p49726105
/
bigdir
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

作业的增、删、改、查以及作业资料的下载增加权限控制

This commit is contained in:
sw 2014-06-04 16:23:43 +08:00
parent 78ac974a75
commit af68d15451
2 changed files with 77 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
app/controllers/homework_attach_controller.rb
View File

@ -18,7 +18,8 @@ class HomeworkAttachController < ApplicationController
end
def create
#if User.current.logged? && (!Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.nil? && (Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.roles&Role.where('id = ? or id = ? or id =?',5, 10, 7)).size >0)
bid = Bid.find params[:bid_id]
if User.current.admin? || User.current.member_of?(bid.courses.first)
user_id = params[:user_id]
bid_id = params[:bid_id]
sta = 0
@ -32,7 +33,7 @@ class HomeworkAttachController < ApplicationController
:bid_id => bid_id
}
#@bid = Bid.find bid_id
#@homework_list = @bid.homeworks
@homework = HomeworkAttach.new(options)
@ -45,77 +46,98 @@ class HomeworkAttachController < ApplicationController
format.json { head :no_content }
end
else
render_403 :message => :notice_not_authorized
end
#end
else
end
end
def new
@homework = HomeworkAttach.new
@bid = Bid.find(params[:id])
respond_to do |format|
format.html # new.html.erb
format.json { render json: @homework }
if User.current.admin? || User.current.member_of?(@bid.courses.first)
@homework = HomeworkAttach.new
respond_to do |format|
format.html # new.html.erb
format.json { render json: @homework }
end
else
render_403 :message => :notice_not_authorized
end
end
def edit
@homework = HomeworkAttach.find(params[:id])
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
else
render_403 :message => :notice_not_authorized
end
end
def update
@homework = HomeworkAttach.find(params[:id])
name = params[:homework_name]
description = params[:homework_description]
@homework.name = name
@homework.description = description
if params[:attachments]
@homework.save_attachments(params[:attachments])
end
if @homework.save
respond_to do |format|
format.html { redirect_to project_for_bid_path @homework.bid }
format.json { head :no_content }
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
name = params[:homework_name]
description = params[:homework_description]
@homework.name = name
@homework.description = description
if params[:attachments]
@homework.save_attachments(params[:attachments])
end
if @homework.save
respond_to do |format|
format.html { redirect_to project_for_bid_path @homework.bid }
format.json { head :no_content }
end
else
end
else
render_403 :message => :notice_not_authorized
end
end
def destroy
@homework = HomeworkAttach.find(params[:id])
if @homework.destroy
respond_to do |format|
format.html { redirect_to project_for_bid_path @homework.bid }
format.json { head :no_content }
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
if @homework.destroy
respond_to do |format|
format.html { redirect_to project_for_bid_path @homework.bid }
format.json { head :no_content }
end
else
end
else
render_403 :message => :notice_not_authorized
end
end
#显示作业信息
def show
@homework = HomeworkAttach.find(params[:id])
# 打分统计
stars_reates = @homework.
rates(:quality)
stars_reates_count = stars_reates.count == 0 ? 1 : stars_reates.count
stars_status = stars_reates.select("stars, count(*) as scount").
group("stars")
@stars_status_map = Hash.new(0.0)
stars_status.each do |star_status|
percent = (star_status.scount * 1.0/ stars_reates_count) * 100.to_f
percent_m = format("%.2f", percent)
@stars_status_map["star#{star_status.stars.to_i}".to_sym] =
percent_m.to_s + "%"
if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
# 打分统计
stars_reates = @homework.
rates(:quality)
stars_reates_count = stars_reates.count == 0 ? 1 : stars_reates.count
stars_status = stars_reates.select("stars, count(*) as scount").
group("stars")
@stars_status_map = Hash.new(0.0)
stars_status.each do |star_status|
percent = (star_status.scount * 1.0/ stars_reates_count) * 100.to_f
percent_m = format("%.2f", percent)
@stars_status_map["star#{star_status.stars.to_i}".to_sym] =
percent_m.to_s + "%"
end
@limit = 10
@jours = @homework.journals_for_messages.where("is_comprehensive_evaluation is null").order("created_on DESC")
@feedback_count = @jours.count
@feedback_pages = Paginator.new @feedback_count, @limit, params['page']
@offset ||= @feedback_pages.offset
@jour = @jours[@offset, @limit]
@comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC")
else
render_403 :message => :notice_not_authorized
end
@limit = 10
@jours = @homework.journals_for_messages.where("is_comprehensive_evaluation is null").order("created_on DESC")
@feedback_count = @jours.count
@feedback_pages = Paginator.new @feedback_count, @limit, params['page']
@offset ||= @feedback_pages.offset
@jour = @jours[@offset, @limit]
@comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC")
end
#删除留言

19
app/controllers/zipdown_controller.rb
View File

@ -26,14 +26,19 @@ class ZipdownController < ApplicationController
obj_id = params[:obj_id]
user_id = params[:user_id]
obj = obj_class.constantize.find(obj_id)
zipfile = nil
case obj.class.to_s.to_sym
when :Bid
zipfile = zip_user_bid obj,user_id
else
logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!"
if User.current.admin? || User.current.member_of?(obj.courses.first)
zipfile = nil
case obj.class.to_s.to_sym
when :Bid
zipfile = zip_user_bid obj,user_id
else
logger.error "[ZipDown#assort] ===> #{obj.class.to_s.to_sym} unKown !!"
end
send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile
else
render_403 :message => :notice_not_authorized
end
send_file zipfile, :filename => obj.name, :type => detect_content_type(zipfile) if zipfile
end
private