htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Reject illegal file attributes in remote evaluation

Browse Source 
Remove ! from reject illegal file parameters
This commit is contained in:
tobias.kantusch
2021-04-22 13:51:19 +02:00
committed by Sebastian Serth
parent ea029c5f1c
commit 1f3c9db537
3 changed files with 18 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/controllers/concerns/file_parameters.rb
View File

@ -1,6 +1,20 @@
# frozen_string_literal: true
module FileParameters module FileParameters
def reject_illegal_file_attributes(exercise_id, params)
if Exercise.exists?(id: exercise_id) && params
params.reject do |_, file_attributes|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
file.nil? || file.hidden || file.read_only
end
else
[]
end
end
private :reject_illegal_file_attributes
def file_attributes def file_attributes
%w(content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight file_template_id) %w[content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight file_template_id]
end end
private :file_attributes private :file_attributes
end end

13
app/controllers/concerns/submission_parameters.rb
View File

@ -1,16 +1,6 @@
module SubmissionParameters module SubmissionParameters
include FileParameters include FileParameters
def reject_illegal_file_attributes!(submission_params)
if Exercise.exists?(id: submission_params[:exercise_id])
submission_params[:files_attributes].try(:reject!) do |_, file_attributes|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
file.nil? || file.hidden || file.read_only
end
end
end
private :reject_illegal_file_attributes!
def submission_params def submission_params
if current_user if current_user
current_user_id = current_user.id current_user_id = current_user.id
@ -18,7 +8,8 @@ module SubmissionParameters
end end
# The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended. # The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended.
submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes).merge(user_id: current_user_id, user_type: current_user_class_name, study_group_id: session[:study_group_id]) : {} submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes).merge(user_id: current_user_id, user_type: current_user_class_name, study_group_id: session[:study_group_id]) : {}
reject_illegal_file_attributes!(submission_params) files_attributes = submission_params[:files_attributes] || []
submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id], files_attributes)
submission_params submission_params
end end
private :submission_params private :submission_params

1
app/controllers/remote_evaluation_controller.rb
View File

@ -62,6 +62,7 @@ class RemoteEvaluationController < ApplicationController
_params[:user_id] = remote_evaluation_mapping.user_id _params[:user_id] = remote_evaluation_mapping.user_id
_params[:cause] = cause _params[:cause] = cause
_params[:user_type] = remote_evaluation_mapping.user_type _params[:user_type] = remote_evaluation_mapping.user_type
_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise_id, files_attributes)
@submission = Submission.create(_params) @submission = Submission.create(_params)
score_submission(@submission) score_submission(@submission)