附件下载调整

dev_forum
cxt 5 years ago
parent ab1039df49
commit aa2cc34cc9

@ -4,14 +4,15 @@
class AttachmentsController < ApplicationController class AttachmentsController < ApplicationController
before_action :require_login, :check_auth, except: [:show] before_action :require_login, :check_auth, except: [:show]
before_action :find_file, only: %i[show destroy] before_action :find_file, only: %i[show destroy]
before_action :attachment_candown, only: [:show]
include ApplicationHelper include ApplicationHelper
def show def show
# 1. 优先跳到cdn # 1. 优先跳到cdn
# 2. 如果没有cdnsend_file # 2. 如果没有cdnsend_file
candown = attachment_candown @file # candown = attachment_candown @file
tip_exception("您没有权限下载该附件") if !candown # tip_exception(403,"您没有权限下载该附件") if !candown
if @file.cloud_url.present? if @file.cloud_url.present?
update_downloads(@file) update_downloads(@file)
redirect_to @file.cloud_url and return redirect_to @file.cloud_url and return
@ -160,32 +161,32 @@ class AttachmentsController < ApplicationController
edu_setting('public_cdn_host') + "/" + path edu_setting('public_cdn_host') + "/" + path
end end
def attachment_candown attachment def attachment_candown
return true if current_user.admin? || current_user.business? unless current_user.admin? || current_user.business?
candown = false
if attachment.container && current_user.logged?
# 课堂资源、作业、毕设相关资源的权限判断
if attachment.container.is_a?(Course)
course = attachment.container
candown = current_user.member_of_course?(course) || attachment.is_public == 1
elsif attachment.container.is_a?(HomeworkCommon) || attachment.container.is_a?(GraduationTask) || attachment.container.is_a?(GraduationTopic)
course = attachment.container&.course
elsif attachment.container.is_a?(StudentWork)
course = attachment.container&.homework_common&.course
elsif attachment.container.is_a?(StudentWorksScore)
course = attachment.container&.student_work&.homework_common&.course
elsif attachment.container.is_a?(GraduationWork)
course = attachment.container&.graduation_task&.course
elsif attachment.container.is_a?(GraduationWorkScore)
course = attachment.container&.graduation_work&.graduation_task&.course
else
candown = true candown = true
if @file.container && current_user.logged?
# 课堂资源、作业、毕设相关资源的权限判断
if @file.container.is_a?(Course)
course = @file.container
candown = current_user.member_of_course?(course) || @file.is_public == 1
elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic)
course = @file.container&.course
candown = current_user.member_of_course?(course)
elsif @file.container.is_a?(StudentWork)
course = @file.container&.homework_common&.course
candown = current_user.member_of_course?(course)
elsif @file.container.is_a?(StudentWorksScore)
course = @file.container&.student_work&.homework_common&.course
candown = current_user.member_of_course?(course)
elsif @file.container.is_a?(GraduationWork)
course = @file.container&.graduation_task&.course
candown = current_user.member_of_course?(course)
elsif @file.container.is_a?(GraduationWorkScore)
course = @file.container&.graduation_work&.graduation_task&.course
candown = current_user.member_of_course?(course)
end
tip_exception(409, "您没有权限进入") if course.present? && !candown
end end
candown = !candown && course.present? ? current_user.member_of_course?(course) : candown
else
candown = true
end end
candown
end end
end end

Loading…
Cancel
Save