From 1f1ff6c7a901bd86304e9ae41f5ed4e7a78a9bc4 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 19 Feb 2020 18:28:05 +0800 Subject: [PATCH] =?UTF-8?q?=E9=A2=98=E5=BA=93=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 13 +++++++++++++ app/controllers/examination_banks_controller.rb | 2 ++ .../examination_intelligent_settings_controller.rb | 1 + app/controllers/examination_items_controller.rb | 1 + app/controllers/item_banks_controller.rb | 2 ++ app/controllers/item_baskets_controller.rb | 1 + 6 files changed, 20 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c9d352e80..15f918c01 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -48,6 +48,19 @@ class ApplicationController < ActionController::Base EduSetting.get(name) end + # 平台身份权限判断(学生用户无权限) + def identity_auth + ue = current_user.user_extension + tip_exception(403, "..") unless current_user.admin_or_business? || ue.teacher? || ue.professional? + end + + # 平台已认证身份判断(已认证的老师和专业人士) + def certi_identity_auth + ue = current_user.user_extension + tip_exception(403, "..") unless current_user.admin_or_business? || + (current_user.professional_certification && (ue.teacher? || ue.professional?)) + end + def shixun_marker unless current_user.is_shixun_marker? || current_user.admin_or_business? tip_exception(403, "..") diff --git a/app/controllers/examination_banks_controller.rb b/app/controllers/examination_banks_controller.rb index 251cd197f..1a2f3f564 100644 --- a/app/controllers/examination_banks_controller.rb +++ b/app/controllers/examination_banks_controller.rb @@ -1,8 +1,10 @@ class ExaminationBanksController < ApplicationController include PaginateHelper before_action :require_login + before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item] before_action :find_exam, except: [:index, :create] before_action :edit_auth, only: [:update, :destroy, :set_public, :revoke_item] + before_action :identity_auth, only: [:index] def index exams = ExaminationBankQuery.call(params) diff --git a/app/controllers/examination_intelligent_settings_controller.rb b/app/controllers/examination_intelligent_settings_controller.rb index 10384b7cb..8675e699e 100644 --- a/app/controllers/examination_intelligent_settings_controller.rb +++ b/app/controllers/examination_intelligent_settings_controller.rb @@ -1,5 +1,6 @@ class ExaminationIntelligentSettingsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :optinal_items, :save_exam, :exchange_one_item, :exchange_items] before_action :find_exam, only: [:exchange_one_item, :exchange_items, :save_exam] def optinal_items diff --git a/app/controllers/examination_items_controller.rb b/app/controllers/examination_items_controller.rb index ee7a27c59..97aac3bc6 100644 --- a/app/controllers/examination_items_controller.rb +++ b/app/controllers/examination_items_controller.rb @@ -1,5 +1,6 @@ class ExaminationItemsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :destroy, :delete_item_type, :set_score, :batch_set_score, :adjust_position] before_action :validate_score, only: [:set_score, :batch_set_score] before_action :find_exam, only: [:create, :batch_set_score, :delete_item_type] before_action :find_item, except: [:create, :batch_set_score, :delete_item_type] diff --git a/app/controllers/item_banks_controller.rb b/app/controllers/item_banks_controller.rb index f108c1fad..cc046d061 100644 --- a/app/controllers/item_banks_controller.rb +++ b/app/controllers/item_banks_controller.rb @@ -1,8 +1,10 @@ class ItemBanksController < ApplicationController include PaginateHelper before_action :require_login + before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public] before_action :find_item, except: [:index, :create] before_action :edit_auth, only: [:update, :destroy, :set_public] + before_action :identity_auth, only: [:index] def index items = ItemBankQuery.call(params) diff --git a/app/controllers/item_baskets_controller.rb b/app/controllers/item_baskets_controller.rb index 03355189d..b047e3d78 100644 --- a/app/controllers/item_baskets_controller.rb +++ b/app/controllers/item_baskets_controller.rb @@ -1,5 +1,6 @@ class ItemBasketsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :delete_item_type, :destroy, :set_score, :batch_set_score, :adjust_position] before_action :validate_score, only: [:set_score, :batch_set_score] helper_method :current_basket