From 7f16a74d8c7dfe555a18d6ff701b65db9c5fcb88 Mon Sep 17 00:00:00 2001 From: Michael Herzberg Date: Fri, 22 Feb 2019 20:44:02 +0000 Subject: [PATCH] Don't allow submissions for other students. --- app/controllers/grades_controller.rb | 4 +++- app/views/grades/new_student.html.erb | 4 ---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/app/controllers/grades_controller.rb b/app/controllers/grades_controller.rb index 5267244..937b2c2 100644 --- a/app/controllers/grades_controller.rb +++ b/app/controllers/grades_controller.rb @@ -49,7 +49,9 @@ class GradesController < ApplicationController render :new_lecturer end elsif logged_in_as_student - @grade = Grade.new(params.require(:grade).permit(:student_id, :lecture_id, :submission)) + grade_params = params.require(:grade).permit(:lecture_id, :submission) + grade_params[:student_id] = current_user.id + @grade = Grade.new(grade_params) if @grade.save flash[:success] = "Report submitted!" redirect_to grades_path diff --git a/app/views/grades/new_student.html.erb b/app/views/grades/new_student.html.erb index eadce47..16bfac2 100644 --- a/app/views/grades/new_student.html.erb +++ b/app/views/grades/new_student.html.erb @@ -4,10 +4,6 @@
<%= f.label :lecture %>
<%= f.select(:lecture_id, Lecture.all.collect {|p| [ p.name, p.id ] }) %>
-
-
<%= f.label :student %>
-
<%= f.select(:student_id, User.where(role: "student").collect {|p| [ p.login, p.id ] }) %>
-
<%= f.label :submission %>