From 93eac23c58ffb58ea35c1b39d2af8ba617b8ca95 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Fri, 16 Aug 2019 19:17:48 +0800 Subject: [PATCH] =?UTF-8?q?=E8=B5=84=E6=BA=90=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 44 ++++++++++++----------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index a6c74818c..a85937315 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -162,28 +162,30 @@ class AttachmentsController < ApplicationController def attachment_candown unless current_user.admin? || current_user.business? candown = true - if @file.container && current_user.logged? - # 课堂资源、作业、毕设相关资源的权限判断 - if @file.container.is_a?(Course) - course = @file.container - candown = current_user.member_of_course?(course) || @file.is_public == 1 - elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic) - course = @file.container&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(StudentWork) - course = @file.container&.homework_common&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(StudentWorksScore) - course = @file.container&.student_work&.homework_common&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(GraduationWork) - course = @file.container&.graduation_task&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(GraduationWorkScore) - course = @file.container&.graduation_work&.graduation_task&.course - candown = current_user.member_of_course?(course) + unless params[:type] == 'history' + if @file.container && current_user.logged? + # 课堂资源、作业、毕设相关资源的权限判断 + if @file.container.is_a?(Course) + course = @file.container + candown = current_user.member_of_course?(course) || @file.is_public == 1 + elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic) + course = @file.container&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(StudentWork) + course = @file.container&.homework_common&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(StudentWorksScore) + course = @file.container&.student_work&.homework_common&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(GraduationWork) + course = @file.container&.graduation_task&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(GraduationWorkScore) + course = @file.container&.graduation_work&.graduation_task&.course + candown = current_user.member_of_course?(course) + end + tip_exception(403, "您没有权限进入") if course.present? && !candown end - tip_exception(403, "您没有权限进入") if course.present? && !candown end end end