Return propper error for anonymous users in exercises_controller
* not_authorized_for_exercise was not checking for a current_user Fixes CODEOCEAN-C4
This commit is contained in:
@ -435,7 +435,10 @@ class ExercisesController < ApplicationController
|
|||||||
end
|
end
|
||||||
|
|
||||||
def not_authorized_for_exercise(_exception)
|
def not_authorized_for_exercise(_exception)
|
||||||
if %w[implement working_times intervention search reload].include?(action_name) && (current_user.admin? || current_user.teacher?)
|
return render_not_authorized unless current_user
|
||||||
|
return render_not_authorized unless %w[implement working_times intervention search reload].include?(action_name)
|
||||||
|
|
||||||
|
if current_user.admin? || current_user.teacher?
|
||||||
redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished?
|
redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished?
|
||||||
redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
|
redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
|
||||||
else
|
else
|
||||||
|
Reference in New Issue
Block a user