From 4478c86ceae67bb8680b36cd24a6663cb50567d2 Mon Sep 17 00:00:00 2001 From: z9hang Date: Fri, 6 Jun 2014 10:37:06 +0800 Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E8=AF=BE=E7=A8=8B=20?= =?UTF-8?q?=E6=9F=A5=E7=9C=8B=E7=9C=9F=E5=90=8D=E3=80=81=E6=9F=A5=E7=9C=8B?= =?UTF-8?q?=E6=88=90=E5=91=98=E3=80=81=E4=BD=9C=E4=B8=9A=E5=AF=BC=E5=87=BA?= =?UTF-8?q?=E6=9D=83=E9=99=90=E4=BB=A3=E7=A0=81=EF=BC=88=E6=9C=AA=E5=BA=94?= =?UTF-8?q?=E7=94=A8=EF=BC=89?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Gemfile.lock | 2 +- app/controllers/projects_controller.rb | 5 ++++- app/controllers/zipdown_controller.rb | 14 ++++++++++++++ config/locales/zh.yml | 4 ++-- lib/redmine.rb | 6 +++--- 5 files changed, 24 insertions(+), 7 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 6680070a..e6ee7da7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -134,7 +134,7 @@ PLATFORMS DEPENDENCIES activerecord-jdbc-adapter (= 1.2.5) activerecord-jdbcmysql-adapter - acts-as-taggable-on + acts-as-taggable-on (= 2.4.1) better_errors! builder (= 3.0.0) coderay (~> 1.0.6) diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb index 8d6f5371..ad3dc3dc 100644 --- a/app/controllers/projects_controller.rb +++ b/app/controllers/projects_controller.rb @@ -37,7 +37,7 @@ class ProjectsController < ApplicationController # before_filter :authorize, :except => [:new_join, :new_homework, :homework, :statistics, :search, :watcherlist, :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy, :member, :focus, :file, # :statistics, :feedback, :course, :enterprise_course, :course_enterprise, :project_respond, :share, # :show_projects_score, :issue_score_index, :news_score_index, :file_score_index, :code_submit_score_index, :projects_topic_score_index] - #此条勿删 课程相关权限 ,:new_homework,:homework,:feedback + #此条勿删 课程相关权限 ,:new_homework,:homework,:feedback,,:member before_filter :authorize, :only => [:show, :settings, :edit, :sort_project_members, :update, :modules, :close, :reopen,:view_homework_attaches,:course] before_filter :authorize_global, :only => [:new, :create,:view_homework_attaches] before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy, :calendar] @@ -722,6 +722,9 @@ class ProjectsController < ApplicationController @teachers= searchTeacherAndAssistant(@project) @canShowRealName = isCourseTeacher(User.current.id) end + + #勿删 real_name action为虚拟的该方法并不存在,用来辅助判断真名权限 + #勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false) respond_to do |format| format.html{render :layout => 'base_courses' if @base_courses_tag==1} format.api diff --git a/app/controllers/zipdown_controller.rb b/app/controllers/zipdown_controller.rb index 5caa97a2..ee546080 100644 --- a/app/controllers/zipdown_controller.rb +++ b/app/controllers/zipdown_controller.rb @@ -1,7 +1,21 @@ class ZipdownController < ApplicationController + #查找项目(课程) + before_filter :find_project_by_bid_id, :only => [:assort,:download_user_homework] + #检查权限 + #勿删 before_filter :authorize, :only => [:assort,:download_user_homework] SAVE_FOLDER = "#{Rails.root}/files" OUTPUT_FOLDER = "#{Rails.root}/tmp/archiveZip" + #通过作业Id找到项目(课程) + def find_project_by_bid_id + obj_class = params[:obj_class] + obj_id = params[:obj_id] + obj = obj_class.constantize.find(obj_id) + case obj.class.to_s.to_sym + when :Bid + @project = obj.courses[0] + end + end def assort obj_class = params[:obj_class] obj_id = params[:obj_id] diff --git a/config/locales/zh.yml b/config/locales/zh.yml index 139e8fe9..42886845 100644 --- a/config/locales/zh.yml +++ b/config/locales/zh.yml @@ -453,7 +453,7 @@ zh: permission_export_wiki_pages: 导出 wiki 页面 permission_manage_subtasks: 管理子任务 permission_view_journals_for_messages: 查看留言 - permission_view_courses: 查看课程列表 + permission_view_courses: 查看课程 permission_new_course: 新建课程 permission_configure_course: 配置课程 permission_close_course: 关闭/重开课程 @@ -471,7 +471,7 @@ zh: permission_view_placeholder: 查看占位 permission_view_course_messages: 查看留言 permission_view_real_name: 查看真名 - permission_view_students: 查看学生列表 + permission_view_students: 查看成员 permission_export_homeworks: 导出作业 diff --git a/lib/redmine.rb b/lib/redmine.rb index 33d9bf58..7d3aa9ea 100644 --- a/lib/redmine.rb +++ b/lib/redmine.rb @@ -197,9 +197,9 @@ Redmine::AccessControl.map do |map| map.permission :view_assignment,{:projects => [:homework]},:read => true map.permission :view_placeholder,{:bids => [:show_project]},:read => true map.permission :view_course_messages,{:projects => [:feedback]},:read => true - map.permission :view_real_name,{},:read => true - map.permission :view_students,{}, :read=>true - map.permission :export_homeworks,{},:read => true + map.permission :view_real_name,{:projects => [:real_name]},:read => true + map.permission :view_students,{:projects => [:member]}, :read=>true + map.permission :export_homeworks,{:zipdown => [:assort,:download_user_homework]},:read => true end map.project_module :boards do |map|