From 1053112843168c79360129b4151107effda48970 Mon Sep 17 00:00:00 2001
From: cxt <853663049@qq.com>
Date: Wed, 19 Feb 2020 17:35:26 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=86=E7=8F=AD=E9=82=80=E8=AF=B7=E7=A0=81?=
 =?UTF-8?q?=E5=88=97=E8=A1=A8=E5=A2=9E=E5=8A=A0=E5=8F=82=E6=95=B0=E3=80=81?=
 =?UTF-8?q?=E9=82=80=E8=AF=B7=E7=A0=81=E7=9A=84=E5=81=9C=E7=94=A8/?=
 =?UTF-8?q?=E5=90=AF=E7=94=A8=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/course_groups_controller.rb   | 5 ++++-
 app/helpers/courses_helper.rb                 | 6 ++++++
 app/views/courses/course_groups.json.jbuilder | 3 ++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/app/controllers/course_groups_controller.rb b/app/controllers/course_groups_controller.rb
index fd59dd497..d07a1e12c 100644
--- a/app/controllers/course_groups_controller.rb
+++ b/app/controllers/course_groups_controller.rb
@@ -2,7 +2,7 @@ class CourseGroupsController < ApplicationController
   before_action :require_login, :check_auth
   before_action :set_group, except: [:create]
   before_action :find_course, only: [:create]
-  before_action :teacher_allowed
+  before_action :teacher_allowed, except: [:set_invite_code_halt]
 
   def create
     tip_exception("分班名称不能为空") if params[:name].blank?
@@ -57,6 +57,9 @@ class CourseGroupsController < ApplicationController
 
   # 邀请码停用/启用
   def set_invite_code_halt
+    teacher = @course.teachers.find_by(user_id: current_user.id)
+    tip_exception(403, "无权限") unless current_user.admin_or_business? ||
+      (teacher.present? && (teacher.teacher_course_groups.pluck(:course_group_id).include?(@group.id) || teacher.teacher_course_groups.size == 0))
     @group.update!(invite_code_halt: !@group.invite_code_halt)
     normal_status(0, "成功")
   end
diff --git a/app/helpers/courses_helper.rb b/app/helpers/courses_helper.rb
index 37e108a74..f0d58adbb 100644
--- a/app/helpers/courses_helper.rb
+++ b/app/helpers/courses_helper.rb
@@ -12,6 +12,12 @@ module CoursesHelper
     # end
   end
 
+  def edit_auth group, teachers
+    User.current.admin_or_business? ||
+      teachers.select{|teacher| teacher.user_id == User.current.id &&
+        (teacher.teacher_course_groups.pluck(:course_group_id).include?(group.id) || teacher.teacher_course_groups.size == 0)}.size > 0
+  end
+
     # 是否有切换为学生的入口
   def switch_student_role is_teacher, course, user
     is_teacher && course.course_members.where(user_id: user.id, role: %i(STUDENT)).exists?
diff --git a/app/views/courses/course_groups.json.jbuilder b/app/views/courses/course_groups.json.jbuilder
index 48a5922a6..0057befb6 100644
--- a/app/views/courses/course_groups.json.jbuilder
+++ b/app/views/courses/course_groups.json.jbuilder
@@ -1,7 +1,8 @@
 json.course_groups @course_groups.each do |group|
-  json.(group, :id, :course_members_count, :name)
+  json.(group, :id, :course_members_count, :name, :invite_code_halt)
   json.invite_code group.invite_code if @user_course_identity < Course::STUDENT
   json.member_manager member_manager(group, @teachers) if @user_course_identity < Course::NORMAL
+  json.edit_auth edit_auth(group, @teachers) if @user_course_identity < Course::STUDENT
 end
 
 if @user_course_identity == Course::STUDENT