Pass exercise object instead of id to reject_illegal_file_attributes

2021-04-26 15:27:32 +02:00
parent b3c110cead
commit 36cacc2330
4 changed files with 7 additions and 6 deletions
--- a/app/controllers/concerns/file_parameters.rb
+++ b/app/controllers/concerns/file_parameters.rb
@ -1,12 +1,12 @@
 # frozen_string_literal: true

 module FileParameters
-  def reject_illegal_file_attributes(exercise_id, params)
-    if Exercise.exists?(id: exercise_id) && params
+  def reject_illegal_file_attributes(exercise, params)
+    if exercise && params
      params.reject do |_, file_attributes|
        file = CodeOcean::File.find_by(id: file_attributes[:file_id])
        # avoid that public files from other contexts can be created
-        file.nil? || file.hidden || file.read_only || file.context_id != exercise_id.to_i
+        file.nil? || file.hidden || file.read_only || file.context_id != exercise.id
      end
    else
      []
--- a/app/controllers/concerns/submission_parameters.rb
+++ b/app/controllers/concerns/submission_parameters.rb
@ -7,7 +7,8 @@ module SubmissionParameters
    submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes) : {}
    submission_params = merge_user(submission_params)
    files_attributes = submission_params[:files_attributes]
-    submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id].to_i, files_attributes)
+    exercise = Exercise.find_by(id: submission_params[:exercise_id])
+    submission_params[:files_attributes] = reject_illegal_file_attributes(exercise, files_attributes)
    submission_params
  end
  private :submission_params
--- a/app/controllers/remote_evaluation_controller.rb
+++ b/app/controllers/remote_evaluation_controller.rb
@ -76,7 +76,7 @@ class RemoteEvaluationController < ApplicationController
    submission_params[:user_id] = remote_evaluation_mapping.user_id
    submission_params[:cause] = cause
    submission_params[:user_type] = remote_evaluation_mapping.user_type
-    submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise_id, files_attributes)
+    submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise, files_attributes)
    submission_params
  end
  private :build_submission_params