From 36cacc23308bbd54e9b7d5fc989d92e555cff6d6 Mon Sep 17 00:00:00 2001 From: "tobias.kantusch" Date: Mon, 26 Apr 2021 15:27:32 +0200 Subject: [PATCH] Pass exercise object instead of id to reject_illegal_file_attributes --- app/controllers/concerns/file_parameters.rb | 6 +++--- app/controllers/concerns/submission_parameters.rb | 3 ++- app/controllers/remote_evaluation_controller.rb | 2 +- spec/concerns/file_parameters_spec.rb | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/app/controllers/concerns/file_parameters.rb b/app/controllers/concerns/file_parameters.rb index 268749a0..d3d4be12 100644 --- a/app/controllers/concerns/file_parameters.rb +++ b/app/controllers/concerns/file_parameters.rb @@ -1,12 +1,12 @@ # frozen_string_literal: true module FileParameters - def reject_illegal_file_attributes(exercise_id, params) - if Exercise.exists?(id: exercise_id) && params + def reject_illegal_file_attributes(exercise, params) + if exercise && params params.reject do |_, file_attributes| file = CodeOcean::File.find_by(id: file_attributes[:file_id]) # avoid that public files from other contexts can be created - file.nil? || file.hidden || file.read_only || file.context_id != exercise_id.to_i + file.nil? || file.hidden || file.read_only || file.context_id != exercise.id end else [] diff --git a/app/controllers/concerns/submission_parameters.rb b/app/controllers/concerns/submission_parameters.rb index 72737bd9..3a4154d6 100644 --- a/app/controllers/concerns/submission_parameters.rb +++ b/app/controllers/concerns/submission_parameters.rb @@ -7,7 +7,8 @@ module SubmissionParameters submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes) : {} submission_params = merge_user(submission_params) files_attributes = submission_params[:files_attributes] - submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id].to_i, files_attributes) + exercise = Exercise.find_by(id: submission_params[:exercise_id]) + submission_params[:files_attributes] = reject_illegal_file_attributes(exercise, files_attributes) submission_params end private :submission_params diff --git a/app/controllers/remote_evaluation_controller.rb b/app/controllers/remote_evaluation_controller.rb index 1cf9fdda..722a530a 100644 --- a/app/controllers/remote_evaluation_controller.rb +++ b/app/controllers/remote_evaluation_controller.rb @@ -76,7 +76,7 @@ class RemoteEvaluationController < ApplicationController submission_params[:user_id] = remote_evaluation_mapping.user_id submission_params[:cause] = cause submission_params[:user_type] = remote_evaluation_mapping.user_type - submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise_id, files_attributes) + submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise, files_attributes) submission_params end private :build_submission_params diff --git a/spec/concerns/file_parameters_spec.rb b/spec/concerns/file_parameters_spec.rb index ebc93a64..c72e3bd5 100644 --- a/spec/concerns/file_parameters_spec.rb +++ b/spec/concerns/file_parameters_spec.rb @@ -13,7 +13,7 @@ describe FileParameters do describe '#reject_illegal_file_attributes!' do def file_accepted?(file) files = [[0, FactoryBot.attributes_for(:file, context: hello_world, file_id: file.id)]] - filtered_files = controller.send(:reject_illegal_file_attributes, hello_world.id, files) + filtered_files = controller.send(:reject_illegal_file_attributes, hello_world, files) files.eql?(filtered_files) end