From 7a65ebaf7632d0851f75f357adf55d592f10f078 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 24 Jul 2019 17:54:14 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E9=99=84=E4=BB=B6=E7=9A=84=E6=9D=83?= =?UTF-8?q?=E9=99=90=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 33 ++++++++++++++++++++++- app/models/user.rb | 2 +- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 014262aea..8eb7ffebc 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -2,7 +2,7 @@ # # 文件上传 class AttachmentsController < ApplicationController - before_action :require_login, :check_auth + before_action :require_login, :check_auth, except: [:show] before_action :find_file, only: %i[show destroy] include ApplicationHelper @@ -10,6 +10,8 @@ class AttachmentsController < ApplicationController def show # 1. 优先跳到cdn # 2. 如果没有cdn,send_file + candown = attachment_candown @file + tip_exception("您没有权限下载该附件") if !candown if @file.cloud_url.present? update_downloads(@file) redirect_to @file.cloud_url and return @@ -157,4 +159,33 @@ class AttachmentsController < ApplicationController end edu_setting('public_cdn_host') + "/" + path end + + def attachment_candown attachment + return true if current_user.admin? || current_user.business? + candown = false + if attachment.container && current_user.logged? + # 课堂资源、作业、毕设相关资源的权限判断 + if attachment.container.is_a?(Course) + course = attachment.container + candown = current_user.member_of_course?(course) || attachment.is_public == 1 + elsif attachment.container.is_a?(HomeworkCommon) || attachment.container.is_a?(GraduationTask) || attachment.container.is_a?(GraduationTopic) + course = attachment.container&.course + elsif attachment.container.is_a?(StudentWork) + course = attachment.container&.homework_common&.course + elsif attachment.container.is_a?(StudentWorksScore) + course = attachment.container&.student_work&.homework_common&.course + elsif attachment.container.is_a?(GraduationWork) + course = attachment.container&.graduation_task&.course + elsif attachment.container.is_a?(GraduationWorkScore) + course = attachment.container&.graduation_work&.graduation_task&.course + else + candown = true + end + + candown = !candown && course.present? ? current_user.member_of_course?(course) : candown + else + candown = true + end + candown + end end diff --git a/app/models/user.rb b/app/models/user.rb index 03c97b9f3..34576db66 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -250,7 +250,7 @@ class User < ApplicationRecord # 课堂成员 def member_of_course?(course) - course.course_members.exists?(user_id: id) + course&.course_members.exists?(user_id: id) end # 实训路径管理员:创建者或admin From 91bcb7bba46f7fb40981400102a04afed502814c Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 24 Jul 2019 17:54:38 +0800 Subject: [PATCH 2/3] =?UTF-8?q?=E8=B0=83=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/application_controller.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index cc1fc167e..c80ca2348 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -232,6 +232,14 @@ class ApplicationController < ActionController::Base User.current = User.find 12 end + if params[:debug] == 'teacher' #todo 为了测试,记得讲debug删除 + User.current = User.find 81403 + elsif params[:debug] == 'student' + User.current = User.find 8686 + elsif params[:debug] == 'admin' + User.current = User.find 1 + end + # User.current = User.find 81403 end From ab1039df4963e724248c773097f47f082bfb8083 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 24 Jul 2019 18:02:44 +0800 Subject: [PATCH 3/3] =?UTF-8?q?=E5=88=A0=E9=99=A4=E6=95=99=E5=B8=88?= =?UTF-8?q?=E5=92=8C=E5=8A=A9=E6=95=99=E7=9A=84=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/courses_controller.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb index bb0737128..f5830adff 100644 --- a/app/controllers/courses_controller.rb +++ b/app/controllers/courses_controller.rb @@ -29,10 +29,10 @@ class CoursesController < ApplicationController :transfer_to_course_group, :delete_from_course, :search_users, :add_students_by_search, :get_historical_courses, :add_teacher_popup, :add_teacher] before_action :admin_allowed, only: [:set_invite_code_halt, :set_public_or_private, :change_course_admin, - :set_course_group, :delete_course_teacher, :create_group_by_importing_file] + :set_course_group, :create_group_by_importing_file] before_action :teacher_or_admin_allowed, only: [:graduation_group_list, :create_graduation_group, :join_graduation_group, :change_course_teacher, :export_member_scores_excel, :course_group_list, - :teacher_application_review, :apply_teachers] + :teacher_application_review, :apply_teachers, :delete_course_teacher] before_action :validate_course_name, only: [:create, :update] before_action :find_board, only: :board_list before_action :validate_page_size, only: :mine