From d257f4e853d847fa8ae6d449b015fbb6fd4b5250 Mon Sep 17 00:00:00 2001
From: yanxd <sxty32@hotmail.com>
Date: Tue, 6 May 2014 09:16:48 +0800
Subject: [PATCH 1/2] =?UTF-8?q?=E9=9A=8F=E4=BE=BF=E5=85=B3=E9=97=AD?=
 =?UTF-8?q?=E8=AF=BE=E7=A8=8B=E7=A6=81=E6=AD=A2//=E4=B8=B4=E6=97=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/projects_controller.rb      | 20 ++++++++++++++------
 app/views/courses/_set_course_time.html.erb |  4 ++--
 app/views/projects/finishcourse.js.erb      |  2 +-
 3 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 730546aa6..1fbe6acaa 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -957,16 +957,17 @@ class ProjectsController < ApplicationController
   end
 # end
 
+  before_filter :toggleCourse, only: [:finishcourse, :restartcourse]
   # TODO:#finishcourse and #restartcourse 没有设置权限，也就是说，任何人的调用都会关闭or重启课程。
   # 最好通过用户与项目的权限解决这种事情。还没写
   def finishcourse
-    course_prefs = Course.find_by_extra(@project.identifier)
+    #course_prefs = Course.find_by_extra(@project.identifier)
     # setup_time = Time.parse(course_prefs.setup_time)
     # end_time = Time.parse(course_prefs.endup_time)
     yesterday = Date.today.prev_day.to_time
 
-    course_prefs.endup_time = yesterday
-    @save_flag = course_prefs.save
+    @course_prefs.endup_time = yesterday
+    @save_flag = @course_prefs.save
 
     respond_to do |format|
       format.js
@@ -974,11 +975,11 @@ class ProjectsController < ApplicationController
   end
 
   def restartcourse
-    course_prefs = Course.find_by_extra(@project.identifier)
+    #course_prefs = Course.find_by_extra(@project.identifier)
     day = Time.parse("3000-01-01")
 
-    course_prefs.endup_time = day
-    @save_flag = course_prefs.save
+    @course_prefs.endup_time = day
+    @save_flag = @course_prefs.save
 
     respond_to do |format|
       format.js {
@@ -988,6 +989,13 @@ class ProjectsController < ApplicationController
   end
 
   private
+  def toggleCourse
+    @course_prefs = Course.find_by_extra(@project.identifier)
+    unless (@course_prefs.teacher == User.current || User.current.admin?)
+      render_403
+    end
+  end
+
 
   def select_project_layout
     project = Project.find_by_id(params[:id])
diff --git a/app/views/courses/_set_course_time.html.erb b/app/views/courses/_set_course_time.html.erb
index d13d256c1..6547cb281 100644
--- a/app/views/courses/_set_course_time.html.erb
+++ b/app/views/courses/_set_course_time.html.erb
@@ -4,7 +4,7 @@
 %>
 
 <% if display && course_endTime_timeout?(project) #如果课程已结束%>
-	<%= link_to '重启课程', restartcourse_project_path(project), :remote => true, :method => :post, :id => id, :confirm => ('确定要重启课程？') %>
+	<%= link_to '重启课程', restartcourse_project_path(project, format: :js), :remote => true, :method => :post, :id => id, :confirm => ('确定要重启课程？') %>
 <% else %>
-	<%= link_to '关闭课程', finishcourse_project_path(project), :remote => true, :method => :post, :id => id, :confirm => ('确定要关闭课程？') %>
+	<%= link_to '关闭课程', finishcourse_project_path(project, format: :js), :remote => true, :method => :post, :id => id, :confirm => ('确定要关闭课程？') %>
 <% end %>
diff --git a/app/views/projects/finishcourse.js.erb b/app/views/projects/finishcourse.js.erb
index 35ecac370..2486bfffb 100644
--- a/app/views/projects/finishcourse.js.erb
+++ b/app/views/projects/finishcourse.js.erb
@@ -4,5 +4,5 @@
 	<% end %>
 	$('#finish_course_<%=@project.id%>').replaceWith("<%= j(render partial: 'courses/set_course_time', :locals => {:project => @project} )%>")
 <% else %>
-	alert('设置失败，请在论坛提交问题，等待管理员处理。');
+	alert('权限不足，设置失败，请在论坛提交问题，等待管理员处理。');
 <% end  %>

From f8746d681211678919b74cd9cfd66356845ae889 Mon Sep 17 00:00:00 2001
From: yanxd <sxty32@hotmail.com>
Date: Tue, 6 May 2014 09:26:48 +0800
Subject: [PATCH 2/2] =?UTF-8?q?access=20control=EF=BC=9A=E5=85=B3=E9=97=AD?=
 =?UTF-8?q?=E8=AF=BE=E7=A8=8Bin=20view?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/views/courses/_set_course_time.html.erb | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/app/views/courses/_set_course_time.html.erb b/app/views/courses/_set_course_time.html.erb
index 6547cb281..7f2b629c1 100644
--- a/app/views/courses/_set_course_time.html.erb
+++ b/app/views/courses/_set_course_time.html.erb
@@ -1,10 +1,13 @@
 <% 
 	id = "finish_course_#{project.id}"
-	display = (project.course_extra.teacher.id == User.current.id )
+	display = (project.course_extra.teacher.id == User.current.id || User.current.admin?)
 %>
 
-<% if display && course_endTime_timeout?(project) #如果课程已结束%>
-	<%= link_to '重启课程', restartcourse_project_path(project, format: :js), :remote => true, :method => :post, :id => id, :confirm => ('确定要重启课程？') %>
+<% if display #如果课程已结束%>
+	<% linkPath = course_endTime_timeout?(project) ? restartcourse_project_path(project) :  finishcourse_project_path(project, format: :js) %>
+	<% desc = course_endTime_timeout?(project) ? '重启' :  '关闭' %>
+
+	<%= link_to "#{desc}课程", linkPath, :remote => true, :method => :post, :id => id, :confirm => ("确定要#{desc}课程？") %>
 <% else %>
-	<%= link_to '关闭课程', finishcourse_project_path(project, format: :js), :remote => true, :method => :post, :id => id, :confirm => ('确定要关闭课程？') %>
+	<!-- 关闭课程block -->
 <% end %>