Add custom_embed_option to disallow downloading submissions

app/controllers/concerns/lti.rb

@@ -182,7 +182,8 @@ module Lti
      :hide_sidebar,
      :read_only,
      :hide_test_results,
-     :disable_hints].each do |option|
+     :disable_hints,
+     :disable_download].each do |option|
       value = params["custom_embed_options_#{option}".to_sym] == 'true'
       # Optimize storage and save only those that are true, the session cookie is limited to 4KB
       @embed_options[option] = value if value.present?

app/controllers/submissions_controller.rb

@@ -62,6 +62,10 @@ class SubmissionsController < ApplicationController
   end
 
   def download
+    if @embed_options[:disable_download]
+      raise Pundit::NotAuthorizedError
+    end
+
     # files = @submission.files.map{ }
     # zipline( files, 'submission.zip')
     # send_data(@file.content, filename: @file.name_with_extension)
@@ -98,6 +102,10 @@ class SubmissionsController < ApplicationController
   end
 
   def download_file
+    if @embed_options[:disable_download]
+      raise Pundit::NotAuthorizedError
+    end
+
     if @file.native_file?
       send_file(@file.native_file.path)
     else

app/views/exercises/_editor_file_tree.html.slim

@@ -4,7 +4,8 @@ div id='sidebar-collapsed' class=(@exercise.hide_file_tree ? '' : 'd-none')
   - if @exercise.allow_file_creation and not @exercise.hide_file_tree?
     = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', data: {:'data-cause' => 'file', :'data-toggle' => 'tooltip', :'data-placement' => 'right'}, icon: 'fa fa-plus', id: 'create-file-collapsed', label:'', title: t('exercises.editor.create_file'))
 
-  = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', data: {:'data-toggle' => 'tooltip', :'data-placement' => 'right'}, icon: 'fa fa-download', id: 'download-collapsed', label:'', title: t('exercises.editor.download'))
+  - unless @embed_options[:disable_download]
+    = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', data: {:'data-toggle' => 'tooltip', :'data-placement' => 'right'}, icon: 'fa fa-download', id: 'download-collapsed', label:'', title: t('exercises.editor.download'))
   = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', data: {:'data-message-confirm' => t('exercises.editor.confirm_start_over'), :'data-url' => reload_exercise_path(@exercise), :'data-toggle' => 'tooltip', :'data-placement' => 'right'}, icon: 'fa fa-history', id: 'start-over-collapsed', label:'', title: t('exercises.editor.start_over'))
   //- if !@course_token.blank?
     = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', data: {:'data-toggle' => 'tooltip', :'data-placement' => 'right'}, icon: 'fa fa-search', id: 'sidebar-search-collapsed', label: '', title: t('search.search_in_forum'))
@@ -23,7 +24,8 @@ div id='sidebar-uncollapsed' class=(@exercise.hide_file_tree ? 'd-none' : '')
     = render('editor_button', classes: 'btn-block btn-primary btn', data: {:'data-cause' => 'file'}, icon: 'fa fa-plus', id: 'create-file', label: t('exercises.editor.create_file'))
     = render('editor_button', classes: 'btn-block btn-warning btn', data: {:'data-cause' => 'file', :'data-message-confirm' => t('shared.confirm_destroy')}, icon: 'fa fa-times', id: 'destroy-file', label: t('exercises.editor.destroy_file'))
 
-  = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', icon: 'fa fa-download', id: 'download', label: t('exercises.editor.download'))
+  - unless @embed_options[:disable_download]
+    = render('editor_button', classes: 'btn-block btn-primary btn enforce-top-margin', icon: 'fa fa-download', id: 'download', label: t('exercises.editor.download'))
   = render('editor_button', classes: 'btn-block btn-primary btn', data: {:'data-message-confirm' => t('exercises.editor.confirm_start_over'), :'data-url' => reload_exercise_path(@exercise)}, icon: 'fa fa-history', id: 'start-over', label: t('exercises.editor.start_over'))
 
   //- if !@course_token.blank?