From 567bcfdf659b180fe6aa9c6deb17b2119f775992 Mon Sep 17 00:00:00 2001 From: p31729568 Date: Sat, 15 Jun 2019 08:17:52 +0800 Subject: [PATCH 1/3] business add permission --- app/controllers/application_controller.rb | 6 +++++ ...c_course_achievement_methods_controller.rb | 2 +- .../ec_course_evaluations_controller.rb | 4 ++-- .../ec_course_supports_controller.rb | 2 +- app/controllers/ec_courses_controller.rb | 6 ++--- .../ec_graduation_requirements_controller.rb | 4 ++-- .../ec_major_schools_controller.rb | 12 +++++----- app/controllers/ec_years_controller.rb | 4 ++-- app/controllers/ecs_controller.rb | 4 ++-- app/controllers/managements_controller.rb | 7 +++--- .../ec_major_schools/_year_list.html.erb | 2 +- app/views/ec_major_schools/show.html.erb | 2 +- app/views/ec_years/_course_lists.html.erb | 2 +- .../managements/graduation_standard.html.erb | 24 ++++++++++--------- 14 files changed, 44 insertions(+), 37 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e44005a4..ceeb8b9b 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -66,6 +66,8 @@ class ApplicationController < ActionController::Base include Redmine::MenuManager::MenuController helper Redmine::MenuManager::MenuHelper + helper_method :admin_or_business? + # 云启训练场(EduCoder)个人版 产品编码(appId) 9200108 # 产品名称 计费类型 套餐编码 # 云启训练场(EduCoder)个人版 固定包月 9200108001 @@ -390,6 +392,10 @@ class ApplicationController < ActionController::Base end end + def admin_or_business? + User.current.business? || User.current.admin? + end + def deny_access User.current.logged? ? render_403 : require_login end diff --git a/app/controllers/ec_course_achievement_methods_controller.rb b/app/controllers/ec_course_achievement_methods_controller.rb index ecc74a67..5dcdfea8 100644 --- a/app/controllers/ec_course_achievement_methods_controller.rb +++ b/app/controllers/ec_course_achievement_methods_controller.rb @@ -309,7 +309,7 @@ class EcCourseAchievementMethodsController < ApplicationController @ec_course = EcCourse.find(params[:ec_course_id]) @year = @ec_course.ec_year @ec_major_school = @year.ec_major_school - @template_major = User.current.admin? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || + @template_major = admin_or_business? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) @is_manager = @template_major || @ec_course.ec_course_users.pluck(:user_id).include?(User.current.id) end diff --git a/app/controllers/ec_course_evaluations_controller.rb b/app/controllers/ec_course_evaluations_controller.rb index bf47d16e..f2a54e6f 100644 --- a/app/controllers/ec_course_evaluations_controller.rb +++ b/app/controllers/ec_course_evaluations_controller.rb @@ -298,7 +298,7 @@ class EcCourseEvaluationsController < ApplicationController def find_course @ec_course = EcCourse.find params[:ec_course_id] ec_major_school = @ec_course.ec_year.ec_major_school - @is_manager = User.current.admin? || ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || + @is_manager = admin_or_business? || ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) || @ec_course.ec_course_users.pluck(:user_id).include?(User.current.id) end @@ -306,7 +306,7 @@ class EcCourseEvaluationsController < ApplicationController @ce = EcCourseEvaluation.find params[:id] @ec_course = @ce.ec_course ec_major_school = @ec_course.ec_year.ec_major_school - @is_manager = User.current.admin? || ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || + @is_manager = admin_or_business? || ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) || @ec_course.ec_course_users.pluck(:user_id).include?(User.current.id) end end diff --git a/app/controllers/ec_course_supports_controller.rb b/app/controllers/ec_course_supports_controller.rb index 6bb0288b..39b7d06b 100644 --- a/app/controllers/ec_course_supports_controller.rb +++ b/app/controllers/ec_course_supports_controller.rb @@ -50,7 +50,7 @@ class EcCourseSupportsController < ApplicationController max_support_count = 0 subitems_count = 0 major_school = @year.ec_major_school - is_manager = User.current.admin? || major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) + is_manager = admin_or_business? || major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) ec_graduation_requirements.each_with_index do |gr, i| logger.info("#############index:#{i}#####_ec_gradiation_reqiorements: #{gr.id}") subitems_count += gr.ec_graduation_subitems.count diff --git a/app/controllers/ec_courses_controller.rb b/app/controllers/ec_courses_controller.rb index e7e000bb..8ad9f4e4 100644 --- a/app/controllers/ec_courses_controller.rb +++ b/app/controllers/ec_courses_controller.rb @@ -346,7 +346,7 @@ class EcCoursesController < ApplicationController # 关联课堂弹框-搜索 def search_courses user = User.where(:id => params[:user_id]).first - if user.try(:admin?) + if user.try(:admin?) || user.try(:business?) courses = Course.where(:is_delete => 0) else course_ids = Member.where("user_id = #{user.try(:id)} and course_id != -1").pluck(:course_id) @@ -588,7 +588,7 @@ class EcCoursesController < ApplicationController @ec_course = EcCourse.find(params[:id]) @year = @ec_course.ec_year @ec_major_school = @year.ec_major_school - @template_major = User.current.admin? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || + @template_major = admin_or_business? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) @is_manager = @template_major || @ec_course.ec_course_users.pluck(:user_id).include?(User.current.id) end @@ -596,7 +596,7 @@ class EcCoursesController < ApplicationController def find_year @year = EcYear.find(params[:ec_year_id]) @ec_major_school = @year.ec_major_school - @template_major = User.current.admin? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || + @template_major = admin_or_business? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) #@is_manager = @template_major || @ec_course.ec_course_users.pluck(:user_id).include?(User.current.id) end diff --git a/app/controllers/ec_graduation_requirements_controller.rb b/app/controllers/ec_graduation_requirements_controller.rb index ea0f5464..091588cd 100644 --- a/app/controllers/ec_graduation_requirements_controller.rb +++ b/app/controllers/ec_graduation_requirements_controller.rb @@ -34,7 +34,7 @@ class EcGraduationRequirementsController < ApplicationController ActiveRecord::Base.transaction do @year = EcYear.find params[:year_id] position = @year.ec_graduation_requirements ? @year.ec_graduation_requirements.count + 1 : 1 - @template_major = User.current.admin? || @year.ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) + @template_major = admin_or_business? || @year.ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) ec_requirement_id = EcGraduationRequirement.create(content: params[:requirement], :ec_year_id => @year.id, :position => position) params[:subitems].try(:each_with_index) do |sub, index| EcGraduationSubitem.create(content: sub, ec_graduation_requirement_id: ec_requirement_id.id, position: index+1) @@ -48,7 +48,7 @@ class EcGraduationRequirementsController < ApplicationController def update requirement = EcGraduationRequirement.find params[:id] @year = requirement.ec_year - @template_major = User.current.admin? || @year.ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) + @template_major = admin_or_business? || @year.ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) requirement.update_attribute(:content, params[:requirement]) requirement.ec_graduation_subitems.destroy_all params[:subitems].try(:each_with_index) do |sub, index| diff --git a/app/controllers/ec_major_schools_controller.rb b/app/controllers/ec_major_schools_controller.rb index 445ce70f..dfeb9ce4 100644 --- a/app/controllers/ec_major_schools_controller.rb +++ b/app/controllers/ec_major_schools_controller.rb @@ -13,7 +13,7 @@ class EcMajorSchoolsController < ApplicationController # 这个status 用于创建界别时,局部刷新的状态 @status = params[:status] - @btn_text = @major_school.template_major && User.current.admin? ? "立即配置" : + @btn_text = @major_school.template_major && admin_or_business? ? "立即配置" : (!@major_school.template_major && @major_manager ? "立即配置" : "查看") if params[:search] @@ -84,7 +84,7 @@ class EcMajorSchoolsController < ApplicationController user_url = user_path(User.current) year = @year.year # 学校操作权限 - template_major = User.current.admin? || major.school.ec_school_users.pluck(:user_id).include?(User.current.id) + template_major = admin_or_business? || major.school.ec_school_users.pluck(:user_id).include?(User.current.id) # 示例专业 example_major = major.template_major ec_course_support_setting_url = ec_course_support_setting_ec_course_path(ec_course) if ec_course.present? @@ -130,7 +130,7 @@ class EcMajorSchoolsController < ApplicationController competition_calculation_info_url: competition_calculation_info_url, score_level_setting_url: score_level_setting_url, example_major: example_major, - allow_visit: User.current.admin? || (User.current.ec_school.present? && User.current.ec_school == major.school.id) + allow_visit: admin_or_business? || (User.current.ec_school.present? && User.current.ec_school == major.school.id) } end @@ -159,7 +159,7 @@ class EcMajorSchoolsController < ApplicationController end def add_manager - @is_school_manager = User.current.admin? || @major_school.school.users.where(:id => User.current.id).count > 0 # 学校管理员 + @is_school_manager = admin_or_business? || @major_school.school.users.where(:id => User.current.id).count > 0 # 学校管理员 if @is_school_manager || @major_school.ec_major_school_users.where(:user_id => User.current.id).count > 0 params[:user_id].each do |user_id| if @major_school.ec_major_school_users.count < 5 && @major_school.ec_major_school_users.where(:user_id => user_id).count == 0 @@ -172,7 +172,7 @@ class EcMajorSchoolsController < ApplicationController end def delete_manager - @is_school_manager = User.current.admin? || @major_school.school.users.where(:id => User.current.id).count > 0 # 学校管理员 + @is_school_manager = admin_or_business? || @major_school.school.users.where(:id => User.current.id).count > 0 # 学校管理员 if @is_school_manager || @major_school.ec_major_school_users.where(:user_id => User.current.id).count > 0 @major_school.ec_major_school_users.where(:user_id => params[:user_id]).destroy_all else @@ -184,7 +184,7 @@ class EcMajorSchoolsController < ApplicationController def find_major_school @major_school = EcMajorSchool.find(params[:id]) # 管理员权限 - @major_manager = User.current.admin? || @major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) + @major_manager = admin_or_business? || @major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) end # 职业认证的权限判断 diff --git a/app/controllers/ec_years_controller.rb b/app/controllers/ec_years_controller.rb index 548e3b6e..6baf5d58 100644 --- a/app/controllers/ec_years_controller.rb +++ b/app/controllers/ec_years_controller.rb @@ -25,7 +25,7 @@ class EcYearsController < ApplicationController @status = 1 end @major_manager = true - @btn_text = @major_school.template_major && User.current.admin? ? "立即配置" : + @btn_text = @major_school.template_major && admin_or_business? ? "立即配置" : (!@major_school.template_major && @major_manager ? "立即配置" : "查看") @years = EcYear.where(:ec_major_school_id => @major_school.id) @years = paginateHelper @years, 10 @@ -338,7 +338,7 @@ class EcYearsController < ApplicationController @ec_major_school = EcMajorSchool.find(params[:ec_major_school_id]) @year = EcYear.find(params[:id]) # 专业管理员身份 - @template_major = User.current.admin? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) + @template_major = admin_or_business? || @ec_major_school.school.ec_school_users.pluck(:user_id).include?(User.current.id) || @ec_major_school.ec_major_school_users.pluck(:user_id).include?(User.current.id) end # 职业认证的权限判断 diff --git a/app/controllers/ecs_controller.rb b/app/controllers/ecs_controller.rb index 172d13fc..5d391a5d 100644 --- a/app/controllers/ecs_controller.rb +++ b/app/controllers/ecs_controller.rb @@ -7,7 +7,7 @@ class EcsController < ApplicationController def department @template_major = EcMajorSchool.where(:template_major => true).first @school_managers = @school.users - @is_school_manager = User.current.admin? || @school.users.where(:id => User.current.id).count > 0 # 学校管理员 + @is_school_manager = User.current.admin? || User.current.business? || @school.users.where(:id => User.current.id).count > 0 # 学校管理员 @major_schools = @school.ec_major_schools.where(:template_major => false) unless @is_school_manager @@ -70,7 +70,7 @@ class EcsController < ApplicationController end def school_manager - unless User.current.admin? || @school.users.where(:id => User.current.id).count > 0 + unless User.current.admin? || User.current.business? || @school.users.where(:id => User.current.id).count > 0 render_403 end end diff --git a/app/controllers/managements_controller.rb b/app/controllers/managements_controller.rb index d05261b8..483a4ff3 100644 --- a/app/controllers/managements_controller.rb +++ b/app/controllers/managements_controller.rb @@ -2,11 +2,10 @@ class ManagementsController < ApplicationController before_filter :require_business before_filter :require_admin, :only => [:shixun_setting_list, :mirror_repository, :mirror_picture_shixuns, :editmd_template, - :editmd_template, :subject_level_system, :subject_setting_list, :auto_users_trial, - :evaluate_records, :identity_authentication, :identity_authentication, :professional_authentication, - :shixun_authorization, :graduation_standard, :ec_template, :codemirror_template, + :editmd_template, :subject_level_system, :subject_setting_list, + :shixun_authorization, :ec_template, :codemirror_template, :course_guide_template, :shixun_quality_score, :tech_system, :update_notice, :setting_banner, - :training_2018] + :training_2018, :create_standard] layout 'base_management' include ManagementsHelper include SortHelper diff --git a/app/views/ec_major_schools/_year_list.html.erb b/app/views/ec_major_schools/_year_list.html.erb index 1e561782..5755d3f6 100644 --- a/app/views/ec_major_schools/_year_list.html.erb +++ b/app/views/ec_major_schools/_year_list.html.erb @@ -49,7 +49,7 @@ - <% if @major_manager && !@major_school.template_major || User.current.admin? %> + <% if @major_manager && !@major_school.template_major || User.current.admin? || User.current.business? %> 删除 <% end %> <%#= link_to '删除', ec_major_school_ec_year_path(year, :ec_major_school_id => @major_school), method: :delete, :class => "mr15 color-grey-c", data: { confirm: '您确定要删除吗' } %> diff --git a/app/views/ec_major_schools/show.html.erb b/app/views/ec_major_schools/show.html.erb index c3e4c924..92e100c2 100644 --- a/app/views/ec_major_schools/show.html.erb +++ b/app/views/ec_major_schools/show.html.erb @@ -8,7 +8,7 @@

  • <%= @major.name %> - <% if @major.schools && User.current.admin? %> + <% if @major.schools && (User.current.admin? || User.current.business?) %>

      <% @major.schools.each do |school| %> diff --git a/app/views/ec_years/_course_lists.html.erb b/app/views/ec_years/_course_lists.html.erb index b39d9bfe..721d1722 100644 --- a/app/views/ec_years/_course_lists.html.erb +++ b/app/views/ec_years/_course_lists.html.erb @@ -17,7 +17,7 @@
        <% @ec_courses.each_with_index do |course, index| %> <% course_manager = course.ec_course_users.pluck(:user_id).include?(User.current.id) %> - <% btn_text = ((@ec_major_school.template_major && User.current.admin?) || (!@ec_major_school.template_major && @template_major) || course_manager) ? "立即配置" : "查看" %> + <% btn_text = ((@ec_major_school.template_major && (User.current.admin? || User.current.business?)) || (!@ec_major_school.template_major && @template_major) || course_manager) ? "立即配置" : "查看" %>
      • <%= index + 1 %> <%= course.name %> diff --git a/app/views/managements/graduation_standard.html.erb b/app/views/managements/graduation_standard.html.erb index c61e6bff..a667c7c2 100644 --- a/app/views/managements/graduation_standard.html.erb +++ b/app/views/managements/graduation_standard.html.erb @@ -1,16 +1,18 @@

        毕业要求通用标准<%= @standards.count %>

        -

        + 新增

        -
        -

        - *1 - -

        -

        - 取消 - 保存 -

        -
        + <% if User.current.admin? %> +

        + 新增

        +
        +

        + *1 + +

        +

        + 取消 + 保存 +

        +
        + <% end %>
        From 0814e7b41229d8a4ff9871390a5008ca48db3cae Mon Sep 17 00:00:00 2001 From: p31729568 Date: Sat, 15 Jun 2019 08:33:14 +0800 Subject: [PATCH 2/3] fix business not permission at ec major school show --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ceeb8b9b..601ebb8a 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -135,7 +135,7 @@ class ApplicationController < ActionController::Base end def ec_public_auth major_school - unless User.current.admin? || major_school.template_major || major_school.school.users.where(:id => User.current.id).count > 0 || + unless admin_or_business? || major_school.template_major || major_school.school.users.where(:id => User.current.id).count > 0 || major_school.ec_major_school_users.where(:user_id => User.current.id).count > 0 || EcCourseUser.where(:user_id => User.current.id, :ec_course_id => EcCourse.where(:ec_year_id => major_school.ec_years.pluck(:id)).pluck(:id)).count > 0 render_403 From d02d10e95c4ba55697e1d508408c4704cbf3f773 Mon Sep 17 00:00:00 2001 From: caishi <1149225589@qq.com> Date: Sat, 15 Jun 2019 10:35:37 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E6=94=AF=E4=BB=98-=E5=BE=AE=E4=BF=A1?= =?UTF-8?q?=E5=BC=80=E9=80=9A=E6=8F=90=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/views/trainings/pay.html.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/views/trainings/pay.html.erb b/app/views/trainings/pay.html.erb index df22b65c..573de6fe 100644 --- a/app/views/trainings/pay.html.erb +++ b/app/views/trainings/pay.html.erb @@ -11,6 +11,7 @@ 线下支付

        +

        微信支付将于6月18日开通