From 7405b33538287165ff95c00057f4ee0d67abba82 Mon Sep 17 00:00:00 2001 From: bohung Date: Mon, 21 Sep 2020 22:25:25 +0800 Subject: [PATCH] Fix authenrization problem for non-admin users. --- .../admin/selected_courses_controller.rb | 34 +++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/app/controllers/admin/selected_courses_controller.rb b/app/controllers/admin/selected_courses_controller.rb index 08a012d..dcc3093 100644 --- a/app/controllers/admin/selected_courses_controller.rb +++ b/app/controllers/admin/selected_courses_controller.rb @@ -172,4 +172,38 @@ class Admin::SelectedCoursesController < OrbitMemberController @closed = (@course_assignment.deadline < DateTime.now) rescue false @member_profile = MemberProfile.where(:uid=>params[:member_profile_uid]).first end + def has_access? + if @user_has_privileges + return true + else + if !params[:id].nil? + course = Course.find(params[:id]) rescue nil + if course.present? && (( course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (course.student_ids.include?(current_user.member_profile_id.to_s) rescue false)) + return true + elsif( CourseAssignment.find(params[:id]).course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + elsif( StudentAssignment.find(params[:id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (StudentAssignment.find(params[:id]).course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + else + return false + end + elsif !params[:uid].nil? + course_assignment = CourseAssignment.where(:uid=>params[:uid]).first + if course_assignment.nil? + return false + else + if( course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) || (course_assignment.course.student_ids.include?(current_user.member_profile_id.to_s) rescue false) + return true + else + return false + end + + end + elsif( Course.find(course_assignment_params[:course_id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + else + return false + end + end + end end \ No newline at end of file