Add custom_embed_option to disallow downloading submissions

2019-03-29 14:56:14 +01:00
parent a162a2cf9c
commit baa0784ede
3 changed files with 14 additions and 3 deletions
--- a/app/controllers/concerns/lti.rb
+++ b/app/controllers/concerns/lti.rb
@ -182,7 +182,8 @@ module Lti
     :hide_sidebar,
     :read_only,
     :hide_test_results,
-     :disable_hints].each do |option|
+     :disable_hints,
+     :disable_download].each do |option|
      value = params["custom_embed_options_#{option}".to_sym] == 'true'
      # Optimize storage and save only those that are true, the session cookie is limited to 4KB
      @embed_options[option] = value if value.present?
--- a/app/controllers/submissions_controller.rb
+++ b/app/controllers/submissions_controller.rb
@ -62,6 +62,10 @@ class SubmissionsController < ApplicationController
  end

  def download
+    if @embed_options[:disable_download]
+      raise Pundit::NotAuthorizedError
+    end
+
    # files = @submission.files.map{ }
    # zipline( files, 'submission.zip')
    # send_data(@file.content, filename: @file.name_with_extension)
@ -98,6 +102,10 @@ class SubmissionsController < ApplicationController
  end

  def download_file
+    if @embed_options[:disable_download]
+      raise Pundit::NotAuthorizedError
+    end
+
    if @file.native_file?
      send_file(@file.native_file.path)
    else