htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure views only link to those actions allowed for current user

Browse Source
This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/views/exercises/feedback.html.slim
View File

@@ -1,4 +1,4 @@
h1 = link_to(@exercise, exercise_path(@exercise))
h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise))
.feedback-page
.header = t('activerecord.attributes.exercise.description')

2
app/views/exercises/index.html.slim
View File

@@ -27,7 +27,7 @@ h1 = Exercise.model_name.human(count: 2)
tbody
- @exercises.each do |exercise|
tr data-id=exercise.id
td.p-1.pt-2 = link_to(exercise.title, exercise, 'data-turbolinks' => "false") if policy(exercise).show?
td.p-1.pt-2 = link_to_if(policy(exercise).show?, exercise.title, exercise, 'data-turbolinks' => "false")
td.p-1.pt-2 = link_to_if(exercise.execution_environment && policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
td.p-1.pt-2 = exercise.files.teacher_defined_tests.count
td.p-1.pt-2 = exercise.maximum_score

3
app/views/exercises/show.html.slim
View File

@@ -7,8 +7,7 @@
h1
= @exercise
- if policy(@exercise).edit?
= render('shared/edit_button', object: @exercise)
= render('shared/edit_button', object: @exercise)
= row(label: 'exercise.title', value: @exercise.title)
= row(label: 'exercise.user', value: link_to_if(policy(@exercise.author).show?, @exercise.author, @exercise.author))

2
app/views/exercises/statistics.html.slim
View File

@@ -49,7 +49,7 @@ h1 = @exercise
- if user_statistics[user.id] then us = user_statistics[user.id] else us = {"maximum_score" => nil, "runs" => nil}
- label = "#{user.displayname}"
tr
td = link_to_if symbol==:external_users, label, {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
td = link_to_if symbol==:external_users && policy(user).statistics?, label, {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
td = us['maximum_score'] or 0
td = us['runs']
td = @exercise.average_working_time_for(user.id) or 0