作业的权限控制

app/controllers/homework_commons_controller.rb

@@ -121,7 +121,7 @@ class HomeworkCommonsController < ApplicationController
         @work = @homework.user_work(current_user.id)
 
         # 学生已提交作品且补交（提交）已截止、作品公开、非匿评阶段
-        if @work&.work_status.to_i > 0 && @homework.work_public &&
+        if @work&.work_status.to_i > 0 && (@homework.work_public || @homework.score_open) &&
             ((!@homework.anonymous_comment && @homework.end_or_late) || @homework_detail_manual.comment_status > 4)
           @student_works = student_works.where("user_id != #{@work.user_id}")
 

app/controllers/student_works_controller.rb

@@ -25,7 +25,7 @@ class StudentWorksController < ApplicationController
 
   before_action :require_score_id, only: [:destroy_score, :add_score_reply, :appeal_anonymous_score, :deal_appeal_score, :cancel_appeal]
 
-  before_action :is_evaluation, only: [:show, :supply_attachments]
+  before_action :is_evaluation, :open_work, only: [:show, :supply_attachments]
 
   def new
     uid_logger("#######new current_user : 1111")
@@ -704,6 +704,11 @@ class StudentWorksController < ApplicationController
         [3, 4].include?(@homework.homework_detail_manual.comment_status)
   end
 
+  # 作品是否公开
+  def open_work
+    tip_exception(403,"没有操作权限") unless (@user_course_identity < Course::STUDENT || current_user == @work.user || @homework.work_public || @is_evaluation)
+  end
+
   def allow_add_score
     # 老师始终有评阅权限，匿评阶段内，学生对分配给该学生的作品有评阅权限
     tip_exception(403, "没有权限") unless allow_score(@homework, @user_course_identity, current_user.id, @work)