From 8a88935b7c646031c8ac34dc28596c54419a8917 Mon Sep 17 00:00:00 2001
From: lizanle <491823689@qq.com>
Date: Fri, 21 Aug 2015 10:44:09 +0800
Subject: [PATCH] =?UTF-8?q?=E8=B5=84=E6=BA=90=E5=BA=93=20=E5=8F=AA?=
 =?UTF-8?q?=E8=83=BD=E7=9C=8B=E5=88=B0=E8=87=AA=E5=B7=B1=E7=9A=84=E8=B5=84?=
 =?UTF-8?q?=E6=BA=90=E5=BA=93?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/users_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5d569e247..562804abe 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1243,6 +1243,11 @@ class UsersController < ApplicationController
   def user_resource
     #确定container_type
     # @user = User.find(params[:id])
+    # 别人的资源库是没有权限去看的
+    if User.current.id.to_i != params[:id].to_i
+      render_403
+      return
+    end
     if(params[:type].nil? || params[:type] == "1") #全部
       if User.current.id.to_i == params[:id].to_i
         user_course_ids = User.current.courses.map { |c| c.id}  #我的资源库的话，那么应该是我上传的所有资源 加上 我加入的课程的所有资源