权限管理优化

This commit is contained in:
z9hang 2014-07-08 18:02:10 +08:00
parent 4c6fb2a266
commit b87abf1f68
11 changed files with 68 additions and 74 deletions

View File

@ -378,11 +378,6 @@ class BidsController < ApplicationController
if membership.user.allowed_to?(:quote_project,membership.project)
@option << membership.project
end
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
end
end
@ -457,14 +452,6 @@ class BidsController < ApplicationController
if (User.current.logged? && User.current.member_of_course?(@bid.courses.first))
# flash[:notice] = ""
@membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current))
#@option = []
#@membership.each do |membership|
# membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.course
# end
# }
#end
@user = @bid.author
@bidding_project = @bid.biding_projects.all

View File

@ -232,12 +232,7 @@ class ContestsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership|
unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
if User.current.allowed_to?(:quote_project, membership.project)
@option << membership.project
end
end
@ -326,13 +321,8 @@ class ContestsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership|
unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
#if(role.role_id == 3)
#@option << membership.project
#end
#}
#拥有编辑项目权限的可将该项目参赛
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
if User.current.allowed_to?(:quote_project, membership.project)
@option << membership.project
end
end

View File

@ -169,7 +169,15 @@ class HomeworkAttachController < ApplicationController
#users该作业所有成员
#q:模糊匹配的用户的昵称
def members_for_homework homework,users,q
homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
#homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
unpartin_users = homework.bid.courses.first.members.where("user_id not in (:users)", {:users => users}).joins(:user).where("users.login like '%#{q}%'")
canpartin_users = []
unpartin_users.each do |m|
if m.user.allowed_to?(:paret_in_homework,homework.bid.courses.first)
canpartin_users << m
end
end
canpartin_users
end
def edit

View File

@ -76,8 +76,10 @@ class MembersController < ApplicationController
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id)
## added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id)
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if role.allowed_to?(:is_manager)
# ProjectInfo.create(:name => "test", :user_id => 123)
end
## end
@ -86,8 +88,9 @@ class MembersController < ApplicationController
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id)
## added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id])
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
end
## end
end
@ -123,14 +126,16 @@ class MembersController < ApplicationController
user_ids.each do |user_id|
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
#user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id)
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id)
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) if role.allowed_to?(:is_manager)
end
end
else
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id])
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
end
end
@course.members << members
@ -162,14 +167,17 @@ class MembersController < ApplicationController
@member.role_ids = params[:membership][:role_ids]
#added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
@projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
@projectInfo.save
else
user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
if user_admin.size > 0
user_admin.each do |user|
user.destroy
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
if role.allowed_to?(:is_manager)
@projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
@projectInfo.save
else
user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
if user_admin.size > 0
user_admin.each do |user|
user.destroy
end
end
end
end
@ -191,14 +199,17 @@ class MembersController < ApplicationController
if params[:membership]
@member.role_ids = params[:membership][:role_ids]
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
@courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
@courseInfo.save
else
user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
if user_admin.size > 0
user_admin.each do |user|
user.destroy
if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
if role.allowed_to?(:is_manager)
@courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
@courseInfo.save
else
user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
if user_admin.size > 0
user_admin.each do |user|
user.destroy
end
end
end
end

View File

@ -729,8 +729,8 @@ class ProjectsController < ApplicationController
@canShowRealName = isCourseTeacher(User.current.id)
end
#勿删 real_name action为虚拟的该方法并不存在用来辅助判断真名权限
#勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
# real_name action为虚拟的该方法并不存在用来辅助判断真名权限
# @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
respond_to do |format|
format.html{render :layout => 'base_courses' if @base_courses_tag==1}
format.api

View File

@ -108,14 +108,8 @@ class SoftapplicationsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership|
unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
#拥有编辑项目权限的可操作该项目
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
if User.current.allowed_to?(:quote_project,membership.project)
@option << membership.project
end
end

View File

@ -4,13 +4,8 @@ def options_from_select_project(user)
@option = []
@membership.each do |membership|
unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
#拥有编辑项目权限的可操作该项目
if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
#可被用户引用的项目
if user.allowed_to?(:quote_project, membership.project)
@option << membership.project
end
end

View File

@ -228,16 +228,10 @@ module UserScoreHelper
isManager = 0
members = Member.where('user_id = ?', user.id)
members.each do |m|
#roles = m.member_roles
#roles.each do |r|
# if r.role_id == 3
# isManager = 1
# end
#end
@membership = m.memberships.all(:conditions => Project.visible_condition(User.current))
@membership.each do |membership|
#拥有编辑项目权限的可操作该项目
if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
if m.allowed_to?(:is_manager, membership.project, :global => false)
isManager = 1
end
end

View File

@ -4,7 +4,7 @@
membership.each do |member|
unless(member.project.project_type==1)
member.member_roles.each{|role|
if(role.role_id == 3)
if role.allowed_to?(:quote_project)
option << member.project
end
}

View File

@ -0,0 +1,13 @@
class AddAuthority < ActiveRecord::Migration
def change
# 添加课程权限
Role.all.each do |role|
if role.name == '学生'
role.permissions.append(:paret_in_homework)
elsif role.name == 'Manager'
role.permissions.append(:is_manager)
end
role.save(:validate => false)
end
end
end

View File

@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map|
map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
map.permission :quote_project, {},:require => :member
map.permission :is_manager,{},:require => :member
#课程权限模块
#added by nwb
@ -122,6 +123,7 @@ Redmine::AccessControl.map do |map|
#作业模块权限
map.course_module :bids do |map|
map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true
map.permission :paret_in_homework,{},:require => :member
end
map.course_module :boards do |map|