diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 5e107d39..5bbe534e 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -362,6 +362,13 @@ class ApplicationController < ActionController::Base true end + # 运营人员 + def require_business + unless (User.current.business? || User.current.admin?) + render_403 + end + end + def deny_access User.current.logged? ? render_403 : require_login end diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index b65f2219..421e5da3 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -1635,7 +1635,7 @@ class CoursesController < ApplicationController @course_modules = @course.course_modules.where(:hidden => 0) course_module_type = @course_modules.map(&:module_type) - @is_teacher = User.current.allowed_to?(:as_teacher,@course) || User.current.admin? + @is_teacher = User.current.allowed_to?(:as_teacher,@course) || User.current.admin? || User.current.business? if User.current.member_of_course?(@course) && !@is_teacher member = @course.members.where(:user_id => User.current.id).first if member.try(:course_group_id).to_i == 0 diff --git a/app/controllers/managements_controller.rb b/app/controllers/managements_controller.rb index 11796cb0..cc883b9c 100644 --- a/app/controllers/managements_controller.rb +++ b/app/controllers/managements_controller.rb @@ -1,6 +1,6 @@ # encoding: utf-8 class ManagementsController < ApplicationController - before_filter :require_admin + before_filter :require_business layout 'base_management' include ManagementsHelper include SortHelper @@ -63,7 +63,6 @@ class ManagementsController < ApplicationController # 工程认证视频导入模板 def ec_template @template = EcTemplate.where(nil) - end def add_template diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb index b2761b60..f6578f18 100644 --- a/app/controllers/shixuns_controller.rb +++ b/app/controllers/shixuns_controller.rb @@ -10,6 +10,7 @@ class ShixunsController < ApplicationController before_filter :view_allow, :only => [:collaborators, :propaedeutics, :shixun_discuss, :ranking_list] before_filter :require_manager, :only => [ :settings, :add_script, :publish, :collaborators_delete, :shixun_members_added, :add_collaborators, :update, :destroy] before_filter :validation_email, :only => [:new] + before_filter :require_admin, :only => [:destroy] # 移动云ToC模式权限控制 # before_filter :ecloud_auth, :except => [:show, :index] diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index d13db006..df2ce0cd 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -274,7 +274,7 @@ class UsersController < ApplicationController # 私信 def private_messages - if User.current == @user || User.current.admin? + if User.current == @user || User.current.admin? || User.current.business? @onclick_time = User.current.onclick_time.onclick_time User.current.onclick_time.update_attribute(:onclick_time, Time.now) @messages = PrivateMessage.find_by_sql("SELECT ui.* FROM (SELECT * FROM private_messages WHERE STATUS != 2 AND user_id = #{@user.id} ORDER BY id DESC) ui GROUP BY ui.target_id ORDER BY ui.send_time DESC") diff --git a/app/models/open_source_project.rb b/app/models/open_source_project.rb index 0adc0957..93b91fbb 100644 --- a/app/models/open_source_project.rb +++ b/app/models/open_source_project.rb @@ -121,13 +121,6 @@ class OpenSourceProject < ActiveRecord::Base ApplyProjectMaster.delete_all "apply_type = '#{self.class}' AND apply_id = #{self.id} AND user_id = #{user.id}" end - def admin?(user) - if user.admin? or ApplyProjectMaster.find(:all, :conditions => ["user_id = ? and apply_type = 'OpenSourceProject' and apply_id = ? and status = ?", user.id, self.id, 2]).present? - return true - else - return false - end - end def reset_counters! self.class.reset_counters!(id) diff --git a/app/services/games_service.rb b/app/services/games_service.rb index 8573c683..bddb03b7 100644 --- a/app/services/games_service.rb +++ b/app/services/games_service.rb @@ -17,7 +17,7 @@ class GamesService myshixun = Myshixun.min.find(game.myshixun_id) shixun = Shixun.min.find(myshixun.shixun_id) - unless (myshixun.user_id == current_user.id || current_user.admin? || current_user.id == shixun.try(:user_id) || current_user.is_certification_teacher) + unless (myshixun.user_id == current_user.id || current_user.admin? || current_user.business? || current_user.id == shixun.try(:user_id) || current_user.is_certification_teacher) return{:status => 403} end game_challenge = Challenge.min.find(game.challenge_id) diff --git a/db/migrate/20190426020414_add_business_to_user.rb b/db/migrate/20190426020414_add_business_to_user.rb new file mode 100644 index 00000000..c9ab35ca --- /dev/null +++ b/db/migrate/20190426020414_add_business_to_user.rb @@ -0,0 +1,5 @@ +class AddBusinessToUser < ActiveRecord::Migration + def change + add_column :users, :business, :boolean, :default => false + end +end