public HttpResponseMessage MarkAssignment([FromBody] JObject hw) { try { string signature = HttpUtil.GetAuthorization(Request); if (signature == null || !redis.IsSet(signature)) { return(new Response(2001, "未登录账户").Convert()); } bool login = redis.IsSet(signature); if (!login) { return(new Response(2001, "未登录账户").Convert()); } string id = redis.Get <string>(signature); var jsonParams = HttpUtil.Deserialize(hw); // string id = jsonParams.id; int hwid = Convert.ToInt32(jsonParams.hwid); float grade = Convert.ToSingle(jsonParams.grade); User user = UserDao.GetUserById(id); Assignment assignment = AssignmentDao.GetAssignmentById(hwid); Experiment exp = ExperimentDao.GetExperimentById((int)assignment.experiment_id); Course course = CourseDao.GetCourseInfoById((int)exp.course_id); ///权限控制,该课程助教与老师可以访问 if (CourseDao.GetAssistantsByCourseId(course.id).Where(a => a.student_id == id).Count() == 1 || id == course.teacher_id) { AssignmentDao.ModifyScore(hwid, grade); return(new Response(1001, "评分成功").Convert()); } else { return(new Response(2002, "无权打分").Convert()); } } catch (Exception e) { ErrorLogUtil.WriteLogToFile(e, Request); return(Response.Error()); } }