join(",") + ")" + user_project_ids = (user.projects.where("status = 1").map{|project| project.id}-shield_project_ids).empty? ? "(-1)" : "(" + (user.projects.where("status = 1").map{|project| project.id}-shield_project_ids).join(",") + ")" + user_course_ids = (user.courses.where("is_delete = 0").map{|course| course.id}-shield_course_ids).empty? ? "(-1)" : "(" + (user.courses.where("is_delete = 0").map{|course| course.id}-shield_course_ids).join(",") + ")" course_types = "('Message','News','HomeworkCommon','Poll','Course')" project_types = "('Message','Issue','Project')" principal_types = "JournalsForMessage" watched_user_ids = User.watched_by(user.id).count == 0 ? " " : ("," + User.watched_by(user.id).map{|u| u.id.to_s }.join(',')) user_ids = "(" + user.id.to_s + watched_user_ids + ")" - watched_user_blog_ids = Blog.select("id").where("author_id in #{user_ids}").map { |blog| blog.id}.join(",") + watched_user_blog_ids = Blog.select("id").where("author_id in #{user_ids}").count == 0 ? " " :Blog.select("id").where("author_id in #{user_ids}").map { |blog| blog.id}.join(",") blog_ids = "(" + watched_user_blog_ids + ")" activities = UserActivity.where("(container_type = 'Project' and container_id in #{user_project_ids} and act_type in #{project_types})" + diff --git a/app/api/mobile/entities/activity.rb b/app/api/mobile/entities/activity.rb index 3ba82bcb9..a90ff323d 100644 --- a/app/api/mobile/entities/activity.rb +++ b/app/api/mobile/entities/activity.rb @@ -41,11 +41,11 @@ module Mobile end when :description if ac.act_type == "HomeworkCommon" || ac.act_type == "Issue" || ac.act_type == "News" - ac.act.description unless ac.nil? || ac.act.nil? + strip_html(ac.act.description) unless ac.nil? || ac.act.nil? elsif ac.act_type == "Message" || ac.act_type == "BlogComment" - ac.act.content unless ac.nil? || ac.act.nil? + strip_html(ac.act.content) unless ac.nil? || ac.act.nil? elsif ac.act_type == "JournalsForMessage" - ac.act.notes unless ac.nil? || ac.act.nil? + strip_html(ac.act.notes) unless ac.nil? || ac.act.nil? end when :latest_update time_from_now ac.updated_at unless ac.nil? diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index d6470ce51..cbce67618 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -363,7 +363,11 @@ class ApplicationController < ActionController::Base when "contest" return true when "Course" - allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false) + if @attachment.get_status_by_attach(User.current.id) == 2 + return true + else + allowed = User.current.allowed_to?(:course_attachments_download, @course, :global => false) + end else return true end diff --git a/app/controllers/org_document_comments_controller.rb b/app/controllers/org_document_comments_controller.rb index 02e74237a..d7e38f370 100644 --- a/app/controllers/org_document_comments_controller.rb +++ b/app/controllers/org_document_comments_controller.rb @@ -1,5 +1,6 @@ class OrgDocumentCommentsController < ApplicationController before_filter :find_organization, :only => [:new, :create, :show, :index] + before_filter :authorize_allowed, :only => [:create, :add_reply] helper :attachments,:organizations layout 'base_org' @@ -101,16 +102,22 @@ class OrgDocumentCommentsController < ApplicationController @organization = Organization.find(params[:organization_id]) end + def authorize_allowed + unless User.current.logged? + redirect_to signin_url + return + end + end + def destroy - @org_document_comment = SubDocumentComment.find(params[:id]) - @sub_domain = @org_document_comment.sub_domain - @org_subfield = @sub_domain.org_subfield - # org = @org_document_comment.organization - # if @org_document_comment.id == org.home_id - # org.update_attributes(:home_id => nil) - # end - @org_document_comment.destroy - # end + @org_document_comment = OrgDocumentComment.find(params[:id]) + @org_sub_id = @org_document_comment.org_subfield_id + org = @org_document_comment.organization + if @org_document_comment.id == org.home_id + org.update_attributes(:home_id => nil) + end + if @org_document_comment.destroy + end respond_to do |format| format.js end diff --git a/app/controllers/student_work_controller.rb b/app/controllers/student_work_controller.rb index dd178a1ce..10431f01a 100644 --- a/app/controllers/student_work_controller.rb +++ b/app/controllers/student_work_controller.rb @@ -390,7 +390,7 @@ class StudentWorkController < ApplicationController student_in_group = '(' + group_students.map{|user| user.id}.join(',') + ')' end #开放作品 || 老师 || 超级管理员 || 禁用匿评&&作业截止&&已提交作品 显示所有列表 - if @homework.is_open == 1 || @is_teacher || User.current.admin? || (User.current.member_of_course?(@course) && @homework.anonymous_comment == 1 && Time.parse(@homework.end_time.to_s).strftime("%Y-%m-%d") < Time.now.strftime("%Y-%m-%d") && !@homework.student_works.where(:user_id => User.current.id).empty?) + if (@homework.is_open == 1 && @course.is_public == 1) || (@homework.is_open == 1 && @course.is_public == 0 && User.current.member_of_course?(@course)) || @is_teacher || User.current.admin? || (User.current.member_of_course?(@course) && @homework.anonymous_comment == 1 && Time.parse(@homework.end_time.to_s).strftime("%Y-%m-%d") < Time.now.strftime("%Y-%m-%d") && !@homework.student_works.where(:user_id => User.current.id).empty?) if @order == 'lastname' @stundet_works = search_homework_member @homework.student_works.select("student_works.*,student_works.work_score as score").joins(:user).where("users.id in #{student_in_group}").order("CONVERT(lastname USING gbk) COLLATE gbk_chinese_ci #{@b_sort}, login #{@b_sort}"),@name elsif @order == 'student_id' @@ -456,7 +456,7 @@ class StudentWorkController < ApplicationController @student_work_count = (search_homework_member @homework.student_works.select("student_works.*,student_works.work_score as score").joins(:user).where("users.id in #{student_in_group}").order("#{@order} #{@b_sort}"),@name).count else - if @homework.is_open == 1 || @is_teacher || User.current.admin? || (User.current.member_of_course?(@course) && @homework.anonymous_comment == 1 && Time.parse(@homework.end_time.to_s).strftime("%Y-%m-%d") < Time.now.strftime("%Y-%m-%d") && !@homework.student_works.where(:user_id => User.current.id).empty?) + if (@homework.is_open == 1 &&@course.is_public == 1) || (@homework.is_open == 1 && @course.is_public == 0 && User.current.member_of_course?(@course)) || @is_teacher || User.current.admin? || (User.current.member_of_course?(@course) && @homework.anonymous_comment == 1 && Time.parse(@homework.end_time.to_s).strftime("%Y-%m-%d") < Time.now.strftime("%Y-%m-%d") && !@homework.student_works.where(:user_id => User.current.id).empty?) if @order == 'lastname' @stundet_works = search_homework_member @homework.student_works.select("student_works.*,student_works.work_score as score").joins(:user).order("CONVERT(lastname USING gbk) COLLATE gbk_chinese_ci #{@b_sort}, login #{@b_sort}"),@name elsif @order == 'student_id' diff --git a/app/controllers/sub_document_comments_controller.rb b/app/controllers/sub_document_comments_controller.rb index 767e1ba29..80c14f004 100644 --- a/app/controllers/sub_document_comments_controller.rb +++ b/app/controllers/sub_document_comments_controller.rb @@ -1,6 +1,7 @@ class SubDocumentCommentsController < ApplicationController before_filter :find_subdomain_and_subfield, :only => [:new, :create, :show, :index, :destroy, :edit] before_filter :find_subfield_content, :only => [:show, :index] + before_filter :authorize_allowed, :only => [:create, :add_reply] helper :attachments,:organizations layout 'base_sub_domain' @@ -125,6 +126,8 @@ class SubDocumentCommentsController < ApplicationController def destroy @sub_document_comment = SubDocumentComment.find(params[:id]) @sub_document_comment.destroy + @sub_domain = @sub_document_comment.sub_domain + @org_subfield = @sub_domain.org_subfield rescue ActiveRecord::RecordNotFound respond_to do |format| # format.html{ @@ -205,4 +208,11 @@ class SubDocumentCommentsController < ApplicationController def find_subfield_content @subfield_content = @organization.org_subfields.order("priority") end + + def authorize_allowed + unless User.current.logged? + redirect_to signin_url + return + end + end end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1a6bc4f1b..4cb838b8c 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -320,7 +320,7 @@ class UsersController < ApplicationController case params[:agree] when 'Y' ar.update_column('status', 2) - @msg.update_attributes(:apply_result => 1, :viewed => 1) + @msg.update_attributes(:apply_result => 1, :viewed => 1) ar.course_messages << CourseMessage.new(:user_id => ar.user_id, :course_id => -1, :viewed => false, :apply_result => 2, :status => 1) when 'N' ar.update_column('status', 3) @@ -539,28 +539,28 @@ class UsersController < ApplicationController end def student_homeworks - if User.current == @user - @page = params[:page] ? params[:page].to_i + 1 : 0 - user_course_ids = @user.courses.empty? ? "(-1)" :"(" + @user.courses.visible.map{|course| course.id}.join(",") + ")" + if User.current == @user + @page = params[:page] ? params[:page].to_i + 1 : 0 + user_course_ids = @user.courses.empty? ? "(-1)" :"(" + @user.courses.visible.map{|course| course.id}.join(",") + ")" - #判断当前用户在当前课程的身份 - visibleCourse = @user.courses.empty? ? [] : @user.courses.where("is_delete = 0").visible - homework_ids = [] - visibleCourse.each do |course| - homeworks = HomeworkCommon.where("course_id = #{course.id} and publish_time <= '#{Date.today}'") - homework_ids << homeworks.pluck(:id) unless homeworks.empty? - end - visible_homework_ids = homework_ids.size == 0 ? "(-1)" :"(" + homework_ids.join(",") + ")" - @homework_commons = HomeworkCommon.where("id in #{visible_homework_ids}").order("created_at desc").limit(10).offset(@page * 10) - @is_teacher = User.current.user_extensions && User.current.user_extensions.identity == 0 && User.current.allowed_to?(:add_course, nil, :global => true) - @is_in_course = params[:is_in_course].to_i || 0 - respond_to do |format| - format.js - format.html {render :layout => 'new_base_user'} - end - else - render_403 + #判断当前用户在当前课程的身份 + visibleCourse = @user.courses.empty? ? [] : @user.courses.where("is_delete = 0").visible + homework_ids = [] + visibleCourse.each do |course| + homeworks = HomeworkCommon.where("course_id = #{course.id} and publish_time <= '#{Date.today}'") + homework_ids << homeworks.pluck(:id) unless homeworks.empty? end + visible_homework_ids = homework_ids.size == 0 ? "(-1)" :"(" + homework_ids.join(",") + ")" + @homework_commons = HomeworkCommon.where("id in #{visible_homework_ids}").order("created_at desc").limit(10).offset(@page * 10) + @is_teacher = User.current.user_extensions && User.current.user_extensions.identity == 0 && User.current.allowed_to?(:add_course, nil, :global => true) + @is_in_course = params[:is_in_course].to_i || 0 + respond_to do |format| + format.js + format.html {render :layout => 'new_base_user'} + end + else + render_403 + end end def choose_user_course @@ -1095,22 +1095,27 @@ class UsersController < ApplicationController #引入资源列表根据关键词过滤 def user_ref_resource_search - search = params[:search].to_s.strip.downcase - if(params[:type].blank? || params[:type] == "1") #全部 - user_course_ids = User.current.courses.map { |c| c.is_delete == 0 && c.id} #我的资源库的话,那么应该是我上传的所有资源 加上 我加入的课程的所有资源 取交集并查询 - @attachments = Attachment.where("((author_id = #{params[:id]} and container_type in('Project','Principal','Course','Issue','Document','Message','News','StudentWorkScore','HomewCommon')) "+ - " or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')}))) and (filename like '%#{search}%') ").order("created_on desc") - elsif params[:type] == "2" #课程资源 + if User.current.id.to_i != params[:id].to_i + render_403 + return + end + @resource_id = params[:mul_id] + @resource_type = params[:mul_type] + @order, @b_sort = params[:order] || "created_on", params[:sort] || "asc" + @score = @b_sort == "desc" ? "asc" : "desc" + @user = User.current + @switch_search = params[:search].nil? ? " " : params[:search] + search = "%#{@switch_search.strip.downcase}%" + # 别人的资源库是没有权限去看的 + if(params[:type] == "1") # 我的资源 + # 修正:我的资源库的话,那么应该是我上传的所有资源加上,我加入的课程、项目、组织的所有资源 user_course_ids = User.current.courses.map { |c| c.is_delete == 0 && c.id} - @attachments = Attachment.where("(author_id = #{params[:id]} and container_type = 'Course') or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')})) and (filename like '%#{search}%') ").order("created_on desc") - elsif params[:type] == "3" #项目资源 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type = 'Project' and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "4" #附件 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type in('Project','Issue','Document','Message','News','StudentWorkScore','HomewCommon') and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "5" #用户资源 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type = 'Principal' and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "6" #公共资源 - @attachments = Attachment.where("(is_public =1 and is_publish = 1 and container_id is not null)" + "or (author_id = #{params[:id]} and is_publish = 0)").order("created_on desc") + user_project_ids = User.current.projects.map {|p| p.status != 9 && p.id } + # user_org_ids = User.current.organizations.map {|o| o.id} + @attachments = get_my_resources_search(params[:id], user_course_ids, user_project_ids, @order, @score, search) + elsif (params[:type].blank? || params[:type] == "6") # 公共资源 + # 公共资源库:所有公开资源或者我上传的私有资源 + @attachments = get_public_resources_search(user_course_ids, user_project_ids, @order, @score, search) end @type = params[:type] @limit = 7 @@ -1982,7 +1987,7 @@ class UsersController < ApplicationController end end elsif params[:send_ids].present? - send_ids = params[:send_ids].split(" ") + send_ids = params[:send_ids].split(",") course_ids = params[:course_ids] if course_ids.nil? @flag = false @@ -2058,18 +2063,18 @@ class UsersController < ApplicationController # 公共资源库:所有公开资源或者我上传的私有资源 @attachments = get_public_resources(user_course_ids, user_project_ids, params[:order], @score) end - elsif params[:type] == "2" - apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} - if params[:status] == "2" - resource_type = "'Course'" - elsif params[:status] == "3" - resource_type = "'Project'" - elsif params[:status] == "5" - resource_type = "'Principal'" - else - resource_type = "'Project','OrgSubfield','Principal','Course'" - end - @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) + # elsif params[:type] == "2" + # apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} + # if params[:status] == "2" + # resource_type = "'Course'" + # elsif params[:status] == "3" + # resource_type = "'Project'" + # elsif params[:status] == "5" + # resource_type = "'Principal'" + # else + # resource_type = "'Project','OrgSubfield','Principal','Course'" + # end + # @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) end @type = params[:type] @limit = 25 @@ -2100,7 +2105,8 @@ class UsersController < ApplicationController project_ids.each do |project_id| next if ori.blank? @exist = false - Project.find(project_id).attachments.each do |att| #如果课程中包含该资源 + # 如果对象中包含该资源 + Project.find(project_id).attachments.each do |att| if att.id == ori.id || (!att.copy_from.nil? && !ori.copy_from.nil? && att.copy_from == ori.copy_from) || att.copy_from == ori.id || att.id == ori.copy_from att.created_on = Time.now att.save @@ -2133,7 +2139,7 @@ class UsersController < ApplicationController @ori = ori end elsif params[:send_ids].present? - send_ids = params[:send_ids].split(" ") + send_ids = params[:send_ids].split(",") project_ids = params[:projects_ids] if project_ids.nil? @flag = false @@ -2211,18 +2217,18 @@ class UsersController < ApplicationController # 公共资源库:所有公开资源或者我上传的私有资源 @attachments = get_public_resources(user_course_ids, user_project_ids, params[:order], @score) end - elsif params[:type] == "2" - apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} - if params[:status] == "2" - resource_type = "'Course'" - elsif params[:status] == "3" - resource_type = "'Project'" - elsif params[:status] == "5" - resource_type = "'Principal'" - else - resource_type = "'Project','OrgSubfield','Principal','Course'" - end - @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) + # elsif params[:type] == "2" + # apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} + # if params[:status] == "2" + # resource_type = "'Course'" + # elsif params[:status] == "3" + # resource_type = "'Project'" + # elsif params[:status] == "5" + # resource_type = "'Principal'" + # else + # resource_type = "'Project','OrgSubfield','Principal','Course'" + # end + # @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) end @status = params[:status] @type = params[:type] @@ -2280,7 +2286,7 @@ class UsersController < ApplicationController end @ori = ori elsif params[:send_ids].present? - send_ids = params[:send_ids].split(" ") + send_ids = params[:send_ids].split(",") subfield_id = params[:subfield] if subfield_id.nil? @flag = false @@ -2352,18 +2358,18 @@ class UsersController < ApplicationController # 公共资源库:所有公开资源或者我上传的私有资源 @attachments = get_public_resources(user_course_ids, user_project_ids, params[:order], @score) end - elsif params[:type] == "2" - apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} - if params[:status] == "2" - resource_type = "'Course'" - elsif params[:status] == "3" - resource_type = "'Project'" - elsif params[:status] == "5" - resource_type = "'Principal'" - else - resource_type = "'Project','OrgSubfield','Principal','Course'" - end - @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) + # elsif params[:type] == "2" + # apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} + # if params[:status] == "2" + # resource_type = "'Course'" + # elsif params[:status] == "3" + # resource_type = "'Project'" + # elsif params[:status] == "5" + # resource_type = "'Principal'" + # else + # resource_type = "'Project','OrgSubfield','Principal','Course'" + # end + # @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) end @type = params[:type] @limit = 25 @@ -2700,7 +2706,7 @@ class UsersController < ApplicationController # 获取公共资源 def get_public_resources user_course_ids, user_project_ids, order, score - attachments = Attachment.where("(is_publish = 1 and container_id is not null and container_type in('Project','OrgSubfield','Principal','Course')) ").order("#{order.nil? ? 'created_on' : order} #{score}") + attachments = Attachment.where("(is_publish = 1 and is_public = 1 and container_id is not null and container_type in('Project','OrgSubfield','Principal','Course')) ").order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取公共资源搜索 @@ -2725,19 +2731,19 @@ class UsersController < ApplicationController # 获取我的课程资源 def get_course_resources author_id, user_course_ids, order, score attchments = Attachment.where("(author_id = #{author_id} and is_publish = 1 and container_id is not null and container_type = 'Course')"+ - "or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')}) + "or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')}) and is_publish = 1 and container_id is not null)" ).order("#{order.nil? ? 'created_on' : order} #{score}") end - # 获取我的私有资源分享结果 - def get_my_private_resources apply_ids, resource_type, order, score - attachments = Attachment.where("id in (#{apply_ids.empty? ? '0': apply_ids.join(',')}) and container_type in(#{resource_type})").order("#{order.nil? ? 'created_on' : order} #{score}") - end - - # 获取我的私有资源分享搜索结果 - def get_my_private_resources_search apply_ids, resource_type, order, score, search - attachments = Attachment.where("id in (#{apply_ids.empty? ? '0': apply_ids.join(',')}) and container_type in(#{resource_type}) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") - end + # # 获取我的私有资源分享结果 + # def get_my_private_resources apply_ids, resource_type, order, score + # attachments = Attachment.where("id in (#{apply_ids.empty? ? '0': apply_ids.join(',')}) and container_type in(#{resource_type})").order("#{order.nil? ? 'created_on' : order} #{score}") + # end + # + # # 获取我的私有资源分享搜索结果 + # def get_my_private_resources_search apply_ids, resource_type, order, score, search + # attachments = Attachment.where("id in (#{apply_ids.empty? ? '0': apply_ids.join(',')}) and container_type in(#{resource_type}) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") + # end # 获取我的课程资源中搜索结果 def get_course_resources_search author_id, user_course_ids, order, score, search @@ -2748,18 +2754,18 @@ class UsersController < ApplicationController # 获取公共资源中课程资源 def get_course_resources_public user_course_ids, order, score - attchments = Attachment.where("(container_type = 'Course'and container_id is not null and is_publish = 1)").order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("(container_type = 'Course'and container_id is not null and is_publish = 1 and is_public =1)").order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取公共资源中课程资源搜索结果 def get_course_resources_public_search user_course_ids, order, score, search - attchments = Attachment.where("(container_type = 'Course'and container_id is not null and is_publish = 1) and (filename like :p)", :p => search ).order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("(container_type = 'Course'and container_id is not null and is_publish = 1 and is_public =1) and (filename like :p)", :p => search ).order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取我的项目资源 def get_project_resources author_id, user_project_ids, order, score attchments = Attachment.where("(author_id = #{author_id} and is_publish = 1 and container_id is not null and container_type = 'Project') "+ - "or (container_type = 'Project' and container_id in (#{user_project_ids.empty? ? '0': user_project_ids.join(',')}) + "or (container_type = 'Project' and container_id in (#{user_project_ids.empty? ? '0': user_project_ids.join(',')}) and is_publish = 1 and container_id is not null)").order("#{order.nil? ? 'created_on' : order} #{score}") end @@ -2772,12 +2778,12 @@ class UsersController < ApplicationController # 获取公共资源的项目资源 def get_project_resources_public user_project_ids, order, score - attchments = Attachment.where("container_type = 'Project' and container_id is not null").order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("container_type = 'Project' and container_id is not null and is_public =1").order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取公共资源的项目资源搜索 def get_project_resources_public_search user_project_ids, order, score, search - attchments = Attachment.where("(container_type = 'Project' and container_id is not null) and (filename like :p)", :p => search ).order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("(container_type = 'Project' and container_id is not null and is_public =1) and (filename like :p)", :p => search ).order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取我上传的附件 @@ -2795,13 +2801,13 @@ class UsersController < ApplicationController # 获取公共资源中我上传的附件 def get_attch_resources_public order, score attchments = Attachment.where("container_type in('Issue','Document','Message','News','StudentWorkScore','HomewCommon','OrgSubfield','Principal') - and container_id is not null").order("#{order.nil? ? 'created_on' : order} #{score}") + and container_id is not null and is_public =1").order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取公共资源中我上传的附件 def get_attch_resources_public_search order, score, search attchments = Attachment.where("(container_type in('Issue','Document','Message','News','StudentWorkScore','HomewCommon','OrgSubfield','Principal') - and container_id is not null) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") + and container_id is not null and is_public =1) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取我的用户类型资源 @@ -2816,12 +2822,12 @@ class UsersController < ApplicationController # 获取我的用户类型资源 def get_principal_resources_public order, score - attchments = Attachment.where("container_type = 'Principal' and container_id is not null").order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("container_type = 'Principal' and is_public =1 and container_id is not null").order("#{order.nil? ? 'created_on' : order} #{score}") end # 获取我的用户类型资源 def get_principal_resources_public_search order, score, search - attchments = Attachment.where("(container_type = 'Principal'and container_id is not null) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") + attchments = Attachment.where("(container_type = 'Principal'and container_id is not null and is_public =1) and (filename like :p)", :p => search).order("#{order.nil? ? 'created_on' : order} #{score}") end # 资源库 分为全部 课程资源 项目资源 附件 @@ -2863,18 +2869,18 @@ class UsersController < ApplicationController # 公共资源库:所有公开资源或者我上传的私有资源 @attachments = get_public_resources(user_course_ids, user_project_ids, params[:order], @score) end - elsif params[:type] == "2" # 私有资源 - apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} - if params[:status] == "2" - resource_type = "'Course'" - elsif params[:status] == "3" - resource_type = "'Project'" - elsif params[:status] == "5" - resource_type = "'Principal'" - else - resource_type = "'Project','OrgSubfield','Principal','Course'" - end - @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) + # elsif params[:type] == "2" # 私有资源 + # apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} + # if params[:status] == "2" + # resource_type = "'Course'" + # elsif params[:status] == "3" + # resource_type = "'Project'" + # elsif params[:status] == "5" + # resource_type = "'Principal'" + # else + # resource_type = "'Project','OrgSubfield','Principal','Course'" + # end + # @attachments = get_my_private_resources(apply_ids, resource_type, @order, @score) end @status = params[:status] @type = params[:type] @@ -3052,21 +3058,21 @@ class UsersController < ApplicationController @attachments = get_principal_resources_public_search(@order, @score, search) else # 公共资源库:所有公开资源或者我上传的私有资源 - @attachments = get_public_resources_search(user_course_ids, user_project_ids, @order, @score, search) + @attachments = get_public_resources_search(user_course_ids, user_project_ids, @order, @score, search) end - elsif params[:type] == "2" # 私有资源 - apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} - if params[:status] == "2" - resource_type = "'Course'" - elsif params[:status] == "3" - resource_type = "'Project'" - elsif params[:status] == "5" - resource_type = "'Principal'" - else - resource_type = "'Project','OrgSubfield','Principal','Course'" - end - @attachments = get_my_private_resources_search(apply_ids, resource_type, @order, @score, search) - @attachments + # elsif params[:type] == "2" # 私有资源 + # apply_ids = ApplyResource.where("user_id =? and status =?", params[:id], 2).map { |ar| ar.attachment_id} + # if params[:status] == "2" + # resource_type = "'Course'" + # elsif params[:status] == "3" + # resource_type = "'Project'" + # elsif params[:status] == "5" + # resource_type = "'Principal'" + # else + # resource_type = "'Project','OrgSubfield','Principal','Course'" + # end + # @attachments = get_my_private_resources_search(apply_ids, resource_type, @order, @score, search) + # @attachments end @status = params[:status] @type = params[:type] @@ -3121,6 +3127,7 @@ class UsersController < ApplicationController @orgs = @user.organizations.select{|org| OrgSubfield.where("organization_id = #{org.id} and field_type='Resource'").count > 0} end end + @type = params[:type] @search = params[:search] #这里仅仅是传递需要发送的资源id @send_id = params[:send_id] diff --git a/app/controllers/wechats_controller.rb b/app/controllers/wechats_controller.rb index 39be9cef3..4bf95fdbd 100644 --- a/app/controllers/wechats_controller.rb +++ b/app/controllers/wechats_controller.rb @@ -139,99 +139,129 @@ class WechatsController < ActionController::Base end def sendBind(request) - news = (1..1).each_with_object([]) { |n, memo| memo << { title: '绑定登录', content: "您还未绑定确实的用户,请先绑定." } } + news = (1..1).each_with_object([]) { |n, memo| memo << { title: '绑定登录', content: "欢迎使用Trustie创新实践服务平台! +在这里您可以随时了解您的课程和项目动态,随时点赞和回复。 +我们将会与微信不断结合,为您提供更有价值的服务。 + +您还未绑定确实的用户,请先绑定,谢谢!" } } request.reply.news(news) do |article, n, index| # article is return object url = "https://open.weixin.qq.com/connect/oauth2/authorize?appid=#{Wechat.config.appid}&redirect_uri=#{login_wechat_url}&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect" + pic_url = "#{Setting.protocol}://#{Setting.host_name}/images/weixin_pic.jpg" article.item title: "#{n[:title]}", description: n[:content], - pic_url: 'https://www.trustie.net/images/trustie_logo2.png', + pic_url: pic_url, url: url end end - def get_open_id - begin - raise "非法操作, code不存在" unless params[:code] + + + ### controller method + + + module Controllers + def get_open_id + begin + + code = params[:code] || session[:wechat_code] + openid = get_openid_from_code(code) + + raise "无法获取到微信openid" unless openid + render :json => {status:0, openid: openid} + rescue Exception=>e + render :json => {status: -1, msg: e.message} + end + end + + def bind + begin + + code = params[:code] || session[:wechat_code] + openid = get_openid_from_code(code) + + raise "无法获取到openid" unless openid + raise "此微信号已绑定用户, 不能重复绑定" if user_binded?(openid) + + user, last_login_on = User.try_to_login(params[:username], params[:password]) + raise "用户名或密码错误,请重新登录" unless user + #补全用户信息 + + raise "此用户已经绑定过公众号, 请换一个帐户试试" if user.user_wechat + + UserWechat.create!( + openid: openid, + user: user + ) + render :json => {status:0, msg: "绑定成功"} + rescue Exception=>e + render :json => {status: -1, msg: e.message} + end + end + + def login + session[:wechat_code] = params[:code] if params[:code] openid = get_openid_from_code(params[:code]) - raise "无法获取到openid" unless openid - render :json => {status:0, openid: openid} - rescue Exception=>e - render :json => {status: -1, msg: e.message} + @wechat_user = user_binded?(openid) + + render 'wechats/login', layout: 'base_wechat' end - end - def bind - begin - raise "非法操作, code不存在" unless params[:code] - openid = get_openid_from_code(params[:code]) - raise "无法获取到openid" unless openid - raise "此微信号已绑定用户, 不能重复绑定" if user_binded?(openid) + private + def get_openid_from_code(code) + openid = session[:wechat_openid] - user, last_login_on = User.try_to_login(params[:username], params[:password]) - raise "用户名或密码错误,请重新登录" unless user - #补全用户信息 - - raise "此用户已经绑定了公众号" if user.user_wechat - - UserWechat.create!( - openid: openid, - user: user - ) - request.reply.text "欢迎加入Trustie创新实践社区" - render :json => {status:0, msg: "绑定成功"} - rescue Exception=>e - render :json => {status: -1, msg: e.message} - end - end - - def login - @code = params[:code] #TODO 安全性 - render 'wechats/login', layout: 'base_wechat' - end - - private - def get_openid_from_code(code) - url = "https://api.weixin.qq.com/sns/oauth2/access_token?appid=#{Wechat.config.appid}&secret=#{Wechat.config.secret}&code=#{code}&grant_type=authorization_code" - logger.debug url - body = URI.parse(url).read - logger.debug body - JSON.parse(body)["openid"] - end - - def user_binded?(openid) - uw = UserWechat.where(openid: openid).first - end - - def user_activity(user) - @user = user - shield_project_ids = ShieldActivity.where("container_type='User' and container_id=#{@user.id} and shield_type='Project'").map(&:shield_id) - shield_course_ids = ShieldActivity.where("container_type='User' and container_id=#{@user.id} and shield_type='Course'").map(&:shield_id) - @page = params[:page] ? params[:page].to_i + 1 : 0 - user_project_ids = (@user.projects.visible.map{|project| project.id}-shield_project_ids).empty? ? "(-1)" : "(" + (@user.projects.visible.map{|project| project.id}-shield_project_ids).join(",") + ")" - user_course_ids = (@user.courses.visible.map{|course| course.id}-shield_course_ids).empty? ? "(-1)" : "(" + (@user.courses.visible.map{|course| course.id}-shield_course_ids).join(",") + ")" - course_types = "('Message','News','HomeworkCommon','Poll','Course')" - project_types = "('Message','Issue','Project')" - principal_types = "JournalsForMessage" - - blog_ids = "("+@user.blog.id.to_s+","+((User.watched_by(@user.id).count == 0 )? '0' :User.watched_by(@user.id).map{|u| u.blog.id}.join(','))+")" - @user_activities = UserActivity.where("(container_type = 'Project' and container_id in #{user_project_ids} and act_type in #{project_types})" + - "or (container_type = 'Course' and container_id in #{user_course_ids} and act_type in #{course_types}) "+ - "or (container_type = 'Principal' and act_type= '#{principal_types}' and container_id = #{@user.id}) " + - "or (container_type = 'Blog' and act_type= 'BlogComment' and container_id in #{blog_ids})").order('updated_at desc').limit(10).offset(@page * 10) - - - end - - def process_activity(user_activity) - act= user_activity.act - case user_activity.container_type.to_s - when 'Course' - when 'Project' - case user_activity.act_type.to_s - when 'Issue' - [act.project.name.to_s+" | 项目问题", act.subject.to_s, url_to_avatar(act.author),"http://wechat.trustie.net/app.html#/issue/#{act.id}"] + unless openid + if code + openid = wechat.web_access_token(code)["openid"] end + end + + if openid + session[:wechat_openid] = openid + end + + return openid + end + + def user_binded?(openid) + uw = UserWechat.where(openid: openid).first + end + + def user_activity(user) + @user = user + shield_project_ids = ShieldActivity.where("container_type='User' and container_id=#{@user.id} and shield_type='Project'").map(&:shield_id) + shield_course_ids = ShieldActivity.where("container_type='User' and container_id=#{@user.id} and shield_type='Course'").map(&:shield_id) + @page = params[:page] ? params[:page].to_i + 1 : 0 + user_project_ids = (@user.projects.visible.map{|project| project.id}-shield_project_ids).empty? ? "(-1)" : "(" + (@user.projects.visible.map{|project| project.id}-shield_project_ids).join(",") + ")" + user_course_ids = (@user.courses.visible.map{|course| course.id}-shield_course_ids).empty? ? "(-1)" : "(" + (@user.courses.visible.map{|course| course.id}-shield_course_ids).join(",") + ")" + course_types = "('Message','News','HomeworkCommon','Poll','Course')" + project_types = "('Message','Issue','Project')" + principal_types = "JournalsForMessage" + + blog_ids = "("+@user.blog.id.to_s+","+((User.watched_by(@user.id).count == 0 )? '0' :User.watched_by(@user.id).map{|u| u.blog.id}.join(','))+")" + @user_activities = UserActivity.where("(container_type = 'Project' and container_id in #{user_project_ids} and act_type in #{project_types})" + + "or (container_type = 'Course' and container_id in #{user_course_ids} and act_type in #{course_types}) "+ + "or (container_type = 'Principal' and act_type= '#{principal_types}' and container_id = #{@user.id}) " + + "or (container_type = 'Blog' and act_type= 'BlogComment' and container_id in #{blog_ids})").order('updated_at desc').limit(10).offset(@page * 10) + + + end + + def process_activity(user_activity) + act= user_activity.act + case user_activity.container_type.to_s + when 'Course' + when 'Project' + case user_activity.act_type.to_s + when 'Issue' + [act.project.name.to_s+" | 项目问题", act.subject.to_s, url_to_avatar(act.author),"http://wechat.trustie.net/app.html#/issue/#{act.id}"] + end + end end end + + + include Controllers + end diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb index 386e5733d..d9a9e1def 100644 --- a/app/controllers/zipdown_controller.rb +++ b/app/controllers/zipdown_controller.rb @@ -10,14 +10,14 @@ class ZipdownController < ApplicationController #勿删 before_filter :authorize, :only => [:assort,:download_user_homework] SAVE_FOLDER = "#{Rails.root}/files" OUTPUT_FOLDER = "#{Rails.root}/files/archiveZip" + MAX_PATH = 50 #统一下载功能 def download if User.current.logged? begin if params[:base64file] - file = Base64.decode64(params[:base64file]) - file = file.sub('*', '+') + file = decode64(params[:base64file]) send_file "#{OUTPUT_FOLDER}/#{file}", :filename => filename_for_content_disposition(file), :type => detect_content_type(file) else send_file "#{OUTPUT_FOLDER}/#{params[:file]}", :filename => filename_for_content_disposition(params[:filename]), :type => detect_content_type(params[:file]) @@ -125,7 +125,11 @@ class ZipdownController < ApplicationController end def encode64(str) - Base64.encode64(str).sub('+', '*') + Base64.urlsafe_encode64(str) + end + + def decode64(str) + Base64.urlsafe_decode64(str) end def zip_homework_common homework_common @@ -242,6 +246,12 @@ class ZipdownController < ApplicationController def zipping(zip_name_refer, files_paths, output_path, is_attachment=false, not_exist_file=[]) rename_zipfile = zip_name_refer ||= "#{Time.now.to_i.to_s}.zip" + # 文件名过长 + + if rename_zipfile.size > MAX_PATH + rename_zipfile = rename_zipfile[0,rename_zipfile.size-4][0,MAX_PATH-4] + rename_zipfile[-4,4] + end + zipfile_name = "#{output_path}/#{rename_zipfile}" Dir.mkdir(File.dirname(zipfile_name)) unless File.exist?(File.dirname(zipfile_name)) diff --git a/app/helpers/api_helper.rb b/app/helpers/api_helper.rb index 49640d889..fb1231287 100644 --- a/app/helpers/api_helper.rb +++ b/app/helpers/api_helper.rb @@ -182,7 +182,7 @@ module ApiHelper timeIntoFormat = 0 updateAtValue = "" if timePassed < 0 - updateAtValue = "时间有问题" + updateAtValue = "刚刚" elsif timePassed < ONE_MINUTE updateAtValue = "1分钟前" elsif timePassed < ONE_HOUR diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb index 8d9c9733e..691c2b0ad 100644 --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -58,12 +58,21 @@ module ApplicationHelper when "Course" User.current.member_of_course?(attachment.container) ? true : false when "OrgSubfield" - User.current.member_of_org?(attachment.container) ? true : false + User.current.member_of_org?(attachment.container.organization) ? true : false when "Principal" User.current.id == attachment.author_id ? true : false end end + # 判断某个私有资源是否可以发送下载权限 + # 结果为true不能下载,false可以下载 + def private_attachment_allow attachment_id + attach = Attachment.find(attachment_id) + # 条件取否,result结果为true则不能下载 + result = attach.is_public == 0 && attach.author != User.current && !attach.get_apply_resource_status(attach.id, User.current.id) && !attach_show_allow(attach) + return result + end + # Time 2015-03-24 15:27:29 # Author lizanle # Description 从硬盘上删除对应的资源文件 @@ -2089,12 +2098,12 @@ module ApplicationHelper def attachment_history_candown attachment_history if attachment_history.container_type == "Course" course = Course.find(attachment_history.container_id) - candown = User.current.member_of?(course) || (course.is_public && attachment_history.is_public == 1) + candown = User.current.member_of_course?(course) || (course.is_public && attachment_history.is_public == 1) elsif attachment_history.container_type == "Project" project = Project.find(attachment_history.container_id) candown = User.current.member_of?(project) || (project.is_public && attachment_history.is_public == 1) elsif attachment_history.container_type == "OrgSubfield" - org = OrgSubfield.find(attachment_history.container_id) + org = OrgSubfield.find(attachment_history.container_id).organization candown = User.current.member_of_org?(org) || (org.organization.is_public && attachment_history.is_public == 1 && (User.current.logged? || org.organization.allow_guest_download?)) end end @@ -2109,20 +2118,20 @@ module ApplicationHelper candown= User.current.member_of?(project) || (project.is_public && attachment.is_public == 1) elsif attachment.container.is_a?(Project) project = attachment.container - candown= User.current.member_of?(project) || (project.is_public && attachment.is_public == 1) + candown = User.current.member_of?(project) || (attachment.is_public == 1) || attachment.get_status_by_attach(User.current.id) == 2 elsif (attachment.container.has_attribute?(:board) || attachment.container.has_attribute?(:board_id)) && attachment.container.board && attachment.container.board.project project = attachment.container.board.project candown = User.current.member_of?(project) || (project.is_public && attachment.is_public == 1) elsif (attachment.container.has_attribute?(:course) ||attachment.container.has_attribute?(:course_id) ) && attachment.container.course course = attachment.container.course - candown = User.current.member_of_course?(course) || (course.is_public==1 && attachment.is_public == 1) + candown = User.current.member_of_course?(course) || (attachment.is_public == 1) || attachment.get_status_by_attach(User.current.id) == 2 elsif attachment.container.is_a?(Course) course = attachment.container - candown= User.current.member_of_course?(course) || (course.is_public==1 && attachment.is_public == 1) + candown= User.current.member_of_course?(course) || (attachment.is_public == 1) || attachment.get_status_by_attach(User.current.id) == 2 elsif attachment.container.is_a?(OrgSubfield) org = attachment.container.organization - candown = User.current.member_of_org?(org) || (org.is_public && attachment.is_public == 1) + candown = User.current.member_of_org?(org) || (attachment.is_public == 1) || attachment.get_status_by_attach(User.current.id) == 2 elsif attachment.container.is_a?(OrgDocumentComment) org = attachment.container.organization candown = User.current.member_of_org?(org) || (org.is_public && attachment.is_public == 1) diff --git a/app/models/attachment.rb b/app/models/attachment.rb index b7ec264fd..8f9ee2d85 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -142,7 +142,8 @@ class Attachment < ActiveRecord::Base end def get_apply_resource_status attachment_id, author_id - ApplyResource.where("attachment_id =? and apply_user_id =?", attachment_id, author_id).first.try(:status) + status = ApplyResource.where("attachment_id =? and user_id =?", attachment_id, author_id).first.try(:status) + status == 2 ? true :false end # add by nwb diff --git a/app/models/message.rb b/app/models/message.rb index fdc3c6bdc..cf9adab4e 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -83,7 +83,7 @@ class Message < ActiveRecord::Base # after_create :add_author_as_watcher, :reset_counters!, :add_boards_count after_update :update_messages_board, :update_activity after_destroy :reset_counters!,:down_user_score,:delete_kindeditor_assets, :decrease_boards_count, :down_course_score - after_create :act_as_course_activity, :act_as_forge_activity, :act_as_student_score, act_as_at_message(:content, :author_id), :add_author_as_watcher, :reset_counters!, :add_boards_count, :act_as_system_message + after_create :act_as_course_activity, :act_as_forge_activity, :act_as_student_score, act_as_at_message(:content, :author_id), :add_author_as_watcher, :reset_counters!, :add_boards_count, :act_as_system_message, :delay_message_send #before_save :be_user_score scope :visible, lambda {|*args| @@ -308,6 +308,22 @@ class Message < ActiveRecord::Base end end + def delay_message_send + if self.course + if self.parent_id.nil? # 发帖 + self.delay.contain_messages_message + end + end + end + + def contain_messages_message + self.course.members.includes(:user).each do |m| + if self.author.allowed_to?(:as_teacher, self.course) && m.user_id != self.author_id # 老师 自己的帖子不给自己发送消息 + self.course_messages << CourseMessage.new(:user_id => m.user_id, :course_id => self.board.course_id, :viewed => false) + end + end + end + #更新用户分数 -by zjc def be_user_score #新建message且无parent的为发帖 diff --git a/app/models/news.rb b/app/models/news.rb index a411ccaca..0b03dcc48 100644 --- a/app/models/news.rb +++ b/app/models/news.rb @@ -62,7 +62,7 @@ class News < ActiveRecord::Base :author_key => :author_id acts_as_watchable - after_create :act_as_activity,:act_as_forge_activity, :act_as_course_activity, :add_author_as_watcher, :send_mail, :add_news_count, :act_as_student_score, :act_as_system_message + after_create :act_as_activity,:act_as_forge_activity, :act_as_course_activity, :add_author_as_watcher, :send_mail, :add_news_count, :act_as_student_score, :act_as_system_message, :delay_news_send after_update :update_activity after_destroy :delete_kindeditor_assets, :decrease_news_count, :delete_org_activities, :down_course_score @@ -163,8 +163,8 @@ class News < ActiveRecord::Base end end - #课程/项目通知 消息发送 - #消息发送原则:除了消息的发布者,课程的其它成员都能收到消息提醒 + # 课程/项目通知 消息发送 + # 消息发送原则:除了消息的发布者,课程的其它成员都能收到消息提醒 def act_as_system_message if self.course self.course.members.each do |m| @@ -189,6 +189,20 @@ class News < ActiveRecord::Base end end + def delay_news_send + if self.course + self.delay.contain_news_message + end + end + + def contain_news_message + self.course.members.each do |m| + if m.user_id != self.author_id + self.course_messages << CourseMessage.new(:user_id => user_id, :course_id => container_id, :viewed => false) + end + end + end + # Time 2015-03-31 13:50:54 # Author lizanle # Description 删除news后删除对应的资源 diff --git a/app/services/wechat_service.rb b/app/services/wechat_service.rb index 1dcd147d4..6d8c0f234 100644 --- a/app/services/wechat_service.rb +++ b/app/services/wechat_service.rb @@ -5,7 +5,7 @@ class WechatService data = { touser:openid, template_id:template_id, - url:"https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect", + url:"https://open.weixin.qq.com/connect/oauth2/authorize?appid=#{Wechat.config.appid}&redirect_uri=#{Setting.protocol}://#{Setting.host_name}/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect", topcolor:"#FF0000", data:{ first: { @@ -44,7 +44,6 @@ class WechatService end Rails.logger.info "send over. #{req}" end - Rails.logger.info "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect" end def topic_publish_template(user_id, type, id, first, key1, key2, key3, remark="") @@ -59,7 +58,6 @@ class WechatService end Rails.logger.info "send over. #{req}" end - Rails.logger.info "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect" end def comment_template(user_id,type, id, first, key1, key2, key3, remark="") @@ -74,7 +72,6 @@ class WechatService end Rails.logger.info "send over. #{req}" end - Rails.logger.info "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect" end def message_update_template(user_id, type, id, first, key1, key2, remark="") @@ -83,7 +80,7 @@ class WechatService data = { touser:uw.openid, template_id:"YTyNPZnQD8uZFBFq-Q6cCOWaq5LA9vL6RFlF2JuD5Cg", - url:"https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect", + url:"https://open.weixin.qq.com/connect/oauth2/authorize?appid=#{Wechat.config.appid}&redirect_uri=#{Setting.protocol}://#{Setting.host_name}/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect", topcolor:"#FF0000", data:{ first: { @@ -112,6 +109,5 @@ class WechatService end Rails.logger.info "send over. #{req}" end - Rails.logger.info "https://open.weixin.qq.com/connect/oauth2/authorize?appid=wxc09454f171153c2d&redirect_uri=https://www.trustie.net/assets/wechat/app.html#/#{type}/#{id}?response_type=code&scope=snsapi_base&state=123#wechat_redirect" end end \ No newline at end of file diff --git a/app/views/attachments/attachment_versions.js.erb b/app/views/attachments/attachment_versions.js.erb index a5bb6672b..ff704a869 100644 --- a/app/views/attachments/attachment_versions.js.erb +++ b/app/views/attachments/attachment_versions.js.erb @@ -2,6 +2,6 @@ $("#ajax-modal").html('<%= escape_javascript( render :partial => 'attachments/sh showModal('ajax-modal', '452px'); $('#ajax-modal').siblings().remove(); $('#ajax-modal').before(""); -$('#ajax-modal').parent().css("top","40%").css("left","50%"); +$('#ajax-modal').parent().css("top","40%").css("left","50%").css("position","fixed"); $('#ajax-modal').parent().addClass("resourceUploadPopup"); $('#ajax-modal').css("padding-left","16px").css("padding-bottom","16px"); \ No newline at end of file diff --git a/app/views/blog_comments/show.html.erb b/app/views/blog_comments/show.html.erb index 288a02d56..9617b7f76 100644 --- a/app/views/blog_comments/show.html.erb +++ b/app/views/blog_comments/show.html.erb @@ -207,6 +207,9 @@ $(function(){ var postContent = $("#message_description_<%= @article.id %>").html(); postContent = postContent.replace(/ /g," "); + postContent= postContent.replace(/ {2}/g,"  "); + postContent=postContent.replace(/   /g,"   "); + postContent=postContent.replace(/  /g,"   "); $("#message_description_<%= @article.id %>").html(postContent); autoUrl('message_description_<%= @article.id %>'); }); diff --git a/app/views/courses/_copy_course.html.erb b/app/views/courses/_copy_course.html.erb index 402e00cf6..3b6d55d96 100644 --- a/app/views/courses/_copy_course.html.erb +++ b/app/views/courses/_copy_course.html.erb @@ -1,17 +1,17 @@ <% end %> <% end %> diff --git a/app/views/courses/_new_member_list.html.erb b/app/views/courses/_new_member_list.html.erb index bff16e053..d8a2c6ed8 100644 --- a/app/views/courses/_new_member_list.html.erb +++ b/app/views/courses/_new_member_list.html.erb @@ -51,17 +51,9 @@ <%= member.user.nil? ? '' : (image_tag(url_to_avatar(member.user), :width => 32, :height => 32)) %>