diff --git a/app/controllers/live_streams_controller.rb b/app/controllers/live_streams_controller.rb index 5134f806..a5a2047e 100644 --- a/app/controllers/live_streams_controller.rb +++ b/app/controllers/live_streams_controller.rb @@ -6,15 +6,14 @@ class LiveStreamsController < ApplicationController include ActionController::Live def download_submission_file - begin - @submission = authorize AuthenticatedUrlHelper.retrieve!(Submission, request, force_render_host: false) - rescue Pundit::NotAuthorizedError - # TODO: Option to disable? - # Using the submission ID parameter would allow looking up the corresponding exercise ID - # Therefore, we just redirect to the root_path, but actually expect to redirect back (that should work!) - return redirect_back(fallback_location: root_path, alert: t('exercises.download_file_tree.gone')) - end - + @submission = authorize AuthenticatedUrlHelper.retrieve!(Submission, request, force_render_host: false) + rescue Pundit::NotAuthorizedError + # TODO: Option to disable? + # Using the submission ID parameter would allow looking up the corresponding exercise ID + # Therefore, we just redirect to the root_path, but actually expect to redirect back (that should work!) + skip_authorization + redirect_back(fallback_location: root_path, alert: t('exercises.download_file_tree.gone')) + else desired_file = params[:filename].to_s runner = Runner.for(current_user, @submission.exercise.execution_environment) fallback_location = implement_exercise_path(@submission.exercise)