修改权限代码:判断用户是否为项目的管理员、判断用户是否为课程的老师、学生由根据role_id判断改为根据其权限判断

2014-06-09 13:47:39 +08:00 · 2014-06-09 13:47:39 +08:00 · f383f501ec
parent 8e9b939038
commit f383f501ec
5 changed files with 79 additions and 28 deletions
--- a/app/controllers/softapplications_controller.rb
+++ b/app/controllers/softapplications_controller.rb
@ -108,11 +108,16 @@ class SoftapplicationsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        membership.member_roles.each{|role|
-          if(role.role_id == 3)
+        #membership.member_roles.each{|role|
+        #  if(role.role_id == 3)
+        #  @option << membership.project
+        #  end
+        #}
+
+        #拥有编辑项目权限的可操作该项目
+        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
          @option << membership.project
-          end
-        }
+        end
      end
    end
    
--- a/app/helpers/bids_helper.rb
+++ b/app/helpers/bids_helper.rb
@ -157,13 +157,24 @@ module BidsHelper
  end
  #当前用户是不是指定课程的学生
  def is_cur_course_student? course
-  people = []
-  course.members.includes(:user, :roles).each do |member|
-    if [5,10].include? member.roles.first.id
-      people <<  member.user
+  #people = []
+  #course.members.includes(:user, :roles).each do |member|
+  #  if [5,10].include? member.roles.first.id
+  #    people <<  member.user
+  #  end
+  #end
+  #people.include?(User.current)
+  #修改：能新建占位且不能新建任务的角色判定为学生
+  is_student = false
+  @membership = User.current.memberships.all(:conditions => Project.visible_condition(User.current))
+  @membership.each do |membership|
+    unless(membership.project.project_type==0)
+      if !User.current.allowed_to?({:controller => "projects", :action => "new_homework"}, membership.project, :global => false) && User.current.allowed_to?({:controller => "homework_attach", :action => "new"}, membership.project, :global => false)
+        is_student = true
+      end
    end
  end
-  people.include?(User.current)
+  is_student
  end

  # def select_option_helper option
--- a/app/helpers/courses_helper.rb
+++ b/app/helpers/courses_helper.rb
@ -137,25 +137,47 @@ module CoursesHelper
    Course.find_by_extra(try(extra))
  end
  #判断制定用户是不是当前课程的老师
-  def is_course_teacher user,course
-    people = []
-    course.members.includes(:roles, :user).each do |member|
-      role_id = member.roles.first.id
-      if TeacherRoles.include? role_id
-        people <<  member.user
+  def is_course_teacher (user,course)
+    #people = []
+    #course.members.includes(:roles, :user).each do |member|
+    #  role_id = member.roles.first.id
+    #  if TeacherRoles.include? role_id
+    #    people <<  member.user
+    #  end
+    #end
+    #people.include?(user)
+    #修改为根据用户是否有发布任务的权限来判断用户是否是课程的老师
+    is_teacher = false
+    @membership = user.memberships.all(:conditions => Project.visible_condition(User.current))
+    @membership.each do |membership|
+      unless(membership.project.project_type==0)
+        if user.allowed_to?({:controller => "projects", :action => "new_homework"}, membership.project, :global => false)
+          is_teacher = true
+        end
      end
    end
-    people.include?(user)
+    is_teacher
  end
  #当前用户是不是指定课程的学生
  def is_cur_course_student? course
-    people = []
-    course.members.includes(:roles, :user).each do |member|
-      if StudentRoles.include? member.roles.first.id
-        people <<  member.user
+    #people = []
+    #course.members.includes(:roles, :user).each do |member|
+    #  if StudentRoles.include? member.roles.first.id
+    #    people <<  member.user
+    #  end
+    #end
+    #people.include?(User.current)
+    #修改：能新建占位且不能新建任务的角色判定为学生
+    is_student = false
+    @membership = User.current.memberships.all(:conditions => Project.visible_condition(User.current))
+    @membership.each do |membership|
+      unless(membership.project.project_type==0)
+        if !User.current.allowed_to?({:controller => "projects", :action => "new_homework"}, membership.project, :global => false) && User.current.allowed_to?({:controller => "homework_attach", :action => "new"}, membership.project, :global => false)
+          is_student = true
+        end
      end
    end
-    people.include?(User.current)
+    is_student
  end
  #获取当前用户在指定作业下提交的作业的集合
  def cur_user_homework_for_bid bid
--- a/app/helpers/shares_helper.rb
+++ b/app/helpers/shares_helper.rb
@ -4,11 +4,15 @@ def options_from_select_project(user)
  @option = []
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        membership.member_roles.each{|role|
-          if(role.role_id == 3)
+        #membership.member_roles.each{|role|
+        #  if(role.role_id == 3)
+        #  @option << membership.project
+        #  end
+        #}
+        #拥有编辑项目权限的可操作该项目
+        if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
          @option << membership.project
-          end
-        }
+        end
      end
    end
  options_for_select(@option)
--- a/app/helpers/user_score_helper.rb
+++ b/app/helpers/user_score_helper.rb
@ -228,12 +228,21 @@ module UserScoreHelper
    isManager = 0
    members = Member.where('user_id = ?', user.id)
    members.each do |m|
-      roles = m.member_roles
-      roles.each do |r|
-        if r.role_id == 3
+      #roles = m.member_roles
+      #roles.each do |r|
+      #  if r.role_id == 3
+      #    isManager = 1
+      #  end
+      #end
+      @membership = m.memberships.all(:conditions => Project.visible_condition(User.current))
+      @membership.each do |membership|
+        #拥有编辑项目权限的可操作该项目
+        if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
          isManager = 1
        end
      end
+
+
    end
    
    level = 0