diff --git a/app/controllers/add_department_applies_controller.rb b/app/controllers/add_department_applies_controller.rb index ed8067c84..644ebd87e 100644 --- a/app/controllers/add_department_applies_controller.rb +++ b/app/controllers/add_department_applies_controller.rb @@ -1,5 +1,5 @@ class AddDepartmentAppliesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth def create CreateAddDepartmentApplyService.call(current_user, create_params) diff --git a/app/controllers/add_school_applies_controller.rb b/app/controllers/add_school_applies_controller.rb index 9f2376b9e..c868d79c9 100644 --- a/app/controllers/add_school_applies_controller.rb +++ b/app/controllers/add_school_applies_controller.rb @@ -1,5 +1,5 @@ class AddSchoolAppliesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth def create CreateAddSchoolApplyService.call(current_user, create_params) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 91ac1c282..e8cccaee3 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -178,18 +178,12 @@ class ApplicationController < ActionController::Base # 系统全局认证 # def check_auth - if User.current.logged? - if !current_user.profile_completed? - info_url = '/account/profile' - tip_exception(402, info_url) - elsif current_user.certification != 1 - day_cer = UserDayCertification.find_by(user_id: current_user.id) - unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400 - tip_exception(407, "系统未授权") - end - end - else - tip_exception(401, "..") + if !current_user.profile_completed? + info_url = '/account/profile' + tip_exception(402, info_url) + elsif current_user.certification != 1 + day_cer = UserDayCertification.find_by(user_id: current_user.id) + tip_exception(407, "系统未授权") unless (Time.now.to_i - day_cer.try(:created_at).to_i) < 86400 end end diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index bf5c11856..c539b0a60 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -2,7 +2,7 @@ # # 文件上传 class AttachmentsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_file, only: %i[show destroy] include ErrorCommon diff --git a/app/controllers/boards_controller.rb b/app/controllers/boards_controller.rb index 2e82c36d7..0bcaaa2c0 100644 --- a/app/controllers/boards_controller.rb +++ b/app/controllers/boards_controller.rb @@ -1,5 +1,5 @@ class BoardsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_course, only: [:create] before_action :set_board, except: [:create] before_action :teacher_allowed diff --git a/app/controllers/challenges_controller.rb b/app/controllers/challenges_controller.rb index 33963a192..697585e0c 100644 --- a/app/controllers/challenges_controller.rb +++ b/app/controllers/challenges_controller.rb @@ -1,5 +1,5 @@ class ChallengesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_shixun, only: [:new, :create, :index] skip_before_action :verify_authenticity_token, only: [:create, :update, :create_choose_question, :crud_answer] before_action :find_challenge, only: [:edit, :show, :update, :create_choose_question, :index_down, :index_up, diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb index a23d4dba7..0c0fe79af 100644 --- a/app/controllers/commons_controller.rb +++ b/app/controllers/commons_controller.rb @@ -1,7 +1,7 @@ class CommonsController < ApplicationController OBJECT_TYPE = %W[message journals_for_message] - before_action :require_login + before_action :require_login, :check_auth before_action :validate_object_type before_action :find_object before_action :validate_power diff --git a/app/controllers/course_groups_controller.rb b/app/controllers/course_groups_controller.rb index bee3fa09d..0e16d1bac 100644 --- a/app/controllers/course_groups_controller.rb +++ b/app/controllers/course_groups_controller.rb @@ -1,5 +1,5 @@ class CourseGroupsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_group, except: [:create] before_action :find_course, only: [:create] before_action :teacher_or_admin_allowed diff --git a/app/controllers/course_modules_controller.rb b/app/controllers/course_modules_controller.rb index d8d4ea128..4e9f7b908 100644 --- a/app/controllers/course_modules_controller.rb +++ b/app/controllers/course_modules_controller.rb @@ -1,5 +1,5 @@ class CourseModulesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_module, except: [:unhidden_modules] before_action :find_course, only: [:unhidden_modules] before_action :teacher_allowed diff --git a/app/controllers/course_second_categories_controller.rb b/app/controllers/course_second_categories_controller.rb index d0f07f47f..ca544a584 100644 --- a/app/controllers/course_second_categories_controller.rb +++ b/app/controllers/course_second_categories_controller.rb @@ -1,5 +1,5 @@ class CourseSecondCategoriesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :set_category before_action :teacher_allowed diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index e6c4ae330..286935c17 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -11,7 +11,7 @@ class CoursesController < ApplicationController render_error(ex.model.errors.full_messages.join(',')) end - before_action :require_login, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner] + before_action :require_login, :check_auth, except: [:index, :show, :students, :teachers, :board_list, :mine, :all_course_groups, :left_banner, :top_banner] before_action :set_course, :user_course_identity, only: [:show, :update, :destroy, :settings, :set_invite_code_halt, :set_public_or_private, :search_teacher_candidate, :teachers, :apply_teachers, :top_banner, :left_banner, :add_teacher_popup, :add_teacher, diff --git a/app/controllers/ecs/base_controller.rb b/app/controllers/ecs/base_controller.rb index 9fb99c420..2cded249a 100644 --- a/app/controllers/ecs/base_controller.rb +++ b/app/controllers/ecs/base_controller.rb @@ -1,6 +1,6 @@ class Ecs::BaseController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :check_user_permission! helper_method :current_user, :current_school diff --git a/app/controllers/exercise_answers_controller.rb b/app/controllers/exercise_answers_controller.rb index aa3966d25..27e4aba11 100644 --- a/app/controllers/exercise_answers_controller.rb +++ b/app/controllers/exercise_answers_controller.rb @@ -1,5 +1,5 @@ class ExerciseAnswersController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :get_exercise_question include ExercisesHelper diff --git a/app/controllers/exercise_questions_controller.rb b/app/controllers/exercise_questions_controller.rb index e33e5e2dc..3d488c7b0 100644 --- a/app/controllers/exercise_questions_controller.rb +++ b/app/controllers/exercise_questions_controller.rb @@ -1,5 +1,5 @@ class ExerciseQuestionsController < ApplicationController - before_action :require_login #用户需登陆 + before_action :require_login, :check_auth #用户需登陆 before_action :get_exercise,only:[:new,:create] #获取试卷 before_action :get_exercise_question,except: [:new,:create] #获取试卷的问题及试卷 before_action :is_course_teacher #是否为老师 diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb index 6af48dbd1..862166f00 100644 --- a/app/controllers/exercises_controller.rb +++ b/app/controllers/exercises_controller.rb @@ -1,5 +1,5 @@ class ExercisesController < ApplicationController - before_action :require_login,except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course,only: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys, :join_exercise_banks,:publish_modal,:publish,:end_modal,:end_exercise] #需要有课堂id参数的 before_action :get_exercise,except: [:index,:new,:create,:my_exercises,:public_exercises,:set_public,:destroys, diff --git a/app/controllers/files_controller.rb b/app/controllers/files_controller.rb index b75020643..d090ae253 100644 --- a/app/controllers/files_controller.rb +++ b/app/controllers/files_controller.rb @@ -1,7 +1,7 @@ class FilesController < ApplicationController include MessagesHelper - before_action :require_login, except: %i[index] + before_action :require_login, :check_auth, except: %i[index] before_action :find_course, except: %i[public_with_course_and_project mine_with_course_and_project] before_action :find_ids, only: %i[bulk_delete bulk_send bulk_move bulk_public bulk_publish] before_action :file_validate_sort_type, only: :index diff --git a/app/controllers/games_controller.rb b/app/controllers/games_controller.rb index 929af8f47..217f1839a 100644 --- a/app/controllers/games_controller.rb +++ b/app/controllers/games_controller.rb @@ -1,5 +1,5 @@ class GamesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_game before_action :find_shixun, only: [:show, :answer, :rep_content, :choose_build, :game_build, :game_status] diff --git a/app/controllers/graduation_tasks_controller.rb b/app/controllers/graduation_tasks_controller.rb index fd6a1d859..fc9c8df45 100644 --- a/app/controllers/graduation_tasks_controller.rb +++ b/app/controllers/graduation_tasks_controller.rb @@ -1,5 +1,5 @@ class GraduationTasksController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course, except: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment] before_action :find_task, only: [:edit, :update, :settings, :update_settings, :tasks_list, :show, :show_comment] before_action :user_course_identity diff --git a/app/controllers/graduation_topics_controller.rb b/app/controllers/graduation_topics_controller.rb index 4ad07c77e..754b472c5 100644 --- a/app/controllers/graduation_topics_controller.rb +++ b/app/controllers/graduation_topics_controller.rb @@ -1,5 +1,5 @@ class GraduationTopicsController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] before_action :find_course before_action :teacher_allowed, only: [:new, :create, :update, :edit, :destroys, :set_public, :refuse_student_topic, :accept_student_topic, :export] diff --git a/app/controllers/graduation_works_controller.rb b/app/controllers/graduation_works_controller.rb index 7cf1a3393..a4a59a3f5 100644 --- a/app/controllers/graduation_works_controller.rb +++ b/app/controllers/graduation_works_controller.rb @@ -1,5 +1,5 @@ class GraduationWorksController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_task, only: [:new, :create, :search_member_list, :check_project, :relate_project, :cancel_relate_project] before_action :find_work, only: [:show, :edit, :update, :revise_attachment, :supply_attachments, :comment_list, diff --git a/app/controllers/homework_commons_controller.rb b/app/controllers/homework_commons_controller.rb index 6f0f10f4d..bbae7ba75 100644 --- a/app/controllers/homework_commons_controller.rb +++ b/app/controllers/homework_commons_controller.rb @@ -3,7 +3,7 @@ class HomeworkCommonsController < ApplicationController include ApplicationHelper include ExportHelper - before_action :require_login, except: [:index, :choose_category] + before_action :require_login, :check_auth, except: [:index, :choose_category] before_action :find_course, only: [:index, :create, :new, :shixuns, :subjects, :create_shixun_homework, :publish_homework, :end_homework, :set_public, :choose_category, :move_to_category, :choose_category, diff --git a/app/controllers/messages_controller.rb b/app/controllers/messages_controller.rb index 0c61e2b69..5bdc3e053 100644 --- a/app/controllers/messages_controller.rb +++ b/app/controllers/messages_controller.rb @@ -3,7 +3,7 @@ class MessagesController < ApplicationController SORT_TYPE = %w[time hot] - before_action :require_login, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public] + before_action :require_login, :check_auth, only: %i[create update sticky_top bulk_delete create destroy bulk_send bulk_move bulk_public] before_action :find_board, only: [:create, :index, :bulk_delete, :bulk_move, :bulk_send, :bulk_public] before_action :find_message, only: [:update, :destroy, :sticky_top, :reply_list, :destroy, :reply] before_action :validate_delete_params, only: %i[bulk_delete bulk_public] diff --git a/app/controllers/myshixuns_controller.rb b/app/controllers/myshixuns_controller.rb index f4549d691..276fbef32 100644 --- a/app/controllers/myshixuns_controller.rb +++ b/app/controllers/myshixuns_controller.rb @@ -1,5 +1,5 @@ class MyshixunsController < ApplicationController - before_action :require_login, :except => [:training_task_status, :code_runinng_message] + before_action :require_login, :check_auth, :except => [:training_task_status, :code_runinng_message] before_action :find_myshixun, :except => [:training_task_status, :code_runinng_message] before_action :find_repo_name, :except => [:training_task_status, :code_runinng_message] skip_before_action :verify_authenticity_token, :only => [:html_content] diff --git a/app/controllers/poll_questions_controller.rb b/app/controllers/poll_questions_controller.rb index 84e21c4e8..6a0b9ea47 100644 --- a/app/controllers/poll_questions_controller.rb +++ b/app/controllers/poll_questions_controller.rb @@ -1,5 +1,5 @@ class PollQuestionsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :get_poll,only:[:new,:create] before_action :get_poll_question,except: [:new,:create] before_action :is_course_teacher diff --git a/app/controllers/poll_votes_controller.rb b/app/controllers/poll_votes_controller.rb index c11248054..b1191d8ea 100644 --- a/app/controllers/poll_votes_controller.rb +++ b/app/controllers/poll_votes_controller.rb @@ -1,6 +1,6 @@ class PollVotesController < ApplicationController #在开始回答和提交问卷的时候,已经做了判断用户的身份权限 - before_action :require_login + before_action :require_login, :check_auth before_action :get_poll_question before_action :check_answer_in_question diff --git a/app/controllers/polls_controller.rb b/app/controllers/polls_controller.rb index e2d0ce3cd..70995fbcf 100644 --- a/app/controllers/polls_controller.rb +++ b/app/controllers/polls_controller.rb @@ -1,6 +1,6 @@ class PollsController < ApplicationController # before_action :check_poll_status 问卷的发消息和定时任务没有做 - before_action :require_login,except: [:index] + before_action :require_login, :check_auth,except: [:index] before_action :find_course, except: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer,:commit_poll, :commit_result,:poll_lists,:cancel_publish,:cancel_publish_modal,:common_header] before_action :get_poll_and_course, only: [:show,:poll_setting,:commit_setting,:edit,:update,:start_answer, diff --git a/app/controllers/praise_tread_controller.rb b/app/controllers/praise_tread_controller.rb index bf814db77..459eb4bad 100644 --- a/app/controllers/praise_tread_controller.rb +++ b/app/controllers/praise_tread_controller.rb @@ -1,6 +1,6 @@ class PraiseTreadController < ApplicationController include MessagesHelper - before_action :require_login + before_action :require_login, :check_auth before_action :validate_params, only: [:like, :unlike] before_action :find_object diff --git a/app/controllers/question_banks_controller.rb b/app/controllers/question_banks_controller.rb index 22650f2d3..e30065d09 100644 --- a/app/controllers/question_banks_controller.rb +++ b/app/controllers/question_banks_controller.rb @@ -1,5 +1,5 @@ class QuestionBanksController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :params_filter # 题库选用列表 diff --git a/app/controllers/shixuns_controller.rb b/app/controllers/shixuns_controller.rb index 3b3e0478a..2d708bfa8 100644 --- a/app/controllers/shixuns_controller.rb +++ b/app/controllers/shixuns_controller.rb @@ -1,5 +1,5 @@ class ShixunsController < ApplicationController - before_action :require_login, except: [:download_file, :index, :menus] + before_action :require_login, :check_auth, except: [:download_file, :index, :menus] before_action :check_auth, except: [:download_file, :index, :menus] before_action :find_shixun, :shixun_access_allowed, except: [:index, :new, :create, :menus, :get_recommend_shixuns, diff --git a/app/controllers/stages_controller.rb b/app/controllers/stages_controller.rb index 3d0087981..c62832365 100644 --- a/app/controllers/stages_controller.rb +++ b/app/controllers/stages_controller.rb @@ -1,5 +1,5 @@ class StagesController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :find_subject, only: [:create, :index] before_action :find_stage, only: [:update, :destroy, :edit, :up_position, :down_position] before_action :allowed, except: [:index] diff --git a/app/controllers/student_works_controller.rb b/app/controllers/student_works_controller.rb index 1c98db56c..9b32358bd 100644 --- a/app/controllers/student_works_controller.rb +++ b/app/controllers/student_works_controller.rb @@ -2,7 +2,7 @@ class StudentWorksController < ApplicationController include HomeworkCommonsHelper include StudentWorksHelper - before_action :require_login + before_action :require_login, :check_auth before_action :find_homework, only: [:new, :create, :search_member_list, :check_project, :relate_project, :cancel_relate_project] before_action :find_work, only: [:shixun_work_report, :adjust_review_score, :shixun_work, :commit_des, :update_des, diff --git a/app/controllers/subjects_controller.rb b/app/controllers/subjects_controller.rb index 46f3b4850..b3e317e4b 100644 --- a/app/controllers/subjects_controller.rb +++ b/app/controllers/subjects_controller.rb @@ -1,5 +1,5 @@ class SubjectsController < ApplicationController - before_action :require_login, except: [:index] + before_action :require_login, :check_auth, except: [:index] # before_action :check_auth, except: [:index] before_action :find_subject, except: [:index, :create, :append_to_stage] before_action :allowed, only: [:update, :edit, :destroy, :publish, :cancel_publish, :cancel_has_publish, diff --git a/app/controllers/users/base_account_controller.rb b/app/controllers/users/base_account_controller.rb index 29de52b26..5c474517d 100644 --- a/app/controllers/users/base_account_controller.rb +++ b/app/controllers/users/base_account_controller.rb @@ -1,5 +1,5 @@ class Users::BaseAccountController < Users::BaseController - before_action :require_login + before_action :require_login, :check_auth def observed_user @_observed_user ||= (User.find_by_id(params[:account_id]) || User.find_by_login(params[:account_id])) diff --git a/app/controllers/users/interests_controller.rb b/app/controllers/users/interests_controller.rb index 93836fd63..bac9c568d 100644 --- a/app/controllers/users/interests_controller.rb +++ b/app/controllers/users/interests_controller.rb @@ -1,6 +1,6 @@ class Users::InterestsController < Users::BaseController skip_before_action :check_observed_user_exists! - before_action :require_login + before_action :require_login, :check_auth def create identity = params[:identity].to_s.strip diff --git a/app/controllers/users/watches_controller.rb b/app/controllers/users/watches_controller.rb index 95a0b38cd..867106c52 100644 --- a/app/controllers/users/watches_controller.rb +++ b/app/controllers/users/watches_controller.rb @@ -1,5 +1,5 @@ class Users::WatchesController < Users::BaseController - before_action :require_login + before_action :require_login, :check_auth def create if observed_logged_user? diff --git a/app/controllers/zips_controller.rb b/app/controllers/zips_controller.rb index a4140fe34..10baf2454 100644 --- a/app/controllers/zips_controller.rb +++ b/app/controllers/zips_controller.rb @@ -1,5 +1,5 @@ class ZipsController < ApplicationController - before_action :require_login + before_action :require_login, :check_auth before_action :load_homework, only: [:shixun_report] before_action :get_exercise, only: [:export_exercises]