Merge branch 'dev_aliyun' of https://bdgit.educoder.net/Hjqreturn/educoder into dev_aliyun

5 years ago · 316b1bdb73
parent 0f335d2cd3 e49047c8ec
commit 316b1bdb73
36 changed files with 78 additions and 59 deletions
--- a/app/controllers/admins/examination_authentications_controller.rb
+++ b/app/controllers/admins/examination_authentications_controller.rb
@ -12,7 +12,7 @@ class Admins::ExaminationAuthenticationsController < Admins::BaseController
    ActiveRecord::Base.transaction do
      exam = ExaminationBank.find current_apply.container_id
      current_apply.update!(status: 1)
-      exam.update!(public: 0)
+      exam.update!(public: 1)
    end
    render_success_js
  end
--- a/app/controllers/admins/item_authentications_controller.rb
+++ b/app/controllers/admins/item_authentications_controller.rb
@ -16,7 +16,7 @@ class Admins::ItemAuthenticationsController < Admins::BaseController
    ActiveRecord::Base.transaction do
      item = ItemBank.find current_apply.container_id
      current_apply.update!(status: 1)
-      item.update!(public: 0)
+      item.update!(public: 1)
    end
    render_success_js
  end
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -85,8 +85,8 @@ class ApplicationController < ActionController::Base

 	# 题库的访问权限
 	def bank_visit_auth
-		tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin? && @bank.user_id != current_user.id && @bank.is_public
-		tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin? ||
+		tip_exception(-2,"未通过职业认证") if current_user.is_teacher? && !current_user.certification_teacher? && !current_user.admin_or_business? && @bank.user_id != current_user.id && @bank.is_public
+		tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business? ||
 			(current_user.certification_teacher? && @bank.is_public)
 	end

@ -165,7 +165,7 @@ class ApplicationController < ActionController::Base
 	def find_course
 		return normal_status(2, '缺少course_id参数！') if params[:course_id].blank?
 		@course = Course.find(params[:course_id])
-		tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+		tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
 	rescue Exception => e
 		tip_exception(e.message)
 	end
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@ -58,7 +58,7 @@ class CommonsController < ApplicationController
          200
        end
      else
-        current_user.admin? ? 200 : 403
+        current_user.admin_or_business? ? 200 : 403
      end
    return normal_status(code, "你没有权限操作！") if code == 403
  end
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -396,7 +396,7 @@ class CoursesController < ApplicationController
  def teachers
    @search_str = params[:search].present? ? params[:search].strip : ""

-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3)
                                                     and LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{@search_str}%")
    else
@ -441,7 +441,7 @@ class CoursesController < ApplicationController
    @applications = CourseMessage.unhandled_join_course_requests_by_course(@course).
        joins("join users on course_messages.course_message_id=users.id").
        where("LOWER(concat(users.lastname, users.firstname)) LIKE ?", "%#{search_str}%")
-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      teacher_list = @course.course_members.where("course_members.role in (1, 2, 3)")
    else
      teacher_list = @course.course_members.where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id}
@ -838,7 +838,7 @@ class CoursesController < ApplicationController

  # 已通过职业认证的教师复制课堂
  def duplicate_course
-    return tip_exception("没有复制权限") unless current_user.admin? || current_user.is_teacher? || current_user.teacher_of_course?(@course)
+    return tip_exception("没有复制权限") unless current_user.admin_or_business? || current_user.is_teacher? || current_user.teacher_of_course?(@course)
    return tip_exception("教师职业认证未通过") unless current_user.pro_certification?

    new_course = @course.self_duplicate
@ -1280,7 +1280,7 @@ class CoursesController < ApplicationController
    end

    if @all_members.size == 0
-      normal_status(-1,"课堂暂时没有学生")
+      normal_status(-1,"暂无学生数据")
    elsif params[:export].present? && params[:export]
      normal_status(0,"正在下载中")
    else
@ -1308,7 +1308,7 @@ class CoursesController < ApplicationController
        end

        if @all_members.length == 0
-          normal_status(-1,"课堂暂时没有学生")
+          normal_status(-1,"暂无学生数据")
        elsif params[:export].present? && params[:export]
          normal_status(0,"正在下载中")
        else
@ -1404,7 +1404,7 @@ class CoursesController < ApplicationController
  # Use callbacks to share common setup or constraints between actions.
  def set_course
    @course = Course.find_by!(id: params[:id])
-    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
  end

  # Never trust parameters from the scary internet, only allow the white list through.
--- a/app/controllers/examination_banks_controller.rb
+++ b/app/controllers/examination_banks_controller.rb
@ -50,8 +50,11 @@ class ExaminationBanksController < ApplicationController
  end

  def destroy
-    @exam.destroy!
-    render_ok
+    ActiveRecord::Base.transaction do
+      ApplyAction.where(container_type: "ExaminationBank", container_id: @exam.id).destroy_all
+      @exam.destroy!
+      render_ok
+    end
  end

  def set_public
--- a/app/controllers/exercise_bank_questions_controller.rb
+++ b/app/controllers/exercise_bank_questions_controller.rb
@ -372,7 +372,7 @@ class ExerciseBankQuestionsController < ApplicationController
  private

  def bank_admin
-    tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @exercise.user_id == current_user.id || current_user.admin_or_business?
  end

  def get_exercise
--- a/app/controllers/exercise_banks_controller.rb
+++ b/app/controllers/exercise_banks_controller.rb
@ -26,7 +26,7 @@ class ExerciseBanksController < ApplicationController
    search = params[:search]
    type = params[:type]
    # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训（对本单位公开且未隐藏未关闭）
-    if current_user.admin?
+    if current_user.admin_or_business?
      @shixuns = Shixun.unhidden
    else
      none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id)
@ -67,7 +67,7 @@ class ExerciseBanksController < ApplicationController
  end

  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end

  #判断实训是否已选择
--- a/app/controllers/graduation_works_controller.rb
+++ b/app/controllers/graduation_works_controller.rb
@ -411,7 +411,7 @@ class GraduationWorksController < ApplicationController
  # 删除教师/教辅的评分记录
  def delete_score
    score = @work.graduation_work_scores.where(id: params[:comment_id]).first
-    if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin?)
+    if score.present? && (score.is_invalid || score.score.nil?) && (score.user == current_user || current_user.admin_or_business?)
      begin
        score.destroy
        normal_status("删除成功")
--- a/app/controllers/gtopic_banks_controller.rb
+++ b/app/controllers/gtopic_banks_controller.rb
@ -26,7 +26,7 @@ class GtopicBanksController < ApplicationController
  end

  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end

  def gtopic_bank_params
--- a/app/controllers/homework_banks_controller.rb
+++ b/app/controllers/homework_banks_controller.rb
@ -47,7 +47,7 @@ class HomeworkBanksController < ApplicationController
  end

  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end

  def bank_params
--- a/app/controllers/homework_commons_controller.rb
+++ b/app/controllers/homework_commons_controller.rb
@ -145,7 +145,7 @@ class HomeworkCommonsController < ApplicationController
        @student_works = @homework.teacher_works(@member)
        @all_member_count = @student_works.size
        @score_open = true
-      elsif @user_course_identity > Course::STUDENT && @homework.work_public
+      elsif @user_course_identity > Course::STUDENT
        @student_works = student_works
        @score_open = false
      else
@ -757,7 +757,7 @@ class HomeworkCommonsController < ApplicationController
    search = params[:search]
    type = params[:type]
    # 超级管理员用户显示所有未隐藏的实训、非管理员显示所有已发布的实训（对本单位公开且未隐藏未关闭）
-    if current_user.admin?
+    if current_user.admin_or_business?
      @shixuns = Shixun.unhidden
    else
      none_shixun_ids = ShixunSchool.where("school_id != #{current_user.school_id}").pluck(:shixun_id)
--- a/app/controllers/item_banks_controller.rb
+++ b/app/controllers/item_banks_controller.rb
@ -31,8 +31,11 @@ class ItemBanksController < ApplicationController
  end

  def destroy
-    @item.destroy!
-    render_ok
+    ActiveRecord::Base.transaction do
+      ApplyAction.where(container_type: "ItemBank", container_id: @item.id).destroy_all
+      @item.destroy!
+      render_ok
+    end
  end

  def set_public
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@ -127,7 +127,7 @@ class MessagesController < ApplicationController
  end

  def create
-    return normal_status(403, "您没有权限进行该操作") unless current_user.admin? || current_user.member_of_course?(@board.course)
+    return normal_status(403, "您没有权限进行该操作") unless current_user.admin_or_business? || current_user.member_of_course?(@board.course)

    begin
      @message = Message.new(message_params)
--- a/app/controllers/poll_bank_questions_controller.rb
+++ b/app/controllers/poll_bank_questions_controller.rb
@ -114,7 +114,7 @@ class PollBankQuestionsController < ApplicationController
  private

  def bank_admin
-    tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @poll.user_id == current_user.id || current_user.admin_or_business?
  end

  def get_poll
--- a/app/controllers/question_banks_controller.rb
+++ b/app/controllers/question_banks_controller.rb
@ -10,7 +10,7 @@ class QuestionBanksController < ApplicationController
  def bank_list
    page = params[:page] || 1
    limit = params[:limit] || 15
-    @certification_teacher = current_user.is_certification_teacher || current_user.admin?
+    @certification_teacher = current_user.is_certification_teacher || current_user.admin_or_business?
    @objects = @object_type.classify.constantize.where(@object_filter)
    @objects =
        if params[:search]
@ -134,7 +134,7 @@ class QuestionBanksController < ApplicationController
  def destroy
    bank = current_bank

-    unless current_user.admin? || bank.user_id == current_user.id
+    unless current_user.admin_or_business? || bank.user_id == current_user.id
      render_forbidden
      return
    end
@ -165,7 +165,7 @@ class QuestionBanksController < ApplicationController

  def object_banks
    banks ||= @object_type.classify.constantize.where(@object_filter).where(id: params[:object_id])
-    unless current_user.admin?
+    unless current_user.admin_or_business?
      banks = banks.where(user_id: current_user.id)
    end
    banks
@ -202,7 +202,7 @@ class QuestionBanksController < ApplicationController
  end

  def teacher_or_admin
-    tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin?
+    tip_exception(403, "无权限操作") unless current_user.is_certification_teacher || current_user.admin_or_business?
  end

  def quote_homework_bank homework, course
--- a/app/controllers/task_banks_controller.rb
+++ b/app/controllers/task_banks_controller.rb
@ -29,7 +29,7 @@ class TaskBanksController < ApplicationController
  end

  def bank_admin
-    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin?
+    tip_exception(403, "无权限") unless @bank.user_id == current_user.id || current_user.admin_or_business?
  end

  def gtask_bank_params
--- a/app/controllers/users/question_banks_controller.rb
+++ b/app/controllers/users/question_banks_controller.rb
@ -66,9 +66,9 @@ class Users::QuestionBanksController < Users::BaseController

  def check_user_permission!
    if params[:type] == 'publicly'
-      normal_status(-2,"未通过职业认证") unless User.current.admin? || User.current.certification_teacher?
+      normal_status(-2,"未通过职业认证") unless User.current.admin_or_business? || User.current.certification_teacher?
    else
-      render_forbidden unless User.current.admin? || User.current.is_teacher?
+      render_forbidden unless User.current.admin_or_business? || User.current.is_teacher?
    end
  end
 end
--- a/app/controllers/weapps/courses_controller.rb
+++ b/app/controllers/weapps/courses_controller.rb
@ -39,7 +39,7 @@ class Weapps::CoursesController < Weapps::BaseController
    @page = (params[:page] || 1).to_i
    @limit = (params[:limit] || 20).to_i
    search = params[:search].present? ? params[:search].strip : ""
-    if @course.try(:id) != 1309 || current_user.admin? || current_user.try(:id) == 15582
+    if @course.try(:id) != 1309 || current_user.admin_or_business? || current_user.try(:id) == 15582
      @teacher_list = @course.course_members.joins(:user).where("course_members.role in (1, 2, 3)")
    else
      @teacher_list = @course.course_members.joins(:user).where("(course_members.role in (1, 3) or (course_members.user_id = #{current_user.id}
@ -203,6 +203,6 @@ class Weapps::CoursesController < Weapps::BaseController

  def set_course
    @course = Course.find_by!(id: params[:id])
-    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin?
+    tip_exception(404, "") if @course.is_delete == 1 && !current_user.admin_or_business?
  end
 end
--- a/app/helpers/export_helper.rb
+++ b/app/helpers/export_helper.rb
@ -47,9 +47,10 @@ module ExportHelper
      user_name = user.real_name
      user_mail = user.mail
      user_stu_id = user.student_id.present? ? (user.student_id.to_s + "\t") : "--"
+      user_grade = user.grade
      user_school = user.school_name
      user_course_group = u.course_group_name
-      user_info_array = [user_name,user_login,user_mail,user_stu_id,user_school,user_course_group]   #用户的信息集合
+      user_info_array = [user_name,user_login,user_mail,user_stu_id,user_grade,user_school,user_course_group]   #用户的信息集合
      user_work_scores = []

      #学生总成绩
@ -150,7 +151,7 @@ module ExportHelper
    course_user_score_title = "学生总成绩"
    score_title_cells = shixun_titles + common_titles + group_titles + task_titles + exercise_titles
    score_title_counts = [shixun_titles.count,common_titles.count,group_titles.count,task_titles.count,exercise_titles.count]
-    score_cell_head = %w(序号 真实姓名 登录名 邮箱 学号 学校 分班 个人总成绩) + score_title_cells
+    score_cell_head = %w(序号 真实姓名 登录名 邮箱 学号 金币 学校 分班 个人总成绩) + score_title_cells
    @course_user_scores = [course_user_score_title,score_cell_head,score_title_counts,total_user_score_array]

    #作业的全部集合
--- a/app/models/course.rb
+++ b/app/models/course.rb
@ -251,7 +251,7 @@ class Course < ApplicationRecord
    member = course_member(user.id)
    group_ids = if member.present?
                  member.teacher_course_groups.size > 0 ? member.teacher_course_groups.pluck(:course_group_id) : course_groups.pluck(:id)
-                elsif user.admin?
+                elsif user.admin_or_business?
                  course_groups.pluck(:id)
                else
                  []
--- a/app/models/graduation_work.rb
+++ b/app/models/graduation_work.rb
@ -55,7 +55,7 @@ class GraduationWork < ApplicationRecord
  end

  def delete_atta atta
-    last_score = graduation_work_scores.where.not(score: nil).last
+    last_score = graduation_work_scores.last
    (atta.author_id == User.current.id) && (last_score.blank? || last_score.try(:created_at) < atta.created_on)
  end

--- a/app/models/student_work.rb
+++ b/app/models/student_work.rb
@ -105,7 +105,7 @@ class StudentWork < ApplicationRecord
  end

  def delete_atta atta
-    last_score = student_works_scores.where.not(score: nil).last
+    last_score = student_works_scores.last
    (atta.author_id == User.current.id) && (last_score.blank? || last_score.try(:created_at) < atta.created_on)
  end

--- a/app/models/student_works_score.rb
+++ b/app/models/student_works_score.rb
@ -17,7 +17,7 @@ class StudentWorksScore < ApplicationRecord
  end

  def allow_delete current_user
-    (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin?)
+    (self.is_invalid || self.score.nil?) && (current_user == self.user || current_user.admin_or_business?)
  end

  # 匿评分
--- a/app/models/test_set.rb
+++ b/app/models/test_set.rb
@ -1,7 +1,7 @@
 class TestSet < ApplicationRecord
  # match_rule: 匹配规则： full： 完全匹配， last： 末尾匹配
  #
-  validates :input, length: { maximum: 500 }
-  validates :input, length: { maximum: 500 }
+  validates :input, length: { maximum: 5000 }
+  validates :input, length: { maximum: 5000 }

 end
--- a/app/views/admins/shixuns/index.html.erb
+++ b/app/views/admins/shixuns/index.html.erb
@ -23,20 +23,21 @@
          <%= select_tag(:search_type, options_for_select(auto_trial_options), class: 'form-control') %>
        </div>
        <%= text_field_tag(:keyword, params[:keyword], class: 'form-control col-sm-2 ml-3', placeholder: '输入关键字搜索') %>
-        <div class="">
-          <a href="javascript:void(0)" class="btn btn-primary" id="shixuns-export" data-disable-with = '导出中...'>导出</a>
-        </div>
      </div>

      <div class="d-flex mt-3">
-        <div class="form-group">
+        <div class="form-group flex-1">
          <label for="status">fork原因：</label>
          <% fork_status_options = [['全部', ''], ["全部fork实训", "Fork"], ["实训内容升级", 'Shixun'], ["课堂教学使用", 'Course'],["实践课程使用",'Subject'],["其他原因",'Other']] %>
          <%= select_tag(:fork_status, options_for_select(fork_status_options), class: 'form-control') %>
        </div>

-        <%= submit_tag('搜索', class: 'btn btn-primary ml-3','data-disable-with': '搜索中...') %>
-        <%= link_to "清除", admins_shixuns_path,class: "btn btn-default",id:"shixuns-clear-search",'data-disable-with': '清除中...' %>
+        <div class="flex-1">
+          <%= submit_tag('搜索', class: 'btn btn-primary ml-3','data-disable-with': '搜索中...') %>
+          <%= link_to "清除", admins_shixuns_path,class: "btn btn-default",id:"shixuns-clear-search",'data-disable-with': '清除中...' %>
+        </div>
+
+        <a href="javascript:void(0)" class="btn btn-primary" id="shixuns-export" data-disable-with = '导出中...'>导出</a>
      </div>
    </div>
 <% end %>
--- a/app/views/exercise_banks/show.json.jbuilder
+++ b/app/views/exercise_banks/show.json.jbuilder
@ -2,7 +2,7 @@ if @bank.container_type == "Exercise"
  json.exercise do
    json.extract! @bank, :id, :name, :description, :is_public
  end
-  json.authorize @bank.user_id == current_user.id || current_user.admin?
+  json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?

  json.partial! "exercises/exercise_scores"

@ -21,7 +21,7 @@ else
  json.poll do
    json.extract! @bank, :id, :name, :description, :is_public
  end
-  json.authorize @bank.user_id == current_user.id || current_user.admin?
+  json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?

  json.question_types do
    json.q_counts @poll_questions_count
--- a/app/views/graduation_tasks/show.json.jbuilder
+++ b/app/views/graduation_tasks/show.json.jbuilder
@ -1,7 +1,7 @@
 json.partial! "public_navigation", locals: {graduation: @task, course: @course}
 json.description @task.description
 json.user_id @task.user_id
-json.authorize @task.user_id == current_user.id || current_user.admin?
+json.authorize @task.user_id == current_user.id || current_user.admin_or_business?
 # 附件
 json.attachments @attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/graduation_works/comment_list.json.jbuilder
+++ b/app/views/graduation_works/comment_list.json.jbuilder
@ -15,7 +15,7 @@ json.comment_scores @comment_scores do |score|
  json.score score.score
  json.content score.comment
  json.is_invalid score.is_invalid
-  json.delete (@current_user == score.user || @current_user.admin?) && (score.is_invalid || score.score.nil?)
+  json.delete (@current_user == score.user || @current_user.admin_or_business?) && (score.is_invalid || score.score.nil?)
  json.attachments score.attachments do |atta|
    json.partial! "attachments/attachment_simple", locals: {attachment: atta, delete: false}
  end
--- a/app/views/gtopic_banks/show.json.jbuilder
+++ b/app/views/gtopic_banks/show.json.jbuilder
@ -1,6 +1,6 @@
 json.(@bank, :id, :name, :description, :is_public, :topic_type, :topic_source, :topic_property_first, :topic_property_second,
  :source_unit, :topic_repeat, :province, :city)
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?

 json.attachment_list @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/homework_banks/show.json.jbuilder
+++ b/app/views/homework_banks/show.json.jbuilder
@ -1,5 +1,5 @@
 json.(@bank, :id, :name, :description, :homework_type, :is_public, :min_num, :max_num, :base_on_project, :reference_answer)
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?

 json.attachments @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
--- a/app/views/shixun_lists/index.json.jbuilder
+++ b/app/views/shixun_lists/index.json.jbuilder
@ -21,7 +21,7 @@ json.shixun_list do
    json.pic url_to_avatar(obj)
    json.content highlights
    json.level level_to_s(obj.trainee)
-    json.subjects obj.subjects.uniq do |subject|
+    json.subjects obj.subjects.visible.unhidden.uniq do |subject|
      json.(subject, :id, :name)
    end
  end
--- a/app/views/student_works/show.json.jbuilder
+++ b/app/views/student_works/show.json.jbuilder
@ -11,7 +11,7 @@ json.update_user_name @is_evaluation ? "匿名" : @work.update_user.try(:real_na
 json.update_atta @homework.late_duration && @is_author

 json.attachments @attachments do |atta|
-  json.partial! "attachments/attachment_simple", locals: {attachment: atta, delete: false, }
+  json.partial! "attachments/attachment_simple", locals: {attachment: atta, delete: false }
 end

 unless @is_evaluation
--- a/app/views/task_banks/show.json.jbuilder
+++ b/app/views/task_banks/show.json.jbuilder
@ -1,6 +1,6 @@
 json.(@bank, :id, :name, :description, :task_type, :is_public)
 # 附件
-json.authorize @bank.user_id == current_user.id || current_user.admin?
+json.authorize @bank.user_id == current_user.id || current_user.admin_or_business?
 json.attachments @bank_attachments do |attachment|
  json.partial! "attachments/attachment_simple", locals: {attachment: attachment}
 end
--- a/app/views/users/question_banks/index.json.jbuilder
+++ b/app/views/users/question_banks/index.json.jbuilder
@ -14,5 +14,5 @@ json.question_banks @question_banks do |question_bank|
  json.course_list_name question_bank.course_list&.name
  json.updated_at question_bank.updated_at
  json.solve_count @solve_count_map.fetch(question_bank.id, 0)
-  json.authorize question_bank.user_id == current_user.id || current_user.admin?
+  json.authorize question_bank.user_id == current_user.id || current_user.admin_or_business?
 end
--- a/db/migrate/20200109095357_add_uniq_index_to_evaluation_distribution.rb
+++ b/db/migrate/20200109095357_add_uniq_index_to_evaluation_distribution.rb
@ -0,0 +1,11 @@
+class AddUniqIndexToEvaluationDistribution < ActiveRecord::Migration[5.2]
+  def change
+    sql = %Q(delete from student_works_evaluation_distributions where (user_id, student_work_id) in
+            (select * from (select user_id, student_work_id from student_works_evaluation_distributions group by user_id, student_work_id having count(*) > 1) a)
+            and id not in (select * from (select min(id) from student_works_evaluation_distributions group by user_id, student_work_id having count(*) > 1 order by id) b))
+    ActiveRecord::Base.connection.execute sql
+
+    add_index :student_works_evaluation_distributions, [:student_work_id, :user_id], name: "index_on_student_work_id_and_user_id", unique: true
+    remove_index :student_works_evaluation_distributions, :user_id
+  end
+end