From 4fdc1b97a5022185d322c32a92fecab8d4594721 Mon Sep 17 00:00:00 2001 From: z9hang Date: Wed, 4 Feb 2015 14:07:00 +0800 Subject: [PATCH] =?UTF-8?q?=E9=85=8D=E7=BD=AEAPI=20comment=E6=8E=A5?= =?UTF-8?q?=E5=8F=A3=EF=BC=8C=E4=BF=AE=E6=AD=A3=E6=98=BE=E7=A4=BA=E8=AF=BE?= =?UTF-8?q?=E7=A8=8B=E9=80=9A=E7=9F=A5=E6=8E=A5=E5=8F=A3=E6=9C=AA=E5=88=A4?= =?UTF-8?q?=E6=96=AD=E6=9D=83=E9=99=90=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/api/mobile/api.rb | 2 +- app/api/mobile/apis/courses.rb | 2 +- app/services/comment_service.rb | 2 +- app/services/courses_service.rb | 9 +++++++++ 4 files changed, 12 insertions(+), 3 deletions(-) diff --git a/app/api/mobile/api.rb b/app/api/mobile/api.rb index bad8c1a77..8f7f0342f 100644 --- a/app/api/mobile/api.rb +++ b/app/api/mobile/api.rb @@ -38,7 +38,7 @@ module Mobile mount Apis::Watches mount Apis::Upgrade mount Apis::Homeworks - mount Apis::Comment + mount Apis::Comments #add_swagger_documentation ({api_version: 'v1', base_path: 'http://u06.shellinfo.cn/trustie/api'}) #add_swagger_documentation ({api_version: 'v1', base_path: '/api'}) if Rails.env.development? diff --git a/app/api/mobile/apis/courses.rb b/app/api/mobile/apis/courses.rb index 2e678bad4..8f8c08c3f 100644 --- a/app/api/mobile/apis/courses.rb +++ b/app/api/mobile/apis/courses.rb @@ -199,7 +199,7 @@ module Mobile desc "显示课程通知" params do - + optional :token, type: String end get "news/:id" do cs = CoursesService.new diff --git a/app/services/comment_service.rb b/app/services/comment_service.rb index b6727a941..23f4355e6 100644 --- a/app/services/comment_service.rb +++ b/app/services/comment_service.rb @@ -1,8 +1,8 @@ class CommentService #评论 def news_comments params,current_user - raise Unauthorized unless @news.commentable? @news = News.find(params[:id]) + raise Unauthorized unless @news.commentable? @comment = Comment.new @comment.safe_attributes = params[:comment] @comment.author = current_user diff --git a/app/services/courses_service.rb b/app/services/courses_service.rb index afd674610..77b5e325d 100644 --- a/app/services/courses_service.rb +++ b/app/services/courses_service.rb @@ -131,9 +131,18 @@ class CoursesService #显示课程通知(包括评论) 需验证权限 def show_course_news params,current_user @news = News.find(params[:id]) + @course = @news.course + if @course + if current_user.nil? || !(current_user.admin? || @course.is_public == 1 || (@course.is_public == 0 && current_user.member_of_course?(@course))) + raise '403' + end + else + raise 'news in unknown course' + end @comments = @news.comments @comments.reverse! if current_user.wants_comments_in_reverse_order? {:news => @news,:comments => @comments} + #comments = [] #@comments.each do |comment| # comments << {:author_id => comment.author_id,:author_name => comment.author.name,:commont_content => comment.comments,:time => format_time(comment.created_on)}