diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 495b0dde4..8a32ba81b 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -177,31 +177,14 @@ class AttachmentsController < ApplicationController candown = true unless params[:type] == 'history' if @file.container && current_user.logged? - # 课堂资源、作业、毕设相关资源的权限判断 - if @file.container.is_a?(Course) - course = @file.container - candown = current_user.member_of_course?(course) || (course.is_public? && @file.publiced?) - elsif @file.container.is_a?(HomeworkCommon) || @file.container.is_a?(GraduationTask) || @file.container.is_a?(GraduationTopic) - course = @file.container&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(StudentWork) - course = @file.container&.homework_common&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(StudentWorksScore) - course = @file.container&.student_work&.homework_common&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(GraduationWork) - course = @file.container&.graduation_task&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(GraduationWorkScore) - course = @file.container&.graduation_work&.graduation_task&.course - candown = current_user.member_of_course?(course) - elsif @file.container.is_a?(Issue) + if @file.container.is_a?(Issue) course = @file.container.project candown = course.member?(current_user) elsif @file.container.is_a?(Journal) course = @file.container.issue.project candown = course.member?(current_user) + else + course = nil end tip_exception(403, "您没有权限进入") if course.present? && !candown tip_exception(403, "您没有权限进入") if @file.container.is_a?(ApplyUserAuthentication) diff --git a/app/models/attachment.rb b/app/models/attachment.rb index 553c1daf2..45ba882d0 100644 --- a/app/models/attachment.rb +++ b/app/models/attachment.rb @@ -6,11 +6,11 @@ class Attachment < ApplicationRecord belongs_to :container, polymorphic: true, optional: true belongs_to :author, class_name: "User", foreign_key: :author_id - belongs_to :course, foreign_key: :container_id, optional: true - has_many :attachment_group_settings, :dependent => :destroy + # belongs_to :course, foreign_key: :container_id, optional: true + # has_many :attachment_group_settings, :dependent => :destroy has_many :attachment_histories, -> { order(version: :desc) }, :dependent => :destroy # 二级目录 - belongs_to :course_second_category, optional: true + # belongs_to :course_second_category, optional: true scope :by_filename_or_user_name, -> (keywords) { joins(:author).where("filename like :search or LOWER(concat(users.lastname, users.firstname)) LIKE :search", :search => "%#{keywords.split(" ").join('|')}%") unless keywords.blank? } diff --git a/app/models/user.rb b/app/models/user.rb index f26fcb094..a093665f3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -91,7 +91,7 @@ class User < ApplicationRecord # Groups and active users scope :active, lambda { where(status: STATUS_ACTIVE) } scope :like, lambda { |keywords| - where("LOWER(concat(lastname, firstname, login)) LIKE ?", "%#{keywords.split(" ").join('|')}%") unless keywords.blank? + where("LOWER(concat(lastname, firstname, login, mail)) LIKE ?", "%#{keywords.split(" ").join('|')}%") unless keywords.blank? } attr_accessor :password, :password_confirmation