From 3216f3251cd143ead284c0f0224950caafcced54 Mon Sep 17 00:00:00 2001 From: bohung Date: Mon, 21 Sep 2020 22:25:45 +0800 Subject: [PATCH] Fix authenrization problem for non-admin users. --- app/controllers/admin/courses_controller.rb | 38 ++++++++++++++++++++- app/models/course_assignment.rb | 4 +-- config/locales/en.yml | 1 + config/locales/zh_tw.yml | 1 + 4 files changed, 41 insertions(+), 3 deletions(-) diff --git a/app/controllers/admin/courses_controller.rb b/app/controllers/admin/courses_controller.rb index 741e4f4..750ea67 100644 --- a/app/controllers/admin/courses_controller.rb +++ b/app/controllers/admin/courses_controller.rb @@ -74,7 +74,11 @@ class Admin::CoursesController < OrbitMemberController def destroy_assignment @course_assignment.destroy - redirect_to course_assignments_admin_courses_path(:page => params[:page]) + if( current_user.is_admin? rescue false) + redirect_to course_assignments_admin_courses_path(:page => params[:page]) + else + redirect_to :back + end end def update_assignment @@ -176,4 +180,36 @@ class Admin::CoursesController < OrbitMemberController end @course_assignment = CourseAssignment.find_by(:uid => uid) rescue CourseAssignment.find(params[:id]) end + def has_access? + if @user_has_privileges + return true + else + if !params[:id].nil? + course = Course.find(params[:id]) rescue nil + if course.present? && ( course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + elsif( CourseAssignment.find(params[:id]).course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + else + return false + end + elsif !params[:uid].nil? + course_assignment = CourseAssignment.where(:uid=>params[:uid]).first + if course_assignment.nil? + return false + else + if( course_assignment.course.member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + else + return false + end + + end + elsif( Course.find(course_assignment_params[:course_id]).member_profile_id.to_s == current_user.member_profile_id.to_s rescue false) + return true + else + return false + end + end + end end \ No newline at end of file diff --git a/app/models/course_assignment.rb b/app/models/course_assignment.rb index 47ee5e3..28a6d15 100644 --- a/app/models/course_assignment.rb +++ b/app/models/course_assignment.rb @@ -18,10 +18,10 @@ class CourseAssignment }.join("
").html_safe end def display_deadline - self.deadline.strftime("%Y-%m-%d %H:%M") + self.deadline.strftime("%Y-%m-%d %H:%M") rescue "" end def display_assign_date - self.assign_date.strftime("%Y-%m-%d %H:%M") + self.assign_date.strftime("%Y-%m-%d %H:%M") rescue "" end def deliver_count StudentAssignment.where(:course_assignment_id => self.id,:member_profile_id.ne=>nil).count rescue 0 diff --git a/config/locales/en.yml b/config/locales/en.yml index ec75212..459b004 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -1,4 +1,5 @@ en: + edit_assignment: Edit assignment module_name: personal_course: Courses courses: Courses diff --git a/config/locales/zh_tw.yml b/config/locales/zh_tw.yml index 781abee..8ffd47b 100644 --- a/config/locales/zh_tw.yml +++ b/config/locales/zh_tw.yml @@ -1,4 +1,5 @@ zh_tw: + edit_assignment: 編輯作業 module_name: personal_course: 教學資料 courses: 教學資料