课程通知访问增加权限控制

This commit is contained in:
sw 2014-12-05 14:39:03 +08:00
parent d2814b4b47
commit a2537899b7
1 changed files with 19 additions and 15 deletions

View File

@ -65,23 +65,27 @@ class NewsController < ApplicationController
format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") } format.atom { render_feed(@newss, :title => (@project ? @project.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
end end
elsif @course elsif @course
scope = @course ? @course.news.course_visible : News.course_visible if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
scope = @course ? @course.news.course_visible : News.course_visible
@news_count = scope.count @news_count = scope.count
@news_pages = Paginator.new @news_count, @limit, params['page'] @news_pages = Paginator.new @news_count, @limit, params['page']
@offset ||= @news_pages.offset @offset ||= @news_pages.offset
@newss = scope.all(:include => [:author, :course], @newss = scope.all(:include => [:author, :course],
:order => "#{News.table_name}.created_on DESC", :order => "#{News.table_name}.created_on DESC",
:offset => @offset, :offset => @offset,
:limit => @limit) :limit => @limit)
respond_to do |format| respond_to do |format|
format.html { format.html {
@news = News.new @news = News.new
render :layout => 'base_courses' render :layout => 'base_courses'
} }
format.api format.api
format.atom { render_feed(@newss, :title => (@course ? @course.name : Setting.app_title) + ": #{l(:label_news_plural)}") } format.atom { render_feed(@newss, :title => (@course ? @course.name : Setting.app_title) + ": #{l(:label_news_plural)}") }
end
else
render_403
end end
end end
end end