管理员查看在线测验的权限

2015-12-11 09:18:12 +08:00 · 2015-12-11 09:18:12 +08:00 · ba5d72b315
parent 4e04df7a8a
commit ba5d72b315
1 changed files with 4 additions and 4 deletions
--- a/app/controllers/exercise_controller.rb
+++ b/app/controllers/exercise_controller.rb
@ -18,13 +18,13 @@ class ExerciseController < ApplicationController
    end_exercises.each do |exercise|
      exercise.update_column('exercise_status', 3)
    end
-    if @course.is_public == 0 && !User.current.member_of_course?(@course)
+    if @course.is_public == 0 && !(User.current.member_of_course?(@course)||User.current.admin?)
      render_403
      return
    end
    remove_invalid_exercise(@course)
    @is_teacher = User.current.allowed_to?(:as_teacher,@course)
-    if @is_teacher
+    if @is_teacher || User.current.admin?
      exercises = @course.exercises.order("created_at asc")
    else
      exercises = @course.exercises.where(:exercise_status => 2).order("created_at asc")
@ -48,13 +48,13 @@ class ExerciseController < ApplicationController
    end_exercises.each do |exercise|
      exercise.update_column('exercise_status', 3)
    end
-    unless User.current.member_of_course?(@course)
+    unless User.current.member_of_course?(@course) || User.current.admin?
      render_403
      return
    end
    @exercise = Exercise.find params[:id]
    @is_teacher = User.current.allowed_to?(:as_teacher,@course) || User.current.admin?
-    if @exercise.exercise_status != 2 && (!User.current.allowed_to?(:as_teacher,@course) || User.current.admin?)
+    if @exercise.exercise_status != 2 && (!(User.current.allowed_to?(:as_teacher,@course) || User.current.admin?))
      render_403
      return
    end