From aa2cc34cc9d0b1d27f0462a17df32bb2b2f07334 Mon Sep 17 00:00:00 2001 From: cxt <853663049@qq.com> Date: Wed, 24 Jul 2019 18:23:59 +0800 Subject: [PATCH] =?UTF-8?q?=E9=99=84=E4=BB=B6=E4=B8=8B=E8=BD=BD=E8=B0=83?= =?UTF-8?q?=E6=95=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controllers/attachments_controller.rb | 55 ++++++++++++----------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 8eb7ffebc..07ab97cb5 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -4,14 +4,15 @@ class AttachmentsController < ApplicationController before_action :require_login, :check_auth, except: [:show] before_action :find_file, only: %i[show destroy] + before_action :attachment_candown, only: [:show] include ApplicationHelper def show # 1. 优先跳到cdn # 2. 如果没有cdn,send_file - candown = attachment_candown @file - tip_exception("您没有权限下载该附件") if !candown + # candown = attachment_candown @file + # tip_exception(403,"您没有权限下载该附件") if !candown if @file.cloud_url.present? update_downloads(@file) redirect_to @file.cloud_url and return @@ -160,32 +161,32 @@ class AttachmentsController < ApplicationController edu_setting('public_cdn_host') + "/" + path end - def attachment_candown attachment - return true if current_user.admin? || current_user.business? - candown = false - if attachment.container && current_user.logged? - # 课堂资源、作业、毕设相关资源的权限判断 - if attachment.container.is_a?(Course) - course = attachment.container - candown = current_user.member_of_course?(course) || attachment.is_public == 1 - elsif attachment.container.is_a?(HomeworkCommon) || attachment.container.is_a?(GraduationTask) || attachment.container.is_a?(GraduationTopic) - course = attachment.container&.course - elsif attachment.container.is_a?(StudentWork) - course = attachment.container&.homework_common&.course - elsif attachment.container.is_a?(StudentWorksScore) - course = attachment.container&.student_work&.homework_common&.course - elsif attachment.container.is_a?(GraduationWork) - course = attachment.container&.graduation_task&.course - elsif attachment.container.is_a?(GraduationWorkScore) - course = attachment.container&.graduation_work&.graduation_task&.course - else - candown = true - end - - candown = !candown && course.present? ? current_user.member_of_course?(course) : candown - else + def attachment_candown + unless current_user.admin? || current_user.business? candown = true + if @file.container && current_user.logged? + # 课堂资源、作业、毕设相关资源的权限判断 + if @file.container.is_a?(Course) + course = @file.container + candown = current_user.member_of_course?(course) || @file.is_public == 1 + elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic) + course = @file.container&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(StudentWork) + course = @file.container&.homework_common&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(StudentWorksScore) + course = @file.container&.student_work&.homework_common&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(GraduationWork) + course = @file.container&.graduation_task&.course + candown = current_user.member_of_course?(course) + elsif @file.container.is_a?(GraduationWorkScore) + course = @file.container&.graduation_work&.graduation_task&.course + candown = current_user.member_of_course?(course) + end + tip_exception(409, "您没有权限进入") if course.present? && !candown + end end - candown end end