From d83899e3e401fc11e69255b0a7c6e00dd0c16383 Mon Sep 17 00:00:00 2001
From: z9hang <z9hang@126.com>
Date: Thu, 5 Jun 2014 17:39:48 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=E6=96=B0=E5=BB=BA=E4=BB=BB?=
 =?UTF-8?q?=E5=8A=A1=E3=80=81=E7=BC=96=E8=BE=91=E4=BB=BB=E5=8A=A1=E3=80=81?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4=E4=BB=BB=E5=8A=A1=E3=80=81=E6=96=B0=E5=BB=BA?=
 =?UTF-8?q?=E5=8D=A0=E4=BD=8D=E3=80=81=E7=BC=96=E8=BE=91=E5=8D=A0=E4=BD=8D?=
 =?UTF-8?q?=E3=80=81=E5=88=A0=E9=99=A4=E5=8D=A0=E4=BD=8D=E3=80=81=E6=9F=A5?=
 =?UTF-8?q?=E7=9C=8B=E4=BB=BB=E5=8A=A1=E3=80=81=E6=9F=A5=E7=9C=8B=E5=8D=A0?=
 =?UTF-8?q?=E4=BD=8D=E3=80=81=E6=9F=A5=E7=9C=8B=E7=95=99=E8=A8=80=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E4=BB=A3=E7=A0=81=EF=BC=88=E6=9C=AA=E5=BA=94=E7=94=A8?=
 =?UTF-8?q?=EF=BC=89?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/application_controller.rb     |  8 +++++++
 app/controllers/bids_controller.rb            | 17 ++++++++++++++-
 app/controllers/homework_attach_controller.rb | 18 ++++++++++++++++
 app/controllers/projects_controller.rb        |  1 +
 config/locales/en.yml                         | 21 +++++++++++++++++++
 config/locales/zh.yml                         |  3 ++-
 lib/redmine.rb                                | 14 +++++++------
 7 files changed, 74 insertions(+), 8 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index a25b346c..4b877818 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -264,6 +264,14 @@ class ApplicationController < ActionController::Base
     render_404
   end
 
+  #根据course_id找project
+  def find_project_by_course_id
+    @bid = Bid.find params[:course_id]
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   # Find a project based on params[:project_id]
   # TODO: some subclasses override this, see about merging their logic
   def find_optional_project
diff --git a/app/controllers/bids_controller.rb b/app/controllers/bids_controller.rb
index cdf6e7d5..991d347e 100644
--- a/app/controllers/bids_controller.rb
+++ b/app/controllers/bids_controller.rb
@@ -16,6 +16,13 @@ class BidsController < ApplicationController
 
   before_filter :memberAccess, only: :show_project
 
+  #判断当前角色权限时需先找到当前操作的project
+  before_filter :find_project_by_project_id, :only => [:edit]
+  before_filter :find_project_by_course_id, :only => [:homework_destroy]
+  before_filter :find_project_by_bid_id, :only => [:show_project]
+  #判断当前角色是否有操作权限
+  #勿删 before_filter :authorize, :only => [:edit,:homework_destroy,:show_project]
+
   helper :watchers
   helper :attachments
   include AttachmentsHelper
@@ -25,7 +32,14 @@ class BidsController < ApplicationController
   helper :projects
   helper :words
   helper :welcome
-  
+
+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
   def homework_ajax_modal
     @bid = Bid.find_by_id(params[:id])
     # find_bid
@@ -523,6 +537,7 @@ class BidsController < ApplicationController
         message = params[:bid_message][:message] + "\n" + params[:reference_content]
       else
         message = params[:bid_message][:message]
+        @m = message
       end
       refer_user_id = params[:bid_message][:reference_user_id].to_i
       @bid.add_jour(User.current, message, refer_user_id)
diff --git a/app/controllers/homework_attach_controller.rb b/app/controllers/homework_attach_controller.rb
index 24e1a86e..13ec7a18 100644
--- a/app/controllers/homework_attach_controller.rb
+++ b/app/controllers/homework_attach_controller.rb
@@ -1,5 +1,23 @@
 class HomeworkAttachController < ApplicationController
   ###############################
+  #判断当前角色权限时需先找到当前操作的project
+  before_filter :find_project_by_bid_id, :only => [:new]
+  before_filter :find_project_by_hoemwork_id, :only => [:edit,:update,:destroy]
+  #判断当前角色是否有操作权限
+  #勿删 before_filter :authorize, :only => [:new,:edit,:update,:destroy]
+
+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def find_project_by_hoemwork_id
+    @homework = HomeworkAttach.find(params[:id])
+    @project = @homework.bid.courses[0]
+  end
+
   def index
     @homeworks = HomeworkAttach.all
     respond_to do |format|
diff --git a/app/controllers/projects_controller.rb b/app/controllers/projects_controller.rb
index 16d9d71d..8d6f5371 100644
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@@ -37,6 +37,7 @@ class ProjectsController < ApplicationController
   # before_filter :authorize, :except => [:new_join, :new_homework, :homework, :statistics, :search, :watcherlist, :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy, :member, :focus, :file, 
   #               :statistics, :feedback, :course, :enterprise_course, :course_enterprise, :project_respond, :share,
   #               :show_projects_score, :issue_score_index, :news_score_index, :file_score_index, :code_submit_score_index, :projects_topic_score_index]
+  #此条勿删 课程相关权限  ,:new_homework,:homework,:feedback
   before_filter :authorize, :only => [:show, :settings, :edit, :sort_project_members, :update, :modules, :close, :reopen,:view_homework_attaches,:course]
   before_filter :authorize_global, :only => [:new, :create,:view_homework_attaches]
   before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy, :calendar]
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 23911e56..d8bfc966 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -473,6 +473,27 @@ en:
   permission_export_wiki_pages: Export wiki pages
   permission_manage_subtasks: Manage subtasks
   permission_manage_related_issues: Manage related issues
+  permission_view_journals_for_messages: View journals messages
+  permission_view_courses: View courses
+  permission_new_course: Create course
+  permission_configure_course: Configure course
+  permission_close_course: Close/open course
+  permission_new_assignment: Create assignment
+  permission_edit_assignment: Edit assignment
+  permission_delete_assignment: Delete assignment
+  permission_new_placeholder: Create placeholder
+  permission_edit_placeholder: Edit placeholder
+  permission_delete_placeholder: Delete placeholder
+  permission_commit_content: Commit content
+  permission_new_course_notify: Create course notify
+  permission_edit_course_notify: Eidt course notify
+  permission_delete_course_notify: Delete course notify
+  permission_view_assignment: View assignment
+  permission_view_placeholder: View placeholder
+  permission_view_course_messages: View course messages
+  permission_view_real_name: View real name
+  permission_view_students: View students
+  permission_export_homeworks: Export homeworks
 
   project_module_issue_tracking: Issue tracking
   project_module_time_tracking: Time tracking
diff --git a/config/locales/zh.yml b/config/locales/zh.yml
index 8d2ccfb5..c945bbda 100644
--- a/config/locales/zh.yml
+++ b/config/locales/zh.yml
@@ -471,7 +471,8 @@ zh:
   permission_view_placeholder: 查看占位
   permission_view_course_messages: 查看留言
   permission_view_real_name: 查看真名
-
+  permission_view_students: 查看学生列表
+  permission_export_homeworks: 导出作业
 
 
   project_module_issue_tracking: 问题跟踪
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 5c96ce92..33d9bf58 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -188,16 +188,18 @@ Redmine::AccessControl.map do |map|
     map.permission :edit_assignment,{:bids => [:edit]},:read => true
     map.permission :delete_assignment,{:bids => [:homework_destroy]},:read => true
     map.permission :new_placeholder,{:homework_attach => [:new]},:read => true
-    map.permission :edit_placeholder,{},:read => true
-    map.permission :delete_placeholder,{},:read => true
-    map.permission :commit_content,{},:read => true
+    map.permission :edit_placeholder,{:homework_attach => [:edit,:update]},:read => true
+    map.permission :delete_placeholder,{:homework_attach => [:destroy]},:read => true
+    #map.permission :commit_content,{},:read => true
     #map.permission :new_course_notify,{},:read => true
     #map.permission :edit_course_notify,{},:read => true
     #map.permission :delete_course_notify,{},:read => true
-    map.permission :view_assignment,{},:read => true
-    map.permission :view_placeholder,{},:read => true
-    map.permission :view_course_messages,{},:read => true
+    map.permission :view_assignment,{:projects => [:homework]},:read => true
+    map.permission :view_placeholder,{:bids => [:show_project]},:read => true
+    map.permission :view_course_messages,{:projects => [:feedback]},:read => true
     map.permission :view_real_name,{},:read => true
+    map.permission :view_students,{}, :read=>true
+    map.permission :export_homeworks,{},:read => true
   end
 
   map.project_module :boards do |map|