From 7ecac799d550d10bf5073187efad636e821a4006 Mon Sep 17 00:00:00 2001
From: cxt <853663049@qq.com>
Date: Sat, 11 Jan 2020 17:50:47 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BF=BB=E8=BD=AC=E8=AF=BE=E5=A0=82=EF=BC=9A?=
 =?UTF-8?q?=E5=85=AC=E5=BC=80=E8=AF=BE=EF=BC=8C=E5=AF=B9=E4=BA=8E=E9=9D=9E?=
 =?UTF-8?q?=E8=AF=BE=E5=A0=82=E6=88=90=E5=91=98=E4=B8=8D=E5=85=81=E8=AE=B8?=
 =?UTF-8?q?=E6=9F=A5=E7=9C=8B=E6=95=99=E5=B8=88=E5=88=97=E8=A1=A8=E3=80=81?=
 =?UTF-8?q?=E5=AD=A6=E7=94=9F=E5=88=97=E8=A1=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/courses_controller.rb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
index 753a3d942..0a6e95470 100644
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@@ -394,6 +394,7 @@ class CoursesController < ApplicationController
 
   # 教师列表以及教师搜索
   def teachers
+    tip_exception(403, "无权限访问") if @course.excellent && @user_course_identity > Course::ASSISTANT_PROFESSOR
     @search_str = params[:search].present? ? params[:search].strip : ""
 
     if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
@@ -850,6 +851,8 @@ class CoursesController < ApplicationController
 
   # 学生列表(包括各个子分班的学生列表)及搜索
   def students
+    tip_exception(403, "无权限访问") if @course.excellent && @user_course_identity > Course::ASSISTANT_PROFESSOR
+
     search = params[:search].present? ? params[:search].strip : nil
     order = params[:order].present? ? params[:order].to_i : 1
     sort = params[:sort].present? ? params[:sort] : "asc"