Reject illegal file attributes in remote evaluation
Remove ! from reject illegal file parameters
This commit is contained in:

committed by
Sebastian Serth

parent
ea029c5f1c
commit
1f3c9db537
@ -1,6 +1,20 @@
|
|||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
module FileParameters
|
module FileParameters
|
||||||
|
def reject_illegal_file_attributes(exercise_id, params)
|
||||||
|
if Exercise.exists?(id: exercise_id) && params
|
||||||
|
params.reject do |_, file_attributes|
|
||||||
|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
||||||
|
file.nil? || file.hidden || file.read_only
|
||||||
|
end
|
||||||
|
else
|
||||||
|
[]
|
||||||
|
end
|
||||||
|
end
|
||||||
|
private :reject_illegal_file_attributes
|
||||||
|
|
||||||
def file_attributes
|
def file_attributes
|
||||||
%w(content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight file_template_id)
|
%w[content context_id feedback_message file_id file_type_id hidden id name native_file path read_only role weight file_template_id]
|
||||||
end
|
end
|
||||||
private :file_attributes
|
private :file_attributes
|
||||||
end
|
end
|
||||||
|
@ -1,16 +1,6 @@
|
|||||||
module SubmissionParameters
|
module SubmissionParameters
|
||||||
include FileParameters
|
include FileParameters
|
||||||
|
|
||||||
def reject_illegal_file_attributes!(submission_params)
|
|
||||||
if Exercise.exists?(id: submission_params[:exercise_id])
|
|
||||||
submission_params[:files_attributes].try(:reject!) do |_, file_attributes|
|
|
||||||
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
|
||||||
file.nil? || file.hidden || file.read_only
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
|
||||||
private :reject_illegal_file_attributes!
|
|
||||||
|
|
||||||
def submission_params
|
def submission_params
|
||||||
if current_user
|
if current_user
|
||||||
current_user_id = current_user.id
|
current_user_id = current_user.id
|
||||||
@ -18,7 +8,8 @@ module SubmissionParameters
|
|||||||
end
|
end
|
||||||
# The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended.
|
# The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended.
|
||||||
submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes).merge(user_id: current_user_id, user_type: current_user_class_name, study_group_id: session[:study_group_id]) : {}
|
submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes).merge(user_id: current_user_id, user_type: current_user_class_name, study_group_id: session[:study_group_id]) : {}
|
||||||
reject_illegal_file_attributes!(submission_params)
|
files_attributes = submission_params[:files_attributes] || []
|
||||||
|
submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id], files_attributes)
|
||||||
submission_params
|
submission_params
|
||||||
end
|
end
|
||||||
private :submission_params
|
private :submission_params
|
||||||
|
@ -62,6 +62,7 @@ class RemoteEvaluationController < ApplicationController
|
|||||||
_params[:user_id] = remote_evaluation_mapping.user_id
|
_params[:user_id] = remote_evaluation_mapping.user_id
|
||||||
_params[:cause] = cause
|
_params[:cause] = cause
|
||||||
_params[:user_type] = remote_evaluation_mapping.user_type
|
_params[:user_type] = remote_evaluation_mapping.user_type
|
||||||
|
_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise_id, files_attributes)
|
||||||
|
|
||||||
@submission = Submission.create(_params)
|
@submission = Submission.create(_params)
|
||||||
score_submission(@submission)
|
score_submission(@submission)
|
||||||
|
Reference in New Issue
Block a user