htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pundit: Skip authorization in case of errors

Browse Source 
Fixes CODEOCEAN-F3
This commit is contained in:
Sebastian Serth
2022-11-17 21:37:45 +01:00
parent b2af4e0663
commit b6cecf53aa
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/controllers/live_streams_controller.rb
View File

@ -6,15 +6,14 @@ class LiveStreamsController < ApplicationController
include ActionController::Live include ActionController::Live
def download_submission_file def download_submission_file
begin
@submission = authorize AuthenticatedUrlHelper.retrieve!(Submission, request, force_render_host: false) @submission = authorize AuthenticatedUrlHelper.retrieve!(Submission, request, force_render_host: false)
rescue Pundit::NotAuthorizedError rescue Pundit::NotAuthorizedError
# TODO: Option to disable? # TODO: Option to disable?
# Using the submission ID parameter would allow looking up the corresponding exercise ID # Using the submission ID parameter would allow looking up the corresponding exercise ID
# Therefore, we just redirect to the root_path, but actually expect to redirect back (that should work!) # Therefore, we just redirect to the root_path, but actually expect to redirect back (that should work!)
return redirect_back(fallback_location: root_path, alert: t('exercises.download_file_tree.gone')) skip_authorization
end redirect_back(fallback_location: root_path, alert: t('exercises.download_file_tree.gone'))
else
desired_file = params[:filename].to_s desired_file = params[:filename].to_s
runner = Runner.for(current_user, @submission.exercise.execution_environment) runner = Runner.for(current_user, @submission.exercise.execution_environment)
fallback_location = implement_exercise_path(@submission.exercise) fallback_location = implement_exercise_path(@submission.exercise)