more secure code #21

happypeter · Dec 1, 2012 · 2f0cb7c · 2f0cb7c
1 parent d0607da
commit 2f0cb7c
Show file tree

Hide file tree

Showing 14 changed files with 101 additions and 44 deletions.
diff --git a/app/assets/stylesheets/course.css.scss b/app/assets/stylesheets/course.css.scss
@@ -17,3 +17,7 @@ div#html5-player {
    }
   }
 }
+
+#video_create_box {
+  padding-left: 40px;
+}
diff --git a/app/assets/stylesheets/vendor/bootstrap.css.scss b/app/assets/stylesheets/vendor/bootstrap.css.scss
@@ -18,4 +18,3 @@
 // Components: Popovers
 @import "bootstrap/modals";
 @import "bootstrap/tooltip";
-
diff --git a/app/models/course.rb b/app/models/course.rb
@@ -1,5 +1,5 @@
 class Course < ActiveRecord::Base
   has_many :comments
   has_many :videos
-  attr_accessible :cat, :description, :name
+  attr_accessible :cat, :description, :name, :title
 end
diff --git a/app/views/courses/_add_class.html.erb b/app/views/courses/_add_class.html.erb
@@ -0,0 +1,28 @@
+<h3><%= t("add_class") %></h3>
+<% if course.videos.empty? %>
+  <% this_video_no = 0 %>
+<% else %>
+  <% this_video_no = course.videos.reorder('no').last.no + 1 %>
+<% end  %>
+
+<div id="video_create_box">
+  <%= form_for(Video.new(:course_id => course.id)) do |f| %>
+    <%= f.label t("video_no") %>
+    <%= f.select :no, ((0..20).map {|i| [i,i] }),  :selected => this_video_no  %>
+    (第0课为课程简介，第一课序号为1，以此类推)
+    <br>
+    <br>
+    <%= f.hidden_field :course_id %>
+    <% if not course.videos.empty? %>
+      <%= f.label t("video_title") %>
+      <%= f.text_field :title %>
+      <br>
+      <br>
+    <% end %>
+    <%= f.label t("video_link") %>
+    <%= f.text_field :link %>
+    <br>
+    <br>
+    <%= f.submit "#{t('add_this_video')}", :class => "btn btn-success", :id => "comment_btn" %>
+  <% end %>
+</div>
diff --git a/app/views/courses/_course.html.erb b/app/views/courses/_course.html.erb
@@ -1,6 +1,6 @@
 <li class="repo grid-1 <%= course.cat %>">
   <a href="/courses/<%= course.name%>">
-    <h2> <%= course.name %> </h2>
+    <h2> <%= course.title %> </h2>
     <h3> <%= course.cat.titleize %> </h3>
     <p>
        <%=course.description %>

diff --git a/app/views/courses/_form.html.erb b/app/views/courses/_form.html.erb
@@ -12,16 +12,21 @@
   <% end %>
 
   <div class="field">
-    <%= f.label :name %><br />
+    <%= f.label t('course_name') %>  (小写不能带空格)
+    <br />
     <%= f.text_field :name %>
   </div>
   <div class="field">
-    <%= f.label :cat %><br />
+    <%= f.label t('course_title') %><br />
+    <%= f.text_field :title %>
+  </div>
+  <div class="field">
+    <%= f.label t('cat') %><br />
     <%= f.text_field :cat %>
   </div>
   <div class="field">
-    <%= f.label :description %><br />
-    <%= f.text_field :description %>
+    <%= f.label t('course_description') %><br />
+    <%= f.text_area :description %>
   </div>
   <div class="actions">
     <%= f.submit %>

diff --git a/app/views/courses/_video_player.html.erb b/app/views/courses/_video_player.html.erb
@@ -1,11 +1,13 @@
 <div id="html5-player">
   <video id="videojs" class="video-js vjs-default-skin" controls width="768" height="576" poster="" preload="auto" data-setup="{}">
-  <source src=<%= video.link %> type="video/mp4"/ >
+  <source src="<%= video.link %>" type="video/mp4"/ >
   </video>
   <div id="title_area">
-    <h2><%= video.course.name %></h2>
+    <h2>
+      <%= video.course.title %>
+    </h2>
     <p class="light"><%=video.course.cat.titleize %><p>
-    <p><%=video.course.description %><p>
+    <p><%= video.course.description %><p>
     <p>
     <% if can? :edit, :course %>
       <%= link_to 'Edit', edit_course_path(@course) %>

diff --git a/app/views/courses/_videos.html.erb b/app/views/courses/_videos.html.erb
@@ -1,3 +1,21 @@
-<%= div_for videos do %>
-      <%= link_to videos.title, "/courses/" + videos.course.name + "/" + videos.no.to_s%>
-<% end %>
+<ul class="nav nav-pills nav-stacked">
+  <% videos.each do |video| %>
+    <% if video.no == current_video.no %>
+      <li class = "active">
+        <% if video.no == 0 %>
+          <%= link_to t("course_intro")+ " (#{t('playing')})", "/courses/" + video.course.name %>
+        <% else %>
+          <%= link_to " 第#{video.no}课: " + video.title + " (#{t('playing')})", "/courses/" + video.course.name + "/" + video.no.to_s %>
+        <% end %>
+      </li>
+    <% else %>
+      <li>
+        <% if video.no == 0 %>
+          <%= link_to t("course_intro"), "/courses/" + video.course.name %>
+        <% else %>
+          <%= link_to "第#{video.no}课:" + video.title, "/courses/" + video.course.name + "/" + video.no.to_s %>
+        <% end %>
+      </li>
+    <% end %>
+  <% end %>
+</ul>
diff --git a/app/views/courses/index.html.erb b/app/views/courses/index.html.erb
@@ -1,6 +1,6 @@
 <p id="notice"><%= notice %></p>
 
-<%= link_to t("create_course"), "/create_course" %>
+<%= link_to t("create_course"), "/create_course", :class => "btn btn-success" %>
 
 <div id="wrapper" class="grid clearfix">
   <ol id="repos">

diff --git a/app/views/courses/show.html.erb b/app/views/courses/show.html.erb
@@ -6,29 +6,16 @@
   <%= render "video_player", :video => @video %>
 
   <div id="videos">
-    <h3><%= t("videos") %></h3>
-    <%= render :partial => "videos", :collection => @course.videos.reorder('no') %>
+    <h3><%= t("all_videos") %></h3>
+    <%= render "videos", :videos  => @course.videos.reorder('no'), :current_video => @video %>
   </div>
 
 <% else %>
-  Plz upload video
+  <%= t('no_classes') %>
 <% end %>
 
-      <div class="videos">
-        <div id="video_create_box">
-          <%= form_for(Video.new(:course_id => @course.id)) do |f| %>
-            <%= f.select :no, ((0..20).map {|i| [i,i] } << ["no", nil]) %>
-            <%= f.hidden_field :course_id %>
-            <%= f.label t("video_title") %>
-            <%= f.text_field :title %>
-            <br>
-            <%= f.label t("video_link") %>
-            <%= f.text_field :link %>
-            <br>
-            <%= f.submit "#{t('add_this_video')}", :class => "btn btn-success", :id => "comment_btn" %>
-          <% end %>
-        </div>
-      </div>
+
+<%= render "add_class", :course => @course %>
 
 <div id="comments">
   <h3><%= t("comment") %></h3>

diff --git a/config/locales/zh-CN.yml b/config/locales/zh-CN.yml
@@ -1,21 +1,28 @@
 zh-CN:
+  course_name: "课程英文名"
+  course_title: "课程标题"
   logout: "退出"
+  no_classes: "课程表中还没有课"
+  course_intro: "课程介绍"
   cat: "分类"
   login: "登录"
   signup: "注册"
   comment: "评论"
   publish_comment: "发表评论"
-  description: "课程描述"
+  course_description: "课程描述"
   edit: "编辑"
   delete: "删除"
   name: "用户名"
   email: "邮箱"
   create_account: "创建用户"
-  course_name: "课程名称"
   add_this_video: "添加"
-  video_title: "视频标题"
+  add_class: "添加一节课"
   videos: "视频"
-  video_link: "视频链接"
+  all_videos: "课程表"
+  playing: "正在播放"
+  video_no: "排序"
+  video_title: "标题"
+  video_link: "链接"
   create_course: "创建课程"
   datetime:
     distance_in_words:

diff --git a/db/migrate/20121130135953_drop_peters.rb b/db/migrate/20121130135953_drop_peters.rb
@@ -0,0 +1,8 @@
+class DropPeters < ActiveRecord::Migration
+  def up
+    drop_table :peters
+  end
+
+  def down
+  end
+end
diff --git a/db/migrate/20121130140154_add_title_to_courses.rb b/db/migrate/20121130140154_add_title_to_courses.rb
@@ -0,0 +1,5 @@
+class AddTitleToCourses < ActiveRecord::Migration
+  def change
+    add_column :courses, :title, :string
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended to check this file into your version control system.
 
-ActiveRecord::Schema.define(:version => 20121130061759) do
+ActiveRecord::Schema.define(:version => 20121130140154) do
 
   create_table "comments", :force => true do |t|
     t.string   "content"
@@ -27,13 +27,7 @@
     t.string   "description"
     t.datetime "created_at",  :null => false
     t.datetime "updated_at",  :null => false
-  end
-
-  create_table "peters", :force => true do |t|
-    t.string   "name"
-    t.text     "body"
-    t.datetime "created_at", :null => false
-    t.datetime "updated_at", :null => false
+    t.string   "title"
   end
 
   create_table "users", :force => true do |t|