cafe-grader-web

Commit r683:d4ac431eeeb6 public

parent | child
Description:
fix access right control bugs
Commit status:
[Not Reviewed]
References:
java
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r683:d4ac431eeeb6 - - 2 files changed: 9 inserted, 7 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,6 +1,6
1 class SubmissionsController < ApplicationController
1 class SubmissionsController < ApplicationController
2 before_action :authenticate
2 before_action :authenticate
3 - before_action :submission_authorization, only: [:show, :direct_edit_submission, :download, :edit]
3 + before_action :submission_authorization, only: [:show, :download, :edit]
4 before_action :admin_authorization, only: [:rejudge]
4 before_action :admin_authorization, only: [:rejudge]
5
5
6 # GET /submissions
6 # GET /submissions
@@ -51,10 +51,13
51 #on-site new submission on specific problem
51 #on-site new submission on specific problem
52 def direct_edit_problem
52 def direct_edit_problem
53 @problem = Problem.find(params[:problem_id])
53 @problem = Problem.find(params[:problem_id])
54 + unless @current_user.can_view_problem?(@problem)
55 + unauthorized_redirect
56 + return
57 + end
54 @source = ''
58 @source = ''
55 - if (params[:user_id])
59 + if (params[:view_latest])
56 - u = User.find(params[:user_id])
60 + sub = Submission.find_last_by_user_and_problem(@current_user.id,@problem.id)
57 - @submission = Submission.find_last_by_user_and_problem(u.id,@problem.id)
58 @source = @submission.source.to_s if @submission and @submission.source
61 @source = @submission.source.to_s if @submission and @submission.source
59 end
62 end
60 render 'edit'
63 render 'edit'
@@ -99,8 +102,7
99 end
102 end
100
103
101 sub = Submission.find(params[:id])
104 sub = Submission.find(params[:id])
102 - if sub.problem.available?
105 + if @current_user.available_problems.include? sub.problem
103 - puts "sub = #{sub.user.id}, current = #{@current_user.id}"
104 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
106 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
105 end
107 end
106
108
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -152,7 +152,7
152 return if self.user.admin?
152 return if self.user.admin?
153
153
154 #check if user has the right to submit the problem
154 #check if user has the right to submit the problem
155 - errors.add('problem',"must be valid.") if (!self.user.available_problem.include?(self.problem)) and (self.new_record?)
155 + errors.add('problem',"must be valid.") if (!self.user.available_problems.include?(self.problem)) and (self.new_record?)
156 end
156 end
157 end
157 end
158
158
You need to be logged in to leave comments. Login now