私有项目成员列表非项目成员不能通过URL访问

2015-05-19 14:25:10 +08:00 · 2015-05-19 14:25:10 +08:00 · b645a1aa1e
parent 0123ea32bf
commit b645a1aa1e
2 changed files with 10 additions and 11 deletions
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -417,10 +417,14 @@ class ProjectsController < ApplicationController
        @members = @project.member_principals.includes(:roles, :principal).all.sort
      end
    else
-      roles = Role.find_all_givable
-      @subPage_title = l :label_member_list
-      @members = @project.member_principals.includes(:roles, :principal).joins("LEFT JOIN #{OptionNumber.table_name} ON #{OptionNumber.table_name}.user_id = #{Member.table_name}.user_id and #{OptionNumber.table_name}.score_type = 2 AND #{Member.table_name}.project_id = #{OptionNumber.table_name}.project_id").order("#{OptionNumber.table_name}.total_score DESC").all
-      @applied_members = appied_project_members(@project, @members)
+      if !@project.is_public? && !User.current.member_of?(@project) && !User.current.admin?
+        render_403
+      else
+        roles = Role.find_all_givable
+        @subPage_title = l :label_member_list
+        @members = @project.member_principals.includes(:roles, :principal).joins("LEFT JOIN #{OptionNumber.table_name} ON #{OptionNumber.table_name}.user_id = #{Member.table_name}.user_id and #{OptionNumber.table_name}.score_type = 2 AND #{Member.table_name}.project_id = #{OptionNumber.table_name}.project_id").order("#{OptionNumber.table_name}.total_score DESC").all
+        @applied_members = appied_project_members(@project, @members)
+      end
    end
    @members = paginateHelper @members
    render :layout => 'base_courses' if @project.project_type == 1
--- a/db/schema.rb
+++ b/db/schema.rb
@ -541,7 +541,6 @@ ActiveRecord::Schema.define(:version => 20150514133640) do
    t.integer  "is_teacher_score", :default => 0
  end

-  add_index "homework_attaches", ["bid_id"], :name => "bid_id"
  add_index "homework_attaches", ["bid_id"], :name => "index_homework_attaches_on_bid_id"

  create_table "homework_evaluations", :force => true do |t|
@ -556,9 +555,7 @@ ActiveRecord::Schema.define(:version => 20150514133640) do
    t.integer "bid_id"
  end

-  add_index "homework_for_courses", ["bid_id"], :name => "bid_id"
  add_index "homework_for_courses", ["bid_id"], :name => "index_homework_for_courses_on_bid_id"
-  add_index "homework_for_courses", ["course_id"], :name => "course_id"
  add_index "homework_for_courses", ["course_id"], :name => "index_homework_for_courses_on_course_id"

  create_table "homework_users", :force => true do |t|
@ -1163,14 +1160,12 @@ ActiveRecord::Schema.define(:version => 20150514133640) do
  create_table "students_for_courses", :force => true do |t|
    t.integer  "student_id"
    t.integer  "course_id"
-    t.datetime "created_at",     :null => false
-    t.datetime "updated_at",     :null => false
-    t.integer  "student_idCopy"
+    t.datetime "created_at", :null => false
+    t.datetime "updated_at", :null => false
  end

  add_index "students_for_courses", ["course_id"], :name => "index_students_for_courses_on_course_id"
  add_index "students_for_courses", ["student_id"], :name => "index_students_for_courses_on_student_id"
-  add_index "students_for_courses", ["student_id"], :name => "student_id"

  create_table "taggings", :force => true do |t|
    t.integer  "tag_id"