diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index a10357a4..33d2e109 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -65,6 +65,16 @@ class ApplicationController < ActionController::Base include Redmine::MenuManager::MenuController helper Redmine::MenuManager::MenuHelper + def ec_public_auth major_school + unless User.current.admin? || major_school.template_major || major_school.school.users.where(:id => User.current.id).count > 0 || + major_school.ec_major_school_users.where(:user_id => User.current.id).count > 0 || + EcCourseUser.where(:user_id => User.current.id, :ec_course_id => EcCourse.where(:ec_year_id => major_school.ec_years.pluck(:id)).pluck(:id)).count > 0 + render_403 + else + true + end + end + def user_agent logger.info "HTTP_USER_AGENT #{request.env["HTTP_USER_AGENT"]}" end diff --git a/app/controllers/ec_course_supports_controller.rb b/app/controllers/ec_course_supports_controller.rb index 98561981..6bb0288b 100644 --- a/app/controllers/ec_course_supports_controller.rb +++ b/app/controllers/ec_course_supports_controller.rb @@ -221,8 +221,6 @@ class EcCourseSupportsController < ApplicationController # 职业认证的权限判断 def ec_auth - unless User.current.admin? || (User.current.ec_school.present? && @year.ec_major_school.school_id == User.current.ec_school) - render_403 - end + ec_public_auth @year.ec_major_school end end diff --git a/app/controllers/ec_courses_controller.rb b/app/controllers/ec_courses_controller.rb index dd5547e7..fea8ffcc 100644 --- a/app/controllers/ec_courses_controller.rb +++ b/app/controllers/ec_courses_controller.rb @@ -603,9 +603,7 @@ class EcCoursesController < ApplicationController # 职业认证的权限判断 def ec_auth - unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @ec_major_school.school_id) - render_403 - end + ec_public_auth @ec_major_school end def target_list_data course_targets diff --git a/app/controllers/ec_major_schools_controller.rb b/app/controllers/ec_major_schools_controller.rb index dc0c7c94..236f57d5 100644 --- a/app/controllers/ec_major_schools_controller.rb +++ b/app/controllers/ec_major_schools_controller.rb @@ -188,8 +188,6 @@ class EcMajorSchoolsController < ApplicationController # 职业认证的权限判断 def ec_auth - unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @major_school.school_id) - render_403 - end + ec_public_auth @major_school end end diff --git a/app/controllers/ec_years_controller.rb b/app/controllers/ec_years_controller.rb index 19c7828f..7d696a2b 100644 --- a/app/controllers/ec_years_controller.rb +++ b/app/controllers/ec_years_controller.rb @@ -352,9 +352,7 @@ class EcYearsController < ApplicationController # 职业认证的权限判断 def ec_auth - unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @ec_major_school.school_id) - render_403 - end + ec_public_auth @ec_major_school end def find_year diff --git a/app/controllers/ecs_controller.rb b/app/controllers/ecs_controller.rb index 69d50cb5..97cbc298 100644 --- a/app/controllers/ecs_controller.rb +++ b/app/controllers/ecs_controller.rb @@ -1,7 +1,7 @@ class EcsController < ApplicationController - before_filter :find_school, :except => [:get_navigation_url] before_filter :require_login - before_filter :ec_auth, :except => [:get_navigation_url] + before_filter :find_school, :except => [:get_navigation_url] + before_filter :school_manager, :except => [:department, :get_navigation_url] layout 'base_ec' def department @@ -12,26 +12,30 @@ class EcsController < ApplicationController @major_schools = @school.ec_major_schools.where(:template_major => false) unless @is_school_manager ec_major_school_ids = EcMajorSchoolUser.where(:user_id => User.current.id).pluck(:ec_major_school_id) - ec_course_major_ids = EcYear.where(:id => EcCourseUser.where(:user_id => User.current.id).pluck(:ec_year_id)).pluck(:ec_major_school_id) + ec_course_major_ids = EcYear.where(:id => EcCourse.where(:id => EcCourseUser.where(:user_id => User.current.id).pluck(:ec_course_id)).pluck(:ec_year_id)).pluck(:ec_major_school_id) @major_schools = @major_schools.where(:id => (ec_major_school_ids + ec_course_major_ids).uniq) end @major_count = @major_schools.count - if params[:search].present? - major_ids = EcMajor.where("name like '%#{params[:search]}%' or code like '%#{params[:search]}%'").pluck(:id) - @major_schools = @major_schools.where(:ec_major_id => major_ids) - end + if @major_count == 0 + render_403 + else + if params[:search].present? + major_ids = EcMajor.where("name like '%#{params[:search]}%' or code like '%#{params[:search]}%'").pluck(:id) + @major_schools = @major_schools.where(:ec_major_id => major_ids) + end - @obj_count = @major_schools.count - @limit = 10 - @is_remote = true - @obj_pages = Paginator.new @obj_count, @limit, params['page'] || 1 - @offset ||= @obj_pages.offset - @major_schools = paginateHelper @major_schools, @limit - respond_to do |format| - format.js - format.html + @obj_count = @major_schools.count + @limit = 10 + @is_remote = true + @obj_pages = Paginator.new @obj_count, @limit, params['page'] || 1 + @offset ||= @obj_pages.offset + @major_schools = paginateHelper @major_schools, @limit + respond_to do |format| + format.js + format.html + end end end @@ -65,9 +69,8 @@ class EcsController < ApplicationController @school = School.find(params[:school_id]) end - # 职业认证的权限判断 - def ec_auth - unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @school.id) + def school_manager + unless User.current.admin? || @school.users.where(:id => User.current.id).count > 0 render_403 end end diff --git a/app/models/user.rb b/app/models/user.rb index 8f7f49b0..af689317 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -354,6 +354,13 @@ class User < Principal (self.ec_course_users.first && self.ec_course_users.first.try(:ec_course).try(:ec_year).try(:ec_major_school).try(:school_id)) end + # 工程认证的权限 + def ec_school_auth school_id + # self.ec_school_users.where(:school_id => school_id).count > 0 || + # self.ec_major_schools.where(:school_id => school_id).count > 0 || + # + end + def challenge_tags games = self.games.where(:id => self.experiences.map(&:container_id), :status => 2) challenge_tags = ChallengeTag.where(:challenge_id => games.map(&:challenge_id)).where("name != ''") diff --git a/app/views/ec_years/_course_lists.html.erb b/app/views/ec_years/_course_lists.html.erb index 5d19b9a5..b39d9bfe 100644 --- a/app/views/ec_years/_course_lists.html.erb +++ b/app/views/ec_years/_course_lists.html.erb @@ -86,7 +86,7 @@ <% end %> - <% if course_manager || @template_major %> + <% if @template_major %> 删除 <% end %> <% redirect_url = course_targets == 0 ? ec_course_support_setting_ec_course_path(course) : ( diff --git a/app/views/ec_years/_sub_training_objectives.html.erb b/app/views/ec_years/_sub_training_objectives.html.erb index 4df8f96b..fa4ff9db 100644 --- a/app/views/ec_years/_sub_training_objectives.html.erb +++ b/app/views/ec_years/_sub_training_objectives.html.erb @@ -13,7 +13,7 @@ <% end %> -<% elsif @ec_training_objective.present? && @template_major && @ec_training_objective && @sub_training_objectives.count > 0 %> +<% elsif @ec_training_objective.present? && @template_major && @sub_training_objectives.count == 0 %>