Merge branch 'szzh' into CourseModify

Conflicts: app/controllers/application_controller.rb app/views/attachments/upload.js.erb app/views/courses/_homework_form.html.erb app/views/layouts/base_courses.html.erb app/views/users/_my_joinedcourse.html.erb db/schema.rb lib/redmine.rb lib/redmine/access_control.rb
11 years ago · 099e8a0912
parent cdaa27b52b 99e5644c4e
commit 099e8a0912
140 changed files with 4125 additions and 3017 deletions
--- a/2
+++ b/2
@ -14,7 +14,7 @@ gem "i18n", "~> 0.6.0"
 gem "coderay", "~> 1.0.6"
 gem "fastercsv", "~> 1.5.0", :platforms => [:mri_18, :mingw_18, :jruby]
 gem "builder", "3.0.0"
-gem 'acts-as-taggable-on'
+gem 'acts-as-taggable-on', '2.4.1'

 group :development do
  gem 'better_errors', path: 'lib/better_errors'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -134,7 +134,7 @@ PLATFORMS
 DEPENDENCIES
  activerecord-jdbc-adapter (= 1.2.5)
  activerecord-jdbcmysql-adapter
-  acts-as-taggable-on
+  acts-as-taggable-on (= 2.4.1)
  better_errors!
  builder (= 3.0.0)
  coderay (~> 1.0.6)
--- a/ReadMe.txt
+++ b/ReadMe.txt
@ -45,3 +45,9 @@ app\controller\welcome_controller.rb
    end
  end
 ================================================================================
+
+================================================================================
+0606：新坑
+user_scores表结构有问题，需要运行
+bundle exec rake db:migrate:down VERSION=20140410021724
+bundle exec rake db:migrate:up VERSION=20140410021724
--- a/app/assets/javascripts/contestnotifications.js
+++ b/app/assets/javascripts/contestnotifications.js
@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.
--- a/app/assets/javascripts/notificationcomments.js.coffee
+++ b/app/assets/javascripts/notificationcomments.js.coffee
@ -0,0 +1,3 @@
+# Place all the behaviors and hooks related to the matching controller here.
+# All this logic will automatically be available in application.js.
+# You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/
--- a/app/assets/stylesheets/contestnotifications.css
+++ b/app/assets/stylesheets/contestnotifications.css
@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/
--- a/app/assets/stylesheets/notificationcomments.css.scss
+++ b/app/assets/stylesheets/notificationcomments.css.scss
@ -0,0 +1,3 @@
+// Place all the styles related to the notificationcomments controller here.
+// They will automatically be included in application.css.
+// You can use Sass (SCSS) here: http://sass-lang.com/
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -294,6 +294,20 @@ class ApplicationController < ActionController::Base
     render_404
  end

+  def find_contest_by_contest_id
+    @contest = Contest.find(params[:contest_id])
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  #¸ù¾Ýcourse_idÕÒproject
+  def find_project_by_course_id
+    @bid = Bid.find params[:course_id]
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  # Find a project based on params[:project_id]
  # TODO: some subclasses override this, see about merging their logic
  def find_optional_project
@ -304,6 +318,14 @@ class ApplicationController < ActionController::Base
    render_404
  end

+  def find_optional_contest
+    @contest = Contest.find(params[:contest_id]) unless params[:contest_id].blank?
+    allowed = User.current.allowed_to?({:controller => params[:controller], :action => params[:action]}, @contest, :global => true)
+    allowed ? true : deny_access
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+  
  # Finds and sets @project based on @object.project
  def find_project_from_association
    render_404 unless @object.present?
@ -315,6 +337,12 @@ class ApplicationController < ActionController::Base

  end
  
+  def find_contest_from_association
+    render_404 unless @object.present?
+
+    @contest =@object.contest
+  end
+
  def find_model_object
    model = self.class.model_object
    if model
@ -326,13 +354,23 @@ class ApplicationController < ActionController::Base
  end

  #added by nwb
-  #获取课程
+  #»ñÈ¡¿Î³Ì
  def find_course
    @course= Course.find(params[:id])
  rescue ActiveRecord::RecordNotFound
    render_404
  end

+  # def find_model_object_contest
+    # model = self.class.model_object
+    # if model
+      # @object = model.find(params[:id])
+      # self.instance_variable_set('@' + controller_name.singularize, @object) if @object
+    # end
+  # rescue ActiveRecord::RecordNotFound
+    # render_404
+  # end
+
  def self.model_object(model)
    self.model_object = model
  end
--- a/app/controllers/bids_controller.rb
+++ b/app/controllers/bids_controller.rb
@ -26,6 +26,13 @@ class BidsController < ApplicationController
  helper :words
  helper :welcome

+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
  def homework_ajax_modal
    @bid = Bid.find_by_id(params[:id])
    # find_bid
@ -176,7 +183,8 @@ class BidsController < ApplicationController
    @homework.budget = 0
    @homework.author_id = User.current.id
    @homework.commit = 0
-    @homework.homework_type = params[:bid][:homework_type]
+    @homework.homework_type = 1
+    @homework.is_evaluation = params[:bid][:is_evaluation]
    @homework.parent_id = @bid.id
    @homework.save_attachments(params[:attachments] || (params[:bid] && params[:bid][:uploads]))
    # @bid.
@ -405,7 +413,9 @@ class BidsController < ApplicationController

    if @bid.homework_type == 1
      @homework = HomeworkAttach.new
-      @homework_list = @bid.homeworks
+      #@homework_list = @bid.homeworks
+      #增加作业按评分排序，
+      @homework_list = @bid.homeworks.eager_load(:rate_averages, :user, :attachments).order('seems_rateable_cached_ratings.avg DESC').order("#{HomeworkAttach.table_name}.created_at ASC")
      if params[:student_id].present?
        @temp = []
        @homework_list.each do |pro|
@ -521,6 +531,7 @@ class BidsController < ApplicationController
        message = params[:bid_message][:message] + "\n" + params[:reference_content]
      else
        message = params[:bid_message][:message]
+        @m = message
      end
      refer_user_id = params[:bid_message][:reference_user_id].to_i
      @bid.add_jour(User.current, message, refer_user_id)
@ -687,6 +698,7 @@ class BidsController < ApplicationController
    @bid = Bid.new
    @bid.name = params[:bid][:name]
    @bid.description = params[:bid][:description]
+    @bid.is_evaluation = params[:bid][:is_evaluation]
    @bid.reward_type = 3
    # @bid.budget = params[:bid][:budget]
    @bid.deadline = params[:bid][:deadline]
@ -870,7 +882,7 @@ class BidsController < ApplicationController

  def find_bid
    if params[:id]
-      @bid = Bid.find(params[:id])
+      @bid = Bid.find(params[:id], :include => [{:homeworks => :user}])
      @user = @bid.author
    end
  rescue
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -50,4 +50,6 @@ class CommentsController < ApplicationController
    @comment = nil
    @news
  end
+   
+  
 end
--- a/app/controllers/contestnotifications_controller.rb
+++ b/app/controllers/contestnotifications_controller.rb
@ -0,0 +1,187 @@
+class ContestnotificationsController < ApplicationController
+  # GET /contestnotifications
+  # GET /contestnotifications.json
+  layout 'base_newcontest'
+  default_search_scope :contestnotifications
+  model_object Contestnotification
+  # before_filter :find_model_object, :except => [:new, :create, :index]
+  # before_filter :find_contest_from_association, :except => [:new, :create, :index]
+  before_filter :find_contest_by_contest_id, :only => [:new, :create]
+  before_filter :find_contest
+  before_filter :find_author
+  # before_filter :authorize, :except => [:index]
+  before_filter :find_optional_contest, :only => [:index]
+  accept_rss_auth :index
+  accept_api_auth :index
+
+  before_filter :access_edit_destroy, only: [:edit ,:update, :destroy]
+
+  def find_author
+    @user = @contest.author
+    render_404 if @user.nil?
+  end
+  def find_contest
+    @contest = Contest.find(params[:contest_id])
+    render_404 if @contest.nil?
+  end
+
+
+  def index
+  
+    # @contestnotifications = Contestnotification.all
+    #
+    # respond_to do |format|
+    # format.html # index.html.erb
+    # format.json { render json: @contestnotifications }
+    # end
+
+    ### begin ###
+    case params[:format]
+      when 'xml', 'json'
+        @offset, @limit = api_offset_and_limit
+      else
+        @limit = 10
+    end
+
+    scope = @contest ? @contest.contestnotifications.visible : Contestnotifications.visible
+
+    @contestnotifications_count = scope.count
+    @contestnotifications_pages = Paginator.new @contestnotifications_count, @limit, params['page']
+    @offset ||= @contestnotifications_pages.offset
+    @contestnotificationss = scope.all(:include => [:author, :contest],
+                                       :order => "#{Contestnotification.table_name}.created_at DESC",
+                                       :offset => @offset,
+                                       :limit => @limit)
+
+    respond_to do |format|
+      format.html {
+        @contestnotification = Contestnotification.new # for adding news inline
+        render :layout => 'base_newcontest'
+      }
+      format.api
+      format.atom { render_feed(@contestnotificationss, :title => (@contest ? @contest.name : Setting.app_title) + ": #{l(:label_contest_notification)}") }
+    end
+    ### end ###
+  end
+
+  # GET /contestnotifications/1
+  # GET /contestnotifications/1.json
+  def show
+     @contestnotification = Contestnotification.find(params[:id])
+   
+    #
+    # respond_to do |format|
+    # format.html # show.html.erb
+    # format.json { render json: @contestnotification }
+    # end
+    @notificationcomments = @contestnotification.notificationcomments
+    @notificationcomments.reverse! if User.current.wants_notificationcomments_in_reverse_order?
+    render :layout => 'base_newcontest'
+
+  end
+
+  # GET /contestnotifications/new
+  # GET /contestnotifications/new.json
+  def new
+    # @contestnotification = Contestnotification.new
+# 
+    # respond_to do |format|
+      # format.html # new.html.erb
+      # format.json { render json: @contestnotification }
+    # end
+    @contestnotification = Contestnotification.new(:contest => @contest, :author => User.current)
+    render :layout => 'base_newcontest'
+  end
+
+  # GET /contestnotifications/1/edit
+  def edit
+    @contestnotification = Contestnotification.find(params[:id])
+  end
+
+  # POST /contestnotifications
+  # POST /contestnotifications.json
+  def create
+    # @contestnotification = Contestnotification.new(params[:contestnotification])
+    #
+    # respond_to do |format|
+    # if @contestnotification.save
+    # format.html { redirect_to @contestnotification, notice: 'Contestnotification was successfully created.' }
+    # format.json { render json: @contestnotification, status: :created, location: @contestnotification }
+    # else
+    # format.html { render action: "new" }
+    # format.json { render json: @contestnotification.errors, status: :unprocessable_entity }
+    # end
+    # end
+    @contestnotification = Contestnotification.new(:contest => @contest, :author => User.current)
+    @contestnotification.safe_attributes = params[:contestnotification]
+    @contestnotification.save_attachments(params[:attachments])
+    if @contestnotification.save
+      render_attachment_warning_if_needed(@contestnotification)
+      flash[:notice] = l(:notice_successful_create)
+      redirect_to contest_contestnotifications_path(@contest)
+    else
+      layout_file = 'base_newcontest'
+      render :action => 'new', :layout => layout_file
+    end
+  end
+
+  # PUT /contestnotifications/1
+  # PUT /contestnotifications/1.json
+  def update
+    # @contestnotification = Contestnotification.find(params[:id])
+    #
+    # respond_to do |format|
+    # if @contestnotification.update_attributes(params[:contestnotification])
+    # format.html { redirect_to @contestnotification, notice: 'Contestnotification was successfully updated.' }
+    # format.json { head :no_content }
+    # else
+    # format.html { render action: "edit" }
+    # format.json { render json: @contestnotification.errors, status: :unprocessable_entity }
+    # end
+    # end
+    @contestnotification = Contestnotification.find(params[:id])
+    @contestnotification.safe_attributes = params[:contestnotification]
+    @contestnotification.save_attachments(params[:attachments])
+    if @contestnotification.save
+      render_attachment_warning_if_needed(@contestnotification)
+      flash[:notice] = l(:notice_successful_update)
+      redirect_to contest_contestnotification_path(@contestnotification.contest, @contestnotification)
+    else
+      render :action => 'edit'
+    end
+  end
+
+  # DELETE /contestnotifications/1
+  # DELETE /contestnotifications/1.json
+  def destroy
+    # @contestnotification = Contestnotification.find(params[:id])
+    # @contestnotification.destroy
+    #
+    # respond_to do |format|
+    # format.html { redirect_to contestnotifications_url }
+    # format.json { head :no_content }
+    # end
+    @contestnotification = Contestnotification.find(params[:id])
+    @contestnotification.destroy
+    redirect_to contest_contestnotifications_path(@contest)
+  end
+
+  private
+
+  def find_optional_contest
+    return true unless params[:id]
+    @contest = Contest.find(params[:id])
+      # authorize
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def access_edit_destroy
+    if (User.current.admin? && User.current.logged? )||(User.current == @contest.author && User.current.logged?)
+      return true
+    else
+      render_403
+    end
+  end
+
+end
--- a/app/controllers/contests_controller.rb
+++ b/app/controllers/contests_controller.rb
@ -4,9 +4,9 @@ class ContestsController < ApplicationController
  menu_item :respond                
  menu_item :project, :only => :show_project
  menu_item :application, :only => :show_softapplication
-  menu_item :attendingcontest, :only => :show_attendingcontest
-  menu_item :contestnotification, :only => :show_notification
-  before_filter :find_contest, :only => [:show_contest, :show_project, :show_softapplication, :show_attendingcontest, :show_notification, :set_reward_project, :set_reward_softapplication, :create,:destroy,:more,:back,:add,:add_softapplication,:new,:show_results, :set_reward,
+  menu_item :attendingcontests, :only => :show_attendingcontest
+  menu_item :contestnotifications, :only => :index
+  before_filter :find_contest, :only => [:show_contest, :show_project, :show_softapplication, :show_attendingcontest, :index, :set_reward_project, :set_reward_softapplication, :create,:destroy,:more,:back,:add,:add_softapplication,:new,:show_results, :set_reward,
                :show_contest_project, :show_contest_user, :join_in_contest, :unjoin_in_contest, :new_join,:show_participator, :settings]
              
  # added by fq
@ -210,11 +210,14 @@ class ContestsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        membership.member_roles.each{|role|
-          if(role.role_id == 3)
+        #membership.member_roles.each{|role|
+        #  if(role.role_id == 3)
+        #  @option << membership.project
+        #  end
+        #}
+        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
            @option << membership.project
        end
-        }
      end
    end
    @user = @contest.author
@ -301,11 +304,15 @@ class ContestsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        membership.member_roles.each{|role|
-          if(role.role_id == 3)
+        #membership.member_roles.each{|role|
+          #if(role.role_id == 3)
+          #@option << membership.project
+          #end
+        #}
+        #拥有编辑项目权限的可将该项目参赛
+        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
          @option << membership.project
        end
-        }
      end
    end
    @user = @contest.author
--- a/app/controllers/documents_controller.rb
+++ b/app/controllers/documents_controller.rb
@ -62,6 +62,7 @@ class DocumentsController < ApplicationController
  def create
    @document = @project.documents.build
    @document.safe_attributes = params[:document]
+    @document.user = User.current
    @document.save_attachments(params[:attachments])
    if @document.save
      render_attachment_warning_if_needed(@document)
--- a/app/controllers/homework_attach_controller.rb
+++ b/app/controllers/homework_attach_controller.rb
@ -1,5 +1,30 @@
 class HomeworkAttachController < ApplicationController
  ###############################
+  #判断当前角色权限时需先找到当前操作的project
+  before_filter :find_project_by_bid_id, :only => [:new]
+  before_filter :find_project_by_hoemwork_id, :only => [:edit,:update,:destroy,:show,:add_homework_users,:destory_homework_users]
+  #判断当前角色是否有操作权限
+  #勿删 before_filter :authorize, :only => [:new,:edit,:update,:destroy]
+
+  def find_project_by_bid_id
+    @bid = Bid.find(params[:id])
+    @project = @bid.courses[0]
+  rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
+  def find_project_by_hoemwork_id
+    @homework = HomeworkAttach.find(params[:id])
+    @project = @homework.bid.courses[0]
+  end
+
+  #获取作业的成员
+  def get_homework_member homework
+    @hoemwork_users = users_for_homework(@homework)
+    @members = members_for_homework(@homework,@hoemwork_users,params[:q])
+    @members = paginateHelper @members,10
+  end
+
  def index
    @homeworks = HomeworkAttach.all
    respond_to do |format|
@ -8,17 +33,48 @@ class HomeworkAttachController < ApplicationController
    end
  end

-  def add_users users
-    if users != nil && users.count > 0
-      users.each do |user|
-         @homework.homework_users.build(:user_id => user.id)
+  #作业添加成员（参与人员）
+  def add_homework_users
+    if User.current.admin? ||  User.current.member_of?(@homework.bid.courses.first)
+      #@homework = HomeworkAttach.find(params[:id])
+      if params[:membership]
+        if params[:membership][:user_ids]
+          attrs = params[:membership].dup
+          user_ids = attrs.delete(:user_ids)
+          user_ids.each do |user_id|
+            @homework.homework_users.build(:user_id => user_id)
+          end
+        end
+      end
      @homework.save
+      get_homework_member @homework
+      respond_to do |format|
+        format.js
+      end
+    else
+      render_403 :message => :notice_not_authorized
+    end
+  end
+
+  #作业删除成员（参与人员）
+  def destory_homework_users
+    #@homework = HomeworkAttach.find(params[:id])
+    if User.current.admin? ||  User.current.member_of?(@homework.bid.courses.first)
+      homework_user = @homework.homework_users.where("user_id = #{params[:user_id]}").first
+      homework_user.destroy
+      get_homework_member @homework
+      respond_to do |format|
+        format.js
      end
+    else
+      render_403 :message => :notice_not_authorized
    end
  end

  def create
-    #if User.current.logged? && (!Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.nil? && (Member.where('user_id = ? and project_id = ?', User.current.id, @bid.courses.first.id).first.roles&Role.where('id = ? or id = ? or id =?',5, 10, 7)).size >0)
+    bid = Bid.find params[:bid_id]
+    if User.current.admin? || User.current.member_of?(bid.courses.first)
+      if bid.homeworks.where("user_id = ?",User.current).count == 0
        user_id = params[:user_id]
        bid_id = params[:bid_id]
        sta = 0
@ -32,7 +88,7 @@ class HomeworkAttachController < ApplicationController
            :bid_id => bid_id
        }

-      #@bid = Bid.find bid_id
+
        #@homework_list = @bid.homeworks

        @homework = HomeworkAttach.new(options)
@ -45,27 +101,80 @@ class HomeworkAttachController < ApplicationController
            format.json { head :no_content }
          end
        else
-
+          render_403 :message => :notice_not_authorized
+        end
+      else
+        render_403 :message => :notice_has_homework
+      end
+    else
+      render_403 :message => :notice_not_authorized
    end
-    #end
  end

  def new
-    @homework = HomeworkAttach.new
    @bid = Bid.find(params[:id])
+    if User.current.admin? || User.current.member_of?(@bid.courses.first)
+      #该课程的学生的集合(新建不实现功能：添加成员)
+      #@members = @bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id <> #{User.current.id}", {:role_id => [5, 10]})

+      #@members = paginateHelper @members,10
+      #@all_user = []
+      #@bid.courses.first.members.each do |member|
+        #  @all_user << member.user
+        #end
+      @homework = HomeworkAttach.new
+      #@homework_user = members_for_homework(@homework) + User.current
+      #@members = @all_user - @homework_user
      respond_to do |format|
        format.html # new.html.erb
        format.json { render json: @homework }
      end
+    else
+      render_403 :message => :notice_not_authorized
+    end
+  end
+
+  #获取作业成员的集合
+  def get_homework_member_list
+    @homework = HomeworkAttach.find(params[:bid_id])
+    course = @homework.bid.courses.first
+    if User.current.admin? || User.current.member_of?(course)
+      get_homework_member @homework
+    else
+      raise "error"
+    end
+    respond_to do |format|
+      format.js
+    end
+  end
+
+  #获取指定作业的所有成员
+  def users_for_homework homework
+    homework.nil? ? [] : (homework.users + [homework.user])
+  end
+
+  #获取可选成员列表
+  #homework：作业
+  #users：该作业所有成员
+  #q:模糊匹配的用户的昵称
+  def members_for_homework homework,users,q
+    homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
  end

  def edit
-    @homework = HomeworkAttach.find(params[:id])
+    #@homework = HomeworkAttach.find(params[:id])
+    if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
+      #@members = @homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id)", {:role_id => [5, 10]})
+      get_homework_member @homework
+    else
+      render_403 :message => :notice_not_authorized
+    end
  end

  def update
-    @homework = HomeworkAttach.find(params[:id])
+    #@homework = HomeworkAttach.find(params[:id])
+    course = @homework.bid.courses.first
+    if User.current.admin? || User.current.member_of?(course)
      name = params[:homework_name]
      description = params[:homework_description]
      @homework.name = name
@ -80,10 +189,14 @@ class HomeworkAttachController < ApplicationController
        end
      else
      end
+    else
+      render_403 :message => :notice_not_authorized
+    end
  end

  def destroy
-    @homework = HomeworkAttach.find(params[:id])
+    #@homework = HomeworkAttach.find(params[:id])
+    if User.current.admin? || User.current == @homework
      if @homework.destroy
        respond_to do |format|
          format.html { redirect_to project_for_bid_path @homework.bid }
@ -91,11 +204,15 @@ class HomeworkAttachController < ApplicationController
        end
      else
      end
+    else
+      render_403 :message => :notice_not_authorized
+    end
  end

  #显示作业信息
  def show
-    @homework = HomeworkAttach.find(params[:id])
+    #@homework = HomeworkAttach.find(params[:id])
+    if User.current.admin? || User.current.member_of?(@homework.bid.courses.first)
      # 打分统计
      stars_reates = @homework.
          rates(:quality)
@ -109,6 +226,10 @@ class HomeworkAttachController < ApplicationController
        @stars_status_map["star#{star_status.stars.to_i}".to_sym] =
            percent_m.to_s + "%"
      end
+      #是否已经进行过评价
+      @has_evaluation = stars_reates.where("rater_id = ?",User.current).count > 0
+      #是否开启互评功能
+      @is_evaluation = @homework.bid.is_evaluation == 1 || @homework.bid.is_evaluation == nil
      @limit =  10
      @jours = @homework.journals_for_messages.where("is_comprehensive_evaluation is null").order("created_on DESC")
      @feedback_count = @jours.count
@ -116,6 +237,9 @@ class HomeworkAttachController < ApplicationController
      @offset ||= @feedback_pages.offset
      @jour = @jours[@offset, @limit]
      @comprehensive_evaluation = @homework.journals_for_messages.where("is_comprehensive_evaluation is not null").order("created_on DESC")
+    else
+      render_403 :message => :notice_not_authorized
+    end
  end

  #删除留言
--- a/app/controllers/homework_users_controller.rb
+++ b/app/controllers/homework_users_controller.rb
@ -1,3 +1,14 @@
 class HomeworkUsersController < ApplicationController
-
+   #新增数据
+  def create option
+     user = HomeworkUser.new option
+     user.save
+     user
+   end
+  #删除数据
+  def destory homework_user
+    user = HomeworkUser.find homework_user
+    user.destroy
+    user
+  end
 end
--- a/app/controllers/issue_categories_controller.rb
+++ b/app/controllers/issue_categories_controller.rb
@ -19,6 +19,7 @@ class IssueCategoriesController < ApplicationController
  menu_item :settings
  model_object IssueCategory
  before_filter :find_model_object, :except => [:index, :new, :create]
+  #before_filter :find_model_object_contest, :except => [:index, :new, :create]
  before_filter :find_project_from_association, :except => [:index, :new, :create]
  before_filter :find_project_by_project_id, :only => [:index, :new, :create]
  before_filter :authorize
@ -119,4 +120,10 @@ class IssueCategoriesController < ApplicationController
    super
    @category = @object
  end
+  
+  def find_model_object_contest
+    super
+    @category = @object
+  end  
+  
 end
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@ -17,6 +17,7 @@
 class MembersController < ApplicationController
  model_object Member
  before_filter :find_model_object, :except => [:index, :create, :autocomplete]
+  #before_filter :find_model_object_contest, :except => [:index, :create, :autocomplete]
  before_filter :find_project_from_association, :except => [:index, :create, :autocomplete]
  before_filter :find_project_by_project_id, :only => [:index, :create, :autocomplete]
  before_filter :authorize
--- a/app/controllers/notificationcomments_controller.rb
+++ b/app/controllers/notificationcomments_controller.rb
@ -0,0 +1,27 @@
+class NotificationcommentsController < ApplicationController
+  # default_search_scope :contestnotifications
+  # model_object Contestnotifications
+  # before_filter :authorize
+
+  def create
+    #raise Unauthorized unless @contestnotifications.notificationcommentable?
+    @contest = Contest.find(params[:contest_id])
+    @contestnotification = Contestnotification.find(params[:contestnotification_id])
+
+    # @notificaioncomment = Notificationcomment.new
+    # @notificaioncomment.safe_attributes = params[:notificationcomment]
+    # @notificaioncomment.author = User.current
+    comment = @contestnotification.notificationcomments.new(params[:notificationcomment].merge(author_id: User.current.id))
+    if comment.save
+      flash[:notice] = l(:label_comment_added) 
+    end
+
+    redirect_to contest_contestnotification_path(@contest, @contestnotification)
+  end
+
+  def destroy
+    @contestnotifications.notificaioncomments.find(params[:notificaioncomment_id]).destroy
+    redirect_to contest_contestnotification_path(@contestnotifications)
+  end
+  
+end
--- a/app/controllers/praise_tread_controller.rb
+++ b/app/controllers/praise_tread_controller.rb
@ -9,6 +9,7 @@ class PraiseTreadController < ApplicationController
    if request.get?
      @obj_id = params[:obj_id]
      @obj_type = params[:obj_type]
+      @horizontal = params[:horizontal]
      @obj = find_object_by_type_and_id(@obj_type,@obj_id)
      praise_tread_plus(@obj_type,@obj_id,1)  
    end
@ -44,6 +45,7 @@ class PraiseTreadController < ApplicationController
    if request.get?
      @obj_id = params[:obj_id]
      @obj_type = params[:obj_type]
+      @horizontal = params[:horizontal]
      @obj = find_object_by_type_and_id(@obj_type,@obj_id)
      praise_tread_plus(@obj_type,@obj_id,0)   
    end
@ -71,6 +73,10 @@ class PraiseTreadController < ApplicationController
      @obj = Bid.find_by_id(id)
    when 'Contest'
      @obj = Contest.find_by_id(id)
+    when  'Memo'
+      @obj = Memo.find_by_id(id)
+    when 'Message'
+      @obj = Message.find_by_id(id)
    end
    return @obj
  end
--- a/app/controllers/previews_controller.rb
+++ b/app/controllers/previews_controller.rb
@ -16,10 +16,11 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.

 class PreviewsController < ApplicationController
-  before_filter :find_project, :find_attachments
+  before_filter :find_project, :find_attachments, :find_contest, except: [:contestnotification]

  def issue
    @issue = @project.issues.find_by_id(params[:id]) unless params[:id].blank?
+    @issue = @contest.issues.find_by_id(params[:id]) unless params[:id].blank?
    if @issue
      @description = params[:issue] && params[:issue][:description]
      if @description && @description.gsub(/(\r?\n|\n\r?)/, "\n") == @issue.description.to_s.gsub(/(\r?\n|\n\r?)/, "\n")
@ -41,6 +42,12 @@ class PreviewsController < ApplicationController
    render :partial => 'common/preview'
  end

+  def contestnotification
+    @previewed = Contestnotification.find(params[:id])
+    @text = (params[:contestnotification] ? params[:contestnotification][:description] : nil)
+    render :partial => 'common/preview'
+  end
+
  private

  def find_project
@ -50,4 +57,20 @@ class PreviewsController < ApplicationController
    render_404
  end

+  def contestnotifications
+    if params[:id].present? && contestnotifications = Contestnotifications.visible.find_by_id(params[:id])
+      @previewed = contestnotifications
+    end
+    @text = (params[:contestnotifications] ? params[:contestnotifications][:description] : nil)
+    render :partial => 'common/preview'
+  end
+
+  private
+  def find_contest
+    contest_id = (params[:issue] && params[:issue][:contest_id]) || params[:contest_id]
+    @contest = Contest.find(contest_id)
+    rescue ActiveRecord::RecordNotFound
+    render_404
+  end
+
 end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -37,6 +37,7 @@ class ProjectsController < ApplicationController
  # before_filter :authorize, :except => [:new_join, :new_homework, :homework, :statistics, :search, :watcherlist, :index, :list, :new, :create, :copy, :archive, :unarchive, :destroy, :member, :focus, :file, 
  #               :statistics, :feedback, :course, :enterprise_course, :course_enterprise, :project_respond, :share,
  #               :show_projects_score, :issue_score_index, :news_score_index, :file_score_index, :code_submit_score_index, :projects_topic_score_index]
+  #此条勿删 课程相关权限  ,:new_homework,:homework,:feedback,,:member
  before_filter :authorize, :only => [:show, :settings, :edit, :sort_project_members, :update, :modules, :close, :reopen,:view_homework_attaches,:course]
  before_filter :authorize_global, :only => [:new, :create,:view_homework_attaches]
  before_filter :require_admin, :only => [ :copy, :archive, :unarchive, :destroy, :calendar]
@ -716,6 +717,9 @@ class ProjectsController < ApplicationController
      @teachers= searchTeacherAndAssistant(@project)
      @canShowRealName = isCourseTeacher(User.current.id)
    end
+
+    #勿删 real_name action为虚拟的该方法并不存在，用来辅助判断真名权限
+    #勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
    respond_to do |format|
      format.html{render :layout => 'base_courses' if @base_courses_tag==1}
      format.api
--- a/app/controllers/softapplications_controller.rb
+++ b/app/controllers/softapplications_controller.rb
@ -108,11 +108,16 @@ class SoftapplicationsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        membership.member_roles.each{|role|
-          if(role.role_id == 3)
+        #membership.member_roles.each{|role|
+        #  if(role.role_id == 3)
+        #  @option << membership.project
+        #  end
+        #}
+
+        #拥有编辑项目权限的可操作该项目
+        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
          @option << membership.project
        end
-        }
      end
    end
    
--- a/app/controllers/versions_controller.rb
+++ b/app/controllers/versions_controller.rb
@ -20,6 +20,7 @@ class VersionsController < ApplicationController
  menu_item :roadmap
  model_object Version
  before_filter :find_model_object, :except => [:index, :new, :create, :close_completed]
+  #before_filter :find_model_object_contest, :except => [:index, :new, :create]
  before_filter :find_project_from_association, :except => [:index, :new, :create, :close_completed]
  before_filter :find_project_by_project_id, :only => [:index, :new, :create, :close_completed]
  before_filter :authorize
@ -154,6 +155,13 @@ class VersionsController < ApplicationController
    redirect_to settings_project_path(@project, :tab => 'versions')
  end

+  def close_completed_contest
+    if request.put?
+      @contest.close_completed_versions
+    end
+    redirect_to settings_contest_path(@contest, :tab => 'versions')
+  end
+
  def destroy
    if @version.fixed_issues.empty?
      @version.destroy
--- a/app/controllers/watchers_controller.rb
+++ b/app/controllers/watchers_controller.rb
@ -122,7 +122,9 @@ class WatchersController < ApplicationController
    end

  def find_watchables
+    #根据参数获取关注对象的类型（user、project）
    klass = Object.const_get(params[:object_type].camelcase) rescue nil
+    #判断获取的对象类型能否响应‘watched_by’方法
    if klass && klass.respond_to?('watched_by')
      @watchables = klass.find_all_by_id(Array.wrap(params[:object_id]))
      raise Unauthorized if @watchables.any? {|w| w.respond_to?(:visible?) && !w.visible?}
--- a/app/controllers/welcome_controller.rb
+++ b/app/controllers/welcome_controller.rb
@ -18,7 +18,7 @@
 class WelcomeController < ApplicationController
  caches_action :robots
  # before_filter :fake, :only => [:index, :course]
-  before_filter :entry_select_course, :entry_select_contest, :entry_select_user, :only => [:index]
+  before_filter :entry_select, :only => [:index]
 
  def index

@ -92,9 +92,28 @@ class WelcomeController < ApplicationController

  private

+  def entry_select
+    url = request.original_url
+    if url.include?("course.trustie.net")
+      course
+      render :course
+      return 0
+    elsif url.include?("contest.trustie.net")
+      contest
+      render :contest
+      return 0
+    elsif url.include?("user.trustie.net")
+      redirect_to(:controller => "users", :action => "index")
+    end
+      
+    
+  end
+
  # 判断网站的入口，是课程 course 则跳过index去渲染 course 方法
  def entry_select_course
-    (course() and render :course and return 0) if request.original_url.match(/course\.trustie\.net/)
+    if request.original_url.match(/course\.trustie\.net/)
+      (course() and render :course and return 0) 
+    end
  end
  
  def entry_select_contest
--- a/Show More
+++ b/Show More