From 32219bd8502737baff06f239109451a274875776 Mon Sep 17 00:00:00 2001
From: sw <939547590@qq.com>
Date: Tue, 13 Jan 2015 10:23:26 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E8=AE=BF=E9=97=AE=E6=9D=83?=
 =?UTF-8?q?=E9=99=90=E6=8E=A7=E5=88=B6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/controllers/poll_controller.rb | 11 +++++++++++
 app/views/poll/destroy.js.erb      |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/controllers/poll_controller.rb b/app/controllers/poll_controller.rb
index 5f0119022..cb01c573e 100644
--- a/app/controllers/poll_controller.rb
+++ b/app/controllers/poll_controller.rb
@@ -1,9 +1,12 @@
 class PollController < ApplicationController
   before_filter :find_poll_and_course, :only => [:edit,:update,:destroy]
   before_filter :find_container, :only => [:new,:create, :index]
+  before_filter :is_member_of_course, :only => [:index,:show]
+  before_filter :is_course_teacher, :only => [:new,:create,:edit,:update,:destroy]
 
   def index
     if @course
+      @is_teacher = User.current.allowed_to?(:as_teacher,course)
       @polls = Poll.where("polls_type = 'Course' and polls_group_id = #{@course.id}")
       respond_to do |format|
         format.html{render :layout => 'base_courses'}
@@ -86,4 +89,12 @@ class PollController < ApplicationController
       render_404
     end
   end
+
+  def is_member_of_course
+    render_403 unless(@course && User.current.member_of_course?(@course))
+  end
+
+  def is_course_teacher
+    render_403 unless(@course && User.current.allowed_to?(:as_teacher,course))
+  end
 end
\ No newline at end of file
diff --git a/app/views/poll/destroy.js.erb b/app/views/poll/destroy.js.erb
index abfecb167..cf94b5661 100644
--- a/app/views/poll/destroy.js.erb
+++ b/app/views/poll/destroy.js.erb
@@ -1,4 +1,4 @@
 <% if @poll%>
     $("#polls_<%= @poll.id%>").remove();
 <%else%>
-<% end %>
+<% end %>
\ No newline at end of file