diff --git a/app/api/mobile/apis/courses.rb b/app/api/mobile/apis/courses.rb index 4920f6f30..1b863cd22 100644 --- a/app/api/mobile/apis/courses.rb +++ b/app/api/mobile/apis/courses.rb @@ -75,7 +75,7 @@ module Mobile end get 'teachers' do cs = CoursesService.new - teachers = cs.course_teacher_or_student_list({role: 1}, params[:course_id]) + teachers = cs.course_teacher_or_student_list({role: 1}, params[:course_id],current_user) {status: 0, data: teachers} end @@ -85,7 +85,7 @@ module Mobile end get 'teachers' do cs = CoursesService.new - teachers = cs.course_teacher_or_student_list({role: 2}, params[:course_id]) + teachers = cs.course_teacher_or_student_list({role: 2}, params[:course_id],current_user) {status: 0, data: teachers} end diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index c1a7d9237..564033627 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -245,9 +245,14 @@ class CoursesController < ApplicationController #@members = @course.member_principals.includes(:roles, :principal).all.sort end cs = CoursesService.new - @members = cs.course_teacher_or_student_list(params,@course) + @members = cs.course_teacher_or_student_list(params,@course,User.current) @members = paginateHelper @members render :layout => 'base_courses' + + rescue Exception => e + if e.message == '403' + render_403 + end end #判断指定用户是否为课程教师 diff --git a/app/services/courses_service.rb b/app/services/courses_service.rb index 4b1428b5f..acd8793cb 100644 --- a/app/services/courses_service.rb +++ b/app/services/courses_service.rb @@ -49,19 +49,27 @@ class CoursesService end #课程老师或课程学生列表 - def course_teacher_or_student_list params,course - @teachers= searchTeacherAndAssistant(course) + def course_teacher_or_student_list params,course,current_user + if course.is_a?(Course) + c = course + else + c = Course.find(course) + end + if !(current_user.admin? || c.is_public == 1 || (c.is_public == 0 && current_user.member_of_course?(c))) + raise '403' + end + @teachers= searchTeacherAndAssistant(c) #@canShowCode = isCourseTeacher(User.current.id,course) && params[:role] != '1' case params[:role] when '1' #@subPage_title = l :label_teacher_list - @members = searchTeacherAndAssistant(course) + @members = searchTeacherAndAssistant(c) when '2' #@subPage_title = l :label_student_list - @members = searchStudent(course) + @members = searchStudent(c) else #@subPage_title = '' - @members = @course.member_principals.includes(:roles, :principal).all.sort + @members = c.member_principals.includes(:roles, :principal).all.sort end @members end