diff --git a/app/controllers/bids_controller.rb b/app/controllers/bids_controller.rb index 4ef04579c..a728ee6e2 100644 --- a/app/controllers/bids_controller.rb +++ b/app/controllers/bids_controller.rb @@ -378,11 +378,6 @@ class BidsController < ApplicationController if membership.user.allowed_to?(:quote_project,membership.project) @option << membership.project end - #membership.member_roles.each{|role| - # if(role.role_id == 3) - # @option << membership.project - # end - #} end end @@ -457,14 +452,6 @@ class BidsController < ApplicationController if (User.current.logged? && User.current.member_of_course?(@bid.courses.first)) # flash[:notice] = "" @membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current)) - #@option = [] - #@membership.each do |membership| - # membership.member_roles.each{|role| - # if(role.role_id == 3) - # @option << membership.course - # end - # } - #end @user = @bid.author @bidding_project = @bid.biding_projects.all diff --git a/app/controllers/contests_controller.rb b/app/controllers/contests_controller.rb index 987881a83..456aa7b4a 100644 --- a/app/controllers/contests_controller.rb +++ b/app/controllers/contests_controller.rb @@ -232,12 +232,7 @@ class ContestsController < ApplicationController # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] @membership.each do |membership| unless(membership.project.project_type==1) - #membership.member_roles.each{|role| - # if(role.role_id == 3) - # @option << membership.project - # end - #} - if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) + if User.current.allowed_to?(:quote_project, membership.project) @option << membership.project end end @@ -326,13 +321,8 @@ class ContestsController < ApplicationController # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] @membership.each do |membership| unless(membership.project.project_type==1) - #membership.member_roles.each{|role| - #if(role.role_id == 3) - #@option << membership.project - #end - #} #拥有编辑项目权限的可将该项目参赛 - if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) + if User.current.allowed_to?(:quote_project, membership.project) @option << membership.project end end diff --git a/app/controllers/homework_attach_controller.rb b/app/controllers/homework_attach_controller.rb index 83a6aa05f..7ad0702e8 100644 --- a/app/controllers/homework_attach_controller.rb +++ b/app/controllers/homework_attach_controller.rb @@ -169,7 +169,15 @@ class HomeworkAttachController < ApplicationController #users:该作业所有成员 #q:模糊匹配的用户的昵称 def members_for_homework homework,users,q - homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'") + #homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'") + unpartin_users = homework.bid.courses.first.members.where("user_id not in (:users)", {:users => users}).joins(:user).where("users.login like '%#{q}%'") + canpartin_users = [] + unpartin_users.each do |m| + if m.user.allowed_to?(:paret_in_homework,homework.bid.courses.first) + canpartin_users << m + end + end + canpartin_users end def edit diff --git a/app/controllers/members_controller.rb b/app/controllers/members_controller.rb index 5ddebe707..5435a2d61 100644 --- a/app/controllers/members_controller.rb +++ b/app/controllers/members_controller.rb @@ -76,8 +76,10 @@ class MembersController < ApplicationController members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id) user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id) ## added by nie - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) + + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if role.allowed_to?(:is_manager) # ProjectInfo.create(:name => "test", :user_id => 123) end ## end @@ -86,8 +88,9 @@ class MembersController < ApplicationController members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id]) user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id) ## added by nie - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager) end ## end end @@ -123,14 +126,16 @@ class MembersController < ApplicationController user_ids.each do |user_id| members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id) #user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id) - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id) if role.allowed_to?(:is_manager) end end else members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id]) - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager) end end @course.members << members @@ -162,14 +167,17 @@ class MembersController < ApplicationController @member.role_ids = params[:membership][:role_ids] #added by nie - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - @projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id) - @projectInfo.save - else - user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id) - if user_admin.size > 0 - user_admin.each do |user| - user.destroy + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + if role.allowed_to?(:is_manager) + @projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id) + @projectInfo.save + else + user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id) + if user_admin.size > 0 + user_admin.each do |user| + user.destroy + end end end end @@ -191,14 +199,17 @@ class MembersController < ApplicationController if params[:membership] @member.role_ids = params[:membership][:role_ids] - if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3") - @courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id) - @courseInfo.save - else - user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id) - if user_admin.size > 0 - user_admin.each do |user| - user.destroy + if (params[:membership][:role_ids]) + role = Role.find(params[:membership][:role_ids][0]) + if role.allowed_to?(:is_manager) + @courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id) + @courseInfo.save + else + user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id) + if user_admin.size > 0 + user_admin.each do |user| + user.destroy + end end end end diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 92186710c..62b736294 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -729,8 +729,8 @@ class ProjectsController < ApplicationController @canShowRealName = isCourseTeacher(User.current.id) end - #勿删 real_name action为虚拟的该方法并不存在,用来辅助判断真名权限 - #勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false) + # real_name action为虚拟的该方法并不存在,用来辅助判断真名权限 + # @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false) respond_to do |format| format.html{render :layout => 'base_courses' if @base_courses_tag==1} format.api diff --git a/app/controllers/softapplications_controller.rb b/app/controllers/softapplications_controller.rb index 362a04f57..b60e9ba5c 100644 --- a/app/controllers/softapplications_controller.rb +++ b/app/controllers/softapplications_controller.rb @@ -108,14 +108,8 @@ class SoftapplicationsController < ApplicationController # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page'] @membership.each do |membership| unless(membership.project.project_type==1) - #membership.member_roles.each{|role| - # if(role.role_id == 3) - # @option << membership.project - # end - #} - #拥有编辑项目权限的可操作该项目 - if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) + if User.current.allowed_to?(:quote_project,membership.project) @option << membership.project end end diff --git a/app/helpers/shares_helper.rb b/app/helpers/shares_helper.rb index 9e0828133..219335cf7 100644 --- a/app/helpers/shares_helper.rb +++ b/app/helpers/shares_helper.rb @@ -4,13 +4,8 @@ def options_from_select_project(user) @option = [] @membership.each do |membership| unless(membership.project.project_type==1) - #membership.member_roles.each{|role| - # if(role.role_id == 3) - # @option << membership.project - # end - #} - #拥有编辑项目权限的可操作该项目 - if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) + #可被用户引用的项目 + if user.allowed_to?(:quote_project, membership.project) @option << membership.project end end diff --git a/app/helpers/user_score_helper.rb b/app/helpers/user_score_helper.rb index 3101b823c..768e87a8f 100644 --- a/app/helpers/user_score_helper.rb +++ b/app/helpers/user_score_helper.rb @@ -228,16 +228,10 @@ module UserScoreHelper isManager = 0 members = Member.where('user_id = ?', user.id) members.each do |m| - #roles = m.member_roles - #roles.each do |r| - # if r.role_id == 3 - # isManager = 1 - # end - #end @membership = m.memberships.all(:conditions => Project.visible_condition(User.current)) @membership.each do |membership| #拥有编辑项目权限的可操作该项目 - if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false) + if m.allowed_to?(:is_manager, membership.project, :global => false) isManager = 1 end end diff --git a/app/views/projects/_homeworkupload_homeworkproject.html.erb b/app/views/projects/_homeworkupload_homeworkproject.html.erb index e269eb32b..762b7f597 100644 --- a/app/views/projects/_homeworkupload_homeworkproject.html.erb +++ b/app/views/projects/_homeworkupload_homeworkproject.html.erb @@ -4,7 +4,7 @@ membership.each do |member| unless(member.project.project_type==1) member.member_roles.each{|role| - if(role.role_id == 3) + if role.allowed_to?(:quote_project) option << member.project end } diff --git a/db/migrate/20140708023356_add_authority.rb b/db/migrate/20140708023356_add_authority.rb new file mode 100644 index 000000000..d78f087fc --- /dev/null +++ b/db/migrate/20140708023356_add_authority.rb @@ -0,0 +1,13 @@ +class AddAuthority < ActiveRecord::Migration + def change + # 添加课程权限 + Role.all.each do |role| + if role.name == '学生' + role.permissions.append(:paret_in_homework) + elsif role.name == 'Manager' + role.permissions.append(:is_manager) + end + role.save(:validate => false) + end + end +end diff --git a/lib/redmine.rb b/lib/redmine.rb index adf033d69..3ce0b4d55 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map| map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true map.permission :quote_project, {},:require => :member + map.permission :is_manager,{},:require => :member #课程权限模块 #added by nwb @@ -122,6 +123,7 @@ Redmine::AccessControl.map do |map| #作业模块权限 map.course_module :bids do |map| map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true + map.permission :paret_in_homework,{},:require => :member end map.course_module :boards do |map|