diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index b2f87ba72..492762333 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -588,6 +588,7 @@ class CoursesController < ApplicationController has = { "show_course_files" => true, + "show_course_news" => true, "show_course_messages" => true, "show_bids" => true, "show_course_journals_for_messages" => true @@ -599,7 +600,7 @@ class CoursesController < ApplicationController @activity = Redmine::Activity::Fetcher.new(User.current, :course => @course, :with_subprojects => false, :author => @author) - @activity.scope_select {|t| !has["show_#{t}"].nil?} + @activity.scope_select {|t| has["show_#{t}"]} events = @activity.events(@date_from, @date_to) @offset, @limit = api_offset_and_limit({:limit => 10}) diff --git a/app/models/message.rb b/app/models/message.rb index 945f47c2f..80b515a02 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -67,6 +67,10 @@ class Message < ActiveRecord::Base includes(:board => :project).where(Project.allowed_to_condition(args.shift || User.current, :view_messages, *args)) } + scope :course_visible, lambda {|*args| + includes(:board => :course).where(Course.allowed_to_condition(args.shift || User.current, :view_course_messages, *args)) + } + safe_attributes 'subject', 'content' safe_attributes 'locked', 'sticky', 'board_id', diff --git a/app/models/news.rb b/app/models/news.rb index 53c1c3091..9a0f8b75c 100644 --- a/app/models/news.rb +++ b/app/models/news.rb @@ -38,7 +38,7 @@ class News < ActiveRecord::Base #added by nwb #课程新闻独立于项目 acts_as_activity_provider :type => 'course_news', - :find_options => {:include => [:project, :author]}, + :find_options => {:include => [:course, :author]}, :author_key => :author_id acts_as_watchable @@ -52,7 +52,7 @@ class News < ActiveRecord::Base } scope :course_visible, lambda {|*args| - includes(:course).where(Course.allowed_to_condition(args.shift || User.current, :view_news, *args)) + includes(:course).where(Course.allowed_to_condition(args.shift || User.current, :view_course_news, *args)) } safe_attributes 'title', 'summary', 'description' diff --git a/db/migrate/20140606028512_add_course_roles.rb b/db/migrate/20140606028512_add_course_roles.rb index f56a5aa7f..7b84b92ac 100644 --- a/db/migrate/20140606028512_add_course_roles.rb +++ b/db/migrate/20140606028512_add_course_roles.rb @@ -45,6 +45,8 @@ class AddCourseRoles < ActiveRecord::Migration role.permissions.append(:search_course ) end role.permissions.append(:view_course_files ) + role.permissions.append(:view_course_journals_for_messages ) + role.permissions.append(:view_course_messages ) role.save end end diff --git a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb index 792f75e56..33bbee546 100644 --- a/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb +++ b/lib/plugins/acts_as_activity_provider/lib/acts_as_activity_provider.rb @@ -77,7 +77,11 @@ module Redmine scope = scope.scoped(:conditions => Project.allowed_to_condition(user, provider_options[:permission] || :view_project, options)) end elsif respond_to?(:visible) - scope = scope.visible(user, options) + if options[:course] + scope = scope.course_visible(user, options) + else + scope = scope.visible(user, options) + end elsif options[:course] scope = scope.scoped(:conditions => Course.allowed_to_condition(user, "view_#{self.name.underscore.pluralize}".to_sym, options)) else diff --git a/lib/redmine.rb b/lib/redmine.rb index 9bd8547f0..8167985aa 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -106,7 +106,7 @@ Redmine::AccessControl.map do |map| map.permission :edit_course, {:courses => [:settings, :edit, :update]}, :require => :member map.permission :close_course, {:courses => [:close, :reopen]}, :require => :member, :read => true map.permission :select_course_modules, {:courses => :modules}, :require => :member - map.permission :view_course_journals_for_messages, {:gantts => [:show, :update]}, :read => true + map.permission :view_course_journals_for_messages, {:courses => :feedback}, :require => :member,:read => true map.course_module :files do |map| map.permission :manage_files, {:files => [:new, :create]}, :require => :loggedin @@ -114,7 +114,7 @@ Redmine::AccessControl.map do |map| end map.course_module :news do |map| map.permission :manage_news, {:news => [:new, :create, :edit, :update, :destroy], :comments => [:destroy]}, :require => :member - map.permission :view_news, {:news => [:index, :show]}, :public => true, :read => true + map.permission :view_course_news, {:news => [:index, :show]}, :public => true, :read => true map.permission :comment_news, {:comments => :create} end #作业模块权限 @@ -124,7 +124,7 @@ Redmine::AccessControl.map do |map| map.course_module :boards do |map| map.permission :manage_boards, {:boards => [:new, :create, :edit, :update, :destroy]}, :require => :member - map.permission :view_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true, :read => true + map.permission :view_course_messages, {:boards => [:index, :show], :messages => [:show]}, :public => true, :read => true map.permission :add_messages, {:messages => [:new, :reply, :quote]} map.permission :edit_messages, {:messages => :edit}, :require => :member map.permission :edit_own_messages, {:messages => :edit}, :require => :loggedin