|
|
|
@ -44,12 +44,18 @@ class CommonsController < ApplicationController
|
|
|
|
def validate_power
|
|
|
|
def validate_power
|
|
|
|
code =
|
|
|
|
code =
|
|
|
|
case params[:object_type].strip
|
|
|
|
case params[:object_type].strip
|
|
|
|
when 'message', 'journals_for_message'
|
|
|
|
when 'message'
|
|
|
|
if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user
|
|
|
|
if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user
|
|
|
|
403
|
|
|
|
403
|
|
|
|
else
|
|
|
|
else
|
|
|
|
200
|
|
|
|
200
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
when 'journals_for_message'
|
|
|
|
|
|
|
|
if current_user.course_identity(@object.jour.course) >= Course::STUDENT && @object.user != current_user
|
|
|
|
|
|
|
|
403
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
|
end
|
|
|
|
else
|
|
|
|
else
|
|
|
|
current_user.admin? ? 200 : 403
|
|
|
|
current_user.admin? ? 200 : 403
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
