Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File manager exception fix #2229

Merged
merged 8 commits into from
Nov 3, 2024
Merged

File manager exception fix #2229

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
4dd1e3d
Flash error if the check instructor fails
KesterTan Sep 27, 2024
df7c974
Unit test to check when a user is not authorized
KesterTan Sep 29, 2024
59f9684
Unit permission tests for file manager methods
KesterTan Oct 4, 2024
373e05b
Added test file in fixtures
KesterTan Oct 4, 2024
f84e60e
Re routes when user is not instructor of any course
KesterTan Oct 27, 2024
ea44418
Fixed broken variable naming
KesterTan Oct 27, 2024
2ae7c3a
Merge branch 'master' into file_manager_exception_fix
KesterTan Oct 29, 2024
78b7da1
Merge branch 'master' into file_manager_exception_fix
KesterTan Nov 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 51 additions & 28 deletions app/controllers/file_manager_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,8 @@ def index
end
end
absolute_path = check_path_exist(path)
if (File.directory?(absolute_path) && check_instructor(absolute_path)) || path == ""
if (File.directory?(absolute_path) && check_instructor(absolute_path)) ||
(path == "" && is_instructor_of_any_course)
populate_directory(absolute_path, new_url)
render 'file_manager/index'
elsif File.file?(absolute_path) && check_instructor(absolute_path)
Expand All @@ -42,6 +43,9 @@ def index
filename: File.basename(absolute_path),
disposition: 'attachment')
end
else
flash[:error] = "You are not authorized to view this path"
redirect_to root_path
end
end

Expand All @@ -51,12 +55,15 @@ def upload

def delete
absolute_path = check_path_exist(params[:path])
return unless check_instructor(absolute_path)

parent = absolute_path.parent
raise "Unable to delete courses in the root directory." if parent == BASE_DIRECTORY
if check_instructor(absolute_path)
parent = absolute_path.parent
raise "Unable to delete courses in the root directory." if parent == BASE_DIRECTORY

FileUtils.rm_rf(absolute_path)
FileUtils.rm_rf(absolute_path)
else
flash[:error] = "You are not authorized to delete this"
redirect_to root_path
end
KesterTan marked this conversation as resolved.
Show resolved Hide resolved
end

def rename
Expand Down Expand Up @@ -86,6 +93,9 @@ def rename
FileUtils.mv(absolute_path, new_path)
flash[:success] = "Successfully renamed file to #{params[:new_name]}"
end
else
flash[:error] = "You are not authorized to rename this path"
redirect_to root_path
KesterTan marked this conversation as resolved.
Show resolved Hide resolved
end
rescue ArgumentError => e
flash[:error] = e.message
Expand All @@ -95,33 +105,36 @@ def download_tar
path = params[:path]&.split("/")&.drop(2)&.join("/")
path = CGI.unescape(path)
absolute_path = check_path_exist(path)
return unless check_instructor(absolute_path)

if File.directory?(absolute_path)
tar_stream = StringIO.new("")
Gem::Package::TarWriter.new(tar_stream) do |tar|
Dir[File.join(absolute_path.to_s, '**', '**')].each do |file|
mode = File.stat(file).mode
relative_path = file.sub(%r{^#{Regexp.escape(absolute_path.to_s)}/?}, '')
if File.directory?(file)
tar.mkdir relative_path, mode
else
tar.add_file relative_path, mode do |tar_file|
File.open(file, "rb") { |f| tar_file.write f.read }
if check_instructor(absolute_path)
if File.directory?(absolute_path)
tar_stream = StringIO.new("")
Gem::Package::TarWriter.new(tar_stream) do |tar|
Dir[File.join(absolute_path.to_s, '**', '**')].each do |file|
mode = File.stat(file).mode
relative_path = file.sub(%r{^#{Regexp.escape(absolute_path.to_s)}/?}, '')
if File.directory?(file)
tar.mkdir relative_path, mode
else
tar.add_file relative_path, mode do |tar_file|
File.open(file, "rb") { |f| tar_file.write f.read }
end
end
end
end
tar_stream.rewind
tar_stream.close
send_data tar_stream.string.force_encoding("binary"),
filename: "file_manager.tar",
type: "application/x-tar",
disposition: "attachment"
else
send_file(absolute_path,
filename: File.basename(absolute_path),
disposition: 'attachment')
end
tar_stream.rewind
tar_stream.close
send_data tar_stream.string.force_encoding("binary"),
filename: "file_manager.tar",
type: "application/x-tar",
disposition: "attachment"
else
send_file(absolute_path,
filename: File.basename(absolute_path),
disposition: 'attachment')
flash[:error] = "You are not authorized to download attachments at this path"
redirect_to root_path
KesterTan marked this conversation as resolved.
Show resolved Hide resolved
end
end

Expand Down Expand Up @@ -159,6 +172,9 @@ def upload_file(path)
end
end
end
else
flash[:error] = "You are not authorized to upload files at this path"
redirect_to root_path
KesterTan marked this conversation as resolved.
Show resolved Hide resolved
end
end
end
Expand Down Expand Up @@ -223,6 +239,13 @@ def check_path_exist(path)
@absolute_path
end

def is_instructor_of_any_course
current_user_id = current_user.id
cuds = CourseUserDatum.where(user_id: current_user_id, instructor: true)
courses = Course.where(id: cuds.map(&:course_id))
!courses.empty?
end
KesterTan marked this conversation as resolved.
Show resolved Hide resolved

def check_instructor(path)
current_user_id = current_user.id
cuds = CourseUserDatum.where(user_id: current_user_id, instructor: true)
Expand Down
Loading