课堂内所有权限对运营权限开放

5 years ago · 2188f8b2b0
parent 342648d174
commit 2188f8b2b0
24 changed files with 36 additions and 36 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -85,8 +85,8 @@ class ApplicationController < ActionController::Base
 	# 题库的访问权限
 	def bank_visit_auth
-		tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin? && @bank.user_id != current_user.id && @bank.is_public
+		tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin_or_business? && @bank.user_id != current_user.id && @bank.is_public
-		tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? ||
+		tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? ||
 			(current_user.certification_teacher? && @bank.is_public)
 	end
@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base
 	def find_course
 		return normal_status(2, '缺少course_id参数！') if params[:course_id].blank?
 		@course = Course.find(params[:course_id])
-		tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+		tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
 	rescue Exception => e
 		tip_exception(e.message)
 	end
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@ -58,7 +58,7 @@ class CommonsController < ApplicationController
          200
        end
      else
-        current_user.admin? ? 200 : 403
+        current_user.admin_or_business? ? 200 : 403
      end
    return normal_status(code, "你没有权限操作！") if code == 403
  end
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -396,7 +396,7 @@ class CoursesController < ApplicationController
  def teachers
    @search_str = params[:search].present? ? params[:search].strip : ""
-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3)
                                                     and LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{@search_str}%")
    else
@ -441,7 +441,7 @@ class CoursesController < ApplicationController
    @applications = CourseMessage.unhandled_join_course_requests_by_course(@course).
        joins("join users on course_messages.course_message_id=users.id").
        where("LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{search_str}%")
-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      teacher_list = @course.course_members.where("course_members.role in (1, 2, 3)")
    else
      teacher_list = @course.course_members.where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id}
@ -838,7 +838,7 @@ class CoursesController < ApplicationController
  # 已通过职业认证的教师复制课堂
  def duplicate_course
-    return tip_exception("没有复制权限") unless current_user.admin? || current_user.is_teacher? || current_user.teacher_of_course?(@course)
+    return tip_exception("没有复制权限") unless current_user.admin_or_business? || current_user.is_teacher? || current_user.teacher_of_course?(@course)
    return tip_exception("教师职业认证未通过") unless current_user.pro_certification?
    new_course = @course.self_duplicate
@ -1404,7 +1404,7 @@ class CoursesController < ApplicationController
  # Use callbacks to share common setup or constraints between actions.
  def set_course
    @course = Course.find_by!(id: params[:id])
-    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
  end
  # Never trust parameters from the scary internet, only allow the white list through.
--- a/app/controllers/exercise_bank_questions_controller.rb
+++ b/app/controllers/exercise_bank_questions_controller.rb
@ -372,7 +372,7 @@ class ExerciseBankQuestionsController < ApplicationController
  private
  def bank_admin
-    tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin_or_business?
  end
  def get_exercise
--- a/app/controllers/exercise_banks_controller.rb
+++ b/app/controllers/exercise_banks_controller.rb
@ -26,7 +26,7 @@ class ExerciseBanksController < ApplicationController
    search = params[:search]
    type = params[:type]
    # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训（对本单位公开且未隐藏未关闭）
-    if current_user.admin?
+    if current_user.admin_or_business?
      @shixuns = Shixun.unhidden
    else
      none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id)
@ -67,7 +67,7 @@ class ExerciseBanksController < ApplicationController
  end
  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end
  #判断实训是否已选择
--- a/app/controllers/graduation_works_controller.rb
+++ b/app/controllers/graduation_works_controller.rb
@ -410,7 +410,7 @@ class GraduationWorksController < ApplicationController
  # 删除教师/教辅的评分记录
  def delete_score
    score = @work.graduation_work_scores.where(id: params[:comment_id]).first
-    if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin?)
+    if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin_or_business?)
      begin
        score.destroy
        normal_status("删除成功")
--- a/app/controllers/gtopic_banks_controller.rb
+++ b/app/controllers/gtopic_banks_controller.rb
@ -26,7 +26,7 @@ class GtopicBanksController < ApplicationController
  end
  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end
  def gtopic_bank_params
--- a/app/controllers/homework_banks_controller.rb
+++ b/app/controllers/homework_banks_controller.rb
@ -47,7 +47,7 @@ class HomeworkBanksController < ApplicationController
  end
  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end
  def bank_params
--- a/app/controllers/homework_commons_controller.rb
+++ b/app/controllers/homework_commons_controller.rb
@ -757,7 +757,7 @@ class HomeworkCommonsController < ApplicationController
    search = params[:search]
    type = params[:type]
    # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训（对本单位公开且未隐藏未关闭）
-    if current_user.admin?
+    if current_user.admin_or_business?
      @shixuns = Shixun.unhidden
    else
      none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id)
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@ -126,7 +126,7 @@ class MessagesController < ApplicationController
  end
  def create
-    return normal_status(403, "您没有权限进行该操作") unless current_user.admin? || current_user.member_of_course?(@board.course)
+    return normal_status(403, "您没有权限进行该操作") unless current_user.admin_or_business? || current_user.member_of_course?(@board.course)
    begin
      @message = Message.new(message_params)
--- a/app/controllers/poll_bank_questions_controller.rb
+++ b/app/controllers/poll_bank_questions_controller.rb
@ -114,7 +114,7 @@ class PollBankQuestionsController < ApplicationController
  private
  def bank_admin
-    tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin_or_business?
  end
  def get_poll
--- a/app/controllers/question_banks_controller.rb
+++ b/app/controllers/question_banks_controller.rb
@ -10,7 +10,7 @@ class QuestionBanksController < ApplicationController
  def bank_list
    page = params[:page] || 1
    limit = params[:limit] || 15
-    @certification_teacher = current_user.is_certification_teacher || current_user.admin?
+    @certification_teacher = current_user.is_certification_teacher || current_user.admin_or_business?
    @objects = @object_type.classify.constantize.where(@object_filter)
    @objects =
        if params[:search]
@ -134,7 +134,7 @@ class QuestionBanksController < ApplicationController
  def destroy
    bank = current_bank
-    unless current_user.admin? || bank.user_id == current_user.id
+    unless current_user.admin_or_business? || bank.user_id == current_user.id
      render_forbidden
      return
    end
@ -165,7 +165,7 @@ class QuestionBanksController < ApplicationController
  def object_banks
    banks ||= @object_type.classify.constantize.where(@object_filter).where(id: params[:object_id])
-    unless current_user.admin?
+    unless current_user.admin_or_business?
      banks = banks.where(user_id: current_user.id)
    end
    banks
@ -202,7 +202,7 @@ class QuestionBanksController < ApplicationController
  end
  def teacher_or_admin
-    tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin?
+    tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin_or_business?
  end
  def quote_homework_bank homework, course
--- a/app/controllers/task_banks_controller.rb
+++ b/app/controllers/task_banks_controller.rb
@ -29,7 +29,7 @@ class TaskBanksController < ApplicationController
  end
  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end
  def gtask_bank_params
--- a/app/controllers/users/question_banks_controller.rb
+++ b/app/controllers/users/question_banks_controller.rb
@ -66,9 +66,9 @@ class Users::QuestionBanksController < Users::BaseController
  def check_user_permission!
    if params[:type] == 'publicly'
-      normal_status(-2,"未通过职业认证") unless User.current.admin? || User.current.certification_teacher?
+      normal_status(-2,"未通过职业认证") unless User.current.admin_or_business? || User.current.certification_teacher?
    else
-      render_forbidden unless User.current.admin? || User.current.is_teacher?
+      render_forbidden unless User.current.admin_or_business? || User.current.is_teacher?
    end
  end
 end
--- a/app/controllers/weapps/courses_controller.rb
+++ b/app/controllers/weapps/courses_controller.rb
@ -39,7 +39,7 @@ class Weapps::CoursesController < Weapps::BaseController
    @page = (params[:page] || 1).to_i
    @limit = (params[:limit] || 20).to_i
    search = params[:search].present? ? params[:search].strip : ""
-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3)")
    else
      @teacher_list = @course.course_members.joins(:user).where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id}
@ -203,6 +203,6 @@ class Weapps::CoursesController < Weapps::BaseController
  def set_course
    @course = Course.find_by!(id: params[:id])
-    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
  end
 end
--- a/app/models/course.rb
+++ b/app/models/course.rb
@ -251,7 +251,7 @@ class Course < ApplicationRecord
    member = course_member(user.id)
    group_ids = if member.present?
                  member.teacher_course_groups.size > 0 ? member.teacher_course_groups.pluck(:course_group_id) : course_groups.pluck(:id)
-                elsif user.admin?
+                elsif user.admin_or_business?
                  course_groups.pluck(:id)
                else
                  []
--- a/app/models/student_works_score.rb
+++ b/app/models/student_works_score.rb
@ -17,7 +17,7 @@ class StudentWorksScore < ApplicationRecord
  end
  def allow_delete current_user
-    (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin?)
+    (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin_or_business?)
  end
  # 匿评分
--- a/app/views/exercise_banks/show.json.jbuilder
+++ b/app/views/exercise_banks/show.json.jbuilder
@ -2,7 +2,7 @@ if @bank.container_type == "Exercise"
  json.exercise do
    json.extract! @bank, :id, :name, :description, :is_public
  end
-  json.authorize @bank.user_id == current_user.id || current_user.admin?
+  json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
  json.partial! "exercises/exercise_scores"
@ -21,7 +21,7 @@ else
  json.poll do
    json.extract! @bank, :id, :name, :description, :is_public
  end
-  json.authorize @bank.user_id == current_user.id || current_user.admin?
+  json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
  json.question_types do
    json.q_counts @poll_questions_count
--- a/app/views/graduation_tasks/show.json.jbuilder
+++ b/app/views/graduation_tasks/show.json.jbuilder
@ -1,7 +1,7 @@
 json.partial! "public_navigation", locals: {graduation: @task, course: @course}
 json.description @task.description
 json.user_id @task.user_id
-json.authorize @task.user_id == current_user.id || current_user.admin?
+json.authorize @task.user_id == current_user.id || current_user.admin_or_business?
 # 附件
 json.attachments @attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/graduation_works/comment_list.json.jbuilder
+++ b/app/views/graduation_works/comment_list.json.jbuilder
@ -15,7 +15,7 @@ json.comment_scores @comment_scores do |score|
  json.score score.score
  json.content score.comment
  json.is_invalid score.is_invalid
-  json.delete (@current_user == score.user || @current_user.admin?) && (score.is_invalid || score.score.nil?)
+  json.delete (@current_user == score.user || @current_user.admin_or_business?) && (score.is_invalid || score.score.nil?)
  json.attachments score.attachments do |atta|
    json.partial! "attachments/attachment_simple", locals: {attachment: atta, delete: false}
  end
--- a/app/views/gtopic_banks/show.json.jbuilder
+++ b/app/views/gtopic_banks/show.json.jbuilder
@ -1,6 +1,6 @@
 json.(@bank, :id, :name, :description, :is_public, :topic_type, :topic_source, :topic_property_first, :topic_property_second,
  :source_unit, :topic_repeat, :province, :city)
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
 json.attachment_list @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/homework_banks/show.json.jbuilder
+++ b/app/views/homework_banks/show.json.jbuilder
@ -1,5 +1,5 @@
 json.(@bank, :id, :name, :description, :homework_type, :is_public, :min_num, :max_num, :base_on_project, :reference_answer)
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
 json.attachments @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/task_banks/show.json.jbuilder
+++ b/app/views/task_banks/show.json.jbuilder
@ -1,6 +1,6 @@
 json.(@bank, :id, :name, :description, :task_type, :is_public)
 # 附件
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
 json.attachments @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
 end
--- a/app/views/users/question_banks/index.json.jbuilder
+++ b/app/views/users/question_banks/index.json.jbuilder
@ -14,5 +14,5 @@ json.question_banks @question_banks do |question_bank|
  json.course_list_name question_bank.course_list&.name
  json.updated_at question_bank.updated_at
  json.solve_count @solve_count_map.fetch(question_bank.id, 0)
-  json.authorize question_bank.user_id == current_user.id || current_user.admin?
+  json.authorize question_bank.user_id == current_user.id || current_user.admin_or_business?
 end