权限管理优化

11 years ago · b87abf1f68
parent 4c6fb2a266
commit b87abf1f68
11 changed files with 68 additions and 74 deletions
--- a/app/controllers/bids_controller.rb
+++ b/app/controllers/bids_controller.rb
@ -378,11 +378,6 @@ class BidsController < ApplicationController
        if membership.user.allowed_to?(:quote_project,membership.project)
          @option << membership.project
        end
-        #membership.member_roles.each{|role|
-        #  if(role.role_id == 3)
-        #    @option << membership.project
-        #  end
-        #}
      end
    end

@ -457,14 +452,6 @@ class BidsController < ApplicationController
    if (User.current.logged? && User.current.member_of_course?(@bid.courses.first))
      # flash[:notice] = ""
      @membership = User.current.coursememberships.all(:conditions => Course.visible_condition(User.current))
-      #@option = []
-      #@membership.each do |membership|
-      #    membership.member_roles.each{|role|
-      #      if(role.role_id == 3)
-      #        @option << membership.course
-      #      end
-      #    }
-      #end

      @user = @bid.author
      @bidding_project = @bid.biding_projects.all
--- a/app/controllers/contests_controller.rb
+++ b/app/controllers/contests_controller.rb
@ -232,12 +232,7 @@ class ContestsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        #membership.member_roles.each{|role|
-        #  if(role.role_id == 3)
-        #  @option << membership.project
-        #  end
-        #}
-        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
+        if User.current.allowed_to?(:quote_project, membership.project)
            @option << membership.project
        end
      end
@ -326,13 +321,8 @@ class ContestsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        #membership.member_roles.each{|role|
-          #if(role.role_id == 3)
-          #@option << membership.project
-          #end
-        #}
        #拥有编辑项目权限的可将该项目参赛
-        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
+        if User.current.allowed_to?(:quote_project, membership.project)
          @option << membership.project
        end
      end
--- a/app/controllers/homework_attach_controller.rb
+++ b/app/controllers/homework_attach_controller.rb
@ -169,7 +169,15 @@ class HomeworkAttachController < ApplicationController
  #users：该作业所有成员
  #q:模糊匹配的用户的昵称
  def members_for_homework homework,users,q
-    homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
+    #homework.bid.courses.first.members.joins(:member_roles).where("member_roles.role_id IN (:role_id) and user_id not in (:users)", {:role_id => [5, 10],:users => users}).joins(:user).where("users.login like '%#{q}%'")
+    unpartin_users = homework.bid.courses.first.members.where("user_id not in (:users)", {:users => users}).joins(:user).where("users.login like '%#{q}%'")
+    canpartin_users = []
+    unpartin_users.each do |m|
+        if m.user.allowed_to?(:paret_in_homework,homework.bid.courses.first)
+          canpartin_users << m
+        end
+    end
+    canpartin_users
  end

  def edit
--- a/app/controllers/members_controller.rb
+++ b/app/controllers/members_controller.rb
@ -76,8 +76,10 @@ class MembersController < ApplicationController
              members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
              user_grades << UserGrade.new(:user_id => user_id, :project_id => @project.id)
              ## added by nie
-              if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-                project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id)
+
+              if (params[:membership][:role_ids])
+                role = Role.find(params[:membership][:role_ids][0])
+                project_info << ProjectInfo.new(:user_id => user_id, :project_id => @project.id) if role.allowed_to?(:is_manager)
                # ProjectInfo.create(:name => "test", :user_id => 123)
              end
              ## end
@ -86,8 +88,9 @@ class MembersController < ApplicationController
            members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
            user_grades << UserGrade.new(:user_id => params[:membership][:user_id], :project_id => @project.id)
            ## added by nie
-            if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-              project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id])
+            if (params[:membership][:role_ids])
+              role = Role.find(params[:membership][:role_ids][0])
+              project_info << ProjectInfo.new(:project_id => @project.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
            end
            ## end
          end
@ -123,14 +126,16 @@ class MembersController < ApplicationController
            user_ids.each do |user_id|
              members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => user_id)
              #user_grades << UserGrade.new(:user_id => user_id, :course_id => @course.id)
-              if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-                course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id)
+              if (params[:membership][:role_ids])
+                role = Role.find(params[:membership][:role_ids][0])
+                course_info << CourseInfo.new(:user_id => user_id, :course_id => @course.id)  if role.allowed_to?(:is_manager)
              end
            end
          else
            members << Member.new(:role_ids => params[:membership][:role_ids], :user_id => params[:membership][:user_id])
-            if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-              course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id])
+            if (params[:membership][:role_ids])
+              role = Role.find(params[:membership][:role_ids][0])
+              course_info << CourseInfo.new(:course_id => @course.id, :user_id => params[:membership][:user_id]) if role.allowed_to?(:is_manager)
            end
          end
          @course.members << members
@ -162,14 +167,17 @@ class MembersController < ApplicationController
        @member.role_ids = params[:membership][:role_ids]

        #added by nie
-        if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-          @projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
-          @projectInfo.save
-        else
-          user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
-          if user_admin.size > 0
-            user_admin.each do |user|
-              user.destroy
+        if (params[:membership][:role_ids])
+          role = Role.find(params[:membership][:role_ids][0])
+          if role.allowed_to?(:is_manager)
+            @projectInfo = ProjectInfo.new(:user_id => @member.user_id, :project_id => @project.id)
+            @projectInfo.save
+          else
+            user_admin = ProjectInfo.where("user_id = ? and project_id = ?", @member.user_id, @project.id)
+            if user_admin.size > 0
+              user_admin.each do |user|
+                user.destroy
+              end
            end
          end
        end
@ -191,14 +199,17 @@ class MembersController < ApplicationController
      if params[:membership]
        @member.role_ids = params[:membership][:role_ids]

-        if (params[:membership][:role_ids] && params[:membership][:role_ids][0] == "3")
-          @courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
-          @courseInfo.save
-        else
-          user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
-          if user_admin.size > 0
-            user_admin.each do |user|
-              user.destroy
+        if (params[:membership][:role_ids])
+          role = Role.find(params[:membership][:role_ids][0])
+          if role.allowed_to?(:is_manager)
+            @courseInfo = CourseInfos.new(:user_id => @member.user_id, :course_id => @course.id)
+            @courseInfo.save
+          else
+            user_admin = CourseInfos.where("user_id = ? and course_id = ?", @member.user_id, @course.id)
+            if user_admin.size > 0
+              user_admin.each do |user|
+                user.destroy
+              end
            end
          end
        end
--- a/app/controllers/projects_controller.rb
+++ b/app/controllers/projects_controller.rb
@ -729,8 +729,8 @@ class ProjectsController < ApplicationController
      @canShowRealName = isCourseTeacher(User.current.id)
    end

-    #勿删 real_name action为虚拟的该方法并不存在，用来辅助判断真名权限
-    #勿删 @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
+    # real_name action为虚拟的该方法并不存在，用来辅助判断真名权限
+    # @canShowRealName = User.current.allowed_to?({:controller => "projects", :action => "real_name"}, @project || @projects, :global => false)
    respond_to do |format|
      format.html{render :layout => 'base_courses' if @base_courses_tag==1}
      format.api
--- a/app/controllers/softapplications_controller.rb
+++ b/app/controllers/softapplications_controller.rb
@ -108,14 +108,8 @@ class SoftapplicationsController < ApplicationController
    # @contesting_project_pages = Paginator.new @contesting_project_count, per_page_option, params['page']
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        #membership.member_roles.each{|role|
-        #  if(role.role_id == 3)
-        #  @option << membership.project
-        #  end
-        #}
-
        #拥有编辑项目权限的可操作该项目
-        if User.current.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
+        if User.current.allowed_to?(:quote_project,membership.project)
          @option << membership.project
        end
      end
--- a/app/helpers/shares_helper.rb
+++ b/app/helpers/shares_helper.rb
@ -4,13 +4,8 @@ def options_from_select_project(user)
  @option = []
    @membership.each do |membership|
      unless(membership.project.project_type==1)
-        #membership.member_roles.each{|role|
-        #  if(role.role_id == 3)
-        #  @option << membership.project
-        #  end
-        #}
-        #拥有编辑项目权限的可操作该项目
-        if user.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
+        #可被用户引用的项目
+        if user.allowed_to?(:quote_project, membership.project)
          @option << membership.project
        end
      end
--- a/app/helpers/user_score_helper.rb
+++ b/app/helpers/user_score_helper.rb
@ -228,16 +228,10 @@ module UserScoreHelper
    isManager = 0
    members = Member.where('user_id = ?', user.id)
    members.each do |m|
-      #roles = m.member_roles
-      #roles.each do |r|
-      #  if r.role_id == 3
-      #    isManager = 1
-      #  end
-      #end
      @membership = m.memberships.all(:conditions => Project.visible_condition(User.current))
      @membership.each do |membership|
        #拥有编辑项目权限的可操作该项目
-        if m.allowed_to?({:controller => "projects", :action => "edit"}, membership.project, :global => false)
+        if m.allowed_to?(:is_manager, membership.project, :global => false)
          isManager = 1
        end
      end
--- a/app/views/projects/_homeworkupload_homeworkproject.html.erb
+++ b/app/views/projects/_homeworkupload_homeworkproject.html.erb
@ -4,7 +4,7 @@
    membership.each do |member|
      unless(member.project.project_type==1)
        member.member_roles.each{|role|
-          if(role.role_id == 3)
+          if role.allowed_to?(:quote_project)
          option << member.project
          end
        }
--- a/db/migrate/20140708023356_add_authority.rb
+++ b/db/migrate/20140708023356_add_authority.rb
@ -0,0 +1,13 @@
+class AddAuthority < ActiveRecord::Migration
+  def change
+    # 添加课程权限
+    Role.all.each do |role|
+      if role.name == '学生'
+        role.permissions.append(:paret_in_homework)
+      elsif role.name == 'Manager'
+        role.permissions.append(:is_manager)
+      end
+      role.save(:validate => false)
+    end
+  end
+end
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@ -99,6 +99,7 @@ Redmine::AccessControl.map do |map|
  map.permission :add_subprojects, {:projects => [:new, :create]}, :require => :member
  map.permission :view_journals_for_messages, {:gantts => [:show, :update]}, :read => true
  map.permission :quote_project, {},:require => :member
+  map.permission :is_manager,{},:require => :member

  #课程权限模块
  #added by nwb
@ -122,6 +123,7 @@ Redmine::AccessControl.map do |map|
  #作业模块权限
  map.course_module :bids do |map|
    map.permission :view_homework_attaches, {:bids => [:show, :show_project, :revision]}, :read => true
+    map.permission :paret_in_homework,{},:require => :member
  end

  map.course_module :boards do |map|