m52mxtq3o
/
educoder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge remote-tracking branch 'origin/dev_aliyun' into dev_aliyun

Browse Source
courseware
杨树明 5 years ago
parent c4efa0df80 6d394bf72e
commit 0ee1d9a9f4
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File

5
app/controllers/examination_banks_controller.rb
Unescape View File

@ -3,7 +3,7 @@ class ExaminationBanksController < ApplicationController
before_action :require_login before_action :require_login
before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item, :cancel_items] before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item, :cancel_items]
before_action :find_exam, except: [:index, :create, :cancel_items] before_action :find_exam, except: [:index, :create, :cancel_items]
before_action :edit_auth, only: [:update, :destroy, :set_public, :revoke_item, :cancel_items] before_action :edit_auth, only: [:update, :set_public, :revoke_item, :cancel_items]
before_action :identity_auth, only: [:index] before_action :identity_auth, only: [:index]
def index def index
@ -52,6 +52,7 @@ class ExaminationBanksController < ApplicationController
end end
def destroy def destroy
tip_exception(403, "无权限") unless current_user.admin? || @item.user == current_user
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
ApplyAction.where(container_type: "ExaminationBank", container_id: @exam.id).destroy_all ApplyAction.where(container_type: "ExaminationBank", container_id: @exam.id).destroy_all
@exam.destroy! @exam.destroy!
@ -92,6 +93,6 @@ class ExaminationBanksController < ApplicationController
end end
def edit_auth def edit_auth
current_user.admin_or_business? || @exam.user == current_user tip_exception(403, "无权限") unless current_user.admin_or_business? || @exam.user == current_user
end end
end end

5
app/controllers/item_banks_controller.rb
Unescape View File

@ -3,7 +3,7 @@ class ItemBanksController < ApplicationController
before_action :require_login before_action :require_login
before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public] before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public]
before_action :find_item, except: [:index, :create] before_action :find_item, except: [:index, :create]
before_action :edit_auth, only: [:update, :destroy, :set_public] before_action :edit_auth, only: [:update, :set_public]
before_action :identity_auth, only: [:index] before_action :identity_auth, only: [:index]
def index def index
@ -41,6 +41,7 @@ class ItemBanksController < ApplicationController
end end
def destroy def destroy
tip_exception(403, "无权限") unless current_user.admin? || @item.user == current_user
ActiveRecord::Base.transaction do ActiveRecord::Base.transaction do
ApplyAction.where(container_type: "ItemBank", container_id: @item.id).destroy_all ApplyAction.where(container_type: "ItemBank", container_id: @item.id).destroy_all
if @item.item_type == "PROGRAM" if @item.item_type == "PROGRAM"
@ -67,7 +68,7 @@ class ItemBanksController < ApplicationController
end end
def edit_auth def edit_auth
current_user.admin_or_business? || @item.user == current_user tip_exception(403, "无权限") unless current_user.admin_or_business? || @item.user == current_user
end end
def form_params def form_params

Write Preview
Loading…
Cancel
Save