权限管理优化

This commit is contained in:
z9hang 2014-07-08 18:02:10 +08:00
parent 4c6fb2a266
commit b87abf1f68
11 changed files with 68 additions and 74 deletions

View File

@ -378,11 +378,6 @@ class BidsController < ApplicationController
if membership.user.allowed_to?(:quote_project,membership.project) if membership.user.allowed_to?(:quote_project,membership.project)
@option << membership.project @option << membership.project
end end
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
end end
end end
@ -457,14 +452,6 @@ class BidsController < ApplicationController
if (User.current.logged? && User.current.member_of_course?(@bid.courses.first)) if (User.current.logged? && User.current.member_of_course?(@bid.courses.first))
# flash[:notice] = "" # flash[:notice] = ""
@membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current)) @membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current))
#@option = []
#@membership.each do |membership|
# membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.course
# end
# }
#end
@user = @bid.author @user = @bid.author
@bidding_project = @bid.biding_projects.all @bidding_project = @bid.biding_projects.all

View File

@ -232,12 +232,7 @@ class ContestsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership| @membership.each do |membership|
unless(membership.project.project_type==1) unless(membership.project.project_type==1)
#membership.member_roles.each{|role| if User.current.allowed_to?(:quote_project, membership.project)
# if(role.role_id == 3)
# @option << membership.project
# end
#}
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
@option << membership.project @option << membership.project
end end
end end
@ -326,13 +321,8 @@ class ContestsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership| @membership.each do |membership|
unless(membership.project.project_type==1) unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
#if(role.role_id == 3)
#@option << membership.project
#end
#}
#拥有编辑项目权限的可将该项目参赛 #拥有编辑项目权限的可将该项目参赛
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) if User.current.allowed_to?(:quote_project, membership.project)
@option << membership.project @option << membership.project
end end
end end

View File

@ -169,7 +169,15 @@ class HomeworkAttachController < ApplicationController
#users该作业所有成员 #users该作业所有成员
#q:模糊匹配的用户的昵称 #q:模糊匹配的用户的昵称
def members_for_homework homework,users,q def members_for_homework homework,users,q
homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'") #homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
unpartin_users = homework.bid.courses.first.members.where("user_id not in (:users)", {:users => users}).joins(:user).where("users.login like '%#{q}%'")
canpartin_users = []
unpartin_users.each do |m|
if m.user.allowed_to?(:paret_in_homework,homework.bid.courses.first)
canpartin_users << m
end
end
canpartin_users
end end
def edit def edit

View File

@ -76,8 +76,10 @@ class MembersController < ApplicationController
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id) members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id) user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id)
## added by nie ## added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if (params[:membership][:role_ids])
role = Role.find(params[:membership][:role_ids][0])
project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if role.allowed_to?(:is_manager)
# ProjectInfo.create(:name => "test", :user_id => 123) # ProjectInfo.create(:name => "test", :user_id => 123)
end end
## end ## end
@ -86,8 +88,9 @@ class MembersController < ApplicationController
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id]) members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id) user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id)
## added by nie ## added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") if (params[:membership][:role_ids])
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) role = Role.find(params[:membership][:role_ids][0])
project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
end end
## end ## end
end end
@ -123,14 +126,16 @@ class MembersController < ApplicationController
user_ids.each do |user_id| user_ids.each do |user_id|
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id) members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
#user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id) #user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id)
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") if (params[:membership][:role_ids])
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) role = Role.find(params[:membership][:role_ids][0])
course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) if role.allowed_to?(:is_manager)
end end
end end
else else
members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id]) members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") if (params[:membership][:role_ids])
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) role = Role.find(params[:membership][:role_ids][0])
course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
end end
end end
@course.members << members @course.members << members
@ -162,14 +167,17 @@ class MembersController < ApplicationController
@member.role_ids = params[:membership][:role_ids] @member.role_ids = params[:membership][:role_ids]
#added by nie #added by nie
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") if (params[:membership][:role_ids])
@projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id) role = Role.find(params[:membership][:role_ids][0])
@projectInfo.save if role.allowed_to?(:is_manager)
else @projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id) @projectInfo.save
if user_admin.size > 0 else
user_admin.each do |user| user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
user.destroy if user_admin.size > 0
user_admin.each do |user|
user.destroy
end
end end
end end
end end
@ -191,14 +199,17 @@ class MembersController < ApplicationController
if params[:membership] if params[:membership]
@member.role_ids = params[:membership][:role_ids] @member.role_ids = params[:membership][:role_ids]
if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") if (params[:membership][:role_ids])
@courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id) role = Role.find(params[:membership][:role_ids][0])
@courseInfo.save if role.allowed_to?(:is_manager)
else @courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id) @courseInfo.save
if user_admin.size > 0 else
user_admin.each do |user| user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
user.destroy if user_admin.size > 0
user_admin.each do |user|
user.destroy
end
end end
end end
end end

View File

@ -729,8 +729,8 @@ class ProjectsController < ApplicationController
@canShowRealName = isCourseTeacher(User.current.id) @canShowRealName = isCourseTeacher(User.current.id)
end end
#勿删 real_name action为虚拟的该方法并不存在用来辅助判断真名权限 # real_name action为虚拟的该方法并不存在用来辅助判断真名权限
#勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false) # @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
respond_to do |format| respond_to do |format|
format.html{render :layout => 'base_courses' if @base_courses_tag==1} format.html{render :layout => 'base_courses' if @base_courses_tag==1}
format.api format.api

View File

@ -108,14 +108,8 @@ class SoftapplicationsController < ApplicationController
# @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
@membership.each do |membership| @membership.each do |membership|
unless(membership.project.project_type==1) unless(membership.project.project_type==1)
#membership.member_roles.each{|role|
# if(role.role_id == 3)
# @option << membership.project
# end
#}
#拥有编辑项目权限的可操作该项目 #拥有编辑项目权限的可操作该项目
if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) if User.current.allowed_to?(:quote_project,membership.project)
@option << membership.project @option << membership.project
end end
end end

View File

@ -4,13 +4,8 @@ def options_from_select_project(user)
@option = [] @option = []
@membership.each do |membership| @membership.each do |membership|
unless(membership.project.project_type==1) unless(membership.project.project_type==1)
#membership.member_roles.each{|role| #可被用户引用的项目
# if(role.role_id == 3) if user.allowed_to?(:quote_project, membership.project)
# @option << membership.project
# end
#}
#拥有编辑项目权限的可操作该项目
if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
@option << membership.project @option << membership.project
end end
end end

View File

@ -228,16 +228,10 @@ module UserScoreHelper
isManager = 0 isManager = 0
members = Member.where('user_id = ?', user.id) members = Member.where('user_id = ?', user.id)
members.each do |m| members.each do |m|
#roles = m.member_roles
#roles.each do |r|
# if r.role_id == 3
# isManager = 1
# end
#end
@membership = m.memberships.all(:conditions => Project.visible_condition(User.current)) @membership = m.memberships.all(:conditions => Project.visible_condition(User.current))
@membership.each do |membership| @membership.each do |membership|
#拥有编辑项目权限的可操作该项目 #拥有编辑项目权限的可操作该项目
if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) if m.allowed_to?(:is_manager, membership.project, :global => false)
isManager = 1 isManager = 1
end end
end end

View File

@ -4,7 +4,7 @@
membership.each do |member| membership.each do |member|
unless(member.project.project_type==1) unless(member.project.project_type==1)
member.member_roles.each{|role| member.member_roles.each{|role|
if(role.role_id == 3) if role.allowed_to?(:quote_project)
option << member.project option << member.project
end end
} }

View File

@ -0,0 +1,13 @@
class AddAuthority < ActiveRecord::Migration
def change
# 添加课程权限
Role.all.each do |role|
if role.name == '学生'
role.permissions.append(:paret_in_homework)
elsif role.name == 'Manager'
role.permissions.append(:is_manager)
end
role.save(:validate => false)
end
end
end

View File

@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map|
map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
map.permission :quote_project, {},:require => :member map.permission :quote_project, {},:require => :member
map.permission :is_manager,{},:require => :member
#课程权限模块 #课程权限模块
#added by nwb #added by nwb
@ -122,6 +123,7 @@ Redmine::AccessControl.map do |map|
#作业模块权限 #作业模块权限
map.course_module :bids do |map| map.course_module :bids do |map|
map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true
map.permission :paret_in_homework,{},:require => :member
end end
map.course_module :boards do |map| map.course_module :boards do |map|