Avoid 403 errors when a user cannot access linked saved annotations

dodona-edu · Aug 16, 2023 · 3fa5924 · 3fa5924
1 parent 188842b
commit 3fa5924
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/app/assets/javascripts/state/SavedAnnotations.ts b/app/assets/javascripts/state/SavedAnnotations.ts
@@ -43,6 +43,11 @@ class SavedAnnotationState extends State {
     private async fetch(id: number): Promise<SavedAnnotation> {
         const url = `${URL}/${id}.json`;
         const response = await fetch(url);
+
+        if (response.status === 403) {
+            return undefined;
+        }
+
         this.byId.set(id, await response.json());
         return this.byId.get(id);
     }

diff --git a/app/views/annotations/_annotation.json.jbuilder b/app/views/annotations/_annotation.json.jbuilder
@@ -1,4 +1,4 @@
-json.extract! annotation, :id, :line_nr, :annotation_text, :user_id, :submission_id, :saved_annotation_id, :created_at, :updated_at, :course_id, :column, :rows, :columns
+json.extract! annotation, :id, :line_nr, :annotation_text, :user_id, :submission_id, :created_at, :updated_at, :course_id, :column, :rows, :columns
 json.row annotation.line_nr || 0
 if annotation.is_a?(Question)
   json.extract! annotation, :question_state
@@ -41,3 +41,5 @@ json.responses annotation.responses do |response|
   json.partial! response, as: :annotation
 end
 json.thread_root_id annotation.thread_root_id
+
+json.saved_annotation_id annotation.saved_annotation_id if annotation.saved_annotation.present? && SavedAnnotationPolicy.new(current_user, annotation.saved_annotation).show?