From 99d94df66117f9939ed3141e9e98d7ba9d653595 Mon Sep 17 00:00:00 2001
From: jasder <jasder@jasderdeMacBook-Pro.local>
Date: Mon, 1 Jul 2019 14:44:49 +0800
Subject: [PATCH] =?UTF-8?q?FIX=20=E2=80=98=E5=88=A0=E9=99=A4=E2=80=99?=
 =?UTF-8?q?=E5=85=AC=E5=85=B1api=E6=9B=B4=E6=94=B9=E5=88=A0=E9=99=A4?=
 =?UTF-8?q?=E6=9D=83=E9=99=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/commons_controller.rb | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/controllers/commons_controller.rb b/app/controllers/commons_controller.rb
index ca68c65d3..105cbefbe 100644
--- a/app/controllers/commons_controller.rb
+++ b/app/controllers/commons_controller.rb
@@ -42,7 +42,18 @@ class CommonsController < ApplicationController
   end
 
   def validate_power
-    tip_exception(403, "无操作权限") unless current_user.admin?
+    code =
+      case params[:object_type].strip
+      when 'message'
+        if current_user.course_identity(@object.board.course) >= 5 || @object.author != current_user
+          403
+        else
+          200
+        end
+      else
+        current_user.admin? ? 200 : 403
+      end
+    return normal_status(403, "你没有权限操作！") if code == 403
   end
 
   def action(flag)