Avoid that files from other exercises can be created

This commit is contained in:
tobias.kantusch
2021-04-22 16:56:56 +02:00
committed by Sebastian Serth
parent 1f3c9db537
commit caaa52409e
2 changed files with 3 additions and 2 deletions

View File

@ -5,7 +5,8 @@ module FileParameters
if Exercise.exists?(id: exercise_id) && params
params.reject do |_, file_attributes|
file = CodeOcean::File.find_by(id: file_attributes[:file_id])
file.nil? || file.hidden || file.read_only
# avoid that public files from other contexts can be created
file.nil? || file.hidden || file.read_only || file.context_id != exercise_id.to_i
end
else
[]