完成项目邀请消息通知及对应页面

解决防注入问题(通过随机6为密码)
This commit is contained in:
huang 2015-09-18 23:18:15 +08:00
parent cc5052a0d4
commit fb76bc8f9a
7 changed files with 57 additions and 6 deletions

View File

@ -464,6 +464,10 @@ class ProjectsController < ApplicationController
# by young
# include CoursesHelper
def member
# 消息"同意加入项目"
if params[:message_id]
message_invite(params[:message_id], params[:key])
end
# params[:login]为邮箱邀请用户加入,主要功能:
# 1、自动注册
# 2、加入项目、创建角色
@ -519,6 +523,14 @@ class ProjectsController < ApplicationController
@members = paginateHelper @members
end
def message_invite(message_id, key)
forge_message = ForgeMessage.find(message_id)
if key == forge_message.secret_key
Member.create(:role_ids => [4], :user_id => forge_message.user_id, :project_id => forge_message.project_id)
UserGrade.create(:user_id => forge_message.user_id, :project_id => forge_message.project_id)
end
end
#判断指定用户是否为课程教师
def isCourseTeacher(id)
result = false

View File

@ -83,7 +83,7 @@ module ProjectsHelper
elsif ivite_list.user.active?
value = "邀请已发送,等待用户加入!"
else
value = "账号尚未激活,等待用户应答"
value = "邀请已发送,等待用户激活账号"
end
end

View File

@ -8,7 +8,7 @@ class ForgeMessage < ActiveRecord::Base
TYPE_OF_WIKI_ACT = "Wiki"
TYPE_OF_NEWS_ACT = "News"
attr_accessible :forge_message_id, :forge_message_type, :project_id, :user_id, :viewed
attr_accessible :forge_message_id, :forge_message_type, :project_id, :user_id, :viewed, :secret_key
belongs_to :forge_message ,:polymorphic => true
belongs_to :project

View File

@ -89,7 +89,8 @@ class Mailer < ActionMailer::Base
# 邀请信息消息 注forge_message_id 为邀请人ID(特殊情况)
def send_message(user, project)
ForgeMessage.create(:user_id => user.id, :project_id => project.id, :forge_message_type => "Project_Invite",:forge_message_id => User.current.id, :viewed => false)
key = newpass(6).to_s
ForgeMessage.create(:user_id => user.id, :project_id => project.id, :forge_message_type => "ProjectInvite",:forge_message_id => User.current.id, :viewed => false, :secret_key =>key)
end
# author: alan

View File

@ -74,9 +74,10 @@
</ul>
<% end %>
<% end %>
<%# 课程消息 %>
<!--总消息列表-->
<% unless @message_alls.nil? %>
<% @message_alls.each do |ma| %>
<%# 课程消息 %>
<% if ma.class == CourseMessage %>
<% if ma.course_message_type == "News" %>
<ul class="homepageNewsList fl">
@ -250,6 +251,7 @@
<% end %>
<!--项目消息-->
<% if ma.class == ForgeMessage %>
<!--申请加入项目-->
<% if ma.forge_message_type == "AppliedProject" %>
<ul class="homepageNewsList fl">
<li class="homepageNewsPortrait fl">
@ -270,6 +272,35 @@
<li class="homepageNewsTime fl"><%= time_tag(ma.created_at).html_safe %> </li>
</ul>
<% end %>
<!--邀请加入项目-->
<% if ma.forge_message_type == "ProjectInvite" %>
<% inviter = User.find(ma.forge_message_id) %>
<ul class="homepageNewsList fl">
<li class="homepageNewsPortrait fl">
<a href="javascript:void(0);"><%=link_to image_tag(url_to_avatar(inviter), :width => "30", :height => "30"), user_path(inviter) %></a>
</li>
<li class="homepageNewsPubType fl">
<%=link_to inviter, user_path(inviter), :class => "newsBlue homepageNewsPublisher" %>
<span class="<%= ma.viewed == 0 ? "homepageNewsTypeNotRead fl" : "homepageNewsType fl" %>">邀请你加入项目:</span>
</li>
<li class="homepageHomeworkContent fl">
<%= link_to ma.project, project_path(ma.project),
:class => "#{ma.viewed == 0 ? "newsBlack" : "newsGrey"}",
:onmouseover => "message_titile_show($(this),event)",
:onmouseout => "message_titile_hide($(this))" %>
</li>
<div style="display: none" class="message_title_red system_message_style">
<%= ma.project %>
</div>
<li class="homepageHomeworkContentWarn fl">
<%=link_to "同意加入", {:controller => 'projects', :action => 'member', :id => ma.project_id, :message_id =>ma.id, :key => ma.secret_key},
:value => ma.secret_key,
:class => "green_btn_cir ml10",
:style => "color:#fff" %>
</li>
<li class="homepageNewsTime fl"><%= time_tag(ma.created_at).html_safe %> </li>
</ul>
<% end %>
<% if ma.forge_message_type == "Issue" %>
<ul class="homepageNewsList fl">
<li class="homepageNewsPortrait fl">

View File

@ -0,0 +1,5 @@
class AddSecretKeyToForgeMessage < ActiveRecord::Migration
def change
add_column :forge_messages, :secret_key, :string
end
end

View File

@ -11,7 +11,7 @@
#
# It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20150917081214) do
ActiveRecord::Schema.define(:version => 20150918135051) do
create_table "activities", :force => true do |t|
t.integer "act_id", :null => false
@ -575,6 +575,8 @@ ActiveRecord::Schema.define(:version => 20150917081214) do
t.integer "viewed"
t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false
t.string "secret_key"
t.string "code"
end
create_table "forums", :force => true do |t|
@ -1329,7 +1331,7 @@ ActiveRecord::Schema.define(:version => 20150917081214) do
t.datetime "updated_at", :null => false
t.integer "late_penalty", :default => 0
t.integer "absence_penalty", :default => 0
t.integer "system_score"
t.float "system_score", :default => 0.0
t.boolean "is_test", :default => false
end