登录与认证

5 years ago · 689600314b
parent 26a9c39f3f
commit 689600314b
36 changed files with 41 additions and 47 deletions
--- a/app/controllers/add_department_applies_controller.rb
+++ b/app/controllers/add_department_applies_controller.rb
@ -1,5 +1,5 @@
 class AddDepartmentAppliesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth

  def create
    CreateAddDepartmentApplyService.call(current_user, create_params)
--- a/app/controllers/add_school_applies_controller.rb
+++ b/app/controllers/add_school_applies_controller.rb
@ -1,5 +1,5 @@
 class AddSchoolAppliesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth

  def create
    CreateAddSchoolApplyService.call(current_user, create_params)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -178,18 +178,12 @@ class ApplicationController < ActionController::Base
 	# 系统全局认证
 	#
 	def check_auth
-		if User.current.logged?
-			if !current_user.profile_completed?
-				info_url = '/account/profile'
-				tip_exception(402, info_url)
-			elsif current_user.certification != 1
-				day_cer = UserDayCertification.find_by(user_id: current_user.id)
-				unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400
-					tip_exception(407, "系统未授权")
-				end
-			end
-		else
-			tip_exception(401, "..")
+		if !current_user.profile_completed?
+			info_url = '/account/profile'
+			tip_exception(402, info_url)
+		elsif current_user.certification != 1
+			day_cer = UserDayCertification.find_by(user_id: current_user.id)
+			tip_exception(407, "系统未授权") unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400
 		end
 	end

--- a/app/controllers/attachments_controller.rb
+++ b/app/controllers/attachments_controller.rb
@ -2,7 +2,7 @@
 #
 #  文件上传
 class AttachmentsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_file, only: %i[show destroy]

  include ErrorCommon
--- a/app/controllers/boards_controller.rb
+++ b/app/controllers/boards_controller.rb
@ -1,5 +1,5 @@
 class BoardsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_course, only: [:create]
  before_action :set_board, except: [:create]
  before_action :teacher_allowed
--- a/app/controllers/challenges_controller.rb
+++ b/app/controllers/challenges_controller.rb
@ -1,5 +1,5 @@
 class ChallengesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_shixun, only: [:new, :create, :index]
  skip_before_action :verify_authenticity_token, only: [:create, :update, :create_choose_question, :crud_answer]
  before_action :find_challenge, only: [:edit, :show, :update, :create_choose_question, :index_down, :index_up,
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@ -1,7 +1,7 @@
 class CommonsController < ApplicationController
  OBJECT_TYPE = %W[message journals_for_message]

-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :validate_object_type
  before_action :find_object
  before_action :validate_power
--- a/app/controllers/course_groups_controller.rb
+++ b/app/controllers/course_groups_controller.rb
@ -1,5 +1,5 @@
 class CourseGroupsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :set_group, except: [:create]
  before_action :find_course, only: [:create]
  before_action :teacher_or_admin_allowed
--- a/app/controllers/course_modules_controller.rb
+++ b/app/controllers/course_modules_controller.rb
@ -1,5 +1,5 @@
 class CourseModulesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :set_module, except: [:unhidden_modules]
  before_action :find_course, only: [:unhidden_modules]
  before_action :teacher_allowed
--- a/app/controllers/course_second_categories_controller.rb
+++ b/app/controllers/course_second_categories_controller.rb
@ -1,5 +1,5 @@
 class CourseSecondCategoriesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :set_category
  before_action :teacher_allowed

--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -11,7 +11,7 @@ class CoursesController < ApplicationController
    render_error(ex.model.errors.full_messages.join(','))
  end

-  before_action :require_login, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner]
+  before_action :require_login, :check_auth, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner]
  before_action :set_course, :user_course_identity, only: [:show, :update, :destroy, :settings, :set_invite_code_halt,
                                                           :set_public_or_private, :search_teacher_candidate, :teachers, :apply_teachers,
                                                           :top_banner, :left_banner, :add_teacher_popup, :add_teacher,
--- a/app/controllers/ecs/base_controller.rb
+++ b/app/controllers/ecs/base_controller.rb
@ -1,6 +1,6 @@
 class Ecs::BaseController < ApplicationController

-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :check_user_permission!

  helper_method :current_user, :current_school
--- a/app/controllers/exercise_answers_controller.rb
+++ b/app/controllers/exercise_answers_controller.rb
@ -1,5 +1,5 @@
 class ExerciseAnswersController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :get_exercise_question
  include ExercisesHelper

--- a/app/controllers/exercise_questions_controller.rb
+++ b/app/controllers/exercise_questions_controller.rb
@ -1,5 +1,5 @@
 class ExerciseQuestionsController < ApplicationController
-  before_action :require_login  #用户需登陆
+  before_action :require_login, :check_auth  #用户需登陆
  before_action :get_exercise,only:[:new,:create]  #获取试卷
  before_action :get_exercise_question,except: [:new,:create]  #获取试卷的问题及试卷
  before_action :is_course_teacher  #是否为老师
--- a/app/controllers/exercises_controller.rb
+++ b/app/controllers/exercises_controller.rb
@ -1,5 +1,5 @@
 class ExercisesController < ApplicationController
-  before_action :require_login,except: [:index]
+  before_action :require_login, :check_auth, except: [:index]
  before_action :find_course,only: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys,
                                    :join_exercise_banks,:publish_modal,:publish,:end_modal,:end_exercise] #需要有课堂id参数的
  before_action :get_exercise,except: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys,
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@ -1,7 +1,7 @@
 class FilesController < ApplicationController
  include MessagesHelper

-  before_action :require_login, except: %i[index]
+  before_action :require_login, :check_auth, except: %i[index]
  before_action :find_course, except: %i[public_with_course_and_project mine_with_course_and_project]
  before_action :find_ids, only: %i[bulk_delete bulk_send bulk_move bulk_public bulk_publish]
  before_action :file_validate_sort_type, only: :index
--- a/app/controllers/games_controller.rb
+++ b/app/controllers/games_controller.rb
@ -1,5 +1,5 @@
 class GamesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_game
  before_action :find_shixun, only: [:show, :answer, :rep_content, :choose_build, :game_build, :game_status]

--- a/app/controllers/graduation_tasks_controller.rb
+++ b/app/controllers/graduation_tasks_controller.rb
@ -1,5 +1,5 @@
 class GraduationTasksController < ApplicationController
-  before_action :require_login, except: [:index]
+  before_action :require_login, :check_auth, except: [:index]
  before_action :find_course, except: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment]
  before_action :find_task, only: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment]
  before_action :user_course_identity
--- a/app/controllers/graduation_topics_controller.rb
+++ b/app/controllers/graduation_topics_controller.rb
@ -1,5 +1,5 @@
 class GraduationTopicsController < ApplicationController
-  before_action :require_login, except: [:index]
+  before_action :require_login, :check_auth, except: [:index]
  before_action :find_course
  before_action :teacher_allowed, only: [:new, :create, :update, :edit, :destroys, :set_public,
                                         :refuse_student_topic, :accept_student_topic, :export]
--- a/app/controllers/graduation_works_controller.rb
+++ b/app/controllers/graduation_works_controller.rb
@ -1,5 +1,5 @@
 class GraduationWorksController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_task, only: [:new, :create, :search_member_list, :check_project, :relate_project,
                                   :cancel_relate_project]
  before_action :find_work, only: [:show, :edit, :update, :revise_attachment, :supply_attachments, :comment_list,
--- a/app/controllers/homework_commons_controller.rb
+++ b/app/controllers/homework_commons_controller.rb
@ -3,7 +3,7 @@ class HomeworkCommonsController < ApplicationController
  include ApplicationHelper
  include ExportHelper

-  before_action :require_login, except: [:index, :choose_category]
+  before_action :require_login, :check_auth, except: [:index, :choose_category]

  before_action :find_course, only: [:index, :create, :new, :shixuns, :subjects, :create_shixun_homework, :publish_homework,
                                     :end_homework, :set_public, :choose_category, :move_to_category, :choose_category,
--- a/app/controllers/messages_controller.rb
+++ b/app/controllers/messages_controller.rb
@ -3,7 +3,7 @@ class MessagesController < ApplicationController

  SORT_TYPE = %w[time hot]

-  before_action :require_login, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public]
+  before_action :require_login, :check_auth, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public]
  before_action :find_board, only: [:create, :index, :bulk_delete, :bulk_move, :bulk_send, :bulk_public]
  before_action :find_message, only: [:update, :destroy, :sticky_top, :reply_list, :destroy, :reply]
  before_action :validate_delete_params, only: %i[bulk_delete bulk_public]
--- a/app/controllers/myshixuns_controller.rb
+++ b/app/controllers/myshixuns_controller.rb
@ -1,5 +1,5 @@
 class MyshixunsController < ApplicationController
-  before_action :require_login, :except => [:training_task_status, :code_runinng_message]
+  before_action :require_login, :check_auth, :except => [:training_task_status, :code_runinng_message]
  before_action :find_myshixun, :except => [:training_task_status, :code_runinng_message]
  before_action :find_repo_name, :except => [:training_task_status, :code_runinng_message]
  skip_before_action :verify_authenticity_token, :only => [:html_content]
--- a/app/controllers/poll_questions_controller.rb
+++ b/app/controllers/poll_questions_controller.rb
@ -1,5 +1,5 @@
 class PollQuestionsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :get_poll,only:[:new,:create]
  before_action :get_poll_question,except: [:new,:create]
  before_action :is_course_teacher
--- a/app/controllers/poll_votes_controller.rb
+++ b/app/controllers/poll_votes_controller.rb
@ -1,6 +1,6 @@
 class PollVotesController < ApplicationController
  #在开始回答和提交问卷的时候，已经做了判断用户的身份权限
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :get_poll_question
  before_action :check_answer_in_question

--- a/app/controllers/polls_controller.rb
+++ b/app/controllers/polls_controller.rb
@ -1,6 +1,6 @@
 class PollsController < ApplicationController
  # before_action :check_poll_status 问卷的发消息和定时任务没有做
-  before_action :require_login,except: [:index]
+  before_action :require_login, :check_auth,except: [:index]
  before_action :find_course, except: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer,:commit_poll,
                                       :commit_result,:poll_lists,:cancel_publish,:cancel_publish_modal,:common_header]
  before_action :get_poll_and_course, only: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer,
--- a/app/controllers/praise_tread_controller.rb
+++ b/app/controllers/praise_tread_controller.rb
@ -1,6 +1,6 @@
 class PraiseTreadController < ApplicationController
  include MessagesHelper
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :validate_params, only: [:like, :unlike]
  before_action :find_object

--- a/app/controllers/question_banks_controller.rb
+++ b/app/controllers/question_banks_controller.rb
@ -1,5 +1,5 @@
 class QuestionBanksController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :params_filter

  # 题库选用列表
--- a/app/controllers/shixuns_controller.rb
+++ b/app/controllers/shixuns_controller.rb
@ -1,5 +1,5 @@
 class ShixunsController < ApplicationController
-	before_action :require_login, except: [:download_file, :index, :menus]
+	before_action :require_login, :check_auth, except: [:download_file, :index, :menus]
 	before_action :check_auth, except: [:download_file, :index, :menus]

 	before_action :find_shixun, :shixun_access_allowed, except: [:index, :new, :create, :menus, :get_recommend_shixuns,
--- a/app/controllers/stages_controller.rb
+++ b/app/controllers/stages_controller.rb
@ -1,5 +1,5 @@
 class StagesController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_subject, only: [:create, :index]
  before_action :find_stage, only: [:update, :destroy, :edit, :up_position, :down_position]
  before_action :allowed, except: [:index]
--- a/app/controllers/student_works_controller.rb
+++ b/app/controllers/student_works_controller.rb
@ -2,7 +2,7 @@ class StudentWorksController < ApplicationController
  include HomeworkCommonsHelper
  include StudentWorksHelper

-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :find_homework, only: [:new, :create, :search_member_list, :check_project, :relate_project,
                                       :cancel_relate_project]
  before_action :find_work, only: [:shixun_work_report, :adjust_review_score, :shixun_work, :commit_des, :update_des,
--- a/app/controllers/subjects_controller.rb
+++ b/app/controllers/subjects_controller.rb
@ -1,5 +1,5 @@
 class SubjectsController < ApplicationController
-  before_action :require_login, except: [:index]
+  before_action :require_login, :check_auth, except: [:index]
  # before_action :check_auth, except: [:index]
  before_action :find_subject, except: [:index, :create, :append_to_stage]
  before_action :allowed, only: [:update, :edit, :destroy, :publish, :cancel_publish, :cancel_has_publish,
--- a/app/controllers/users/base_account_controller.rb
+++ b/app/controllers/users/base_account_controller.rb
@ -1,5 +1,5 @@
 class Users::BaseAccountController < Users::BaseController
-  before_action :require_login
+  before_action :require_login, :check_auth

  def observed_user
    @_observed_user ||= (User.find_by_id(params[:account_id]) || User.find_by_login(params[:account_id]))
--- a/app/controllers/users/interests_controller.rb
+++ b/app/controllers/users/interests_controller.rb
@ -1,6 +1,6 @@
 class Users::InterestsController < Users::BaseController
  skip_before_action :check_observed_user_exists!
-  before_action :require_login
+  before_action :require_login, :check_auth

  def create
    identity = params[:identity].to_s.strip
--- a/app/controllers/users/watches_controller.rb
+++ b/app/controllers/users/watches_controller.rb
@ -1,5 +1,5 @@
 class Users::WatchesController < Users::BaseController
-  before_action :require_login
+  before_action :require_login, :check_auth

  def create
    if observed_logged_user?
--- a/app/controllers/zips_controller.rb
+++ b/app/controllers/zips_controller.rb
@ -1,5 +1,5 @@
 class ZipsController < ApplicationController
-  before_action :require_login
+  before_action :require_login, :check_auth
  before_action :load_homework, only: [:shixun_report]
  before_action :get_exercise, only: [:export_exercises]