diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 1e12db25d..121b93dc5 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1095,23 +1095,27 @@ class UsersController < ApplicationController #引入资源列表根据关键词过滤 def user_ref_resource_search - search = params[:search].to_s.strip.downcase + if User.current.id.to_i != params[:id].to_i + render_403 + return + end + @resource_id = params[:mul_id] + @resource_type = params[:mul_type] + @order, @b_sort = params[:order] || "created_on", params[:sort] || "asc" + @score = @b_sort == "desc" ? "asc" : "desc" @user = User.current - if(params[:type].blank? || params[:type] == "1") #全部 - user_course_ids = User.current.courses.map { |c| c.is_delete == 0 && c.id} #我的资源库的话,那么应该是我上传的所有资源 加上 我加入的课程的所有资源 取交集并查询 - @attachments = Attachment.where("((author_id = #{params[:id]} and container_type in('Project','Principal','Course','Issue','Document','Message','News','StudentWorkScore','HomewCommon')) "+ - " or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')}))) and (filename like '%#{search}%') ").order("created_on desc") - elsif params[:type] == "2" #课程资源 + @switch_search = params[:search].nil? ? " " : params[:search] + search = "%#{@switch_search.strip.downcase}%" + # 别人的资源库是没有权限去看的 + if(params[:type] == "1") # 我的资源 + # 修正:我的资源库的话,那么应该是我上传的所有资源加上,我加入的课程、项目、组织的所有资源 user_course_ids = User.current.courses.map { |c| c.is_delete == 0 && c.id} - @attachments = Attachment.where("(author_id = #{params[:id]} and container_type = 'Course') or (container_type = 'Course' and container_id in (#{user_course_ids.empty? ? '0': user_course_ids.join(',')})) and (filename like '%#{search}%') ").order("created_on desc") - elsif params[:type] == "3" #项目资源 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type = 'Project' and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "4" #附件 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type in('Project','Issue','Document','Message','News','StudentWorkScore','HomewCommon') and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "5" #用户资源 - @attachments = Attachment.where("author_id = #{params[:id]} and container_type = 'Principal' and (filename like '%#{search}%')").order("created_on desc") - elsif params[:type] == "6" #公共资源 - @attachments = Attachment.where("(is_public =1 and is_publish = 1 and container_id is not null)" + "or (author_id = #{params[:id]} and is_publish = 0)").order("created_on desc") + user_project_ids = User.current.projects.map {|p| p.status != 9 && p.id } + # user_org_ids = User.current.organizations.map {|o| o.id} + @attachments = get_my_resources_search(params[:id], user_course_ids, user_project_ids, @order, @score, search) + elsif (params[:type].blank? || params[:type] == "6") # 公共资源 + # 公共资源库:所有公开资源或者我上传的私有资源 + @attachments = get_public_resources_search(user_course_ids, user_project_ids, @order, @score, search) end @type = params[:type] @limit = 7