chichunchen · August 29, 2015 14:13
diff --git a/course.rb b/course.rb
 class Course < ActiveRecord::Base
  mount_uploader :CourseData, CourseDataUploader
  
  validates :year, :name, :teacher, :grade, :category, :grade_id, :semester_id, :presence => true

  validates :CourseData, :presence => true

  belongs_to :grade

  belongs_to :semester

  belongs_to :owner, class_name: "User", foreign_key: :user_id

  scope :recent, ->{ order("year DESC") }

  # this should be put in ability.rb
  def editable_by?(user)
    user && user == owner || user.admin?
  end
 end
diff --git a/course_data_uploader.rb b/course_data_uploader.rb
 # encoding: utf-8

 class CourseDataUploader < CarrierWave::Uploader::Base

  # Include RMagick or MiniMagick support:
  # include CarrierWave::RMagick
  # include CarrierWave::MiniMagick

  # Include the Sprockets helpers for Rails 3.1+ asset pipeline compatibility:
  # include Sprockets::Helpers::RailsHelper
  # include Sprockets::Helpers::IsolatedHelper

  # Choose what kind of storage to use for this uploader:
  storage :file
  # storage :fog

  # Override the directory where uploaded files will be stored.
  # This is a sensible default for uploaders that are meant to be mounted:
  def store_dir
    "uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
  end

  def extension_white_list
    %w(pdf jpg jpeg png zip rar doc docx ppt pages)
  end

  # Provide a default URL as a default if there hasn't been a file uploaded:
  # def default_url
  #   # For Rails 3.1+ asset pipeline compatibility:
  #   # asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
  #
  #   "/images/fallback/" + [version_name, "default.png"].compact.join('_')
  # end
 end
diff --git a/courses_controller.rb b/courses_controller.rb
 class CoursesController < ApplicationController
  before_action :authenticate_user!  
  before_action :validate_search_key , :only => [:search]

  # GET /courses/new
  def new
    @course = Course.new
    authorize! :create, @course
  end

  # GET /courses/1/edit
  def edit
    @course = current_user.courses.find(params[:id])
    authorize! :update, @course
  end

  # POST /courses
  # POST /courses.json
  def create
    @course = current_user.courses.new(course_params)

    respond_to do |format|
      if @course.save
        # format.html { redirect_to @course, notice: 'Course was successfully created.' }
        format.html { redirect_to grade_path(@course.grade_id), notice: '課程已成功新增！' }
        format.json { render :index, status: :created, location: @courses }
      else
        format.html { render :new }
        format.json { render json: @course.errors, status: :unprocessable_entity }
      end
    end

    authorize! :create, @course
  end

  # PATCH/PUT /courses/1
  # PATCH/PUT /courses/1.json
  def update
    find_course_and_check_is_admin?

    if @course.update(course_params)
      redirect_to grade_path(@course.grade_id), notice: '課程已修改成功'
    else
      render :new
    end

    authorize! :update, @course
  end

  # DELETE /courses/1
  # DELETE /courses/1.json
  def destroy
    find_course_and_check_is_admin?
    
    @course.destroy
    respond_to do |format|
      # format.html { redirect_to courses_url, notice: 'Course was successfully destroyed.' }
      format.html { redirect_to grade_path(@course.grade_id), notice: '已刪除該課程檔案。' }
      format.json { head :no_content }
    end

    authorize! :destroy, @course
  end

  def download_file
    @course = Course.find(params[:id])
    send_file(@course.CourseData.path,
              :disposition => 'attachment',
              :url_based_filename => false)
  end

  def search
    if @query_string.present?
      @courses = Course.ransack(@search_criteria).result(:distinct => true)
    end
  end

  protected

  # 處理params[:q]拿到的資料，把特殊字元拿掉
  def validate_search_key
    @query_string = params[:q].gsub(/\\|\'|\/|\?/, "") if params[:q].present?
    @search_criteria = search_criteria(@query_string)
  end

  # 告訴controller我們要找的資料範圍
  def search_criteria(query_string)
    { :name_or_teacher_cont => query_string }
  end

  private

    def find_course_and_check_is_admin?
      if current_user.admin?
        @course = Course.find(params[:id])
      else
        @course = current_user.courses.find(params[:id])
      end
    end

    # Never trust parameters from the scary internet, only allow the white list through.
    def course_params
      params.require(:course).permit(:name, :category, :year, :grade_id, :teacher, :note, :CourseData, :semester_id)
    end
 end
diff --git a/完整專案 b/完整專案
 完整專案程式碼：http://140.113.122.162:3000/

 帳號：[email protected]  
 密碼：12345678
	class Course < ActiveRecord::Base
	mount_uploader :CourseData, CourseDataUploader

	validates :year, :name, :teacher, :grade, :category, :grade_id, :semester_id, :presence => true

	validates :CourseData, :presence => true

	belongs_to :grade

	belongs_to :semester

	belongs_to :owner, class_name: "User", foreign_key: :user_id

	scope :recent, ->{ order("year DESC") }

	# this should be put in ability.rb
	def editable_by?(user)
	user && user == owner \|\| user.admin?
	end
	end
	# encoding: utf-8

	class CourseDataUploader < CarrierWave::Uploader::Base

	# Include RMagick or MiniMagick support:
	# include CarrierWave::RMagick
	# include CarrierWave::MiniMagick

	# Include the Sprockets helpers for Rails 3.1+ asset pipeline compatibility:
	# include Sprockets::Helpers::RailsHelper
	# include Sprockets::Helpers::IsolatedHelper

	# Choose what kind of storage to use for this uploader:
	storage :file
	# storage :fog

	# Override the directory where uploaded files will be stored.
	# This is a sensible default for uploaders that are meant to be mounted:
	def store_dir
	"uploads/#{model.class.to_s.underscore}/#{mounted_as}/#{model.id}"
	end

	def extension_white_list
	%w(pdf jpg jpeg png zip rar doc docx ppt pages)
	end

	# Provide a default URL as a default if there hasn't been a file uploaded:
	# def default_url
	# # For Rails 3.1+ asset pipeline compatibility:
	# # asset_path("fallback/" + [version_name, "default.png"].compact.join('_'))
	#
	# "/images/fallback/" + [version_name, "default.png"].compact.join('_')
	# end
	end
	class CoursesController < ApplicationController
	before_action :authenticate_user!
	before_action :validate_search_key , :only => [:search]

	# GET /courses/new
	def new
	@course = Course.new
	authorize! :create, @course
	end

	# GET /courses/1/edit
	def edit
	@course = current_user.courses.find(params[:id])
	authorize! :update, @course
	end

	# POST /courses
	# POST /courses.json
	def create
	@course = current_user.courses.new(course_params)

	respond_to do \|format\|
	if @course.save
	# format.html { redirect_to @course, notice: 'Course was successfully created.' }
	format.html { redirect_to grade_path(@course.grade_id), notice: '課程已成功新增！' }
	format.json { render :index, status: :created, location: @courses }
	else
	format.html { render :new }
	format.json { render json: @course.errors, status: :unprocessable_entity }
	end
	end

	authorize! :create, @course
	end

	# PATCH/PUT /courses/1
	# PATCH/PUT /courses/1.json
	def update
	find_course_and_check_is_admin?

	if @course.update(course_params)
	redirect_to grade_path(@course.grade_id), notice: '課程已修改成功'
	else
	render :new
	end

	authorize! :update, @course
	end

	# DELETE /courses/1
	# DELETE /courses/1.json
	def destroy
	find_course_and_check_is_admin?

	@course.destroy
	respond_to do \|format\|
	# format.html { redirect_to courses_url, notice: 'Course was successfully destroyed.' }
	format.html { redirect_to grade_path(@course.grade_id), notice: '已刪除該課程檔案。' }
	format.json { head :no_content }
	end

	authorize! :destroy, @course
	end

	def download_file
	@course = Course.find(params[:id])
	send_file(@course.CourseData.path,
	:disposition => 'attachment',
	:url_based_filename => false)
	end

	def search
	if @query_string.present?
	@courses = Course.ransack(@search_criteria).result(:distinct => true)
	end
	end

	protected

	# 處理params[:q]拿到的資料，把特殊字元拿掉
	def validate_search_key
	@query_string = params[:q].gsub(/\\\|\'\|\/\|\?/, "") if params[:q].present?
	@search_criteria = search_criteria(@query_string)
	end

	# 告訴controller我們要找的資料範圍
	def search_criteria(query_string)
	{ :name_or_teacher_cont => query_string }
	end

	private

	def find_course_and_check_is_admin?
	if current_user.admin?
	@course = Course.find(params[:id])
	else
	@course = current_user.courses.find(params[:id])
	end
	end

	# Never trust parameters from the scary internet, only allow the white list through.
	def course_params
	params.require(:course).permit(:name, :category, :year, :grade_id, :teacher, :note, :CourseData, :semester_id)
	end
	end
	完整專案程式碼：http://140.113.122.162:3000/

	帳號：[email protected]
	密碼：12345678