New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow normal users to search submissions #1677
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we want to add a test for a normal user to search in their own exercises?
@@ -125,7 +125,7 @@ def set_submissions | |||
end | |||
if params[:course_id] | |||
@course = Course.find(params[:course_id]) | |||
@course_labels = CourseLabel.where(course: @course) if @user.blank? | |||
@course_labels = CourseLabel.where(course: @course) if @user.blank? && current_user.course_admin?(@course) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will crash if current_user
is nil (but I doubt if that will ever be the case).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I realized this while writing the code, but a logged out user can never see submissions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this callback is executed before permission checking though, so a logged out user constructing the right URL could technically trigger a crash. I'll change it.
The only way to test this new behaviour is through system testing, the user could already do so via the API. |
Hmm, we don't have any tests related to searching yet AFAICT, so I'll add some. |
e61bd08
to
e14e7dc
Compare
Closes #1660.