Skip to content

Fix GET /api/projects/:identifier/remix/identifier returns 404 during a valid student remix flow #792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
abcampo-iry merged 2 commits into from
Apr 28, 2026
+32 −1
Merged

Fix GET /api/projects/:identifier/remix/identifier returns 404 during a valid student remix flow #792

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b90208c
update identifier
abcampo-iry Apr 27, 2026
7c7af87
Merge branch 'main' into issues/1289-solve-valid-cases-for-remix-iden…
cocomarine Apr 28, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion app/controllers/api/projects/remixes_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@ class RemixesController < ApiController

before_action :authorize_user
load_and_authorize_resource :school, only: :index
before_action :load_and_authorize_remix, only: %i[show show_identifier]
before_action :load_and_authorize_remix, only: :show
before_action :load_and_authorize_remix_identifier, only: :show_identifier

def index
projects = Project.where(remixed_from_id: project.id).accessible_by(current_ability)
Expand Down Expand Up @@ -52,6 +53,19 @@ def load_and_authorize_remix
authorize! :show, @project
end

def load_and_authorize_remix_identifier
@project =
if project.remixed_from_id.present?
project if project.user_id == current_user.id
else
remix_for_user(project, current_user)
end

raise ActiveRecord::RecordNotFound unless @project

authorize! :show, @project
end

def remix_params
params.require(:project)
.permit(:name,
Expand Down
17 changes: 17 additions & 0 deletions spec/requests/projects/remix_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,12 @@
expect(response.parsed_body['identifier']).to eq(remixed_project.identifier)
end

it 'returns the supplied identifier when it already belongs to the user remix' do
get("/api/projects/#{remixed_project.identifier}/remix/identifier", headers:)
expect(response).to have_http_status(:ok)
expect(response.parsed_body['identifier']).to eq(remixed_project.identifier)
end

it 'returns 404 response if invalid project' do
get('/api/projects/no-such-project/remix/identifier', headers:)
expect(response).to have_http_status(:not_found)
Expand All @@ -119,6 +125,17 @@
expect(response).to have_http_status(:not_found)
end

it 'returns 404 if the supplied remix identifier belongs to another user' do
another_user_remix = create(
:project,
remixed_from_id: original_project.id,
user_id: create(:owner, school:).id
)

get("/api/projects/#{another_user_remix.identifier}/remix/identifier", headers:)
expect(response).to have_http_status(:not_found)
end

context 'when multiple remixes exist for the same user and project' do
let!(:oldest_remix) do
create(:project, remixed_from_id: original_project.id, user_id: authenticated_user.id,
Expand Down
Loading