diff --git a/app/controllers/homework_attach_controller.rb b/app/controllers/homework_attach_controller.rb index 24e1a86e4..64b34dfc1 100644 --- a/app/controllers/homework_attach_controller.rb +++ b/app/controllers/homework_attach_controller.rb @@ -18,7 +18,8 @@ class HomeworkAttachController < ApplicationController end def create - #if User.current.logged? && (!Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.nil? && (Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.roles&Role.where('id = ? or id = ? or id =?',5, 10, 7)).size >0) + bid = Bid.find params[:bid_id] + if User.current.admin? || User.current.member_of?(bid.courses.first) user_id = params[:user_id] bid_id = params[:bid_id] sta = 0 @@ -32,7 +33,7 @@ class HomeworkAttachController < ApplicationController :bid_id => bid_id } - #@bid = Bid.find bid_id + #@homework_list = @bid.homeworks @homework = HomeworkAttach.new(options) @@ -45,77 +46,98 @@ class HomeworkAttachController < ApplicationController format.json { head :no_content } end else - + render_403 :message => :notice_not_authorized end - #end + else + + end end def new - @homework = HomeworkAttach.new @bid = Bid.find(params[:id]) - - respond_to do |format| - format.html # new.html.erb - format.json { render json: @homework } + if User.current.admin? || User.current.member_of?(@bid.courses.first) + @homework = HomeworkAttach.new + respond_to do |format| + format.html # new.html.erb + format.json { render json: @homework } + end + else + render_403 :message => :notice_not_authorized end end def edit @homework = HomeworkAttach.find(params[:id]) + if User.current.admin? || User.current.member_of?(@homework.bid.courses.first) + else + render_403 :message => :notice_not_authorized + end end def update @homework = HomeworkAttach.find(params[:id]) - name = params[:homework_name] - description = params[:homework_description] - @homework.name = name - @homework.description = description - if params[:attachments] - @homework.save_attachments(params[:attachments]) - end - if @homework.save - respond_to do |format| - format.html { redirect_to project_for_bid_path @homework.bid } - format.json { head :no_content } + if User.current.admin? || User.current.member_of?(@homework.bid.courses.first) + name = params[:homework_name] + description = params[:homework_description] + @homework.name = name + @homework.description = description + if params[:attachments] + @homework.save_attachments(params[:attachments]) + end + if @homework.save + respond_to do |format| + format.html { redirect_to project_for_bid_path @homework.bid } + format.json { head :no_content } + end + else end else + render_403 :message => :notice_not_authorized end end def destroy @homework = HomeworkAttach.find(params[:id]) - if @homework.destroy - respond_to do |format| - format.html { redirect_to project_for_bid_path @homework.bid } - format.json { head :no_content } + if User.current.admin? || User.current.member_of?(@homework.bid.courses.first) + if @homework.destroy + respond_to do |format| + format.html { redirect_to project_for_bid_path @homework.bid } + format.json { head :no_content } + end + else end else + render_403 :message => :notice_not_authorized end end #显示作业信息 def show @homework = HomeworkAttach.find(params[:id]) - # 打分统计 - stars_reates = @homework. - rates(:quality) - stars_reates_count = stars_reates.count == 0 ? 1 : stars_reates.count - stars_status = stars_reates.select("stars, count(*) as scount"). - group("stars") - @stars_status_map = Hash.new(0.0) - stars_status.each do |star_status| - percent = (star_status.scount * 1.0/ stars_reates_count) * 100.to_f - percent_m = format("%.2f", percent) - @stars_status_map["star#{star_status.stars.to_i}".to_sym] = - percent_m.to_s + "%" + if User.current.admin? || User.current.member_of?(@homework.bid.courses.first) + # 打分统计 + stars_reates = @homework. + rates(:quality) + stars_reates_count = stars_reates.count == 0 ? 1 : stars_reates.count + stars_status = stars_reates.select("stars, count(*) as scount"). + group("stars") + @stars_status_map = Hash.new(0.0) + stars_status.each do |star_status| + percent = (star_status.scount * 1.0/ stars_reates_count) * 100.to_f + percent_m = format("%.2f", percent) + @stars_status_map["star#{star_status.stars.to_i}".to_sym] = + percent_m.to_s + "%" + end + @limit = 10 + @jours = @homework.journals_for_messages.where("is_comprehensive_evaluation is null").order("created_on DESC") + @feedback_count = @jours.count + @feedback_pages = Paginator.new @feedback_count, @limit, params['page'] + @offset ||= @feedback_pages.offset + @jour = @jours[@offset, @limit] + @comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC") + else + render_403 :message => :notice_not_authorized end - @limit = 10 - @jours = @homework.journals_for_messages.where("is_comprehensive_evaluation is null").order("created_on DESC") - @feedback_count = @jours.count - @feedback_pages = Paginator.new @feedback_count, @limit, params['page'] - @offset ||= @feedback_pages.offset - @jour = @jours[@offset, @limit] - @comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC") end #删除留言 diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb index 5f5a22279..5caa97a22 100644 --- a/app/controllers/zipdown_controller.rb +++ b/app/controllers/zipdown_controller.rb @@ -26,14 +26,19 @@ class ZipdownController < ApplicationController obj_id = params[:obj_id] user_id = params[:user_id] obj = obj_class.constantize.find(obj_id) - zipfile = nil - case obj.class.to_s.to_sym - when :Bid - zipfile = zip_user_bid obj,user_id - else - logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!" + + if User.current.admin? || User.current.member_of?(obj.courses.first) + zipfile = nil + case obj.class.to_s.to_sym + when :Bid + zipfile = zip_user_bid obj,user_id + else + logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!" + end + send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile + else + render_403 :message => :notice_not_authorized end - send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile end private