Always use user object instead of ID and Type

2023-08-25 23:59:24 +02:00
parent 8ba5d5a984
commit 235bf771fe
11 changed files with 16 additions and 28 deletions
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -83,10 +83,7 @@ class CommentsController < ApplicationController
  end

  def comment_params
-    # params.require(:comment).permit(:user_id, :file_id, :row, :column, :text)
-    # fuer production mode, damit böse menschen keine falsche user_id uebergeben:
-    params.require(:comment).permit(:file_id, :row, :column, :text, :request_id).merge(user_id: current_user.id,
-      user_type: current_user.class.name)
+    params.require(:comment).permit(:file_id, :row, :column, :text, :request_id).merge(user: current_user)
  end

  def send_mail_to_author(comment, request_for_comment)
@ -100,8 +97,7 @@ class CommentsController < ApplicationController
      already_sent_mail = false
      subscriptions = Subscription.where(
        request_for_comment_id: request_for_comment.id,
-        user_id: commenter.id, user_type: commenter.class.name,
-        deleted: false
+        user: commenter, deleted: false
      )
      subscriptions.each do |subscription|
        if (((subscription.subscription_type == 'author') && (current_user == request_for_comment.user)) || (subscription.subscription_type == 'all')) && !((subscription.user == current_user) || already_sent_mail)
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@ -23,8 +23,9 @@ class EventsController < ApplicationController
  def event_params
    # The file ID processed here is the context of the exercise (template),
    # not in the context of the submission!
-    params[:event]&.permit(:category, :data, :exercise_id, :file_id)
-        &.merge(user_id: current_user&.id, user_type: current_user&.class&.name)
+    params[:event]
+      &.permit(:category, :data, :exercise_id, :file_id)
+      &.merge(user: current_user)
  end
  private :event_params
 end
--- a/app/controllers/execution_environments_controller.rb
+++ b/app/controllers/execution_environments_controller.rb
@ -137,7 +137,7 @@ class ExecutionEnvironmentsController < ApplicationController
      params[:execution_environment]
        .permit(:docker_image, :editor_mode, :file_extension, :file_type_id, :help, :indent_size, :memory_limit, :cpu_limit, :name,
          :network_enabled, :privileged_execution, :permitted_execution_time, :pool_size, :run_command, :test_command, :testing_framework)
-        .merge(user_id: current_user.id, user_type: current_user.class.name, exposed_ports:)
+        .merge(user: current_user, exposed_ports:)
    end
  end
  private :execution_environment_params
--- a/app/controllers/exercises_controller.rb
+++ b/app/controllers/exercises_controller.rb
@ -210,8 +210,7 @@ class ExercisesController < ApplicationController
                             files_attributes: file_attributes,
                             tag_ids: []
                           ).merge(
-                             user_id: current_user.id,
-                             user_type: current_user.class.name
+                             user: current_user
                           )
                         end
  end
--- a/app/controllers/file_types_controller.rb
+++ b/app/controllers/file_types_controller.rb
@ -25,9 +25,7 @@ class FileTypesController < ApplicationController

  def file_type_params
    if params[:file_type].present?
-      params[:file_type].permit(:binary, :editor_mode, :executable, :file_extension, :name, :indent_size, :renderable).merge(
-        user_id: current_user.id, user_type: current_user.class.name
-      )
+      params[:file_type].permit(:binary, :editor_mode, :executable, :file_extension, :name, :indent_size, :renderable).merge(user: current_user)
    end
  end
  private :file_type_params
--- a/app/controllers/proxy_exercises_controller.rb
+++ b/app/controllers/proxy_exercises_controller.rb
@ -42,8 +42,7 @@ class ProxyExercisesController < ApplicationController

  def proxy_exercise_params
    if params[:proxy_exercise].present?
-      params[:proxy_exercise].permit(:description, :title, :algorithm, :public, exercise_ids: []).merge(user_id: current_user.id,
-        user_type: current_user.class.name)
+      params[:proxy_exercise].permit(:description, :title, :algorithm, :public, exercise_ids: []).merge(user: current_user)
    end
  end
  private :proxy_exercise_params
--- a/app/controllers/request_for_comments_controller.rb
+++ b/app/controllers/request_for_comments_controller.rb
@ -180,9 +180,7 @@ class RequestForCommentsController < ApplicationController

  def request_for_comment_params
    # The study_group_id might not be present in the session (e.g. for internal users), resulting in session[:study_group_id] = nil which is intended.
-    params.require(:request_for_comment).permit(:exercise_id, :file_id, :question, :requested_at, :solved, :submission_id).merge(
-      user_id: current_user.id, user_type: current_user.class.name
-    )
+    params.require(:request_for_comment).permit(:exercise_id, :file_id, :question, :requested_at, :solved, :submission_id).merge(user: current_user)
  end

  # The index page requires the grouping of the study groups
--- a/app/controllers/subscriptions_controller.rb
+++ b/app/controllers/subscriptions_controller.rb
@ -53,12 +53,9 @@ class SubscriptionsController < ApplicationController
  private :set_subscription

  def subscription_params
-    current_user_id = current_user.try(:id)
-    current_user_class_name = current_user.try(:class).try(:name)
    study_group_id = current_user.try(:current_study_group_id)
    if params[:subscription].present?
-      params[:subscription].permit(:request_for_comment_id, :subscription_type).merge(user_id: current_user_id,
-        user_type: current_user_class_name, study_group_id:, deleted: false)
+      params[:subscription].permit(:request_for_comment_id, :subscription_type).merge(user: current_user, study_group_id:, deleted: false)
    end
  end
  private :subscription_params
--- a/app/controllers/tips_controller.rb
+++ b/app/controllers/tips_controller.rb
@ -29,7 +29,7 @@ class TipsController < ApplicationController
    params[:tip]
      .permit(:title, :description, :example, :file_type_id)
      .each {|_key, value| value.strip! unless value.is_a?(Array) }
-      .merge(user_id: current_user.id, user_type: current_user.class.name)
+      .merge(user: current_user)
  end
  private :tip_params

--- a/app/models/user_exercise_feedback.rb
+++ b/app/models/user_exercise_feedback.rb
@ -17,7 +17,7 @@ class UserExerciseFeedback < ApplicationRecord
  end

  def anomaly_notification
-    AnomalyNotification.where({exercise_id: exercise.id, user_id:, user_type:})
+    AnomalyNotification.where({exercise_id: exercise.id, user:})
      .where('created_at < ?', created_at).order('created_at DESC').to_a.first
  end
 end
--- a/spec/policies/exercise_policy_spec.rb
+++ b/spec/policies/exercise_policy_spec.rb
@ -215,7 +215,7 @@ describe ExercisePolicy do
      before do
        [admin, teacher].each do |user|
          [true, false].each do |public|
-            create(:dummy, public:, user_id: user.id, user_type: InternalUser.name)
+            create(:dummy, public:, user:)
          end
        end
      end
@ -244,11 +244,11 @@ describe ExercisePolicy do
        end

        it 'includes all authored non-public exercises' do
-          expect(scope.map(&:id)).to include(*Exercise.where(public: false, user_id: teacher.id).map(&:id))
+          expect(scope.map(&:id)).to include(*Exercise.where(public: false, user: teacher).map(&:id))
        end

        it "does not include other authors' non-public exercises" do
-          expect(scope.map(&:id)).not_to include(*Exercise.where(public: false).where("user_id <> #{teacher.id}").map(&:id))
+          expect(scope.map(&:id)).not_to include(*Exercise.where(public: false).where.not(user: teacher).map(&:id))
        end
      end
    end