Merge branch 'api' of http://repository.trustie.net/xianbo/trustie2 into api
This commit is contained in:
commit
f9aa145c2b
|
@ -95,7 +95,9 @@ module Mobile
|
|||
end
|
||||
route_param :id do
|
||||
get do
|
||||
course = Course.find(params[:id])
|
||||
cs = CoursesService.new
|
||||
course = cs.show_course params,current_user
|
||||
#course = Course.find(params[:id])
|
||||
{status: 0, data: course}
|
||||
end
|
||||
end
|
||||
|
|
|
@ -87,8 +87,10 @@ class NewsController < ApplicationController
|
|||
end
|
||||
|
||||
def show
|
||||
@comments = @news.comments
|
||||
@comments.reverse! if User.current.wants_comments_in_reverse_order?
|
||||
cs = CoursesService.new
|
||||
@news,@comments = cs.show_course_news params,User.current
|
||||
#@comments = @news.comments
|
||||
#@comments.reverse! if User.current.wants_comments_in_reverse_order?
|
||||
#modify by nwb
|
||||
if @news.course_id
|
||||
@course = Course.find(@news.course_id)
|
||||
|
|
|
@ -83,13 +83,29 @@ class CoursesService
|
|||
scope = @course ? @course.news.course_visible : News.course_visible
|
||||
end
|
||||
|
||||
#显示课程通知
|
||||
def show_course_news
|
||||
|
||||
#查看新闻权限验证
|
||||
def show_course_news_authorize(current_user,course)
|
||||
unless current_user.allowed_to?({:controller => 'news', :action => 'show'}, course)
|
||||
raise '403'
|
||||
end
|
||||
end
|
||||
|
||||
def show_course params
|
||||
#显示课程通知(包括评论) 需验证权限
|
||||
def show_course_news params,current_user
|
||||
@news = News.find(params[:id])
|
||||
@comments = @news.comments
|
||||
@comments.reverse! if current_user.wants_comments_in_reverse_order?
|
||||
[@news,@comments]
|
||||
end
|
||||
|
||||
|
||||
|
||||
#显示课程
|
||||
def show_course(params,currnet_user)
|
||||
course = Course.find(params[:id])
|
||||
unless (course.is_public == 1 || currnet_user.member_of_course?(@course)|| currnet_user.admin?)
|
||||
raise '403'
|
||||
end
|
||||
course
|
||||
end
|
||||
|
||||
|
@ -128,7 +144,14 @@ class CoursesService
|
|||
@course
|
||||
end
|
||||
|
||||
#编辑课程
|
||||
#验证编辑课程的权限
|
||||
def edit_course_authorize(current_user,course)
|
||||
unless current_user.allowed_to?({:controller => 'courses', :action => 'update'}, course)
|
||||
raise '403'
|
||||
end
|
||||
end
|
||||
|
||||
#编辑课程 需验证权限
|
||||
def edit_course params,course
|
||||
course.safe_attributes = params[:course]
|
||||
course.time = params[:time]
|
||||
|
|
|
@ -59,6 +59,7 @@ class UsersService
|
|||
end
|
||||
|
||||
#编辑用户
|
||||
#gender 1:female 0:male 其他:male
|
||||
def edit_user params
|
||||
@user = User.find(params[:id])
|
||||
fileio = params[:file]
|
||||
|
|
Loading…
Reference in New Issue