diff --git a/app/constraint/admin_constraint.rb b/app/constraint/admin_constraint.rb new file mode 100644 index 000000000..3ddf9a11e --- /dev/null +++ b/app/constraint/admin_constraint.rb @@ -0,0 +1,7 @@ +class AdminConstraint + def matches?(request) + return false unless request.session[:user_id] + user = User.find request.session[:user_id] + user && user.admin? + end +end \ No newline at end of file diff --git a/app/controllers/accounts_controller.rb b/app/controllers/accounts_controller.rb index d3808a06b..e2df181f0 100644 --- a/app/controllers/accounts_controller.rb +++ b/app/controllers/accounts_controller.rb @@ -52,6 +52,8 @@ class AccountsController < ApplicationController container_type: pre == 'p' ? 'Phone' : 'Mail', score: 500 ) + successful_authentication(@user) + session[:user_id] = @user.id end rescue Exception => e uid_logger_error(e.message) @@ -107,6 +109,9 @@ class AccountsController < ApplicationController set_autologin_cookie(user) UserAction.create(:action_id => user.try(:id), :action_type => "Login", :user_id => user.try(:id)) + + # 注册完成后有一天的试用申请 + UserDayCertification.create(user_id: user.id, status: 1) end def set_autologin_cookie(user) diff --git a/app/controllers/add_department_applies_controller.rb b/app/controllers/add_department_applies_controller.rb index ed8067c84..644ebd87e 100644 --- a/app/controllers/add_department_applies_controller.rb +++ b/app/controllers/add_department_applies_controller.rb @@ -1,5 +1,5 @@ class AddDepartmentAppliesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth def create CreateAddDepartmentApplyService.call(current_user, create_params) diff --git a/app/controllers/add_school_applies_controller.rb b/app/controllers/add_school_applies_controller.rb index 9f2376b9e..c868d79c9 100644 --- a/app/controllers/add_school_applies_controller.rb +++ b/app/controllers/add_school_applies_controller.rb @@ -1,5 +1,5 @@ class AddSchoolAppliesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth def create CreateAddSchoolApplyService.call(current_user, create_params) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index e6c0116fc..f9516b9e4 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -148,19 +148,7 @@ class ApplicationController < ActionController::Base # 未授权的捕捉407,弹试用申请弹框 def require_login #6.13 -hs - if User.current.logged? - if !current_user.profile_completed? - info_url = "#{edu_setting('old_edu_host')}/account/user_info" - tip_exception(402, info_url) - # render :json => { status: 402, url: info_url } - elsif current_user.certification != 1 - day_cer = UserDayCertification.where(user_id: current_user.id).last - tip_exception(407, "系统未授权") unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400 - end - else - tip_exception(401, "..") - end - + tip_exception(401, "..") unless User.current.logged? end # 异常提醒 @@ -190,33 +178,13 @@ class ApplicationController < ActionController::Base # 系统全局认证 # def check_auth - # old_edu_host = edu_setting('old_edu_host') - # ue = current_user.user_extension - # - # if current_user.lastname.blank? || ue.school_id.blank? || ue.identity.blank? || current_user.mail.blank? - # info_url = old_edu_host + '/account/user_info' - # render :json => { status: 402, url: info_url } - # elsif current_user.certification != 1 - # day_cer = UserDayCertification.where(user_id: current_user.id).last - # unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400 - # account_url = old_edu_host + "/my/account" - # render :json => { status: 402, url: account_url } - # end - # end - true - end - - # 身份资料的认证: - # 如果试用过期则弹框提示认证,先跳入个人资料页面完善资料,资料完成后,弹框提醒用户试用申请 - def check_account - # # todo user_extension - # if User.current.logged? - # ue = current_user.user_extension - # if current_user.lastname.blank? || ue.school_id.blank? || ue.identity.blank? || current_user.mail.blank? - # info_url = "#{edu_setting('old_edu_host')}/account/user_info" - # render :json => { status: 402, url: info_url } - # end - # end + if !current_user.profile_completed? + info_url = '/account/profile' + tip_exception(402, info_url) + elsif current_user.certification != 1 + day_cer = UserDayCertification.find_by(user_id: current_user.id) + tip_exception(407, "系统未授权") unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400 + end end def start_user_session(user) @@ -236,8 +204,10 @@ class ApplicationController < ActionController::Base User.current = User.find 12 end + # User.current = User.find 81403 + if params[:debug] == 'teacher' #todo 为了测试,记得讲debug删除 - User.current = User.find 49610 + User.current = User.find 81403 elsif params[:debug] == 'student' User.current = User.find 8686 elsif params[:debug] == 'admin' diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index bf5c11856..c539b0a60 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -2,7 +2,7 @@ # # 文件上传 class AttachmentsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_file, only: %i[show destroy] include ErrorCommon diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb index 2e82c36d7..0bcaaa2c0 100644 --- a/app/controllers/boards_controller.rb +++ b/app/controllers/boards_controller.rb @@ -1,5 +1,5 @@ class BoardsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_course, only: [:create] before_action :set_board, except: [:create] before_action :teacher_allowed diff --git a/app/controllers/challenges_controller.rb b/app/controllers/challenges_controller.rb index 33963a192..697585e0c 100644 --- a/app/controllers/challenges_controller.rb +++ b/app/controllers/challenges_controller.rb @@ -1,5 +1,5 @@ class ChallengesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_shixun, only: [:new, :create, :index] skip_before_action :verify_authenticity_token, only: [:create, :update, :create_choose_question, :crud_answer] before_action :find_challenge, only: [:edit, :show, :update, :create_choose_question, :index_down, :index_up, diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb index 1f6dce053..0c0fe79af 100644 --- a/app/controllers/commons_controller.rb +++ b/app/controllers/commons_controller.rb @@ -1,7 +1,7 @@ class CommonsController < ApplicationController OBJECT_TYPE = %W[message journals_for_message] - before_action :require_login + before_action :require_login, :check_auth before_action :validate_object_type before_action :find_object before_action :validate_power @@ -45,7 +45,13 @@ class CommonsController < ApplicationController code = case params[:object_type].strip when 'message' - if current_user.course_identity(@object.board.course) >= 5 && @object.author != current_user + if current_user.course_identity(@object.board.course) >= Course::STUDENT && @object.author != current_user + 403 + else + 200 + end + when 'journals_for_message' + if current_user.course_identity(@object.jour.course) >= Course::STUDENT && @object.user != current_user 403 else 200 diff --git a/app/controllers/course_groups_controller.rb b/app/controllers/course_groups_controller.rb index bee3fa09d..0e16d1bac 100644 --- a/app/controllers/course_groups_controller.rb +++ b/app/controllers/course_groups_controller.rb @@ -1,5 +1,5 @@ class CourseGroupsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_group, except: [:create] before_action :find_course, only: [:create] before_action :teacher_or_admin_allowed diff --git a/app/controllers/course_modules_controller.rb b/app/controllers/course_modules_controller.rb index d8d4ea128..4e9f7b908 100644 --- a/app/controllers/course_modules_controller.rb +++ b/app/controllers/course_modules_controller.rb @@ -1,5 +1,5 @@ class CourseModulesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_module, except: [:unhidden_modules] before_action :find_course, only: [:unhidden_modules] before_action :teacher_allowed diff --git a/app/controllers/course_second_categories_controller.rb b/app/controllers/course_second_categories_controller.rb index d0f07f47f..ca544a584 100644 --- a/app/controllers/course_second_categories_controller.rb +++ b/app/controllers/course_second_categories_controller.rb @@ -1,5 +1,5 @@ class CourseSecondCategoriesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_category before_action :teacher_allowed diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index e6c4ae330..286935c17 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -11,7 +11,7 @@ class CoursesController < ApplicationController render_error(ex.model.errors.full_messages.join(',')) end - before_action :require_login, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner] + before_action :require_login, :check_auth, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner] before_action :set_course, :user_course_identity, only: [:show, :update, :destroy, :settings, :set_invite_code_halt, :set_public_or_private, :search_teacher_candidate, :teachers, :apply_teachers, :top_banner, :left_banner, :add_teacher_popup, :add_teacher, diff --git a/app/controllers/discusses_controller.rb b/app/controllers/discusses_controller.rb index db3047e74..3b987be51 100644 --- a/app/controllers/discusses_controller.rb +++ b/app/controllers/discusses_controller.rb @@ -9,13 +9,19 @@ class DiscussesController < ApplicationController # 总数,分页使用 if current_user.admin? @disscuss_count = Discuss.where(:dis_id => @container.id, :dis_type => @container.class.to_s, :root_id => nil).count - @discusses = Discuss.limit(LIMIT).where(:dis_id => @container.id, :dis_type => @container.class.to_s, - :root_id => nil).includes(:user, :praise_treads).offset(offset) + disscusses = Discuss.where(:dis_id => @container.id, :dis_type => @container.class.to_s, + :root_id => nil) else disscusses = Discuss.where("dis_id = :dis_id and dis_type = :dis_type and root_id is null and - (hidden = :hidden or user_id = :user_id)", + (discusses.hidden = :hidden or discusses.user_id = :user_id)", {dis_id: @container.id, dis_type: @container.class.to_s, hidden: false, user_id: current_user.id}) - @disscuss_count = disscusses.count + @disscuss_count = disscusses.count("discusses.id") + end + @manger = @container.has_manager?(current_user) + if @manger + @discusses = disscusses.limit(LIMIT).joins("left join games on discusses.challenge_id = games.challenge_id and discusses.user_id = games.user_id") + .select("discusses.*, games.identifier").includes(:user, :praise_treads).offset(offset) + else @discusses = disscusses.limit(LIMIT).includes(:user, :praise_treads).offset(offset) end diff --git a/app/controllers/ecs/base_controller.rb b/app/controllers/ecs/base_controller.rb index 9fb99c420..2cded249a 100644 --- a/app/controllers/ecs/base_controller.rb +++ b/app/controllers/ecs/base_controller.rb @@ -1,6 +1,6 @@ class Ecs::BaseController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :check_user_permission! helper_method :current_user, :current_school diff --git a/app/controllers/exercise_answers_controller.rb b/app/controllers/exercise_answers_controller.rb index aa3966d25..27e4aba11 100644 --- a/app/controllers/exercise_answers_controller.rb +++ b/app/controllers/exercise_answers_controller.rb @@ -1,5 +1,5 @@ class ExerciseAnswersController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :get_exercise_question include ExercisesHelper diff --git a/app/controllers/exercise_questions_controller.rb b/app/controllers/exercise_questions_controller.rb index e33e5e2dc..3d488c7b0 100644 --- a/app/controllers/exercise_questions_controller.rb +++ b/app/controllers/exercise_questions_controller.rb @@ -1,5 +1,5 @@ class ExerciseQuestionsController < ApplicationController - before_action :require_login #用户需登陆 + before_action :require_login, :check_auth #用户需登陆 before_action :get_exercise,only:[:new,:create] #获取试卷 before_action :get_exercise_question,except: [:new,:create] #获取试卷的问题及试卷 before_action :is_course_teacher #是否为老师 diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb index 4c4481483..682c474bb 100644 --- a/app/controllers/exercises_controller.rb +++ b/app/controllers/exercises_controller.rb @@ -1,5 +1,5 @@ class ExercisesController < ApplicationController - before_action :require_login,except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course,only: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys, :join_exercise_banks,:publish_modal,:publish,:end_modal,:end_exercise] #需要有课堂id参数的 before_action :get_exercise,except: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys, diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index b75020643..d090ae253 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -1,7 +1,7 @@ class FilesController < ApplicationController include MessagesHelper - before_action :require_login, except: %i[index] + before_action :require_login, :check_auth, except: %i[index] before_action :find_course, except: %i[public_with_course_and_project mine_with_course_and_project] before_action :find_ids, only: %i[bulk_delete bulk_send bulk_move bulk_public bulk_publish] before_action :file_validate_sort_type, only: :index diff --git a/app/controllers/games_controller.rb b/app/controllers/games_controller.rb index 6ffc7f0ce..217f1839a 100644 --- a/app/controllers/games_controller.rb +++ b/app/controllers/games_controller.rb @@ -1,5 +1,5 @@ class GamesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_game before_action :find_shixun, only: [:show, :answer, :rep_content, :choose_build, :game_build, :game_status] @@ -710,10 +710,10 @@ class GamesController < ApplicationController resubmit_identifier = @game.resubmit_identifier # 如果没有超时并且正在评测中 # 判断评测中的状态有两种:1、如果之前没有通关的,只需判断status为1即可;如果通过关,则判断game的resubmit_identifier是否更新 - uid_logger("################game_status: #{@game.status}") - uid_logger("################params[:resubmit]: #{params[:resubmit]}") - uid_logger("################resubmit_identifier: #{resubmit_identifier}") - uid_logger("################time_out: #{params[:time_out]}") + # uid_logger("################game_status: #{@game.status}") + # uid_logger("################params[:resubmit]: #{params[:resubmit]}") + # uid_logger("################resubmit_identifier: #{resubmit_identifier}") + # uid_logger("################time_out: #{params[:time_out]}") if (params[:time_out] == "false") && ((params[:resubmit].blank? && @game.status == 1) || (params[:resubmit].present? && (params[:resubmit] != resubmit_identifier))) # 代码评测的信息 diff --git a/app/controllers/gits_controller.rb b/app/controllers/gits_controller.rb index 1965f61ba..910864812 100644 --- a/app/controllers/gits_controller.rb +++ b/app/controllers/gits_controller.rb @@ -32,7 +32,7 @@ class GitsController < ApplicationController system_user = User.find_by_login(input_username) || User.find_by_mail(input_username) || User.find_by_phone(input_username) # 如果用户名密码错误 - if !system_user.check_password?(input_password) + if system_user && !system_user.check_password?(input_password) uid_logger_error("git start: password is wrong") result = false else diff --git a/app/controllers/graduation_tasks_controller.rb b/app/controllers/graduation_tasks_controller.rb index c3b73ad20..fc9c8df45 100644 --- a/app/controllers/graduation_tasks_controller.rb +++ b/app/controllers/graduation_tasks_controller.rb @@ -1,5 +1,5 @@ class GraduationTasksController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course, except: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment] before_action :find_task, only: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment] before_action :user_course_identity @@ -37,7 +37,7 @@ class GraduationTasksController < ApplicationController @all_count = @course.graduation_tasks.size @published_count = @course.graduation_tasks.where("publish_time <= '#{Time.now}'").size @task_count = @tasks.size - @tasks = @tasks.reorder("#{default_order}").page(page).per(15).includes(:graduation_works, course: [course_members: :teacher_course_groups]) + @tasks = @tasks.reorder("#{default_order}").page(page).per(15).includes(:graduation_works) end # 任务问答 @@ -55,6 +55,8 @@ class GraduationTasksController < ApplicationController page = params[:page] || 1 limit = params[:limit] || 20 @work = @task.graduation_works.where(user_id: current_user.id) + @students = @course.students + @assign_power = @user_course_identity < Course::STUDENT && @task.cross_comment && @task.comment_status == 2 #end_time @task.allow_late ? @task.late_time : @task.end_time # 任务发布的情况下: 是老师身份或者任务已截止的情况下公开任务了作品设置的学生也能查看其他人的作品 if @task.published? && (@user_course_identity < Course::STUDENT || @@ -72,7 +74,7 @@ class GraduationTasksController < ApplicationController @work_list = @task.graduation_works.where(user_id: user_ids).includes(user: [:user_extension]) @all_work_count = @work_list.count - @teachers = @course.teachers.where.not(user_id: current_user.id) + @teachers = @course.teachers.where.not(user_id: current_user.id).includes(:user) # 教师评阅搜索 0: 未评, 1 已评 unless params[:teacher_comment].blank? graduation_work_ids = GraduationWorkScore.where(graduation_work_id: @work_list.map(&:id)).pluck(:graduation_work_id) @@ -110,9 +112,9 @@ class GraduationTasksController < ApplicationController end # 排序 - rorder = params[:order].blank? ? "updated_at" : params[:order] + rorder = params[:order].blank? ? "update_time" : params[:order] b_order = params[:b_order].blank? ? "desc" : params[:b_order] - if rorder == "created_at" || rorder == "work_score" + if rorder == "update_time" || rorder == "work_score" @work_list = @work_list.order("graduation_works.#{rorder} #{b_order}") elsif rorder == "student_id" @work_list = @work_list.joins(user: :user_extension).order("user_extensions.#{rorder} #{b_order}") diff --git a/app/controllers/graduation_topics_controller.rb b/app/controllers/graduation_topics_controller.rb index 4ad07c77e..754b472c5 100644 --- a/app/controllers/graduation_topics_controller.rb +++ b/app/controllers/graduation_topics_controller.rb @@ -1,5 +1,5 @@ class GraduationTopicsController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course before_action :teacher_allowed, only: [:new, :create, :update, :edit, :destroys, :set_public, :refuse_student_topic, :accept_student_topic, :export] diff --git a/app/controllers/graduation_works_controller.rb b/app/controllers/graduation_works_controller.rb index 7cf1a3393..a4a59a3f5 100644 --- a/app/controllers/graduation_works_controller.rb +++ b/app/controllers/graduation_works_controller.rb @@ -1,5 +1,5 @@ class GraduationWorksController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_task, only: [:new, :create, :search_member_list, :check_project, :relate_project, :cancel_relate_project] before_action :find_work, only: [:show, :edit, :update, :revise_attachment, :supply_attachments, :comment_list, diff --git a/app/controllers/homework_commons_controller.rb b/app/controllers/homework_commons_controller.rb index 6f0f10f4d..bbae7ba75 100644 --- a/app/controllers/homework_commons_controller.rb +++ b/app/controllers/homework_commons_controller.rb @@ -3,7 +3,7 @@ class HomeworkCommonsController < ApplicationController include ApplicationHelper include ExportHelper - before_action :require_login, except: [:index, :choose_category] + before_action :require_login, :check_auth, except: [:index, :choose_category] before_action :find_course, only: [:index, :create, :new, :shixuns, :subjects, :create_shixun_homework, :publish_homework, :end_homework, :set_public, :choose_category, :move_to_category, :choose_category, diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index f684b27f3..5bdc3e053 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -3,7 +3,7 @@ class MessagesController < ApplicationController SORT_TYPE = %w[time hot] - before_action :require_login, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public] + before_action :require_login, :check_auth, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public] before_action :find_board, only: [:create, :index, :bulk_delete, :bulk_move, :bulk_send, :bulk_public] before_action :find_message, only: [:update, :destroy, :sticky_top, :reply_list, :destroy, :reply] before_action :validate_delete_params, only: %i[bulk_delete bulk_public] @@ -87,7 +87,10 @@ class MessagesController < ApplicationController end def show - @message = Message.includes(:attachments, :message_detail, :children, :author => :user_extension, :board => [{course: :board_course_modules}]).find_by_id params[:id] + @message = Message.includes(:attachments, :message_detail, + :children, :author => :user_extension, + :board => [{course: :board_course_modules}]) + .find_by_id params[:id] return normal_status(-2, "ID为#{params[:id]}的帖子不存在") if @message.nil? @attachment_size = @message.attachments.size diff --git a/app/controllers/myshixuns_controller.rb b/app/controllers/myshixuns_controller.rb index f4549d691..276fbef32 100644 --- a/app/controllers/myshixuns_controller.rb +++ b/app/controllers/myshixuns_controller.rb @@ -1,5 +1,5 @@ class MyshixunsController < ApplicationController - before_action :require_login, :except => [:training_task_status, :code_runinng_message] + before_action :require_login, :check_auth, :except => [:training_task_status, :code_runinng_message] before_action :find_myshixun, :except => [:training_task_status, :code_runinng_message] before_action :find_repo_name, :except => [:training_task_status, :code_runinng_message] skip_before_action :verify_authenticity_token, :only => [:html_content] diff --git a/app/controllers/poll_questions_controller.rb b/app/controllers/poll_questions_controller.rb index 84e21c4e8..6a0b9ea47 100644 --- a/app/controllers/poll_questions_controller.rb +++ b/app/controllers/poll_questions_controller.rb @@ -1,5 +1,5 @@ class PollQuestionsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :get_poll,only:[:new,:create] before_action :get_poll_question,except: [:new,:create] before_action :is_course_teacher diff --git a/app/controllers/poll_votes_controller.rb b/app/controllers/poll_votes_controller.rb index c11248054..b1191d8ea 100644 --- a/app/controllers/poll_votes_controller.rb +++ b/app/controllers/poll_votes_controller.rb @@ -1,6 +1,6 @@ class PollVotesController < ApplicationController #在开始回答和提交问卷的时候,已经做了判断用户的身份权限 - before_action :require_login + before_action :require_login, :check_auth before_action :get_poll_question before_action :check_answer_in_question diff --git a/app/controllers/polls_controller.rb b/app/controllers/polls_controller.rb index e2d0ce3cd..70995fbcf 100644 --- a/app/controllers/polls_controller.rb +++ b/app/controllers/polls_controller.rb @@ -1,6 +1,6 @@ class PollsController < ApplicationController # before_action :check_poll_status 问卷的发消息和定时任务没有做 - before_action :require_login,except: [:index] + before_action :require_login, :check_auth,except: [:index] before_action :find_course, except: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer,:commit_poll, :commit_result,:poll_lists,:cancel_publish,:cancel_publish_modal,:common_header] before_action :get_poll_and_course, only: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer, diff --git a/app/controllers/praise_tread_controller.rb b/app/controllers/praise_tread_controller.rb index bf814db77..459eb4bad 100644 --- a/app/controllers/praise_tread_controller.rb +++ b/app/controllers/praise_tread_controller.rb @@ -1,6 +1,6 @@ class PraiseTreadController < ApplicationController include MessagesHelper - before_action :require_login + before_action :require_login, :check_auth before_action :validate_params, only: [:like, :unlike] before_action :find_object diff --git a/app/controllers/question_banks_controller.rb b/app/controllers/question_banks_controller.rb index 22650f2d3..e30065d09 100644 --- a/app/controllers/question_banks_controller.rb +++ b/app/controllers/question_banks_controller.rb @@ -1,5 +1,5 @@ class QuestionBanksController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :params_filter # 题库选用列表 diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb index b8a5ec53c..2d708bfa8 100644 --- a/app/controllers/shixuns_controller.rb +++ b/app/controllers/shixuns_controller.rb @@ -1,6 +1,6 @@ class ShixunsController < ApplicationController - before_action :require_login, except: [:download_file, :index, :menus] - before_action :check_auth, except: [:download_file, :index] + before_action :require_login, :check_auth, except: [:download_file, :index, :menus] + before_action :check_auth, except: [:download_file, :index, :menus] before_action :find_shixun, :shixun_access_allowed, except: [:index, :new, :create, :menus, :get_recommend_shixuns, :propaedeutics, :departments, :apply_shixun_mirror, @@ -44,11 +44,12 @@ class ShixunsController < ApplicationController ## 搜索关键字 匹配关卡名, 用户名, 实训名 和 空格多搜索 if params[:keyword].present? keyword = params[:keyword].strip - @shixuns = @shixuns.joins(:users, challenges: :challenge_tags). - where("challenge_tags.name like '%#{keyword}%' - or challenges.subject like '%#{keyword}%' - or concat(lastname, firstname) like '%#{keyword}%' - or shixuns.name like '%#{keyword.split(" ").join("%")}%'").distinct + @shixuns = @shixuns.joins(:user, challenges: :challenge_tags). + where("challenge_tags.name like :keyword + or challenges.subject like :keyword + or concat(lastname, firstname) like :keyword + or shixuns.name like :name", + keyword: "%#{keyword}%", name: "%#{keyword.split(" ").join("%")}%").distinct end ## 筛选 状态 @@ -68,15 +69,15 @@ class ShixunsController < ApplicationController when 'new' @shixuns = @shixuns.order("shixuns.status = 2 desc, shixuns.created_at #{bsort}") when 'hot' - @shixuns = @shixuns.order("shixuns.status = 2 desc, myshixuns_count #{bsort}") + @shixuns = @shixuns.order("shixuns.status = 2 desc, shixuns.myshixuns_count #{bsort}") when 'mine' @shixuns = @shixuns.order("shixuns.created_at #{bsort}") else - @shixuns = @shixuns.order("shixuns.status = 2 desc, publish_time #{bsort}") + @shixuns = @shixuns.order("shixuns.status = 2 desc, shixuns.publish_time #{bsort}") end - - @total_count = @shixuns.count + # 用id计数会快10+MS左右,对于搜索的内容随着数据的增加,性能会提升一些。 + @total_count = @shixuns.count("shixuns.id") ## 分页参数 page = params[:page] || 1 @@ -128,7 +129,7 @@ class ShixunsController < ApplicationController select m.user_id, u.login, u.lastname, m.updated_at, (select sum(cost_time) from games g where g.myshixun_id = m.id) as time, (select sum(final_score) from games g where g.myshixun_id = m.id) as score - from (myshixuns m join users u on m.user_id = u.id) where m.shixun_id = #{@shixun.id} and m.status = 1 + from (users u left join myshixuns m on m.user_id = u.id) where m.shixun_id = #{@shixun.id} and m.status = 1 order by score desc, time asc limit 10 " @myshixuns = Myshixun.find_by_sql(sql) diff --git a/app/controllers/stages_controller.rb b/app/controllers/stages_controller.rb index 3d0087981..c62832365 100644 --- a/app/controllers/stages_controller.rb +++ b/app/controllers/stages_controller.rb @@ -1,5 +1,5 @@ class StagesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_subject, only: [:create, :index] before_action :find_stage, only: [:update, :destroy, :edit, :up_position, :down_position] before_action :allowed, except: [:index] diff --git a/app/controllers/student_works_controller.rb b/app/controllers/student_works_controller.rb index 1c98db56c..9b32358bd 100644 --- a/app/controllers/student_works_controller.rb +++ b/app/controllers/student_works_controller.rb @@ -2,7 +2,7 @@ class StudentWorksController < ApplicationController include HomeworkCommonsHelper include StudentWorksHelper - before_action :require_login + before_action :require_login, :check_auth before_action :find_homework, only: [:new, :create, :search_member_list, :check_project, :relate_project, :cancel_relate_project] before_action :find_work, only: [:shixun_work_report, :adjust_review_score, :shixun_work, :commit_des, :update_des, diff --git a/app/controllers/subjects_controller.rb b/app/controllers/subjects_controller.rb index bb7059af6..b3e317e4b 100644 --- a/app/controllers/subjects_controller.rb +++ b/app/controllers/subjects_controller.rb @@ -1,5 +1,5 @@ class SubjectsController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] # before_action :check_auth, except: [:index] before_action :find_subject, except: [:index, :create, :append_to_stage] before_action :allowed, only: [:update, :edit, :destroy, :publish, :cancel_publish, :cancel_has_publish, @@ -22,17 +22,17 @@ class SubjectsController < ApplicationController # 最热排序 if reorder == "myshixun_count" if select - @subjects = Subject.find_by_sql("SELECT subjects.id, subjects.name, subjects.stages_count, subjects.repertoire_id, subjects.status, - subjects.shixuns_count, COUNT(myshixuns.id) AS myshixun_member_count FROM myshixuns, stage_shixuns, subjects - WHERE myshixuns.shixun_id = stage_shixuns.shixun_id AND stage_shixuns.subject_id = subjects.id - AND `subjects`.`hidden` = 0 AND `subjects`.`status` = 2 AND `subjects`.`name` like '%#{search}%' - AND `subjects`.`repertoire_id` = #{select} GROUP BY subjects.id ORDER BY myshixun_member_count DESC") + @subjects = Subject.find_by_sql("SELECT subjects.id, subjects.user_id, subjects.name, subjects.stages_count, subjects.repertoire_id, subjects.status, + subjects.shixuns_count, sum(shixuns.myshixuns_count) AS myshixun_member_count FROM subjects join stage_shixuns + on stage_shixuns.subject_id = subjects.id join shixuns on shixuns.id = stage_shixuns.shixun_id where + subjects.hidden = 0 AND subjects.status = 2 AND subjects.name like '%#{search}%' + AND subjects.repertoire_id = #{select} GROUP BY subjects.id ORDER BY myshixun_member_count DESC") else - @subjects = Subject.find_by_sql("SELECT subjects.id, subjects.name, subjects.stages_count, subjects.repertoire_id, subjects.status, - subjects.shixuns_count, COUNT(myshixuns.id) AS myshixun_member_count FROM myshixuns, stage_shixuns, subjects - WHERE myshixuns.shixun_id = stage_shixuns.shixun_id AND stage_shixuns.subject_id = subjects.id - AND `subjects`.`hidden` = 0 AND `subjects`.`status` = 2 AND `subjects`.`name` like '%#{search}%' - GROUP BY subjects.id ORDER BY myshixun_member_count DESC") + @subjects = Subject.find_by_sql("SELECT subjects.id, subjects.user_id, subjects.name, subjects.stages_count, subjects.repertoire_id, subjects.status, + subjects.shixuns_count, sum(shixuns.myshixuns_count) AS myshixun_member_count FROM subjects join stage_shixuns + on stage_shixuns.subject_id = subjects.id join shixuns on shixuns.id = stage_shixuns.shixun_id where + subjects.hidden = 0 AND subjects.status = 2 AND subjects.name like '%#{search}%' + GROUP BY subjects.id ORDER BY myshixun_member_count DESC") end else # 我的路径 @@ -65,9 +65,11 @@ class SubjectsController < ApplicationController @total_count = @subjects.size if reorder != "myshixun_count" - @subjects = @subjects.page(page).per(limit).includes(:shixuns) + @subjects = @subjects.page(page).per(limit).includes(:shixuns, :repertoire) else @subjects = @subjects[offset, limit] + subject_ids = @subjects.pluck(:id) + @subjects = Subject.where(id: subject_ids).order("field(id,#{subject_ids.join(',')})").includes(:shixuns, :repertoire) end end diff --git a/app/controllers/users/accounts_controller.rb b/app/controllers/users/accounts_controller.rb index e88ff4564..dff5115e1 100644 --- a/app/controllers/users/accounts_controller.rb +++ b/app/controllers/users/accounts_controller.rb @@ -1,4 +1,4 @@ -class Users::AccountsController < Users::BaseController +class Users::AccountsController < Users::BaseAccountController before_action :private_user_resources! def show diff --git a/app/controllers/users/base_account_controller.rb b/app/controllers/users/base_account_controller.rb index b693eaab5..5c474517d 100644 --- a/app/controllers/users/base_account_controller.rb +++ b/app/controllers/users/base_account_controller.rb @@ -1,7 +1,15 @@ class Users::BaseAccountController < Users::BaseController - before_action :require_login + before_action :require_login, :check_auth def observed_user @_observed_user ||= (User.find_by_id(params[:account_id]) || User.find_by_login(params[:account_id])) end + + private + + def require_login + return if User.current.logged? + + tip_exception(401, "..") + end end diff --git a/app/controllers/users/interests_controller.rb b/app/controllers/users/interests_controller.rb index 93836fd63..bac9c568d 100644 --- a/app/controllers/users/interests_controller.rb +++ b/app/controllers/users/interests_controller.rb @@ -1,6 +1,6 @@ class Users::InterestsController < Users::BaseController skip_before_action :check_observed_user_exists! - before_action :require_login + before_action :require_login, :check_auth def create identity = params[:identity].to_s.strip diff --git a/app/controllers/users/watches_controller.rb b/app/controllers/users/watches_controller.rb index 95a0b38cd..867106c52 100644 --- a/app/controllers/users/watches_controller.rb +++ b/app/controllers/users/watches_controller.rb @@ -1,5 +1,5 @@ class Users::WatchesController < Users::BaseController - before_action :require_login + before_action :require_login, :check_auth def create if observed_logged_user? diff --git a/app/controllers/zips_controller.rb b/app/controllers/zips_controller.rb index a4140fe34..10baf2454 100644 --- a/app/controllers/zips_controller.rb +++ b/app/controllers/zips_controller.rb @@ -1,5 +1,5 @@ class ZipsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :load_homework, only: [:shixun_report] before_action :get_exercise, only: [:export_exercises] diff --git a/app/helpers/graduation_tasks_helper.rb b/app/helpers/graduation_tasks_helper.rb index b9039544d..2bc059a55 100644 --- a/app/helpers/graduation_tasks_helper.rb +++ b/app/helpers/graduation_tasks_helper.rb @@ -67,7 +67,7 @@ module GraduationTasksHelper # 作品数统计:type: 1 已提交 0 未提交 def grduationwork_count task, type works = task.graduation_works - type == 1 ? works.where("work_status !=?", 0).size : works.where("work_status =?", 0).size + type == 1 ? works.select{|work| work.work_status != 0}.size : works.select{|work| work.work_status == 0}.size end # 普通/分组 作业作品状态数组 diff --git a/app/models/challenge.rb b/app/models/challenge.rb index 7afb919a0..4d136a718 100644 --- a/app/models/challenge.rb +++ b/app/models/challenge.rb @@ -16,6 +16,8 @@ class Challenge < ApplicationRecord # 参考答案 has_many :challenge_answers, :dependent => :destroy has_many :exercise_bank_shixun_challenges, :dependent => :destroy + # 回复 + has_many :discusses, :dependent => :destroy # acts_as_attachable diff --git a/app/models/course_member.rb b/app/models/course_member.rb index 52c13dbbf..65849e5de 100644 --- a/app/models/course_member.rb +++ b/app/models/course_member.rb @@ -148,7 +148,7 @@ class CourseMember < ApplicationRecord if teacher_groups.count > 0 member_ids = teacher_groups.where(course_group_id: self.try(:course_group_id)).pluck(:course_member_id).compact - none_group_teachers = teacher_groups.pluck(:course_member_id).size > 0 ? teacher_groups.pluck(:course_member_id).compact.join(',') : -1 + none_group_teachers = teacher_groups.pluck(:course_member_id).compact.size > 0 ? teacher_groups.pluck(:course_member_id).compact.join(',') : -1 teachers = course.teachers.where("course_members.id not in (#{none_group_teachers}) or course_members.id in (#{member_ids.size > 0 ? member_ids.join(',') : -1})") else diff --git a/app/models/discuss.rb b/app/models/discuss.rb index 737a89ec1..00e3209c0 100644 --- a/app/models/discuss.rb +++ b/app/models/discuss.rb @@ -9,6 +9,7 @@ class Discuss < ApplicationRecord has_many :tidings, as: :container, dependent: :destroy has_one :praise_tread_cache, as: :object, dependent: :destroy + belongs_to :challenge after_create :send_tiding scope :children, -> (discuss_id){ where(parent_id: discuss_id).includes(:user).reorder(created_at: :asc) } diff --git a/app/models/graduation_work.rb b/app/models/graduation_work.rb index 093e409a9..235bfcac6 100644 --- a/app/models/graduation_work.rb +++ b/app/models/graduation_work.rb @@ -68,7 +68,7 @@ class GraduationWork < ApplicationRecord # 作品是否能够分配指导老师 def assign_power?(course_identity) - course_identity < Course::STUDENT && self.graduation_task.cross_comment.present? && self.graduation_task.comment_status == 2 + course_identity < Course::STUDENT && graduation_task.cross_comment && graduation_task.comment_status == 2 end # 老师评阅分 diff --git a/app/models/message.rb b/app/models/message.rb index 6b41cdd95..7588ddc2a 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -73,7 +73,7 @@ class Message < ApplicationRecord # 包含二级回复的总点赞数 def total_praises_count - descendants.sum(:praises_count) + praises_count + descendants.sum(:praises_count) end # 包含二级回复数的总回复数 diff --git a/app/models/shixun.rb b/app/models/shixun.rb index cb305efaf..afad10397 100644 --- a/app/models/shixun.rb +++ b/app/models/shixun.rb @@ -52,7 +52,7 @@ class Shixun < ApplicationRecord end } - scope :visible, -> { where("status != -1") } + scope :visible, -> { where.not(status: -1) } scope :published, lambda{ where(status: 2) } scope :unhidden, lambda{ where(hidden: 0, status: 2) } scope :field_for_recommend, lambda{ select([:id, :name, :identifier, :myshixuns_count]) } diff --git a/app/models/subject.rb b/app/models/subject.rb index ced610377..66ac41c40 100644 --- a/app/models/subject.rb +++ b/app/models/subject.rb @@ -31,7 +31,7 @@ class Subject < ApplicationRecord # 挑战过路径的成员数 def member_count - shixuns.sum(:myshixuns_count) + shixuns.pluck(:myshixuns_count).sum end def all_score diff --git a/app/views/discusses/_discuss.json.jbuilder b/app/views/discusses/_discuss.json.jbuilder index 992466559..400798150 100644 --- a/app/views/discusses/_discuss.json.jbuilder +++ b/app/views/discusses/_discuss.json.jbuilder @@ -7,9 +7,10 @@ json.time time_from_now(discuss.created_at) json.position discuss.position json.shixun_id discuss.dis_id json.hidden discuss.hidden -json.manage current_user.manager_of_shixun?(container) +json.manage @manger json.reward discuss.reward -json.game_url discuss.game_url(container, current_user) +#json.game_url discuss.game_url(container, current_user) +json.game_url "/tasks/#{discuss.identifier}" if @manger && !children # 主贴和回复有一些不同点 if discuss.parent_id json.can_delete discuss.can_deleted?(current_user) diff --git a/app/views/discusses/index.json.jbuilder b/app/views/discusses/index.json.jbuilder index 1b7a95eb3..7ddfb31fb 100644 --- a/app/views/discusses/index.json.jbuilder +++ b/app/views/discusses/index.json.jbuilder @@ -1,8 +1,8 @@ json.disscuss_count @disscuss_count json.all @current_user.admin? json.comments @discusses do |discuss| - json.partial! 'discusses/discuss', locals: { discuss: discuss, container: @container, current_user: @current_user } + json.partial! 'discusses/discuss', locals: { discuss: discuss, container: @container, current_user: @current_user, children: false} json.children discuss.child_discuss(current_user) do |c_d| - json.partial! 'discusses/discuss', locals: { discuss: c_d, container: @container, current_user: @current_user } + json.partial! 'discusses/discuss', locals: { discuss: c_d, container: @container, current_user: @current_user, children: true } end end diff --git a/app/views/graduation_tasks/index.json.jbuilder b/app/views/graduation_tasks/index.json.jbuilder index 7fcececd9..a6540555d 100644 --- a/app/views/graduation_tasks/index.json.jbuilder +++ b/app/views/graduation_tasks/index.json.jbuilder @@ -1,10 +1,6 @@ json.course_identity @identity json.course_public @course.is_public == 1 json.is_end @course.is_end -json.all_count @all_count -json.published_count @published_count -json.unpublished_count @all_count - @published_count -json.task_count @task_count json.tasks @tasks.each do |task| # task_private = @identity > Course::STUDENT && !task.is_public @@ -29,3 +25,7 @@ json.tasks @tasks.each do |task| end end +json.all_count @all_count +json.published_count @published_count +json.unpublished_count @all_count - @published_count +json.task_count @task_count diff --git a/app/views/graduation_tasks/tasks_list.json.jbuilder b/app/views/graduation_tasks/tasks_list.json.jbuilder index 7588b6b6e..8ee2f78af 100644 --- a/app/views/graduation_tasks/tasks_list.json.jbuilder +++ b/app/views/graduation_tasks/tasks_list.json.jbuilder @@ -26,6 +26,9 @@ if @task.published? || @user_course_identity < Course::STUDENT # 是否具有分组 json.have_grouping @task.have_grouping? + # 是否关联项目 + json.have_project @task.have_grouping? && @task.base_on_project + if @user_course_identity == Course::STUDENT json.commit_count grduationwork_count @task, 1 json.uncommit_count grduationwork_count @task, 0 @@ -34,6 +37,7 @@ if @task.published? || @user_course_identity < Course::STUDENT json.work_count @work_count json.all_work_count @all_work_count end + # 学生数据 json.work_lists do json.array! @work_list do |work| @@ -41,7 +45,7 @@ if @task.published? || @user_course_identity < Course::STUDENT json.user_id work.user.id json.name work.user.real_name json.student_id work.user.student_id - json.class_grouping_name work.class_grouping_name + json.class_grouping_name @students.select{|student| student.user_id == work.user_id}.first.try(:course_group_name) json.ultimate_score work.ultimate_score if @task.have_grouping? json.grouping_name work.grouping_name @@ -58,7 +62,7 @@ if @task.published? || @user_course_identity < Course::STUDENT end json.late_penalty work.late_penalty if @task.allow_late json.final_score work_final_score work, @current_user, @user_course_identity - json.assign work.assign_power?(@user_course_identity) + json.assign @assign_power json.view_work @view_work || @current_user.id == work.user_id end end diff --git a/app/views/shixuns/_commit.json.jbuilder b/app/views/shixuns/_commit.json.jbuilder index b752affb6..f6587c261 100644 --- a/app/views/shixuns/_commit.json.jbuilder +++ b/app/views/shixuns/_commit.json.jbuilder @@ -16,7 +16,7 @@ json.commits commits do |commit| json.login nil json.image_url "avatars/User/b" json.name commit["author_name"] - json.email commit["author_email"] + # json.email commit["author_email"] end end end diff --git a/config/routes.rb b/config/routes.rb index 7e34363d1..d9e10e4cc 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -1,7 +1,8 @@ Rails.application.routes.draw do require 'sidekiq/web' - mount Sidekiq::Web => '/sidekiq' + require 'admin_constraint' + mount Sidekiq::Web => '/sidekiq', :constraints => AdminConstraint.new resources :edu_settings scope '/api' do diff --git a/db/migrate/20190711062033_modify_challenge_id_for_discusses.rb b/db/migrate/20190711062033_modify_challenge_id_for_discusses.rb new file mode 100644 index 000000000..86052375b --- /dev/null +++ b/db/migrate/20190711062033_modify_challenge_id_for_discusses.rb @@ -0,0 +1,11 @@ +class ModifyChallengeIdForDiscusses < ActiveRecord::Migration[5.2] + def change + discusses = Discuss.where(challenge_id: nil) + discusses.each do |dis| + challenge_id = Shixun.find(dis.dis_id).challenges.first.id + dis.update_column(:challenge_id, challenge_id) + end + add_index :discusses, :challenge_id + + end +end diff --git a/db/migrate/20190713022300_modify_md_attachment_url_for_md_cotents.rb b/db/migrate/20190713022300_modify_md_attachment_url_for_md_cotents.rb new file mode 100644 index 000000000..188e017a5 --- /dev/null +++ b/db/migrate/20190713022300_modify_md_attachment_url_for_md_cotents.rb @@ -0,0 +1,30 @@ +class ModifyMdAttachmentUrlForMdCotents < ActiveRecord::Migration[5.2] + def change + # 更新MarkDown图片的URL + homework_commons = HomeworkCommon.all + homework_commons.find_each do |hc| + hc.update_column(:description, hc.description.gsub("![](/attachments/download", "![](/api/attachments")) if hc.description.present? + end + + challenges = Challenge.all.unscoped + challenges.find_each do |c| + c.update_column(:task_pass, c.task_pass.gsub("![](/attachments/download", "![](/api/attachments")) if c.task_pass.present? + end + + challenge_answers = ChallengeAnswer.all.unscoped + challenge_answers.find_each do |ca| + ca.update_column(:contents, ca.contents.gsub("![](/attachments/download", "![](/api/attachments")) if ca.contents.present? + end + + shixun_infos = ShixunInfo.all + shixun_infos.find_each do |si| + si.update_column(:propaedeutics, si.propaedeutics.gsub("![](/attachments/download", "![](/api/attachments")) if si.propaedeutics.present? + si.update_column(:description, si.description.gsub("![](/attachments/download", "![](/api/attachments")) if si.description.present? + end + + subjects = Subject.all + subjects.find_each do |s| + s.update_column(:description, s.description.gsub("![](/attachments/download", "![](/api/attachments")) if s.description.present? + end + end +end diff --git a/lib/educoder/sms.rb b/lib/educoder/sms.rb index 237b270d5..cadce7465 100644 --- a/lib/educoder/sms.rb +++ b/lib/educoder/sms.rb @@ -70,6 +70,7 @@ module Educoder response = http.start { |http| http.request(request) } ActiveSupport::JSON.decode(response.body) rescue =>err + Rails.logger.error("#############sendYunpian_error: #{err.message}") return nil end end