From 54196a44c5d36fb22b40023a1b6e04f47ebfaa62 Mon Sep 17 00:00:00 2001
From: daiao <358551898@qq.com>
Date: Fri, 28 Jun 2019 15:07:36 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E5=90=88=E4=BD=9C=E8=80=85?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/challenges_controller.rb | 2 +-
 app/controllers/shixuns_controller.rb    | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/app/controllers/challenges_controller.rb b/app/controllers/challenges_controller.rb
index 565545713..2ba76c60a 100644
--- a/app/controllers/challenges_controller.rb
+++ b/app/controllers/challenges_controller.rb
@@ -8,7 +8,7 @@ class ChallengesController < ApplicationController
   # 关卡更新和操作的权限控制
   before_action :update_allowed, except: [:index]
   # 关卡访问的权限控制
-  before_action :shixun_access_allowed
+  before_action :shixun_access_allowed, only: [:index]
 
   include ShixunsHelper
   include ChallengesHelper
diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb
index 0cf4fc77e..52e05e57d 100644
--- a/app/controllers/shixuns_controller.rb
+++ b/app/controllers/shixuns_controller.rb
@@ -624,12 +624,12 @@ class ShixunsController < ApplicationController
 
   def add_collaborators
       member_ids = "(" + @shixun.shixun_members.map(&:user_id).join(',') +  ")"
-      user_name = "%#{params[:user_name].strip}%"
-      school_name = "%#{params[:school_name].strip}%"
+      user_name = "%#{params[:user_name].to_s.strip}%"
+      school_name = "%#{params[:school_name].to_s.strip}%"
 			if user_name.present? || school_name.present?
 				@users = User.joins(user_extension: :school).where("users.id not in #{member_ids} AND users.status = 1 AND
 																								 LOWER(users.lastname) LIKE '#{user_name}' AND LOWER(schools.name) LIKE
-																								 '#{school_name}'")
+																								 '#{school_name}'").limit(20)
 			else
 				@users = User.none
 			end