Fix authenrization problem for non-admin users.

2020-09-21 22:25:45 +08:00 · 2020-09-21 22:25:45 +08:00 · 3216f3251c
parent 3eb8af3921
commit 3216f3251c
4 changed files with 41 additions and 3 deletions
--- a/app/controllers/admin/courses_controller.rb
+++ b/app/controllers/admin/courses_controller.rb
@ -74,7 +74,11 @@ class Admin::CoursesController < OrbitMemberController

 	def destroy_assignment
 		@course_assignment.destroy
-		redirect_to course_assignments_admin_courses_path(:page => params[:page])
+		if( current_user.is_admin? rescue false)
+			redirect_to course_assignments_admin_courses_path(:page => params[:page])
+		else
+			redirect_to :back
+		end
 	end

 	def update_assignment
@ -176,4 +180,36 @@ class Admin::CoursesController < OrbitMemberController
 	    end
 	     @course_assignment = CourseAssignment.find_by(:uid => uid) rescue CourseAssignment.find(params[:id])
 	end
+	def has_access?
+		if @user_has_privileges
+			return true
+		else
+			if !params[:id].nil?
+				course = Course.find(params[:id]) rescue nil
+				if course.present? && ( course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+					return true
+				elsif( CourseAssignment.find(params[:id]).course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+					return true
+				else
+					return false
+				end 
+			elsif !params[:uid].nil?
+				course_assignment = CourseAssignment.where(:uid=>params[:uid]).first
+				if course_assignment.nil?
+					return false
+				else
+					if( course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+						return true
+					else
+						return false
+					end
+
+				end
+			elsif( Course.find(course_assignment_params[:course_id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false)
+				return true
+			else
+				return false
+			end
+		end
+	end
 end
--- a/app/models/course_assignment.rb
+++ b/app/models/course_assignment.rb
@ -18,10 +18,10 @@ class CourseAssignment
        }.join("<br>").html_safe
    end
    def display_deadline
-        self.deadline.strftime("%Y-%m-%d %H:%M")
+        self.deadline.strftime("%Y-%m-%d %H:%M") rescue ""
    end
    def display_assign_date
-        self.assign_date.strftime("%Y-%m-%d %H:%M")
+        self.assign_date.strftime("%Y-%m-%d %H:%M") rescue ""
    end
    def deliver_count
        StudentAssignment.where(:course_assignment_id => self.id,:member_profile_id.ne=>nil).count rescue 0
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -1,4 +1,5 @@
 en:
+  edit_assignment: Edit assignment
  module_name:
    personal_course: Courses
    courses: Courses
--- a/config/locales/zh_tw.yml
+++ b/config/locales/zh_tw.yml
@ -1,4 +1,5 @@
 zh_tw:
+  edit_assignment: 編輯作業
  module_name:
    personal_course: 教學資料
    courses: 教學資料