From 2188f8b2b0d24b5e969c50640431b458e6d60cd9 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Thu, 9 Jan 2020 15:07:05 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AF=BE=E5=A0=82=E5=86=85=E6=89=80=E6=9C=89?= =?UTF-8?q?=E6=9D=83=E9=99=90=E5=AF=B9=E8=BF=90=E8=90=A5=E6=9D=83=E9=99=90?= =?UTF-8?q?=E5=BC=80=E6=94=BE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 6 +++--- app/controllers/commons_controller.rb | 2 +- app/controllers/courses_controller.rb | 8 ++++---- app/controllers/exercise_bank_questions_controller.rb | 2 +- app/controllers/exercise_banks_controller.rb | 4 ++-- app/controllers/graduation_works_controller.rb | 2 +- app/controllers/gtopic_banks_controller.rb | 2 +- app/controllers/homework_banks_controller.rb | 2 +- app/controllers/homework_commons_controller.rb | 2 +- app/controllers/messages_controller.rb | 2 +- app/controllers/poll_bank_questions_controller.rb | 2 +- app/controllers/question_banks_controller.rb | 8 ++++---- app/controllers/task_banks_controller.rb | 2 +- app/controllers/users/question_banks_controller.rb | 4 ++-- app/controllers/weapps/courses_controller.rb | 4 ++-- app/models/course.rb | 2 +- app/models/student_works_score.rb | 2 +- app/views/exercise_banks/show.json.jbuilder | 4 ++-- app/views/graduation_tasks/show.json.jbuilder | 2 +- app/views/graduation_works/comment_list.json.jbuilder | 2 +- app/views/gtopic_banks/show.json.jbuilder | 2 +- app/views/homework_banks/show.json.jbuilder | 2 +- app/views/task_banks/show.json.jbuilder | 2 +- app/views/users/question_banks/index.json.jbuilder | 2 +- 24 files changed, 36 insertions(+), 36 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index dd015ba9e..3424137a5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -85,8 +85,8 @@ class ApplicationController < ActionController::Base # 题库的访问权限 def bank_visit_auth - tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin? && @bank.user_id != current_user.id && @bank.is_public - tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? || + tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin_or_business? && @bank.user_id != current_user.id && @bank.is_public + tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? || (current_user.certification_teacher? && @bank.is_public) end @@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base def find_course return normal_status(2, '缺少course_id参数!') if params[:course_id].blank? @course = Course.find(params[:course_id]) - tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin? + tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business? rescue Exception => e tip_exception(e.message) end diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb index bcb0fa45a..16e9dc2be 100644 --- a/app/controllers/commons_controller.rb +++ b/app/controllers/commons_controller.rb @@ -58,7 +58,7 @@ class CommonsController < ApplicationController 200 end else - current_user.admin? ? 200 : 403 + current_user.admin_or_business? ? 200 : 403 end return normal_status(code, "你没有权限操作!") if code == 403 end diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index a7706ef47..da9f8240a 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -396,7 +396,7 @@ class CoursesController < ApplicationController def teachers @search_str = params[:search].present? ? params[:search].strip : "" - if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582 + if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582 @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3) and LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{@search_str}%") else @@ -441,7 +441,7 @@ class CoursesController < ApplicationController @applications = CourseMessage.unhandled_join_course_requests_by_course(@course). joins("join users on course_messages.course_message_id=users.id"). where("LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{search_str}%") - if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582 + if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582 teacher_list = @course.course_members.where("course_members.role in (1, 2, 3)") else teacher_list = @course.course_members.where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id} @@ -838,7 +838,7 @@ class CoursesController < ApplicationController # 已通过职业认证的教师复制课堂 def duplicate_course - return tip_exception("没有复制权限") unless current_user.admin? || current_user.is_teacher? || current_user.teacher_of_course?(@course) + return tip_exception("没有复制权限") unless current_user.admin_or_business? || current_user.is_teacher? || current_user.teacher_of_course?(@course) return tip_exception("教师职业认证未通过") unless current_user.pro_certification? new_course = @course.self_duplicate @@ -1404,7 +1404,7 @@ class CoursesController < ApplicationController # Use callbacks to share common setup or constraints between actions. def set_course @course = Course.find_by!(id: params[:id]) - tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin? + tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business? end # Never trust parameters from the scary internet, only allow the white list through. diff --git a/app/controllers/exercise_bank_questions_controller.rb b/app/controllers/exercise_bank_questions_controller.rb index 1fd8ad874..46547ecb0 100644 --- a/app/controllers/exercise_bank_questions_controller.rb +++ b/app/controllers/exercise_bank_questions_controller.rb @@ -372,7 +372,7 @@ class ExerciseBankQuestionsController < ApplicationController private def bank_admin - tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin_or_business? end def get_exercise diff --git a/app/controllers/exercise_banks_controller.rb b/app/controllers/exercise_banks_controller.rb index 9a35bfcdb..556b445ba 100644 --- a/app/controllers/exercise_banks_controller.rb +++ b/app/controllers/exercise_banks_controller.rb @@ -26,7 +26,7 @@ class ExerciseBanksController < ApplicationController search = params[:search] type = params[:type] # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训(对本单位公开且未隐藏未关闭) - if current_user.admin? + if current_user.admin_or_business? @shixuns = Shixun.unhidden else none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id) @@ -67,7 +67,7 @@ class ExerciseBanksController < ApplicationController end def bank_admin - tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? end #判断实训是否已选择 diff --git a/app/controllers/graduation_works_controller.rb b/app/controllers/graduation_works_controller.rb index 67f21e85c..6d813f20b 100644 --- a/app/controllers/graduation_works_controller.rb +++ b/app/controllers/graduation_works_controller.rb @@ -410,7 +410,7 @@ class GraduationWorksController < ApplicationController # 删除教师/教辅的评分记录 def delete_score score = @work.graduation_work_scores.where(id: params[:comment_id]).first - if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin?) + if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin_or_business?) begin score.destroy normal_status("删除成功") diff --git a/app/controllers/gtopic_banks_controller.rb b/app/controllers/gtopic_banks_controller.rb index f09a8554c..504868a6e 100644 --- a/app/controllers/gtopic_banks_controller.rb +++ b/app/controllers/gtopic_banks_controller.rb @@ -26,7 +26,7 @@ class GtopicBanksController < ApplicationController end def bank_admin - tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? end def gtopic_bank_params diff --git a/app/controllers/homework_banks_controller.rb b/app/controllers/homework_banks_controller.rb index 61bded033..00efbbd5f 100644 --- a/app/controllers/homework_banks_controller.rb +++ b/app/controllers/homework_banks_controller.rb @@ -47,7 +47,7 @@ class HomeworkBanksController < ApplicationController end def bank_admin - tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? end def bank_params diff --git a/app/controllers/homework_commons_controller.rb b/app/controllers/homework_commons_controller.rb index d24f8b9b3..1d47fa293 100644 --- a/app/controllers/homework_commons_controller.rb +++ b/app/controllers/homework_commons_controller.rb @@ -757,7 +757,7 @@ class HomeworkCommonsController < ApplicationController search = params[:search] type = params[:type] # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训(对本单位公开且未隐藏未关闭) - if current_user.admin? + if current_user.admin_or_business? @shixuns = Shixun.unhidden else none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id) diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 153598990..cbad33e67 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -126,7 +126,7 @@ class MessagesController < ApplicationController end def create - return normal_status(403, "您没有权限进行该操作") unless current_user.admin? || current_user.member_of_course?(@board.course) + return normal_status(403, "您没有权限进行该操作") unless current_user.admin_or_business? || current_user.member_of_course?(@board.course) begin @message = Message.new(message_params) diff --git a/app/controllers/poll_bank_questions_controller.rb b/app/controllers/poll_bank_questions_controller.rb index 71f302115..9e3e890b0 100644 --- a/app/controllers/poll_bank_questions_controller.rb +++ b/app/controllers/poll_bank_questions_controller.rb @@ -114,7 +114,7 @@ class PollBankQuestionsController < ApplicationController private def bank_admin - tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin_or_business? end def get_poll diff --git a/app/controllers/question_banks_controller.rb b/app/controllers/question_banks_controller.rb index ddb0f3ce1..5183c7a96 100644 --- a/app/controllers/question_banks_controller.rb +++ b/app/controllers/question_banks_controller.rb @@ -10,7 +10,7 @@ class QuestionBanksController < ApplicationController def bank_list page = params[:page] || 1 limit = params[:limit] || 15 - @certification_teacher = current_user.is_certification_teacher || current_user.admin? + @certification_teacher = current_user.is_certification_teacher || current_user.admin_or_business? @objects = @object_type.classify.constantize.where(@object_filter) @objects = if params[:search] @@ -134,7 +134,7 @@ class QuestionBanksController < ApplicationController def destroy bank = current_bank - unless current_user.admin? || bank.user_id == current_user.id + unless current_user.admin_or_business? || bank.user_id == current_user.id render_forbidden return end @@ -165,7 +165,7 @@ class QuestionBanksController < ApplicationController def object_banks banks ||= @object_type.classify.constantize.where(@object_filter).where(id: params[:object_id]) - unless current_user.admin? + unless current_user.admin_or_business? banks = banks.where(user_id: current_user.id) end banks @@ -202,7 +202,7 @@ class QuestionBanksController < ApplicationController end def teacher_or_admin - tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin? + tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin_or_business? end def quote_homework_bank homework, course diff --git a/app/controllers/task_banks_controller.rb b/app/controllers/task_banks_controller.rb index 2b1a400ef..768c4cb2a 100644 --- a/app/controllers/task_banks_controller.rb +++ b/app/controllers/task_banks_controller.rb @@ -29,7 +29,7 @@ class TaskBanksController < ApplicationController end def bank_admin - tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? + tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? end def gtask_bank_params diff --git a/app/controllers/users/question_banks_controller.rb b/app/controllers/users/question_banks_controller.rb index c5b837d0b..73d1d4dec 100644 --- a/app/controllers/users/question_banks_controller.rb +++ b/app/controllers/users/question_banks_controller.rb @@ -66,9 +66,9 @@ class Users::QuestionBanksController < Users::BaseController def check_user_permission! if params[:type] == 'publicly' - normal_status(-2,"未通过职业认证") unless User.current.admin? || User.current.certification_teacher? + normal_status(-2,"未通过职业认证") unless User.current.admin_or_business? || User.current.certification_teacher? else - render_forbidden unless User.current.admin? || User.current.is_teacher? + render_forbidden unless User.current.admin_or_business? || User.current.is_teacher? end end end \ No newline at end of file diff --git a/app/controllers/weapps/courses_controller.rb b/app/controllers/weapps/courses_controller.rb index cb3c195d6..d732416ba 100644 --- a/app/controllers/weapps/courses_controller.rb +++ b/app/controllers/weapps/courses_controller.rb @@ -39,7 +39,7 @@ class Weapps::CoursesController < Weapps::BaseController @page = (params[:page] || 1).to_i @limit = (params[:limit] || 20).to_i search = params[:search].present? ? params[:search].strip : "" - if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582 + if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582 @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3)") else @teacher_list = @course.course_members.joins(:user).where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id} @@ -203,6 +203,6 @@ class Weapps::CoursesController < Weapps::BaseController def set_course @course = Course.find_by!(id: params[:id]) - tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin? + tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business? end end \ No newline at end of file diff --git a/app/models/course.rb b/app/models/course.rb index 9100f8470..83d2bb56e 100644 --- a/app/models/course.rb +++ b/app/models/course.rb @@ -251,7 +251,7 @@ class Course < ApplicationRecord member = course_member(user.id) group_ids = if member.present? member.teacher_course_groups.size > 0 ? member.teacher_course_groups.pluck(:course_group_id) : course_groups.pluck(:id) - elsif user.admin? + elsif user.admin_or_business? course_groups.pluck(:id) else [] diff --git a/app/models/student_works_score.rb b/app/models/student_works_score.rb index 299b61596..403609d5d 100644 --- a/app/models/student_works_score.rb +++ b/app/models/student_works_score.rb @@ -17,7 +17,7 @@ class StudentWorksScore < ApplicationRecord end def allow_delete current_user - (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin?) + (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin_or_business?) end # 匿评分 diff --git a/app/views/exercise_banks/show.json.jbuilder b/app/views/exercise_banks/show.json.jbuilder index 802e863cb..4c01f1fd1 100644 --- a/app/views/exercise_banks/show.json.jbuilder +++ b/app/views/exercise_banks/show.json.jbuilder @@ -2,7 +2,7 @@ if @bank.container_type == "Exercise" json.exercise do json.extract! @bank, :id, :name, :description, :is_public end - json.authorize @bank.user_id == current_user.id || current_user.admin? + json.authorize @bank.user_id == current_user.id || current_user.admin_or_business? json.partial! "exercises/exercise_scores" @@ -21,7 +21,7 @@ else json.poll do json.extract! @bank, :id, :name, :description, :is_public end - json.authorize @bank.user_id == current_user.id || current_user.admin? + json.authorize @bank.user_id == current_user.id || current_user.admin_or_business? json.question_types do json.q_counts @poll_questions_count diff --git a/app/views/graduation_tasks/show.json.jbuilder b/app/views/graduation_tasks/show.json.jbuilder index 814cc62ce..8b2a553b1 100644 --- a/app/views/graduation_tasks/show.json.jbuilder +++ b/app/views/graduation_tasks/show.json.jbuilder @@ -1,7 +1,7 @@ json.partial! "public_navigation", locals: {graduation: @task, course: @course} json.description @task.description json.user_id @task.user_id -json.authorize @task.user_id == current_user.id || current_user.admin? +json.authorize @task.user_id == current_user.id || current_user.admin_or_business? # 附件 json.attachments @attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} diff --git a/app/views/graduation_works/comment_list.json.jbuilder b/app/views/graduation_works/comment_list.json.jbuilder index 77898c91d..5f59a8bcf 100644 --- a/app/views/graduation_works/comment_list.json.jbuilder +++ b/app/views/graduation_works/comment_list.json.jbuilder @@ -15,7 +15,7 @@ json.comment_scores @comment_scores do |score| json.score score.score json.content score.comment json.is_invalid score.is_invalid - json.delete (@current_user == score.user || @current_user.admin?) && (score.is_invalid || score.score.nil?) + json.delete (@current_user == score.user || @current_user.admin_or_business?) && (score.is_invalid || score.score.nil?) json.attachments score.attachments do |atta| json.partial! "attachments/attachment_simple", locals: {attachment: atta, delete: false} end diff --git a/app/views/gtopic_banks/show.json.jbuilder b/app/views/gtopic_banks/show.json.jbuilder index 7ab86674d..0d32b17a3 100644 --- a/app/views/gtopic_banks/show.json.jbuilder +++ b/app/views/gtopic_banks/show.json.jbuilder @@ -1,6 +1,6 @@ json.(@bank, :id, :name, :description, :is_public, :topic_type, :topic_source, :topic_property_first, :topic_property_second, :source_unit, :topic_repeat, :province, :city) -json.authorize @bank.user_id == current_user.id || current_user.admin? +json.authorize @bank.user_id == current_user.id || current_user.admin_or_business? json.attachment_list @bank_attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} diff --git a/app/views/homework_banks/show.json.jbuilder b/app/views/homework_banks/show.json.jbuilder index f3785173a..82be072cf 100644 --- a/app/views/homework_banks/show.json.jbuilder +++ b/app/views/homework_banks/show.json.jbuilder @@ -1,5 +1,5 @@ json.(@bank, :id, :name, :description, :homework_type, :is_public, :min_num, :max_num, :base_on_project, :reference_answer) -json.authorize @bank.user_id == current_user.id || current_user.admin? +json.authorize @bank.user_id == current_user.id || current_user.admin_or_business? json.attachments @bank_attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} diff --git a/app/views/task_banks/show.json.jbuilder b/app/views/task_banks/show.json.jbuilder index ab53399e1..bc9e6d70e 100644 --- a/app/views/task_banks/show.json.jbuilder +++ b/app/views/task_banks/show.json.jbuilder @@ -1,6 +1,6 @@ json.(@bank, :id, :name, :description, :task_type, :is_public) # 附件 -json.authorize @bank.user_id == current_user.id || current_user.admin? +json.authorize @bank.user_id == current_user.id || current_user.admin_or_business? json.attachments @bank_attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} end diff --git a/app/views/users/question_banks/index.json.jbuilder b/app/views/users/question_banks/index.json.jbuilder index 018e78254..d39341e08 100644 --- a/app/views/users/question_banks/index.json.jbuilder +++ b/app/views/users/question_banks/index.json.jbuilder @@ -14,5 +14,5 @@ json.question_banks @question_banks do |question_bank| json.course_list_name question_bank.course_list&.name json.updated_at question_bank.updated_at json.solve_count @solve_count_map.fetch(question_bank.id, 0) - json.authorize question_bank.user_id == current_user.id || current_user.admin? + json.authorize question_bank.user_id == current_user.id || current_user.admin_or_business? end