From 95d8c1a09d2b95764c5ef5beae1b9db3b10adeb9 Mon Sep 17 00:00:00 2001 From: z9hang Date: Mon, 15 Dec 2014 10:41:09 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E8=AF=BE=E7=A8=8B=E6=88=90?= =?UTF-8?q?=E5=91=98=E5=88=97=E8=A1=A8=E6=8E=A5=E5=8F=A3=EF=BC=8C=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=E6=9D=83=E9=99=90=E5=88=A4=E6=96=AD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/api/mobile/apis/courses.rb | 4 ++-- app/controllers/courses_controller.rb | 7 ++++++- app/services/courses_service.rb | 18 +++++++++++++----- 3 files changed, 21 insertions(+), 8 deletions(-) diff --git a/app/api/mobile/apis/courses.rb b/app/api/mobile/apis/courses.rb index 4920f6f30..1b863cd22 100644 --- a/app/api/mobile/apis/courses.rb +++ b/app/api/mobile/apis/courses.rb @@ -75,7 +75,7 @@ module Mobile end get 'teachers' do cs = CoursesService.new - teachers = cs.course_teacher_or_student_list({role: 1}, params[:course_id]) + teachers = cs.course_teacher_or_student_list({role: 1}, params[:course_id],current_user) {status: 0, data: teachers} end @@ -85,7 +85,7 @@ module Mobile end get 'teachers' do cs = CoursesService.new - teachers = cs.course_teacher_or_student_list({role: 2}, params[:course_id]) + teachers = cs.course_teacher_or_student_list({role: 2}, params[:course_id],current_user) {status: 0, data: teachers} end diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index c1a7d9237..564033627 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -245,9 +245,14 @@ class CoursesController < ApplicationController #@members = @course.member_principals.includes(:roles, :principal).all.sort end cs = CoursesService.new - @members = cs.course_teacher_or_student_list(params,@course) + @members = cs.course_teacher_or_student_list(params,@course,User.current) @members = paginateHelper @members render :layout => 'base_courses' + + rescue Exception => e + if e.message == '403' + render_403 + end end #判断指定用户是否为课程教师 diff --git a/app/services/courses_service.rb b/app/services/courses_service.rb index 4b1428b5f..acd8793cb 100644 --- a/app/services/courses_service.rb +++ b/app/services/courses_service.rb @@ -49,19 +49,27 @@ class CoursesService end #课程老师或课程学生列表 - def course_teacher_or_student_list params,course - @teachers= searchTeacherAndAssistant(course) + def course_teacher_or_student_list params,course,current_user + if course.is_a?(Course) + c = course + else + c = Course.find(course) + end + if !(current_user.admin? || c.is_public == 1 || (c.is_public == 0 && current_user.member_of_course?(c))) + raise '403' + end + @teachers= searchTeacherAndAssistant(c) #@canShowCode = isCourseTeacher(User.current.id,course) && params[:role] != '1' case params[:role] when '1' #@subPage_title = l :label_teacher_list - @members = searchTeacherAndAssistant(course) + @members = searchTeacherAndAssistant(c) when '2' #@subPage_title = l :label_student_list - @members = searchStudent(course) + @members = searchStudent(c) else #@subPage_title = '' - @members = @course.member_principals.includes(:roles, :principal).all.sort + @members = c.member_principals.includes(:roles, :principal).all.sort end @members end