Return propper error for anonymous users in exercises_controller

* not_authorized_for_exercise was not checking for a current_user

Fixes CODEOCEAN-C4
This commit is contained in:
Sebastian Serth
2022-09-04 19:13:08 +02:00
parent 1581d658ea
commit e5d8db2796

View File

@ -435,7 +435,10 @@ class ExercisesController < ApplicationController
end end
def not_authorized_for_exercise(_exception) def not_authorized_for_exercise(_exception)
if %w[implement working_times intervention search reload].include?(action_name) && (current_user.admin? || current_user.teacher?) return render_not_authorized unless current_user
return render_not_authorized unless %w[implement working_times intervention search reload].include?(action_name)
if current_user.admin? || current_user.teacher?
redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished? redirect_to(@exercise, alert: t('exercises.implement.unpublished')) if @exercise.unpublished?
redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists? redirect_to(@exercise, alert: t('exercises.implement.no_files')) unless @exercise.files.visible.exists?
else else