|
|
|
@ -1,4 +1,5 @@
|
|
|
|
|
class Users::QuestionBanksController < Users::BaseController
|
|
|
|
|
before_action :require_login
|
|
|
|
|
before_action :check_query_params!
|
|
|
|
|
before_action :check_user_permission!
|
|
|
|
|
|
|
|
|
@ -62,12 +63,10 @@ class Users::QuestionBanksController < Users::BaseController
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def check_user_permission!
|
|
|
|
|
return if User.current.admin? || (observed_logged_user? && read_question_bank_permission?)
|
|
|
|
|
|
|
|
|
|
render_forbidden
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def read_question_bank_permission?
|
|
|
|
|
params[:type] == 'personal' ? User.current.is_teacher? : User.current.certification_teacher?
|
|
|
|
|
if params[:type] == 'publicly'
|
|
|
|
|
render_error("未通过职业认证") unless User.current.admin? || User.current.certification_teacher?
|
|
|
|
|
else
|
|
|
|
|
render_forbidden unless User.current.admin? || User.current.is_teacher?
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|