From 64497b10e469115a2bbda996b55ea6c91b593037 Mon Sep 17 00:00:00 2001
From: sw <939547590@qq.com>
Date: Thu, 4 Dec 2014 15:13:26 +0800
Subject: [PATCH] =?UTF-8?q?#1653=20=E4=BF=AE=E6=94=B9=E5=BC=80=E5=90=AF?=
 =?UTF-8?q?=E5=8C=BF=E8=AF=84=E4=B9=8B=E5=90=8E=EF=BC=8C=E5=AD=A6=E7=94=9F?=
 =?UTF-8?q?=E4=BB=8D=E5=8F=AF=E4=BB=A5=E9=80=9A=E8=BF=87url=E8=BF=9B?=
 =?UTF-8?q?=E8=A1=8C=E4=BD=9C=E4=B8=9A=E7=9A=84=E4=BF=AE=E6=94=B9=E5=92=8C?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/homework_attach_controller.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/app/controllers/homework_attach_controller.rb b/app/controllers/homework_attach_controller.rb
index 6088e2294..d07ee9448 100644
--- a/app/controllers/homework_attach_controller.rb
+++ b/app/controllers/homework_attach_controller.rb
@@ -305,7 +305,8 @@ class HomeworkAttachController < ApplicationController
   end
 
   def edit
-    if User.current.admin? || User.current.member_of_course?(@homework.bid.courses.first)
+    bid = @homework.bid
+    if (bid.comment_status == 0 || bid.open_anonymous_evaluation == 0) && (User.current.admin? || User.current.member_of_course?(bid.courses.first))
       get_homework_member @homework
     else
       render_403 :message => :notice_not_authorized
@@ -337,7 +338,8 @@ class HomeworkAttachController < ApplicationController
   end
 
   def destroy
-    if User.current.admin? || User.current == @homework.user
+    bid = @homework.bid
+    if (bid.comment_status == 0 || bid.open_anonymous_evaluation == 0) && (User.current.admin? || User.current == @homework.user)
       if @homework.destroy
         #respond_to do |format|
         #  format.html { redirect_to course_for_bid_url @homework.bid }