htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reduce skip_before_action usage

Browse Source
This commit is contained in:
Sebastian Serth
2022-08-17 00:54:20 +02:00
parent 90bcd25ff2
commit 01f6b0d16e
4 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
app/controllers/comments_controller.rb
View File

@ -3,9 +3,6 @@
class CommentsController < ApplicationController class CommentsController < ApplicationController
before_action :set_comment, only: %i[show update destroy] before_action :set_comment, only: %i[show update destroy]
# to disable authorization check: comment the line below back in
# skip_after_action :verify_authorized
def authorize! def authorize!
authorize(@comment || @comments) authorize(@comment || @comments)
end end

9
app/controllers/exercises_controller.rb
View File

@ -18,11 +18,9 @@ class ExercisesController < ApplicationController
before_action :set_course_token, only: [:implement] before_action :set_course_token, only: [:implement]
before_action :set_available_tips, only: %i[implement show new edit] before_action :set_available_tips, only: %i[implement show new edit]
skip_before_action :verify_authenticity_token, skip_before_action :verify_authenticity_token, only: %i[import_exercise import_uuid_check]
only: %i[import_exercise import_uuid_check export_external_confirm export_external_check] skip_after_action :verify_authorized, only: %i[import_exercise import_uuid_check]
skip_after_action :verify_authorized, only: %i[import_exercise import_uuid_check export_external_confirm] skip_after_action :verify_policy_scoped, only: %i[import_exercise import_uuid_check], raise: false
skip_after_action :verify_policy_scoped, only: %i[import_exercise import_uuid_check export_external_confirm],
raise: false
def authorize! def authorize!
authorize(@exercise || @exercises) authorize(@exercise || @exercises)
@ -129,6 +127,7 @@ class ExercisesController < ApplicationController
end end
def export_external_confirm def export_external_confirm
authorize!
@exercise.uuid = SecureRandom.uuid if @exercise.uuid.nil? @exercise.uuid = SecureRandom.uuid if @exercise.uuid.nil?
error = ExerciseService::PushExternal.call( error = ExerciseService::PushExternal.call(

1
app/controllers/internal_users_controller.rb
View File

@ -6,7 +6,6 @@ class InternalUsersController < ApplicationController
before_action :require_activation_token, only: :activate before_action :require_activation_token, only: :activate
before_action :require_reset_password_token, only: :reset_password before_action :require_reset_password_token, only: :reset_password
before_action :set_user, only: MEMBER_ACTIONS before_action :set_user, only: MEMBER_ACTIONS
skip_before_action :verify_authenticity_token, only: :activate
after_action :verify_authorized, except: %i[activate forgot_password reset_password] after_action :verify_authorized, except: %i[activate forgot_password reset_password]
def activate def activate

1
app/controllers/submissions_controller.rb
View File

@ -13,7 +13,6 @@ class SubmissionsController < ApplicationController
before_action :set_files, only: %i[download show] before_action :set_files, only: %i[download show]
before_action :set_files_and_specific_file, only: %i[download_file render_file run test] before_action :set_files_and_specific_file, only: %i[download_file render_file run test]
before_action :set_mime_type, only: %i[download_file render_file] before_action :set_mime_type, only: %i[download_file render_file]
skip_before_action :verify_authenticity_token, only: %i[download_file render_file]
def create def create
@submission = Submission.new(submission_params) @submission = Submission.new(submission_params)