From 6aa6482f8cca4bd5ce9ace45128b5475a9461f16 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Thu, 5 Sep 2019 15:07:46 +0800 Subject: [PATCH] =?UTF-8?q?=E9=A2=98=E5=BA=93=E7=9A=84tiaozn?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/question_banks_controller.rb | 2 +- app/views/exercise_banks/show.json.jbuilder | 2 ++ app/views/graduation_tasks/show.json.jbuilder | 1 + app/views/gtopic_banks/show.json.jbuilder | 1 + app/views/homework_banks/show.json.jbuilder | 1 + 5 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/question_banks_controller.rb b/app/controllers/question_banks_controller.rb index f09a53dbe..e7be8b395 100644 --- a/app/controllers/question_banks_controller.rb +++ b/app/controllers/question_banks_controller.rb @@ -88,7 +88,7 @@ class QuestionBanksController < ApplicationController end def send_to_course - banks = object_banks + banks = @object_type.classify.constantize.where(id: params[:object_id]) course = current_user.manage_courses.find_by!(id: params[:course_id]) banks.each do |bank| case @object_type diff --git a/app/views/exercise_banks/show.json.jbuilder b/app/views/exercise_banks/show.json.jbuilder index bc7a6419c..802e863cb 100644 --- a/app/views/exercise_banks/show.json.jbuilder +++ b/app/views/exercise_banks/show.json.jbuilder @@ -2,6 +2,7 @@ if @bank.container_type == "Exercise" json.exercise do json.extract! @bank, :id, :name, :description, :is_public end + json.authorize @bank.user_id == current_user.id || current_user.admin? json.partial! "exercises/exercise_scores" @@ -20,6 +21,7 @@ else json.poll do json.extract! @bank, :id, :name, :description, :is_public end + json.authorize @bank.user_id == current_user.id || current_user.admin? json.question_types do json.q_counts @poll_questions_count diff --git a/app/views/graduation_tasks/show.json.jbuilder b/app/views/graduation_tasks/show.json.jbuilder index b5cd1620b..c211e7fe3 100644 --- a/app/views/graduation_tasks/show.json.jbuilder +++ b/app/views/graduation_tasks/show.json.jbuilder @@ -1,6 +1,7 @@ json.partial! "public_navigation", locals: {graduation: @task, course: @course} json.description @task.description json.user_id @task.user_id +json.authorize @task.user_id == current_user.id || current_user.admin? # 附件 json.attachments @attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} diff --git a/app/views/gtopic_banks/show.json.jbuilder b/app/views/gtopic_banks/show.json.jbuilder index 9c5226930..7ab86674d 100644 --- a/app/views/gtopic_banks/show.json.jbuilder +++ b/app/views/gtopic_banks/show.json.jbuilder @@ -1,5 +1,6 @@ json.(@bank, :id, :name, :description, :is_public, :topic_type, :topic_source, :topic_property_first, :topic_property_second, :source_unit, :topic_repeat, :province, :city) +json.authorize @bank.user_id == current_user.id || current_user.admin? json.attachment_list @bank_attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment} diff --git a/app/views/homework_banks/show.json.jbuilder b/app/views/homework_banks/show.json.jbuilder index 34ca5ec25..f3785173a 100644 --- a/app/views/homework_banks/show.json.jbuilder +++ b/app/views/homework_banks/show.json.jbuilder @@ -1,4 +1,5 @@ json.(@bank, :id, :name, :description, :homework_type, :is_public, :min_num, :max_num, :base_on_project, :reference_answer) +json.authorize @bank.user_id == current_user.id || current_user.admin? json.attachments @bank_attachments do |attachment| json.partial! "attachments/attachment_simple", locals: {attachment: attachment}