考试模式、项目、实训讨论区权限控制

6 years ago · bb725e981a
parent 594100d6f3
commit bb725e981a
4 changed files with 13 additions and 9 deletions
--- a/app/api/mobile/api.rb
+++ b/app/api/mobile/api.rb
@ -62,14 +62,9 @@ module Mobile
      end

      def memo_authenticate!
-        pass = (request.path.match(/memos\/\d+/).present? && !request.path.include?("reply")) ||
-            request.path.include?("get_memos_list") ||
-            request.path.include?("memos?page=") || request.path.match(/memos$/).present?
-
-        unless pass
-          error!('401 Unauthorized', 401) unless current_user
+        if LocalSetting.first.try(:exam) && !current_user.admin?
+          redirect '/'
        end
-
      end

      def discusses_authenticate!
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -29,6 +29,7 @@ class ProjectsController < ApplicationController
  # menu_item :share, :only => :share
  skip_before_filter :verify_authenticity_token, :only => [:training_task_status]
  skip_before_filter :check_if_login_required, :only => [:training_task_status]
+  before_filter :local_exam
  before_filter :check_authentication
  before_filter :find_project, :except => [ :index, :search,:list, :new, :create, :copy, :statistics, :new_join, :course, :enterprise_course, :course_enterprise,
                                              :view_homework_attaches,:join_project, :project_home, :training_execute, :training_task_status]
@ -37,6 +38,7 @@ class ProjectsController < ApplicationController
  before_filter :require_admin, :only => [ :copy, :unarchive, :calendar]
  before_filter :require_admin_or_manager, :only => [ :destroy]
  before_filter :file
+  before_filter :local_exam


  # 除非项目内人员，不可查看成员, TODO: 完了写报表里去
@ -738,6 +740,12 @@ class ProjectsController < ApplicationController
  def file
  end

+  def local_exam
+    if LocalSetting.first.try(:exam) && !User.current.admin?
+      render_403
+    end
+  end
+
  def statistics

  end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -315,7 +315,7 @@ class UsersController < ApplicationController
  end

  def message_detail
-    if User.current == @user || User.current.admin?
+    if (User.current == @user && !LocalSetting.first.try(:exam)) || User.current.admin?
      @target_user = User.where(:id => params[:user_id]).includes(:user_extensions).first
      if @target_user.present?
        @message_list = @user.private_messages.where(:target_id => params[:user_id], :status => [0, 1]).order("send_time asc")
--- a/app/services/games_service.rb
+++ b/app/services/games_service.rb
@ -73,7 +73,8 @@ class GamesService
                 :challenge => game_challenge.try(:attributes), :game => game.try(:attributes), :shixun => shixun.try(:attributes),
                 :record => record, :grade => grade, :prev_game => prev_game, :next_game => next_game, :username => username,
                 :image_url => image_url, :user_url => user_url, :praise_count => praise_count, :user_praise => user_praise, :time_limit => time_limit,
-                 :tomcat_url  => Redmine::Configuration['tomcat_php'], :is_teacher => is_teacher, :power => power, :myshixun_manager => myshixun_manager}
+                 :tomcat_url  => Redmine::Configuration['tomcat_php'], :is_teacher => is_teacher, :power => power, :myshixun_manager => myshixun_manager,
+                 :local_exam => LocalSetting.first.try(:exam)}

    # 区分选择题和编程题，st：0编程题；
    if st == 0