Pass exercise object instead of id to reject_illegal_file_attributes
This commit is contained in:
tobias.kantusch
committed by
Sebastian Serth
Sebastian Serth
parent
b3c110cead
commit
36cacc2330
@ -1,12 +1,12 @@
|
|||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
module FileParameters
|
module FileParameters
|
||||||
def reject_illegal_file_attributes(exercise_id, params)
|
def reject_illegal_file_attributes(exercise, params)
|
||||||
if Exercise.exists?(id: exercise_id) && params
|
if exercise && params
|
||||||
params.reject do |_, file_attributes|
|
params.reject do |_, file_attributes|
|
||||||
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
|
||||||
# avoid that public files from other contexts can be created
|
# avoid that public files from other contexts can be created
|
||||||
file.nil? || file.hidden || file.read_only || file.context_id != exercise_id.to_i
|
file.nil? || file.hidden || file.read_only || file.context_id != exercise.id
|
||||||
end
|
end
|
||||||
else
|
else
|
||||||
[]
|
[]
|
||||||
|
|||||||
@ -7,7 +7,8 @@ module SubmissionParameters
|
|||||||
submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes) : {}
|
submission_params = params[:submission].present? ? params[:submission].permit(:cause, :exercise_id, files_attributes: file_attributes) : {}
|
||||||
submission_params = merge_user(submission_params)
|
submission_params = merge_user(submission_params)
|
||||||
files_attributes = submission_params[:files_attributes]
|
files_attributes = submission_params[:files_attributes]
|
||||||
submission_params[:files_attributes] = reject_illegal_file_attributes(submission_params[:exercise_id].to_i, files_attributes)
|
exercise = Exercise.find_by(id: submission_params[:exercise_id])
|
||||||
|
submission_params[:files_attributes] = reject_illegal_file_attributes(exercise, files_attributes)
|
||||||
submission_params
|
submission_params
|
||||||
end
|
end
|
||||||
private :submission_params
|
private :submission_params
|
||||||
|
|||||||
@ -76,7 +76,7 @@ class RemoteEvaluationController < ApplicationController
|
|||||||
submission_params[:user_id] = remote_evaluation_mapping.user_id
|
submission_params[:user_id] = remote_evaluation_mapping.user_id
|
||||||
submission_params[:cause] = cause
|
submission_params[:cause] = cause
|
||||||
submission_params[:user_type] = remote_evaluation_mapping.user_type
|
submission_params[:user_type] = remote_evaluation_mapping.user_type
|
||||||
submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise_id, files_attributes)
|
submission_params[:files_attributes] = reject_illegal_file_attributes(remote_evaluation_mapping.exercise, files_attributes)
|
||||||
submission_params
|
submission_params
|
||||||
end
|
end
|
||||||
private :build_submission_params
|
private :build_submission_params
|
||||||
|
|||||||
@ -13,7 +13,7 @@ describe FileParameters do
|
|||||||
describe '#reject_illegal_file_attributes!' do
|
describe '#reject_illegal_file_attributes!' do
|
||||||
def file_accepted?(file)
|
def file_accepted?(file)
|
||||||
files = [[0, FactoryBot.attributes_for(:file, context: hello_world, file_id: file.id)]]
|
files = [[0, FactoryBot.attributes_for(:file, context: hello_world, file_id: file.id)]]
|
||||||
filtered_files = controller.send(:reject_illegal_file_attributes, hello_world.id, files)
|
filtered_files = controller.send(:reject_illegal_file_attributes, hello_world, files)
|
||||||
files.eql?(filtered_files)
|
files.eql?(filtered_files)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user