diff --git a/app/api/mobile/api.rb b/app/api/mobile/api.rb index eefedb5b..d7f04759 100644 --- a/app/api/mobile/api.rb +++ b/app/api/mobile/api.rb @@ -62,14 +62,9 @@ module Mobile end def memo_authenticate! - pass = (request.path.match(/memos\/\d+/).present? && !request.path.include?("reply")) || - request.path.include?("get_memos_list") || - request.path.include?("memos?page=") || request.path.match(/memos$/).present? - - unless pass - error!('401 Unauthorized', 401) unless current_user + if LocalSetting.first.try(:exam) && !current_user.admin? + redirect '/' end - end def discusses_authenticate! diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 8078da87..096fe5a4 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -29,6 +29,7 @@ class ProjectsController < ApplicationController # menu_item :share, :only => :share skip_before_filter :verify_authenticity_token, :only => [:training_task_status] skip_before_filter :check_if_login_required, :only => [:training_task_status] + before_filter :local_exam before_filter :check_authentication before_filter :find_project, :except => [ :index, :search,:list, :new, :create, :copy, :statistics, :new_join, :course, :enterprise_course, :course_enterprise, :view_homework_attaches,:join_project, :project_home, :training_execute, :training_task_status] @@ -37,6 +38,7 @@ class ProjectsController < ApplicationController before_filter :require_admin, :only => [ :copy, :unarchive, :calendar] before_filter :require_admin_or_manager, :only => [ :destroy] before_filter :file + before_filter :local_exam # 除非项目内人员,不可查看成员, TODO: 完了写报表里去 @@ -738,6 +740,12 @@ class ProjectsController < ApplicationController def file end + def local_exam + if LocalSetting.first.try(:exam) && !User.current.admin? + render_403 + end + end + def statistics end diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 5a160436..c0ac28da 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -315,7 +315,7 @@ class UsersController < ApplicationController end def message_detail - if User.current == @user || User.current.admin? + if (User.current == @user && !LocalSetting.first.try(:exam)) || User.current.admin? @target_user = User.where(:id => params[:user_id]).includes(:user_extensions).first if @target_user.present? @message_list = @user.private_messages.where(:target_id => params[:user_id], :status => [0, 1]).order("send_time asc") diff --git a/app/services/games_service.rb b/app/services/games_service.rb index 8573c683..cf709c4d 100644 --- a/app/services/games_service.rb +++ b/app/services/games_service.rb @@ -73,7 +73,8 @@ class GamesService :challenge => game_challenge.try(:attributes), :game => game.try(:attributes), :shixun => shixun.try(:attributes), :record => record, :grade => grade, :prev_game => prev_game, :next_game => next_game, :username => username, :image_url => image_url, :user_url => user_url, :praise_count => praise_count, :user_praise => user_praise, :time_limit => time_limit, - :tomcat_url => Redmine::Configuration['tomcat_php'], :is_teacher => is_teacher, :power => power, :myshixun_manager => myshixun_manager} + :tomcat_url => Redmine::Configuration['tomcat_php'], :is_teacher => is_teacher, :power => power, :myshixun_manager => myshixun_manager, + :local_exam => LocalSetting.first.try(:exam)} # 区分选择题和编程题,st:0编程题; if st == 0