|
|
@ -4,14 +4,13 @@
|
|
|
|
class AttachmentsController < ApplicationController
|
|
|
|
class AttachmentsController < ApplicationController
|
|
|
|
before_action :require_login, :check_auth, except: [:show]
|
|
|
|
before_action :require_login, :check_auth, except: [:show]
|
|
|
|
before_action :find_file, only: %i[show destroy]
|
|
|
|
before_action :find_file, only: %i[show destroy]
|
|
|
|
|
|
|
|
before_action :attachment_candown, only: [:show]
|
|
|
|
|
|
|
|
|
|
|
|
include ApplicationHelper
|
|
|
|
include ApplicationHelper
|
|
|
|
|
|
|
|
|
|
|
|
def show
|
|
|
|
def show
|
|
|
|
# 1. 优先跳到cdn
|
|
|
|
# 1. 优先跳到cdn
|
|
|
|
# 2. 如果没有cdn,send_file
|
|
|
|
# 2. 如果没有cdn,send_file
|
|
|
|
candown = attachment_candown @file
|
|
|
|
|
|
|
|
tip_exception("您没有权限下载该附件") if !candown
|
|
|
|
|
|
|
|
if @file.cloud_url.present?
|
|
|
|
if @file.cloud_url.present?
|
|
|
|
update_downloads(@file)
|
|
|
|
update_downloads(@file)
|
|
|
|
redirect_to @file.cloud_url and return
|
|
|
|
redirect_to @file.cloud_url and return
|
|
|
@ -160,32 +159,32 @@ class AttachmentsController < ApplicationController
|
|
|
|
edu_setting('public_cdn_host') + "/" + path
|
|
|
|
edu_setting('public_cdn_host') + "/" + path
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
def attachment_candown attachment
|
|
|
|
def attachment_candown
|
|
|
|
return true if current_user.admin? || current_user.business?
|
|
|
|
unless current_user.admin? || current_user.business?
|
|
|
|
candown = false
|
|
|
|
|
|
|
|
if attachment.container && current_user.logged?
|
|
|
|
|
|
|
|
# 课堂资源、作业、毕设相关资源的权限判断
|
|
|
|
|
|
|
|
if attachment.container.is_a?(Course)
|
|
|
|
|
|
|
|
course = attachment.container
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course) || attachment.is_public == 1
|
|
|
|
|
|
|
|
elsif attachment.container.is_a?(HomeworkCommon) || attachment.container.is_a?(GraduationTask) || attachment.container.is_a?(GraduationTopic)
|
|
|
|
|
|
|
|
course = attachment.container&.course
|
|
|
|
|
|
|
|
elsif attachment.container.is_a?(StudentWork)
|
|
|
|
|
|
|
|
course = attachment.container&.homework_common&.course
|
|
|
|
|
|
|
|
elsif attachment.container.is_a?(StudentWorksScore)
|
|
|
|
|
|
|
|
course = attachment.container&.student_work&.homework_common&.course
|
|
|
|
|
|
|
|
elsif attachment.container.is_a?(GraduationWork)
|
|
|
|
|
|
|
|
course = attachment.container&.graduation_task&.course
|
|
|
|
|
|
|
|
elsif attachment.container.is_a?(GraduationWorkScore)
|
|
|
|
|
|
|
|
course = attachment.container&.graduation_work&.graduation_task&.course
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
candown = true
|
|
|
|
candown = true
|
|
|
|
|
|
|
|
if @file.container && current_user.logged?
|
|
|
|
|
|
|
|
# 课堂资源、作业、毕设相关资源的权限判断
|
|
|
|
|
|
|
|
if @file.container.is_a?(Course)
|
|
|
|
|
|
|
|
course = @file.container
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course) || @file.is_public == 1
|
|
|
|
|
|
|
|
elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic)
|
|
|
|
|
|
|
|
course = @file.container&.course
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course)
|
|
|
|
|
|
|
|
elsif @file.container.is_a?(StudentWork)
|
|
|
|
|
|
|
|
course = @file.container&.homework_common&.course
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course)
|
|
|
|
|
|
|
|
elsif @file.container.is_a?(StudentWorksScore)
|
|
|
|
|
|
|
|
course = @file.container&.student_work&.homework_common&.course
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course)
|
|
|
|
|
|
|
|
elsif @file.container.is_a?(GraduationWork)
|
|
|
|
|
|
|
|
course = @file.container&.graduation_task&.course
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course)
|
|
|
|
|
|
|
|
elsif @file.container.is_a?(GraduationWorkScore)
|
|
|
|
|
|
|
|
course = @file.container&.graduation_work&.graduation_task&.course
|
|
|
|
|
|
|
|
candown = current_user.member_of_course?(course)
|
|
|
|
|
|
|
|
end
|
|
|
|
|
|
|
|
tip_exception(403, "您没有权限进入") if course.present? && !candown
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
|
|
candown = !candown && course.present? ? current_user.member_of_course?(course) : candown
|
|
|
|
|
|
|
|
else
|
|
|
|
|
|
|
|
candown = true
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
candown
|
|
|
|
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|