修改《关注老师后,老师发布的作业都会在我主页的动态中显示出来,若我未加入该课程但感兴趣点击后返回403页面,提示不够人性化》bug

Signed-off-by: alan <547533434@qq.com>
This commit is contained in:
alan 2014-12-22 01:29:53 +08:00
parent 49cb52146f
commit d81240e63c
3 changed files with 68 additions and 27 deletions

View File

@ -236,13 +236,7 @@ class ApplicationController < ActionController::Base
# Authorize the user for the requested action
def authorize(ctrl = params[:controller], action = params[:action], global = false)
#modify by NWB
if @project
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
elsif @course
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @courses, :global => global)
else
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
end
allowed = authorize_allowed(params[:controller], params[:action],global)
if allowed
true
@ -255,6 +249,17 @@ class ApplicationController < ActionController::Base
end
end
def authorize_allowed(ctrl = params[:controller], action = params[:action], global = false)
#modify by NWB
if @project
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
elsif @course
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @course || @courses, :global => global)
else
allowed = User.current.allowed_to?({:controller => ctrl, :action => action}, @project || @projects, :global => global)
end
allowed
end
def authorize_attachment_download(ctrl = params[:controller], action = params[:action], global = false)
case @attachment.container_type
when "Memo"

View File

@ -433,9 +433,16 @@ class UsersController < ApplicationController
else
activity = Activity.where(where_condition).where('user_id = ?', @user.id).order('id desc')
end
activity = activity.reject { |e|
((e.act_type=="Issue") && ( !e.act.visible?(User.current))) ||
((e.act_type == "Journal") && (!e.act.project.visible?(User.current))) ||
((e.act_type == "Bid") && (e.act.homework_for_courses.count > 0 &&
(!e.act.homework_for_courses.first.course.visible?(User.current) ||
!User.current.member_of_course?(e.act.homework_for_courses.first.course) || !User.current.admin?)))
}
@activity_count = activity.count
@activity_pages = Paginator.new @activity_count, pre_count, params['page']
@activity = activity.offset(@activity_pages.offset).limit(@activity_pages.per_page).all
@activity = activity.slice(@activity_pages.offset,@activity_pages.per_page)
@state = 0
end

View File

@ -46,6 +46,7 @@
<% act = e.act %>
<% unless act.nil? %>
<% if e.act_type == 'JournalsForMessage' || e.act_type == 'Bid' || e.act_type == 'Journal'|| e.act_type == 'Changeset' || e.act_type == 'Message' || e.act_type == 'Principal' || e.act_type == 'News' || e.act_type == 'Issue' || e.act_type == 'Contest'%>
<table width="660" border="0" align="left" style="border-bottom: 1px dashed rgb(204, 204, 204); margin-bottom: 10px;font-size:14px;">
<tr>
<td colspan="2" valign="top" width="50">
@ -430,8 +431,9 @@
</td>
</tr>
<% when 'Issue' %>
<tr>
<% if e.user == User.current %>
<tr>
<td colspan="2" valign="top">
<strong>
<%= link_to("#{l(:label_i)}", user_path(e.user_id)) %>
@ -445,20 +447,6 @@
:action => 'show',
:id => act.id} %>
</td>
<% else %>
<td colspan="2" valign="top">
<strong>
<%= link_to(h(e.user), user_path(e.user_id)) %>
</strong>&nbsp;
<span class="font_lighter">
<%= l(:label_new_activity) %>
</span>&nbsp;
<%= link_to format_activity_title("#{act.source_from} (#{act.status}): #{act.tracker.name} #{act.subject}"),
{:controller => 'issues',
:action => 'show',
:id => act.id} %>
</td>
<% end %>
</tr>
<tr>
<td colspan="2" width="580" style="WORD-BREAK: break-all; WORD-WRAP: break-word">
@ -482,6 +470,45 @@
</div>
</td>
</tr>
<% else %>
<td colspan="2" valign="top">
<strong>
<%= link_to(h(e.user), user_path(e.user_id)) %>
</strong>&nbsp;
<span class="font_lighter">
<%= l(:label_new_activity) %>
</span>&nbsp;
<%= link_to format_activity_title("#{act.source_from} (#{act.status}): #{act.tracker.name} #{act.subject}"),
{:controller => 'issues',
:action => 'show',
:id => act.id} %>
</td>
</tr>
<tr>
<td colspan="2" width="580" style="WORD-BREAK: break-all; WORD-WRAP: break-word">
<%= textAreailizable act, :description %>
</td>
</tr>
<tr>
<td>
<div style="display: inline-block; float: left; margin-top: 0px" width="200" align="right" class="a">
<span class="font_lighter">
<%= (l(:label_update_time).to_s << ':' << format_time(e.act.created_on)).to_s %>
</span>
</div>
<div style="display: inline-block; float: right; margin-top: 0px">
<span>
<%= link_to l(:label_find_all_comments), {:controller => 'issues', :action => 'show', :id => act.id} %>
</span>
<a class="font_lighter">
<%= l(:label_comments_count, :count => e.act.journals.count) %>
</a>
</div>
</td>
</tr>
<% end %>
<% when 'Contest' %>
<tr>
<% if e.user == User.current && @show_contest == 1%>
@ -531,6 +558,8 @@
</td>
</tr>
</table>
<% end %>
<% end %><!-- < % #unless act.nil? end %> -->
<% end %><!-- < % #@activity.each do |e| end%> -->