题库权限

5 years ago · 1f1ff6c7a9
parent 0853e6a4b5
commit 1f1ff6c7a9
6 changed files with 20 additions and 0 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -48,6 +48,19 @@ class ApplicationController < ActionController::Base
 		EduSetting.get(name)
 	end

+	# 平台身份权限判断（学生用户无权限）
+	def identity_auth
+		ue = current_user.user_extension
+		tip_exception(403, "..") unless current_user.admin_or_business? || ue.teacher? || ue.professional?
+	end
+
+	# 平台已认证身份判断（已认证的老师和专业人士）
+	def certi_identity_auth
+		ue = current_user.user_extension
+		tip_exception(403, "..") unless current_user.admin_or_business? ||
+																									(current_user.professional_certification && (ue.teacher? || ue.professional?))
+	end
+
 	def shixun_marker
 		unless current_user.is_shixun_marker? || current_user.admin_or_business?
 			tip_exception(403, "..")
--- a/app/controllers/examination_banks_controller.rb
+++ b/app/controllers/examination_banks_controller.rb
@ -1,8 +1,10 @@
 class ExaminationBanksController < ApplicationController
  include PaginateHelper
  before_action :require_login
+  before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item]
  before_action :find_exam, except: [:index, :create]
  before_action :edit_auth, only: [:update, :destroy, :set_public, :revoke_item]
+  before_action :identity_auth, only: [:index]

  def index
    exams = ExaminationBankQuery.call(params)
--- a/app/controllers/examination_intelligent_settings_controller.rb
+++ b/app/controllers/examination_intelligent_settings_controller.rb
@ -1,5 +1,6 @@
 class ExaminationIntelligentSettingsController < ApplicationController
  before_action :require_login
+  before_action :certi_identity_auth, only: [:create, :optinal_items, :save_exam, :exchange_one_item, :exchange_items]
  before_action :find_exam, only: [:exchange_one_item, :exchange_items, :save_exam]

  def optinal_items
--- a/app/controllers/examination_items_controller.rb
+++ b/app/controllers/examination_items_controller.rb
@ -1,5 +1,6 @@
 class ExaminationItemsController < ApplicationController
  before_action :require_login
+  before_action :certi_identity_auth, only: [:create, :destroy, :delete_item_type, :set_score, :batch_set_score, :adjust_position]
  before_action :validate_score, only: [:set_score, :batch_set_score]
  before_action :find_exam, only: [:create, :batch_set_score, :delete_item_type]
  before_action :find_item, except: [:create, :batch_set_score, :delete_item_type]
--- a/app/controllers/item_banks_controller.rb
+++ b/app/controllers/item_banks_controller.rb
@ -1,8 +1,10 @@
 class ItemBanksController < ApplicationController
  include PaginateHelper
  before_action :require_login
+  before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public]
  before_action :find_item, except: [:index, :create]
  before_action :edit_auth, only: [:update, :destroy, :set_public]
+  before_action :identity_auth, only: [:index]

  def index
    items = ItemBankQuery.call(params)
--- a/app/controllers/item_baskets_controller.rb
+++ b/app/controllers/item_baskets_controller.rb
@ -1,5 +1,6 @@
 class ItemBasketsController < ApplicationController
  before_action :require_login
+  before_action :certi_identity_auth, only: [:create, :delete_item_type, :destroy, :set_score, :batch_set_score, :adjust_position]
  before_action :validate_score, only: [:set_score, :batch_set_score]
  helper_method :current_basket