部分接口添加权限验证接口、新闻详情及对应评论接口
This commit is contained in:
parent
df18eac875
commit
7f9386180d
|
@ -95,7 +95,9 @@ module Mobile
|
||||||
end
|
end
|
||||||
route_param :id do
|
route_param :id do
|
||||||
get do
|
get do
|
||||||
course = Course.find(params[:id])
|
cs = CoursesService.new
|
||||||
|
course = cs.show_course params,current_user
|
||||||
|
#course = Course.find(params[:id])
|
||||||
{status: 0, data: course}
|
{status: 0, data: course}
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -87,8 +87,10 @@ class NewsController < ApplicationController
|
||||||
end
|
end
|
||||||
|
|
||||||
def show
|
def show
|
||||||
@comments = @news.comments
|
cs = CoursesService.new
|
||||||
@comments.reverse! if User.current.wants_comments_in_reverse_order?
|
@news,@comments = cs.show_course_news params,User.current
|
||||||
|
#@comments = @news.comments
|
||||||
|
#@comments.reverse! if User.current.wants_comments_in_reverse_order?
|
||||||
#modify by nwb
|
#modify by nwb
|
||||||
if @news.course_id
|
if @news.course_id
|
||||||
@course = Course.find(@news.course_id)
|
@course = Course.find(@news.course_id)
|
||||||
|
|
|
@ -83,13 +83,29 @@ class CoursesService
|
||||||
scope = @course ? @course.news.course_visible : News.course_visible
|
scope = @course ? @course.news.course_visible : News.course_visible
|
||||||
end
|
end
|
||||||
|
|
||||||
#显示课程通知
|
#查看新闻权限验证
|
||||||
def show_course_news
|
def show_course_news_authorize(current_user,course)
|
||||||
|
unless current_user.allowed_to?({:controller => 'news', :action => 'show'}, course)
|
||||||
|
raise '403'
|
||||||
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
def show_course params
|
#显示课程通知(包括评论) 需验证权限
|
||||||
|
def show_course_news params,current_user
|
||||||
|
@news = News.find(params[:id])
|
||||||
|
@comments = @news.comments
|
||||||
|
@comments.reverse! if current_user.wants_comments_in_reverse_order?
|
||||||
|
[@news,@comments]
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
#显示课程
|
||||||
|
def show_course(params,currnet_user)
|
||||||
course = Course.find(params[:id])
|
course = Course.find(params[:id])
|
||||||
|
unless (course.is_public == 1 || currnet_user.member_of_course?(@course)|| currnet_user.admin?)
|
||||||
|
raise '403'
|
||||||
|
end
|
||||||
course
|
course
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -128,7 +144,14 @@ class CoursesService
|
||||||
@course
|
@course
|
||||||
end
|
end
|
||||||
|
|
||||||
#编辑课程
|
#验证编辑课程的权限
|
||||||
|
def edit_course_authorize(current_user,course)
|
||||||
|
unless current_user.allowed_to?({:controller => 'courses', :action => 'update'}, course)
|
||||||
|
raise '403'
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
#编辑课程 需验证权限
|
||||||
def edit_course params,course
|
def edit_course params,course
|
||||||
course.safe_attributes = params[:course]
|
course.safe_attributes = params[:course]
|
||||||
course.time = params[:time]
|
course.time = params[:time]
|
||||||
|
|
|
@ -59,6 +59,7 @@ class UsersService
|
||||||
end
|
end
|
||||||
|
|
||||||
#编辑用户
|
#编辑用户
|
||||||
|
#gender 1:female 0:male 其他:male
|
||||||
def edit_user params
|
def edit_user params
|
||||||
@user = User.find(params[:id])
|
@user = User.find(params[:id])
|
||||||
fileio = params[:file]
|
fileio = params[:file]
|
||||||
|
|
Loading…
Reference in New Issue