class CommonsController < ApplicationController OBJECT_TYPE = %W[message journals_for_message] before_action :require_login before_action :validate_object_type before_action :find_object before_action :validate_power def delete begin @object.destroy! rescue Exception => e uid_logger_error(e.message) tip_exception(e.message) raise ActiveRecord::Rollback end end def hidden action(true) end def unhidden action(false) end private def find_object begin @object = params[:object_type].strip.classify.constantize.find params[:object_id] rescue Exception => e uid_logger_error(e.message) tip_exception(e.message) return end end def validate_object_type return normal_status(2, "缺少object_id参数") if params[:object_id].blank? return normal_status(2, "缺少object_type参数") if params[:object_type].blank? return normal_status(2, "object_type参数格式错误") unless OBJECT_TYPE.include? params[:object_type].strip end def validate_power code = case params[:object_type].strip when 'message' if current_user.course_identity(@object.board.course) >= 5 || @object.author != current_user 403 else 200 end else current_user.admin? ? 200 : 403 end return normal_status(403, "你没有权限操作!") if code == 403 end def action(flag) begin @object.has_attribute?(:is_hidden) ? @object.update_attributes(:is_hidden => flag ) : @object.update_attributes(:hidden => flag ) rescue Exception => e uid_logger_error(e.message) tip_exception(e.message) raise ActiveRecord::Rollback end end end