权限修改

6 years ago · 4a742cb337
parent 89a34a337b
commit 4a742cb337
2 changed files with 2 additions and 1 deletions
--- a/app/controllers/subjects_controller.rb
+++ b/app/controllers/subjects_controller.rb
@ -282,7 +282,7 @@ class SubjectsController < ApplicationController
  # 删除实训
  # DELETE: /api/subejcts/:id/delete_member
  def delete_member
-    tip_exception(403, "没权限操作") if !current_user.admin?
+    tip_exception(403, "没权限操作") unless current_user.creator_of_subject?(@subject)
    tip_exception('用户id不能为空') if params[:user_id].blank?
    user = @subject.subject_members.where(:user_id => params[:user_id], :role => 2).first
    tip_exception("管理员用户不允许删除,或用户不存在") if user.blank?
--- a/app/views/subjects/up_member_position.json.jbuilder
+++ b/app/views/subjects/up_member_position.json.jbuilder
@ -1,3 +1,4 @@
 json.members @subject.subject_members do |member|
  json.partial! 'subject_member', locals: { user: member.user }
+  json.role member.role
 end