课程留言、讨论区增加权限控制

2014-12-05 14:41:53 +08:00 · 2014-12-05 14:41:53 +08:00 · dc5be133c2
parent a2537899b7
commit dc5be133c2
2 changed files with 32 additions and 22 deletions
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@ -39,6 +39,7 @@ class BoardsController < ApplicationController
      end
      render :layout => false if request.xhr?
    elsif @course
+      if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
        @boards = @course.boards.includes(:last_message => :author).all
        @boards = [] << @boards[0] if @boards.any?
        if @boards.size == 1
@ -46,6 +47,10 @@ class BoardsController < ApplicationController
          show and return
        end
        render :layout => 'base_courses'
+      else
+        render_403
+      end
+
    end

  end
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -669,6 +669,7 @@ class CoursesController < ApplicationController
  end

  def feedback
+    if (User.current.admin? || @course.is_public == 1 || (@course.is_public == 0 && User.current.member_of_course?(@course)))
      page = params[:page]
      # Find the page of the requested reply
      @jours = @course.journals_for_messages.where('m_parent_id IS NULL').order('created_on DESC')
@ -687,6 +688,10 @@ class CoursesController < ApplicationController
        format.html{render :layout => 'base_courses'}
        format.api
      end
+    else
+      render_403
+    end
+
  end