调整

app/controllers/application_controller.rb

@@ -65,6 +65,16 @@ class ApplicationController < ActionController::Base
   include Redmine::MenuManager::MenuController
   helper Redmine::MenuManager::MenuHelper
 
+  def ec_public_auth major_school
+    unless User.current.admin? || major_school.template_major || major_school.school.users.where(:id => User.current.id).count > 0 ||
+        major_school.ec_major_school_users.where(:user_id => User.current.id).count > 0 ||
+        EcCourseUser.where(:user_id => User.current.id, :ec_course_id => EcCourse.where(:ec_year_id => major_school.ec_years.pluck(:id)).pluck(:id)).count > 0
+      render_403
+    else
+      true
+    end
+  end
+
   def user_agent
     logger.info "HTTP_USER_AGENT #{request.env["HTTP_USER_AGENT"]}" 
   end

app/controllers/ec_course_supports_controller.rb

@@ -221,8 +221,6 @@ class EcCourseSupportsController < ApplicationController
 
   # 职业认证的权限判断
   def ec_auth
-    unless User.current.admin? || (User.current.ec_school.present? && @year.ec_major_school.school_id == User.current.ec_school)
-      render_403
-    end
+    ec_public_auth @year.ec_major_school
   end
 end

app/controllers/ec_courses_controller.rb

@@ -603,9 +603,7 @@ class EcCoursesController < ApplicationController
 
   # 职业认证的权限判断
   def ec_auth
-    unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @ec_major_school.school_id)
-      render_403
-    end
+    ec_public_auth @ec_major_school
   end
 
   def target_list_data course_targets

app/controllers/ec_major_schools_controller.rb

@@ -188,8 +188,6 @@ class EcMajorSchoolsController < ApplicationController
 
   # 职业认证的权限判断
   def ec_auth
-    unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @major_school.school_id)
-      render_403
-    end
+    ec_public_auth @major_school
   end
 end

app/controllers/ec_years_controller.rb

@@ -352,9 +352,7 @@ class EcYearsController < ApplicationController
 
   # 职业认证的权限判断
   def ec_auth
-    unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @ec_major_school.school_id)
-      render_403
-    end
+    ec_public_auth @ec_major_school
   end
 
   def find_year

app/controllers/ecs_controller.rb

@@ -1,7 +1,7 @@
 class EcsController < ApplicationController
-  before_filter :find_school, :except => [:get_navigation_url]
   before_filter :require_login
-  before_filter :ec_auth, :except => [:get_navigation_url]
+  before_filter :find_school, :except => [:get_navigation_url]
+  before_filter :school_manager, :except => [:department, :get_navigation_url]
   layout 'base_ec'
 
   def department
@@ -12,26 +12,30 @@ class EcsController < ApplicationController
     @major_schools = @school.ec_major_schools.where(:template_major => false)
     unless @is_school_manager
       ec_major_school_ids = EcMajorSchoolUser.where(:user_id => User.current.id).pluck(:ec_major_school_id)
-      ec_course_major_ids = EcYear.where(:id => EcCourseUser.where(:user_id => User.current.id).pluck(:ec_year_id)).pluck(:ec_major_school_id)
+      ec_course_major_ids = EcYear.where(:id => EcCourse.where(:id => EcCourseUser.where(:user_id => User.current.id).pluck(:ec_course_id)).pluck(:ec_year_id)).pluck(:ec_major_school_id)
       @major_schools = @major_schools.where(:id => (ec_major_school_ids + ec_course_major_ids).uniq)
     end
 
     @major_count = @major_schools.count
 
-    if params[:search].present?
-      major_ids = EcMajor.where("name like '%#{params[:search]}%' or code like '%#{params[:search]}%'").pluck(:id)
-      @major_schools = @major_schools.where(:ec_major_id => major_ids)
-    end
+    if @major_count == 0
+      render_403
+    else
+      if params[:search].present?
+        major_ids = EcMajor.where("name like '%#{params[:search]}%' or code like '%#{params[:search]}%'").pluck(:id)
+        @major_schools = @major_schools.where(:ec_major_id => major_ids)
+      end
 
-    @obj_count = @major_schools.count
-    @limit = 10
-    @is_remote = true
-    @obj_pages = Paginator.new @obj_count, @limit, params['page'] || 1
-    @offset ||= @obj_pages.offset
-    @major_schools = paginateHelper @major_schools, @limit
-    respond_to do |format|
-      format.js
-      format.html
+      @obj_count = @major_schools.count
+      @limit = 10
+      @is_remote = true
+      @obj_pages = Paginator.new @obj_count, @limit, params['page'] || 1
+      @offset ||= @obj_pages.offset
+      @major_schools = paginateHelper @major_schools, @limit
+      respond_to do |format|
+        format.js
+        format.html
+      end
     end
   end
 
@@ -65,9 +69,8 @@ class EcsController < ApplicationController
     @school = School.find(params[:school_id])
   end
 
-  # 职业认证的权限判断
-  def ec_auth
-    unless User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == @school.id)
+  def school_manager
+    unless User.current.admin? || @school.users.where(:id => User.current.id).count > 0
       render_403
     end
   end

app/models/user.rb

@@ -354,6 +354,13 @@ class User < Principal
         (self.ec_course_users.first && self.ec_course_users.first.try(:ec_course).try(:ec_year).try(:ec_major_school).try(:school_id))
   end
 
+  # 工程认证的权限
+  def ec_school_auth school_id
+    # self.ec_school_users.where(:school_id => school_id).count > 0 ||
+    #     self.ec_major_schools.where(:school_id => school_id).count > 0 ||
+    #
+  end
+
   def challenge_tags
     games = self.games.where(:id => self.experiences.map(&:container_id), :status => 2)
     challenge_tags = ChallengeTag.where(:challenge_id => games.map(&:challenge_id)).where("name != ''")

app/views/ec_years/_course_lists.html.erb

@@ -86,7 +86,7 @@
         </span>
       <% end %>
       <span class="column-5 fr">
-          <% if course_manager || @template_major %>
+          <% if @template_major %>
               <a href="javascript:void(0)" onclick="delete_confirm_box_2('<%= ec_course_path(course) %>','是否确定删除当前课程？');" class="color-grey-c mr15 DelCorrelationCourse">删除</a>
           <% end %>
         <% redirect_url = course_targets == 0 ? ec_course_support_setting_ec_course_path(course) : (

app/views/ec_years/_sub_training_objectives.html.erb

@@ -13,7 +13,7 @@
   </li>
 <% end %>
 </ul>
-<% elsif @ec_training_objective.present? && @template_major && @ec_training_objective && @sub_training_objectives.count > 0 %>
+<% elsif @ec_training_objective.present? && @template_major && @sub_training_objectives.count == 0 %>
     <form id="edit_training_subitems">
     <ul class="edu-back-white padding10-30" id="SubentryNewPanel">
       <li class="df mb10">

app/views/ec_years/_training_objective_contents.html.erb

@@ -12,7 +12,7 @@
       <a href="javascript:void(0)" class="defalutCancelbtn mr20 fr" onclick="CancelEditBtn();">取消</a>
     </p>
   </div>
-<% elsif @template_major && @ec_training_objective && @sub_training_objectives.count > 0 %>
+<% elsif @template_major %>
   <div class="clearfix" id="targetEdit">
     <textarea class="winput-100-130 mb10" id="training_obejctive"></textarea>
     <p class="clearfix">

app/views/ecs/_school_manager.html.erb

@@ -1,6 +1,6 @@
 <% major_school.users.each do |user| %>
   <span class="MajorName"><%= user.show_real_name %>
-    <% if @is_school_manager %>
+    <% if @is_school_manager || major_school.users.where(:id => User.current.id).count > 0 %>
       <i class="iconfont icon-htmal5icon19 font-16" onclick="delete_confirm_box_2('<%= delete_manager_ec_major_school_path(major_school, :user_id => user.id) %>','是否确认删除')"></i>
     <% end %>
   </span>