权限管理优化
This commit is contained in:
parent
4c6fb2a266
commit
b87abf1f68
|
@ -378,11 +378,6 @@ class BidsController < ApplicationController
|
|||
if membership.user.allowed_to?(:quote_project,membership.project)
|
||||
@option << membership.project
|
||||
end
|
||||
#membership.member_roles.each{|role|
|
||||
# if(role.role_id == 3)
|
||||
# @option << membership.project
|
||||
# end
|
||||
#}
|
||||
end
|
||||
end
|
||||
|
||||
|
@ -457,14 +452,6 @@ class BidsController < ApplicationController
|
|||
if (User.current.logged? && User.current.member_of_course?(@bid.courses.first))
|
||||
# flash[:notice] = ""
|
||||
@membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current))
|
||||
#@option = []
|
||||
#@membership.each do |membership|
|
||||
# membership.member_roles.each{|role|
|
||||
# if(role.role_id == 3)
|
||||
# @option << membership.course
|
||||
# end
|
||||
# }
|
||||
#end
|
||||
|
||||
@user = @bid.author
|
||||
@bidding_project = @bid.biding_projects.all
|
||||
|
|
|
@ -232,12 +232,7 @@ class ContestsController < ApplicationController
|
|||
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
|
||||
@membership.each do |membership|
|
||||
unless(membership.project.project_type==1)
|
||||
#membership.member_roles.each{|role|
|
||||
# if(role.role_id == 3)
|
||||
# @option << membership.project
|
||||
# end
|
||||
#}
|
||||
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
|
||||
if User.current.allowed_to?(:quote_project, membership.project)
|
||||
@option << membership.project
|
||||
end
|
||||
end
|
||||
|
@ -326,13 +321,8 @@ class ContestsController < ApplicationController
|
|||
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
|
||||
@membership.each do |membership|
|
||||
unless(membership.project.project_type==1)
|
||||
#membership.member_roles.each{|role|
|
||||
#if(role.role_id == 3)
|
||||
#@option << membership.project
|
||||
#end
|
||||
#}
|
||||
#拥有编辑项目权限的可将该项目参赛
|
||||
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
|
||||
if User.current.allowed_to?(:quote_project, membership.project)
|
||||
@option << membership.project
|
||||
end
|
||||
end
|
||||
|
|
|
@ -169,7 +169,15 @@ class HomeworkAttachController < ApplicationController
|
|||
#users:该作业所有成员
|
||||
#q:模糊匹配的用户的昵称
|
||||
def members_for_homework homework,users,q
|
||||
homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
|
||||
#homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
|
||||
unpartin_users = homework.bid.courses.first.members.where("user_id not in (:users)", {:users => users}).joins(:user).where("users.login like '%#{q}%'")
|
||||
canpartin_users = []
|
||||
unpartin_users.each do |m|
|
||||
if m.user.allowed_to?(:paret_in_homework,homework.bid.courses.first)
|
||||
canpartin_users << m
|
||||
end
|
||||
end
|
||||
canpartin_users
|
||||
end
|
||||
|
||||
def edit
|
||||
|
|
|
@ -76,8 +76,10 @@ class MembersController < ApplicationController
|
|||
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
|
||||
user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id)
|
||||
## added by nie
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id)
|
||||
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if role.allowed_to?(:is_manager)
|
||||
# ProjectInfo.create(:name => "test", :user_id => 123)
|
||||
end
|
||||
## end
|
||||
|
@ -86,8 +88,9 @@ class MembersController < ApplicationController
|
|||
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
|
||||
user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id)
|
||||
## added by nie
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id])
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
|
||||
end
|
||||
## end
|
||||
end
|
||||
|
@ -123,14 +126,16 @@ class MembersController < ApplicationController
|
|||
user_ids.each do |user_id|
|
||||
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
|
||||
#user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id)
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id)
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) if role.allowed_to?(:is_manager)
|
||||
end
|
||||
end
|
||||
else
|
||||
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id])
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
|
||||
end
|
||||
end
|
||||
@course.members << members
|
||||
|
@ -162,14 +167,17 @@ class MembersController < ApplicationController
|
|||
@member.role_ids = params[:membership][:role_ids]
|
||||
|
||||
#added by nie
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
@projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
|
||||
@projectInfo.save
|
||||
else
|
||||
user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
|
||||
if user_admin.size > 0
|
||||
user_admin.each do |user|
|
||||
user.destroy
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
if role.allowed_to?(:is_manager)
|
||||
@projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
|
||||
@projectInfo.save
|
||||
else
|
||||
user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
|
||||
if user_admin.size > 0
|
||||
user_admin.each do |user|
|
||||
user.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -191,14 +199,17 @@ class MembersController < ApplicationController
|
|||
if params[:membership]
|
||||
@member.role_ids = params[:membership][:role_ids]
|
||||
|
||||
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
|
||||
@courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
|
||||
@courseInfo.save
|
||||
else
|
||||
user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
|
||||
if user_admin.size > 0
|
||||
user_admin.each do |user|
|
||||
user.destroy
|
||||
if (params[:membership][:role_ids])
|
||||
role = Role.find(params[:membership][:role_ids][0])
|
||||
if role.allowed_to?(:is_manager)
|
||||
@courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
|
||||
@courseInfo.save
|
||||
else
|
||||
user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
|
||||
if user_admin.size > 0
|
||||
user_admin.each do |user|
|
||||
user.destroy
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -729,8 +729,8 @@ class ProjectsController < ApplicationController
|
|||
@canShowRealName = isCourseTeacher(User.current.id)
|
||||
end
|
||||
|
||||
#勿删 real_name action为虚拟的该方法并不存在,用来辅助判断真名权限
|
||||
#勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
|
||||
# real_name action为虚拟的该方法并不存在,用来辅助判断真名权限
|
||||
# @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
|
||||
respond_to do |format|
|
||||
format.html{render :layout => 'base_courses' if @base_courses_tag==1}
|
||||
format.api
|
||||
|
|
|
@ -108,14 +108,8 @@ class SoftapplicationsController < ApplicationController
|
|||
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
|
||||
@membership.each do |membership|
|
||||
unless(membership.project.project_type==1)
|
||||
#membership.member_roles.each{|role|
|
||||
# if(role.role_id == 3)
|
||||
# @option << membership.project
|
||||
# end
|
||||
#}
|
||||
|
||||
#拥有编辑项目权限的可操作该项目
|
||||
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
|
||||
if User.current.allowed_to?(:quote_project,membership.project)
|
||||
@option << membership.project
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,13 +4,8 @@ def options_from_select_project(user)
|
|||
@option = []
|
||||
@membership.each do |membership|
|
||||
unless(membership.project.project_type==1)
|
||||
#membership.member_roles.each{|role|
|
||||
# if(role.role_id == 3)
|
||||
# @option << membership.project
|
||||
# end
|
||||
#}
|
||||
#拥有编辑项目权限的可操作该项目
|
||||
if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
|
||||
#可被用户引用的项目
|
||||
if user.allowed_to?(:quote_project, membership.project)
|
||||
@option << membership.project
|
||||
end
|
||||
end
|
||||
|
|
|
@ -228,16 +228,10 @@ module UserScoreHelper
|
|||
isManager = 0
|
||||
members = Member.where('user_id = ?', user.id)
|
||||
members.each do |m|
|
||||
#roles = m.member_roles
|
||||
#roles.each do |r|
|
||||
# if r.role_id == 3
|
||||
# isManager = 1
|
||||
# end
|
||||
#end
|
||||
@membership = m.memberships.all(:conditions => Project.visible_condition(User.current))
|
||||
@membership.each do |membership|
|
||||
#拥有编辑项目权限的可操作该项目
|
||||
if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
|
||||
if m.allowed_to?(:is_manager, membership.project, :global => false)
|
||||
isManager = 1
|
||||
end
|
||||
end
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
membership.each do |member|
|
||||
unless(member.project.project_type==1)
|
||||
member.member_roles.each{|role|
|
||||
if(role.role_id == 3)
|
||||
if role.allowed_to?(:quote_project)
|
||||
option << member.project
|
||||
end
|
||||
}
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
class AddAuthority < ActiveRecord::Migration
|
||||
def change
|
||||
# 添加课程权限
|
||||
Role.all.each do |role|
|
||||
if role.name == '学生'
|
||||
role.permissions.append(:paret_in_homework)
|
||||
elsif role.name == 'Manager'
|
||||
role.permissions.append(:is_manager)
|
||||
end
|
||||
role.save(:validate => false)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map|
|
|||
map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
|
||||
map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
|
||||
map.permission :quote_project, {},:require => :member
|
||||
map.permission :is_manager,{},:require => :member
|
||||
|
||||
#课程权限模块
|
||||
#added by nwb
|
||||
|
@ -122,6 +123,7 @@ Redmine::AccessControl.map do |map|
|
|||
#作业模块权限
|
||||
map.course_module :bids do |map|
|
||||
map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true
|
||||
map.permission :paret_in_homework,{},:require => :member
|
||||
end
|
||||
|
||||
map.course_module :boards do |map|
|
||||
|
|
Loading…
Reference in New Issue