修正课程通知评论接口

11 years ago · d6b82c3549
parent 4fdc1b97a5
commit d6b82c3549
2 changed files with 14 additions and 4 deletions
--- a/app/api/mobile/apis/comments.rb
+++ b/app/api/mobile/apis/comments.rb
@ -6,11 +6,14 @@ module Mobile
        desc '课程通知评论'
        params do
          requires :token, type: String
-          requires :comment, type: String
+          requires :comments, type: String
        end
        post ':id' do
          cs = CommentService.new
-          comments = cs.news_comments params,current_user
+          cs_params = {
+              id: params[:id],
+              comment: params.reject{|k,v| [:id].include?(k)}}
+          comments = cs.news_comments cs_params,current_user
          raise "create comments failed #{comments.errors.full_messages}" if comments.new_record?
          present :data, comments, with: Mobile::Entities::Comment
          present :status, 0
--- a/app/services/comment_service.rb
+++ b/app/services/comment_service.rb
@ -2,9 +2,16 @@ class CommentService
  #评论
  def news_comments params,current_user
    @news = News.find(params[:id])
-    raise Unauthorized unless @news.commentable?
+    @course = @news.course
+    if @course.nil?
+      raise 'news in unknown course'
+    end
+    raise Unauthorized unless @news.commentable?(current_user)
+    if current_user.nil? || !(current_user.admin? || @course.is_public == 1 || (@course.is_public == 0 && current_user.member_of_course?(@course)))
+      raise '403'
+    end
    @comment = Comment.new
-    @comment.safe_attributes = params[:comment]
+    @comment.send(:safe_attributes=,params[:comment],current_user)
    @comment.author = current_user
    @news.comments << @comment
    @comment