From 01f6b0d16ee026b3e337a55a579795b26953bba3 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Wed, 17 Aug 2022 00:54:20 +0200 Subject: [PATCH] Reduce skip_before_action usage --- app/controllers/comments_controller.rb | 3 --- app/controllers/exercises_controller.rb | 9 ++++----- app/controllers/internal_users_controller.rb | 1 - app/controllers/submissions_controller.rb | 1 - 4 files changed, 4 insertions(+), 10 deletions(-) diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 8a2a270c..201246ce 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -3,9 +3,6 @@ class CommentsController < ApplicationController before_action :set_comment, only: %i[show update destroy] - # to disable authorization check: comment the line below back in - # skip_after_action :verify_authorized - def authorize! authorize(@comment || @comments) end diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb index 0d341b02..91259c68 100644 --- a/app/controllers/exercises_controller.rb +++ b/app/controllers/exercises_controller.rb @@ -18,11 +18,9 @@ class ExercisesController < ApplicationController before_action :set_course_token, only: [:implement] before_action :set_available_tips, only: %i[implement show new edit] - skip_before_action :verify_authenticity_token, - only: %i[import_exercise import_uuid_check export_external_confirm export_external_check] - skip_after_action :verify_authorized, only: %i[import_exercise import_uuid_check export_external_confirm] - skip_after_action :verify_policy_scoped, only: %i[import_exercise import_uuid_check export_external_confirm], - raise: false + skip_before_action :verify_authenticity_token, only: %i[import_exercise import_uuid_check] + skip_after_action :verify_authorized, only: %i[import_exercise import_uuid_check] + skip_after_action :verify_policy_scoped, only: %i[import_exercise import_uuid_check], raise: false def authorize! authorize(@exercise || @exercises) @@ -129,6 +127,7 @@ class ExercisesController < ApplicationController end def export_external_confirm + authorize! @exercise.uuid = SecureRandom.uuid if @exercise.uuid.nil? error = ExerciseService::PushExternal.call( diff --git a/app/controllers/internal_users_controller.rb b/app/controllers/internal_users_controller.rb index 053699c8..f7f0e086 100644 --- a/app/controllers/internal_users_controller.rb +++ b/app/controllers/internal_users_controller.rb @@ -6,7 +6,6 @@ class InternalUsersController < ApplicationController before_action :require_activation_token, only: :activate before_action :require_reset_password_token, only: :reset_password before_action :set_user, only: MEMBER_ACTIONS - skip_before_action :verify_authenticity_token, only: :activate after_action :verify_authorized, except: %i[activate forgot_password reset_password] def activate diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 22aac5f3..b24f9527 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -13,7 +13,6 @@ class SubmissionsController < ApplicationController before_action :set_files, only: %i[download show] before_action :set_files_and_specific_file, only: %i[download_file render_file run test] before_action :set_mime_type, only: %i[download_file render_file] - skip_before_action :verify_authenticity_token, only: %i[download_file render_file] def create @submission = Submission.new(submission_params)