From 5eaa508b74b2214cf91e973b41e160cdf42a6294 Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Thu, 3 Dec 2020 17:05:21 +0100 Subject: [PATCH] Enforce file creation allowance via Pundit policy --- app/policies/code_ocean/file_policy.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/policies/code_ocean/file_policy.rb b/app/policies/code_ocean/file_policy.rb index e8d7b5a8..3d5ab473 100644 --- a/app/policies/code_ocean/file_policy.rb +++ b/app/policies/code_ocean/file_policy.rb @@ -15,8 +15,10 @@ module CodeOcean def create? if @record.context.is_a?(Exercise) admin? || author? - else + elsif @record.context.is_a?(Submission) and @record.context.exercise.allow_file_creation author? + else + no_one end end