权限访问控制

app/controllers/organizations_controller.rb

@@ -71,16 +71,20 @@ class OrganizationsController < ApplicationController
   def show
     # 组织新类型 show_mode：判断标准 1为新类型，0为旧
     if @organization.show_mode == 1 && params[:org_subfield_id].nil? && params[:type] .nil?
-      @subfield_content = @organization.org_subfields.order("priority")
+      if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
-      # 项目两种动态
+        @subfield_content = @organization.org_subfields.order("priority")
-      @project_issue_acts = get_project_issue_activities_org @organization
+        # 项目两种动态
-      @project_message_acts = get_project_message_activities_org @organization
+        @project_issue_acts = get_project_issue_activities_org @organization
-      # 磕碜动态
+        @project_message_acts = get_project_message_activities_org @organization
-      #@project_acts_issues = get_project_activities_org @organization
+        # 磕碜动态
-      @course_acts_homework = get_course_homework_activities_org @organization
+        #@project_acts_issues = get_project_activities_org @organization
-      @course_acts_message = get_course_message_activities_org @organization
+        @course_acts_homework = get_course_homework_activities_org @organization
-      @course_acts_news = get_course_news_activities_org @organization
+        @course_acts_message = get_course_message_activities_org @organization
-      render :layout => 'base_org_newstyle'
+        @course_acts_news = get_course_news_activities_org @organization
+        render :layout => 'base_org_newstyle'
+      else
+        render_403
+      end
     else
       if @organization.is_public? || User.current.admin? || User.current.member_of_org?(@organization)
         @organization = Organization.find(params[:id])