作业的增、删、改、查以及作业资料的下载增加权限控制

This commit is contained in:
sw 2014-06-04 16:23:43 +08:00
parent 78ac974a75
commit af68d15451
2 changed files with 77 additions and 50 deletions

View File

@ -18,7 +18,8 @@ class HomeworkAttachController < ApplicationController
end end
def create def create
#if User.current.logged? && (!Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.nil? && (Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.roles&Role.where('id = ? or id = ? or id =?',5, 10, 7)).size >0) bid = Bid.find params[:bid_id]
if User.current.admin? || User.current.member_of?(bid.courses.first)
user_id = params[:user_id] user_id = params[:user_id]
bid_id = params[:bid_id] bid_id = params[:bid_id]
sta = 0 sta = 0
@ -32,7 +33,7 @@ class HomeworkAttachController < ApplicationController
:bid_id => bid_id :bid_id => bid_id
} }
#@bid = Bid.find bid_id
#@homework_list = @bid.homeworks #@homework_list = @bid.homeworks
@homework = HomeworkAttach.new(options) @homework = HomeworkAttach.new(options)
@ -45,27 +46,37 @@ class HomeworkAttachController < ApplicationController
format.json { head :no_content } format.json { head :no_content }
end end
else else
render_403 :message => :notice_not_authorized
end
else
end end
#end
end end
def new def new
@homework = HomeworkAttach.new
@bid = Bid.find(params[:id]) @bid = Bid.find(params[:id])
if User.current.admin? || User.current.member_of?(@bid.courses.first)
@homework = HomeworkAttach.new
respond_to do |format| respond_to do |format|
format.html # new.html.erb format.html # new.html.erb
format.json { render json: @homework } format.json { render json: @homework }
end end
else
render_403 :message => :notice_not_authorized
end
end end
def edit def edit
@homework = HomeworkAttach.find(params[:id]) @homework = HomeworkAttach.find(params[:id])
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
else
render_403 :message => :notice_not_authorized
end
end end
def update def update
@homework = HomeworkAttach.find(params[:id]) @homework = HomeworkAttach.find(params[:id])
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
name = params[:homework_name] name = params[:homework_name]
description = params[:homework_description] description = params[:homework_description]
@homework.name = name @homework.name = name
@ -80,10 +91,14 @@ class HomeworkAttachController < ApplicationController
end end
else else
end end
else
render_403 :message => :notice_not_authorized
end
end end
def destroy def destroy
@homework = HomeworkAttach.find(params[:id]) @homework = HomeworkAttach.find(params[:id])
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
if @homework.destroy if @homework.destroy
respond_to do |format| respond_to do |format|
format.html { redirect_to project_for_bid_path @homework.bid } format.html { redirect_to project_for_bid_path @homework.bid }
@ -91,11 +106,15 @@ class HomeworkAttachController < ApplicationController
end end
else else
end end
else
render_403 :message => :notice_not_authorized
end
end end
#显示作业信息 #显示作业信息
def show def show
@homework = HomeworkAttach.find(params[:id]) @homework = HomeworkAttach.find(params[:id])
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
# 打分统计 # 打分统计
stars_reates = @homework. stars_reates = @homework.
rates(:quality) rates(:quality)
@ -116,6 +135,9 @@ class HomeworkAttachController < ApplicationController
@offset ||= @feedback_pages.offset @offset ||= @feedback_pages.offset
@jour = @jours[@offset, @limit] @jour = @jours[@offset, @limit]
@comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC") @comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC")
else
render_403 :message => :notice_not_authorized
end
end end
#删除留言 #删除留言

View File

@ -26,6 +26,8 @@ class ZipdownController < ApplicationController
obj_id = params[:obj_id] obj_id = params[:obj_id]
user_id = params[:user_id] user_id = params[:user_id]
obj = obj_class.constantize.find(obj_id) obj = obj_class.constantize.find(obj_id)
if User.current.admin? || User.current.member_of?(obj.courses.first)
zipfile = nil zipfile = nil
case obj.class.to_s.to_sym case obj.class.to_s.to_sym
when :Bid when :Bid
@ -34,6 +36,9 @@ class ZipdownController < ApplicationController
logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!" logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!"
end end
send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile
else
render_403 :message => :notice_not_authorized
end
end end
private private