权限管理机制优化

app/controllers/courses_controller.rb

@@ -172,7 +172,7 @@ class CoursesController < ApplicationController
     ## 有角色参数的才是课程，没有的就是项目
     @render_file = 'member_list'
     @teachers= searchTeacherAndAssistant(@course)
-    @canShowCode = isCourseTeacher(User.current.id)
+    @canShowCode = isCourseTeacher(User.current.id,@course)
     case params[:role]
       when '1'
         @subPage_title = l :label_teacher_list
@@ -643,7 +643,7 @@ class CoursesController < ApplicationController
     @sort_by = %w(category date title author).include?(params[:sort_by]) ? params[:sort_by] : 'category'
     #
     @teachers= searchTeacherAndAssistant(@course)
-    @canShowRealName = isCourseTeacher(User.current.id)
+    @canShowRealName = isCourseTeacher(User.current.id,@course)
 
     if(User.find_by_id(CourseInfos.find_by_course_id(@course.id).try(:user_id)))
       @user = User.find_by_id(CourseInfos.find_by_course_id(@course.id).user_id)
@@ -656,9 +656,10 @@ class CoursesController < ApplicationController
   end
 
   #判断指定用户是否为课程教师
-  def isCourseTeacher(id)
+  def isCourseTeacher(id,course)
     result = false
-    if  @teachers && @teachers.find_by_user_id(id) != nil
+    user = User.find(id)
+    if user.nil? && user.allowed_to?(:as_teacher,course)#@teachers && @teachers.count != 0 && @teachers.find_by_user_id(id) != nil
       result = true
     end
     result

app/helpers/courses_helper.rb

@@ -7,26 +7,27 @@ module CoursesHelper
 3. define search by roles
 4. define search member function
 =end
-  TeacherRoles = [3, 4, 7, 9]
+  #TeacherRoles = [3, 4, 7, 9]
-  StudentRoles = [5, 10]
+  #StudentRoles = [5, 10]
-  AllPeople = StudentRoles+TeacherRoles
+  #AllPeople = StudentRoles+TeacherRoles
   ## return people count
   
   # 返回x项目成员数量，即roles表中定义的所有成员
   def projectCount project    
-    searchCountByRoles project, AllPeople
+    #searchCountByRoles project, AllPeople
+    project.members.count
   end
 
   # 返回教师数量，即roles表中定义的Manager
   def teacherCount project
-    searchCountByRoles project, TeacherRoles
+    searchTeacherAndAssistant(project).count
     # or
     # searchTeacherAndAssistant(project).count
   end
 
   # 返回学生数量，即roles表中定义的Reporter
   def studentCount project
-    searchCountByRoles project,StudentRoles
+    searchStudent(project).count
     # or
     # searchStudent(project).count
   end
@@ -133,29 +134,39 @@ module CoursesHelper
   # =====================================================================================
   # return people list
   def searchTeacherAndAssistant project
-    searchPeopleByRoles(project, TeacherRoles)
+    #searchPeopleByRoles(project, TeacherRoles)
-  end
-
-  def searchStudent project
-    searchPeopleByRoles(project, StudentRoles)
-  end
-  # =====================================================================================
-
-  def searchCountByRoles project, roles_id
-    members = searchPeopleByRoles project, roles_id
-    members.count
-  end
-
-  def searchPeopleByRoles project, roles_id
     members = []
-    begin
+    project.members.each do |m|
-      members = project.members.joins(:member_roles).where("member_roles.role_id IN (:role_id)", {:role_id => roles_id})
+       members << m  if m && m.user && m.user.allowed_to?(:as_teacher,project)
-    rescue Exception => e
-      logger.error "[CoursesHelper] ===> #{e}"
     end
     members
   end
 
+  def searchStudent project
+    #searchPeopleByRoles(project, StudentRoles)
+    members = []
+    project.members.each do |m|
+      members << m  if m && m.user && m.user.allowed_to?(:as_student,project)
+    end
+    members
+  end
+  # =====================================================================================
+
+  #def searchCountByRoles project, roles_id
+  #  members = searchPeopleByRoles project, roles_id
+  #  members.count
+  #end
+
+  #def searchPeopleByRoles project, roles_id
+  #  members = []
+  #  begin
+  #    members = project.members.joins(:member_roles).where("member_roles.role_id IN (:role_id)", {:role_id => roles_id})
+  #  rescue Exception => e
+  #    logger.error "[CoursesHelper] ===> #{e}"
+  #  end
+  #  members
+  #end
+
   def sort_courses(state)
     content = ''.html_safe
     case state
@@ -186,15 +197,15 @@ module CoursesHelper
   end
 
   #useless
-  def searchMembersByRole project, role_id
+  #def searchMembersByRole project, role_id
-    members = []
+  #  members = []
-    begin
+  #  begin
-      members = project.members.joins(:member_roles).where("member_roles.role_id = :role_id", {:role_id => role_id })
+  #    members = project.members.joins(:member_roles).where("member_roles.role_id = :role_id", {:role_id => role_id })
-    rescue Exception => e
+  #  rescue Exception => e
-      logger.error "[CoursesHelper] ===> #{e}"
+  #    logger.error "[CoursesHelper] ===> #{e}"
-    end
+  #  end
-    members
+  #  members
-  end
+  #end
 
   def sort_course(state,  school_id)
     content = ''.html_safe
@@ -270,9 +281,10 @@ module CoursesHelper
   def find_by_extra_from_project extra
     Course.find_by_extra(try(extra))
   end
-  #判断制定用户是不是当前课程的老师
+  #判断指定用户是不是当前课程的老师
   def is_course_teacher (user,course)
-    course.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and members.user_id = #{user.id}", {:role_id => TeacherRoles}).count != 0
+    #course.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and members.user_id = #{user.id}", {:role_id => TeacherRoles}).count != 0
+    user.allowed_to?(:as_teacher,course)
     #修改为根据用户是否有发布任务的权限来判断用户是否是课程的老师
     #is_teacher = false
     #@membership = user.memberships.all(:conditions => Project.visible_condition(User.current))
@@ -287,7 +299,8 @@ module CoursesHelper
   end
   #当前用户是不是指定课程的学生
   def is_cur_course_student course
-    course.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and members.user_id = #{User.current.id}", {:role_id => StudentRoles}).count != 0
+    #course.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and members.user_id = #{User.current.id}", {:role_id => StudentRoles}).count != 0
+    !(User.current.allowed_to?(:as_teacher,course))
     #修改：能新建占位且不能新建任务的角色判定为学生
     #is_student = false
     #@membership = User.current.memberships.all(:conditions => Project.visible_condition(User.current))
@@ -329,7 +342,7 @@ module CoursesHelper
 
   #获取作业的互评得分
   def student_score_for_homework homework
-    member = searchPeopleByRoles(homework.bid.courses.first,TeacherRoles).first
+    member = searchTeacherAndAssistant(homework.bid.courses.first).first#searchPeopleByRoles(homework.bid.courses.first,TeacherRoles).first
     student_stars = homework.rates(:quality).where("rater_id <> #{member.user_id}").select("stars")
     student_stars_count = 0
     student_stars.each do |star|
@@ -340,7 +353,7 @@ module CoursesHelper
 
   #获取作业的教师评分
   def teacher_score_for_homework homework
-    member = searchPeopleByRoles(homework.bid.courses.first,TeacherRoles).first
+    member = searchTeacherAndAssistant(homework.bid.courses.first).first#searchPeopleByRoles(homework.bid.courses.first,TeacherRoles).first
     teacher_stars = homework.rates(:quality).where("rater_id = #{member.user_id}").select("stars").first
     return format("%.2f",teacher_stars == nil ? 0 : teacher_stars.stars)
   end

config/locales/zh.yml

@@ -476,6 +476,20 @@ zh:
   permission_view_real_name: 查看真名
   permission_view_students: 查看成员
   permission_export_homeworks: 导出作业
+  permission_quote_project: 引用项目
+  permission_is_manager: 作为管理员
+  permission_as_teacher: 作为教师
+  permission_as_student: 作为学生
+  permission_paret_in_homework: 加入作业
+  permission_view_homework_attaches: 查看作业附件
+  permission_view_course_journals_for_messages: 查看课程留言
+  permission_select_course_modules: 选择课程模块
+  permission_view_course_files: 查看课程资源
+  permission_add_course: 新建课程
+  permission_edit_course: 编辑课程
+  permission_select_contest_modules: 选择竞赛模块
+  permission_manage_contestnotifications: 管理竞赛通知
+
 
 
   project_module_issue_tracking: 问题跟踪
@@ -1289,6 +1303,9 @@ zh:
   permission_add_documents: Add documents
   permission_edit_documents: Edit documents
   permission_delete_documents: Delete documents
+  permission_add_documents: 新建文档
+  permission_edit_documents: 编辑文档
+  permission_delete_documents: 删除文档
   label_gantt_progress_line: Progress line
   setting_jsonp_enabled: Enable JSONP support
   field_inherit_members: Inherit members

db/migrate/20140708023356_add_authority.rb

@@ -1,11 +1,18 @@
+# -*coding:utf-8 -*-
 class AddAuthority < ActiveRecord::Migration
   def change
     # 添加课程权限
     Role.all.each do |role|
       if role.name == '学生'
         role.permissions.append(:paret_in_homework)
+        role.permissions.append(:as_student)
       elsif role.name == 'Manager'
         role.permissions.append(:is_manager)
+        role.permissions.append(:as_teacher)
+      elsif role.name == '助教'
+        role.permissions.append(:as_teacher)
+      elsif role.name == '老师'
+        role.permissions.append(:as_teacher)
       end
       role.save(:validate => false)
     end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20140707095213) do
+ActiveRecord::Schema.define(:version => 20140708023356) do
 
   create_table "activities", :force => true do |t|
     t.integer "act_id",   :null => false

lib/redmine.rb

@@ -100,6 +100,8 @@ Redmine::AccessControl.map do |map|
   map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
   map.permission :quote_project, {},:require => :member
   map.permission :is_manager,{},:require => :member
+  map.permission :as_teacher,{},:require => :member
+  map.permission :as_student,{},:require => :member
 
   #课程权限模块
   #added by nwb