From 4d3dbcee4a6ce8605ea065f3f27165923f894b83 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Sat, 20 Jul 2019 13:14:55 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/courses_controller.rb | 1 + app/controllers/shixuns_controller.rb | 1 + app/controllers/subjects_controller.rb | 6 ++++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index a78aa028b..b937d293d 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -60,6 +60,7 @@ class CoursesController < ApplicationController # FROM `course_activities` WHERE course_activities.course_id = courses.id) AS a") # .order("courses.id = 1309 desc, a desc") if @order == "mine" + tip_exception(401, "..") unless current_user.logged? @courses = Course.joins(:course_members) .where("is_delete = 0 AND is_hidden = 0 AND course_members.user_id = ?", @user.id) elsif @order == "created_at" diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb index f1e36a5c8..35488ecc5 100644 --- a/app/controllers/shixuns_controller.rb +++ b/app/controllers/shixuns_controller.rb @@ -22,6 +22,7 @@ class ShixunsController < ApplicationController ## 我的实训 @shixuns = if params[:order_by] == 'mine' + tip_exception(401, "..") unless current_user.logged? current_user.my_shixuns else Shixun.unhidden diff --git a/app/controllers/subjects_controller.rb b/app/controllers/subjects_controller.rb index 7857f2ec6..4d256f3dc 100644 --- a/app/controllers/subjects_controller.rb +++ b/app/controllers/subjects_controller.rb @@ -37,6 +37,8 @@ class SubjectsController < ApplicationController else # 我的路径 if reorder == "mine" + tip_exception(401, "..") unless current_user.logged? + mine_subject_id = StageShixun.find_by_sql("select DISTINCT(subject_id) from stage_shixuns where shixun_id in (select distinct(shixun_id) from myshixuns where user_id=#{current_user.id})").map(&:subject_id) manage_subject_id = SubjectMember.where(user_id: current_user.id).pluck(:subject_id) @@ -137,7 +139,7 @@ class SubjectsController < ApplicationController if current_user.admin? @shixuns = Shixun.select([:id, :name, :status, :myshixuns_count, :identifier]).where(hidden: 0) else - none_shixun_ids = ShixunSchool.where("school_id != #{current_user.user_extension.try(:school_id)}").pluck(:shixun_id) + none_shixun_ids = ShixunSchool.where("school_id != #{current_user.user_extension.try(:school_id).to_i}").pluck(:shixun_id) @shixuns = Shixun.select([:id, :name, :status, :myshixuns_count, :identifier]).where.not(id: none_shixun_ids).where(hidden: 0) end @@ -174,7 +176,7 @@ class SubjectsController < ApplicationController WHERE m.course_id = c.id AND m.role in (1,2,3) AND m.user_id=#{current_user.id} AND c.is_delete = 0 AND c.is_end = 0").map(&:id) @courses = Course.where(id: course_ids) - @none_shixun_ids = ShixunSchool.where("school_id != #{current_user.user_extension.try(:school_id)}").pluck(:shixun_id) + @none_shixun_ids = ShixunSchool.where("school_id != #{current_user.user_extension.try(:school_id).to_i}").pluck(:shixun_id) end def send_to_course