hushasha
/
trustieforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

课程实践模块权限判断不全面

Browse Source
course_group
sw 11 years ago
parent 26ff74a798
commit 2238c42826
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File

6
app/controllers/courses_controller.rb
Unescape View File

@ -470,9 +470,7 @@ class CoursesController < ApplicationController
end end
def homework def homework
if @course.is_public == 0 if @course.is_public != 0 || User.current.member_of_course?(@course)
render_403
else
@offset, @limit = api_offset_and_limit({:limit => 10}) @offset, @limit = api_offset_and_limit({:limit => 10})
@bids = @course.homeworks.order('deadline DESC') @bids = @course.homeworks.order('deadline DESC')
@bids = @bids.like(params[:name]) if params[:name].present? @bids = @bids.like(params[:name]) if params[:name].present?
@ -490,6 +488,8 @@ class CoursesController < ApplicationController
@bids = @bids.offset(@offset).limit(limit).all.reverse @bids = @bids.offset(@offset).limit(limit).all.reverse
end end
render :layout => 'base_courses' render :layout => 'base_courses'
else
render_403
end end
end end

Write Preview
Loading…
Cancel
Save