htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ensure views only link to those actions allowed for current user

Browse Source
This commit is contained in:
Sebastian Serth
2018-11-30 13:29:04 +01:00
parent d3f67ab4c7
commit 2125fb1c1d
56 changed files with 128 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
app/views/submissions/index.html.slim
View File

@@ -21,12 +21,12 @@ h1 = Submission.model_name.human(count: 2)
tbody
- @submissions.each do |submission|
tr
td = link_to(submission.exercise, submission.exercise)
td = link_to(submission.user, submission.user)
td = link_to_if(policy(submission.exercise).show?, submission.exercise, submission.exercise)
td = link_to_if(policy(submission.user).show?, submission.user, submission.user)
td = t("submissions.causes.#{submission.cause}")
td = submission.score
td = l(submission.created_at, format: :short)
td = link_to(t('shared.show'), submission)
td = link_to(t('shared.statistics'), statistics_submission_path(submission))
td = link_to(t('shared.show'), submission) if policy(submission).show?
td = link_to(t('shared.statistics'), statistics_submission_path(submission)) if policy(submission).statistics?
= render('shared/pagination', collection: @submissions)

4
app/views/submissions/show.html.slim
View File

@@ -7,8 +7,8 @@
h1 = @submission
= row(label: 'submission.exercise', value: link_to(@submission.exercise, @submission.exercise))
= row(label: 'submission.user', value: link_to(@submission.user, @submission.user))
= row(label: 'submission.exercise', value: link_to_if(policy(@submission.exercise).show?, @submission.exercise, @submission.exercise))
= row(label: 'submission.user', value: link_to_if(policy(@submission.user).show?, @submission.user, @submission.user))
= row(label: 'submission.cause', value: t("submissions.causes.#{@submission.cause}"))
= row(label: 'submission.score', value: @submission.score)

2
app/views/submissions/statistics.html.slim
View File

@@ -23,4 +23,4 @@ h2.mt-4 = t('.history')
td = l(submission.created_at, format: :short)
td = submission.score
td = progress_bar(submission.percentage)
td = link_to(t('shared.show'), submission)
td = link_to(t('shared.show'), submission) if policy(submission).show?