配置API comment接口，修正显示课程通知接口未判断权限问题

app/api/mobile/api.rb

@@ -38,7 +38,7 @@ module Mobile
     mount Apis::Watches
     mount Apis::Upgrade
     mount Apis::Homeworks
-    mount Apis::Comment
+    mount Apis::Comments
 
     #add_swagger_documentation ({api_version: 'v1', base_path: 'http://u06.shellinfo.cn/trustie/api'})
      #add_swagger_documentation ({api_version: 'v1', base_path: '/api'})  if Rails.env.development?

app/api/mobile/apis/courses.rb

@@ -199,7 +199,7 @@ module Mobile
 
         desc "显示课程通知"
         params do
-
+          optional :token, type: String
         end
         get "news/:id" do
           cs = CoursesService.new

app/services/comment_service.rb

@@ -1,8 +1,8 @@
 class CommentService
   #评论
   def news_comments params,current_user
-    raise Unauthorized unless @news.commentable?
     @news = News.find(params[:id])
+    raise Unauthorized unless @news.commentable?
     @comment = Comment.new
     @comment.safe_attributes = params[:comment]
     @comment.author = current_user

app/services/courses_service.rb

@@ -131,9 +131,18 @@ class CoursesService
   #显示课程通知(包括评论) 需验证权限
   def show_course_news params,current_user
     @news = News.find(params[:id])
+    @course = @news.course
+    if @course
+      if current_user.nil? || !(current_user.admin? || @course.is_public == 1 || (@course.is_public == 0 && current_user.member_of_course?(@course)))
+        raise '403'
+      end
+    else
+      raise 'news in unknown course'
+    end
     @comments = @news.comments
     @comments.reverse! if current_user.wants_comments_in_reverse_order?
     {:news => @news,:comments => @comments}
+
     #comments = []
     #@comments.each do |comment|
     #  comments << {:author_id => comment.author_id,:author_name => comment.author.name,:commont_content => comment.comments,:time => format_time(comment.created_on)}