From 1053112843168c79360129b4151107effda48970 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 19 Feb 2020 17:35:26 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E5=88=86=E7=8F=AD=E9=82=80=E8=AF=B7?= =?UTF-8?q?=E7=A0=81=E5=88=97=E8=A1=A8=E5=A2=9E=E5=8A=A0=E5=8F=82=E6=95=B0?= =?UTF-8?q?=E3=80=81=E9=82=80=E8=AF=B7=E7=A0=81=E7=9A=84=E5=81=9C=E7=94=A8?= =?UTF-8?q?/=E5=90=AF=E7=94=A8=E6=9D=83=E9=99=90=E6=8E=A7=E5=88=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/course_groups_controller.rb | 5 ++++- app/helpers/courses_helper.rb | 6 ++++++ app/views/courses/course_groups.json.jbuilder | 3 ++- 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/app/controllers/course_groups_controller.rb b/app/controllers/course_groups_controller.rb index fd59dd497..d07a1e12c 100644 --- a/app/controllers/course_groups_controller.rb +++ b/app/controllers/course_groups_controller.rb @@ -2,7 +2,7 @@ class CourseGroupsController < ApplicationController before_action :require_login, :check_auth before_action :set_group, except: [:create] before_action :find_course, only: [:create] - before_action :teacher_allowed + before_action :teacher_allowed, except: [:set_invite_code_halt] def create tip_exception("分班名称不能为空") if params[:name].blank? @@ -57,6 +57,9 @@ class CourseGroupsController < ApplicationController # 邀请码停用/启用 def set_invite_code_halt + teacher = @course.teachers.find_by(user_id: current_user.id) + tip_exception(403, "无权限") unless current_user.admin_or_business? || + (teacher.present? && (teacher.teacher_course_groups.pluck(:course_group_id).include?(@group.id) || teacher.teacher_course_groups.size == 0)) @group.update!(invite_code_halt: !@group.invite_code_halt) normal_status(0, "成功") end diff --git a/app/helpers/courses_helper.rb b/app/helpers/courses_helper.rb index 37e108a74..f0d58adbb 100644 --- a/app/helpers/courses_helper.rb +++ b/app/helpers/courses_helper.rb @@ -12,6 +12,12 @@ module CoursesHelper # end end + def edit_auth group, teachers + User.current.admin_or_business? || + teachers.select{|teacher| teacher.user_id == User.current.id && + (teacher.teacher_course_groups.pluck(:course_group_id).include?(group.id) || teacher.teacher_course_groups.size == 0)}.size > 0 + end + # 是否有切换为学生的入口 def switch_student_role is_teacher, course, user is_teacher && course.course_members.where(user_id: user.id, role: %i(STUDENT)).exists? diff --git a/app/views/courses/course_groups.json.jbuilder b/app/views/courses/course_groups.json.jbuilder index 48a5922a6..0057befb6 100644 --- a/app/views/courses/course_groups.json.jbuilder +++ b/app/views/courses/course_groups.json.jbuilder @@ -1,7 +1,8 @@ json.course_groups @course_groups.each do |group| - json.(group, :id, :course_members_count, :name) + json.(group, :id, :course_members_count, :name, :invite_code_halt) json.invite_code group.invite_code if @user_course_identity < Course::STUDENT json.member_manager member_manager(group, @teachers) if @user_course_identity < Course::NORMAL + json.edit_auth edit_auth(group, @teachers) if @user_course_identity < Course::STUDENT end if @user_course_identity == Course::STUDENT From 0853e6a4b51e8fc1e2f7ed1d07215b1968df42f7 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 19 Feb 2020 17:49:21 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E6=9C=89=E5=A4=9A=E9=87=8D=E8=A7=92?= =?UTF-8?q?=E8=89=B2=E7=9A=84=E7=94=A8=E6=88=B7=E4=B8=8D=E8=80=83=E8=99=91?= =?UTF-8?q?=E8=AE=A4=E8=AF=81=E7=9A=84=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 411481f0e..c9d352e80 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -73,7 +73,7 @@ class ApplicationController < ActionController::Base check_account tip_exception(@course.excellent ? 410 : 409, "您没有权限进入") end - if @user_course_identity > Course::CREATOR && @user_course_identity <= Course::STUDENT + if @user_course_identity > Course::CREATOR && @user_course_identity <= Course::STUDENT && @course.tea_id != current_user.id # 实名认证和职业认证的身份判断 tip_exception(411, "你的实名认证和职业认证审核未通过") if @course.authentication && @course.professional_certification && (!current_user.authentication && !current_user.professional_certification) From 1f1ff6c7a901bd86304e9ae41f5ed4e7a78a9bc4 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 19 Feb 2020 18:28:05 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E9=A2=98=E5=BA=93=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 13 +++++++++++++ app/controllers/examination_banks_controller.rb | 2 ++ .../examination_intelligent_settings_controller.rb | 1 + app/controllers/examination_items_controller.rb | 1 + app/controllers/item_banks_controller.rb | 2 ++ app/controllers/item_baskets_controller.rb | 1 + 6 files changed, 20 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index c9d352e80..15f918c01 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -48,6 +48,19 @@ class ApplicationController < ActionController::Base EduSetting.get(name) end + # 平台身份权限判断(学生用户无权限) + def identity_auth + ue = current_user.user_extension + tip_exception(403, "..") unless current_user.admin_or_business? || ue.teacher? || ue.professional? + end + + # 平台已认证身份判断(已认证的老师和专业人士) + def certi_identity_auth + ue = current_user.user_extension + tip_exception(403, "..") unless current_user.admin_or_business? || + (current_user.professional_certification && (ue.teacher? || ue.professional?)) + end + def shixun_marker unless current_user.is_shixun_marker? || current_user.admin_or_business? tip_exception(403, "..") diff --git a/app/controllers/examination_banks_controller.rb b/app/controllers/examination_banks_controller.rb index 251cd197f..1a2f3f564 100644 --- a/app/controllers/examination_banks_controller.rb +++ b/app/controllers/examination_banks_controller.rb @@ -1,8 +1,10 @@ class ExaminationBanksController < ApplicationController include PaginateHelper before_action :require_login + before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public, :revoke_item] before_action :find_exam, except: [:index, :create] before_action :edit_auth, only: [:update, :destroy, :set_public, :revoke_item] + before_action :identity_auth, only: [:index] def index exams = ExaminationBankQuery.call(params) diff --git a/app/controllers/examination_intelligent_settings_controller.rb b/app/controllers/examination_intelligent_settings_controller.rb index 10384b7cb..8675e699e 100644 --- a/app/controllers/examination_intelligent_settings_controller.rb +++ b/app/controllers/examination_intelligent_settings_controller.rb @@ -1,5 +1,6 @@ class ExaminationIntelligentSettingsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :optinal_items, :save_exam, :exchange_one_item, :exchange_items] before_action :find_exam, only: [:exchange_one_item, :exchange_items, :save_exam] def optinal_items diff --git a/app/controllers/examination_items_controller.rb b/app/controllers/examination_items_controller.rb index ee7a27c59..97aac3bc6 100644 --- a/app/controllers/examination_items_controller.rb +++ b/app/controllers/examination_items_controller.rb @@ -1,5 +1,6 @@ class ExaminationItemsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :destroy, :delete_item_type, :set_score, :batch_set_score, :adjust_position] before_action :validate_score, only: [:set_score, :batch_set_score] before_action :find_exam, only: [:create, :batch_set_score, :delete_item_type] before_action :find_item, except: [:create, :batch_set_score, :delete_item_type] diff --git a/app/controllers/item_banks_controller.rb b/app/controllers/item_banks_controller.rb index f108c1fad..cc046d061 100644 --- a/app/controllers/item_banks_controller.rb +++ b/app/controllers/item_banks_controller.rb @@ -1,8 +1,10 @@ class ItemBanksController < ApplicationController include PaginateHelper before_action :require_login + before_action :certi_identity_auth, only: [:create, :edit, :update, :destroy, :set_public] before_action :find_item, except: [:index, :create] before_action :edit_auth, only: [:update, :destroy, :set_public] + before_action :identity_auth, only: [:index] def index items = ItemBankQuery.call(params) diff --git a/app/controllers/item_baskets_controller.rb b/app/controllers/item_baskets_controller.rb index 03355189d..b047e3d78 100644 --- a/app/controllers/item_baskets_controller.rb +++ b/app/controllers/item_baskets_controller.rb @@ -1,5 +1,6 @@ class ItemBasketsController < ApplicationController before_action :require_login + before_action :certi_identity_auth, only: [:create, :delete_item_type, :destroy, :set_score, :batch_set_score, :adjust_position] before_action :validate_score, only: [:set_score, :batch_set_score] helper_method :current_basket