Refactor reject_illegal_file_attributes check
* Improve readability of method * Add a new check for the author of a submission
This commit is contained in:
Sebastian Serth
@ -5,8 +5,14 @@ module FileParameters
|
|||||||
if exercise && params
|
if exercise && params
|
||||||
params.reject do |_, file_attributes|
|
params.reject do |_, file_attributes|
|
||||||
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
||||||
|
next true if file.nil? || file.hidden || file.read_only
|
||||||
# avoid that public files from other contexts can be created
|
# avoid that public files from other contexts can be created
|
||||||
file.nil? || file.hidden || file.read_only || (file.context_type == 'Exercise' && file.context_id != exercise.id) || (file.context_type == 'CommunitySolution' && controller_name != 'community_solutions')
|
# `next` is similar to an early return and will proceed with the next iteration of the loop
|
||||||
|
next true if file.context_type == 'Exercise' && file.context_id != exercise.id
|
||||||
|
next true if file.context_type == 'Submission' && file.context.user != current_user
|
||||||
|
next true if file.context_type == 'CommunitySolution' && controller_name != 'community_solutions'
|
||||||
|
|
||||||
|
false
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
[]
|
[]
|
||||||
|
|||||||
@ -25,6 +25,8 @@ describe FileParameters do
|
|||||||
|
|
||||||
it 'new file' do
|
it 'new file' do
|
||||||
submission = create(:submission, exercise: hello_world, id: 1337)
|
submission = create(:submission, exercise: hello_world, id: 1337)
|
||||||
|
controller.instance_variable_set(:@current_user, submission.user)
|
||||||
|
|
||||||
new_file = create(:file, context: submission)
|
new_file = create(:file, context: submission)
|
||||||
expect(file_accepted?(new_file)).to be true
|
expect(file_accepted?(new_file)).to be true
|
||||||
end
|
end
|
||||||
@ -42,16 +44,27 @@ describe FileParameters do
|
|||||||
expect(file_accepted?(hidden_file)).to be false
|
expect(file_accepted?(hidden_file)).to be false
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'read only file' do
|
it 'read-only file' do
|
||||||
read_only_file = create(:file, context: hello_world, read_only: true)
|
read_only_file = create(:file, context: hello_world, read_only: true)
|
||||||
expect(file_accepted?(read_only_file)).to be false
|
expect(file_accepted?(read_only_file)).to be false
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'non existent file' do
|
it 'non-existent file' do
|
||||||
# Ensure to use an invalid id for the file.
|
# Ensure to use an invalid id for the file.
|
||||||
non_existent_file = build(:file, context: hello_world, id: -1)
|
non_existent_file = build(:file, context: hello_world, id: -1)
|
||||||
expect(file_accepted?(non_existent_file)).to be false
|
expect(file_accepted?(non_existent_file)).to be false
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it 'file of another submission' do
|
||||||
|
learner1 = create(:learner)
|
||||||
|
learner2 = create(:learner)
|
||||||
|
submission_learner1 = create(:submission, exercise: hello_world, user: learner1)
|
||||||
|
_submission_learner2 = create(:submission, exercise: hello_world, user: learner2)
|
||||||
|
|
||||||
|
controller.instance_variable_set(:@current_user, learner2)
|
||||||
|
other_submissions_file = create(:file, context: submission_learner1)
|
||||||
|
expect(file_accepted?(other_submissions_file)).to be false
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|||||||
Reference in New Issue
Block a user