From 3fa592474b9d772f9d06db8719c2f14beb735862 Mon Sep 17 00:00:00 2001
From: jorg-vr <jorg.vr@live.be>
Date: Wed, 16 Aug 2023 14:53:24 +0200
Subject: [PATCH 1/4] Avoid 403 errors when a user cannot access linked saved
 annotations

---
 app/assets/javascripts/state/SavedAnnotations.ts | 5 +++++
 app/views/annotations/_annotation.json.jbuilder  | 4 +++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/app/assets/javascripts/state/SavedAnnotations.ts b/app/assets/javascripts/state/SavedAnnotations.ts
index 9870c2d405..4489d76344 100644
--- a/app/assets/javascripts/state/SavedAnnotations.ts
+++ b/app/assets/javascripts/state/SavedAnnotations.ts
@@ -43,6 +43,11 @@ class SavedAnnotationState extends State {
     private async fetch(id: number): Promise<SavedAnnotation> {
         const url = `${URL}/${id}.json`;
         const response = await fetch(url);
+
+        if (response.status === 403) {
+            return undefined;
+        }
+
         this.byId.set(id, await response.json());
         return this.byId.get(id);
     }
diff --git a/app/views/annotations/_annotation.json.jbuilder b/app/views/annotations/_annotation.json.jbuilder
index 9534645e44..04c539b066 100644
--- a/app/views/annotations/_annotation.json.jbuilder
+++ b/app/views/annotations/_annotation.json.jbuilder
@@ -1,4 +1,4 @@
-json.extract! annotation, :id, :line_nr, :annotation_text, :user_id, :submission_id, :saved_annotation_id, :created_at, :updated_at, :course_id, :column, :rows, :columns
+json.extract! annotation, :id, :line_nr, :annotation_text, :user_id, :submission_id, :created_at, :updated_at, :course_id, :column, :rows, :columns
 json.row annotation.line_nr || 0
 if annotation.is_a?(Question)
   json.extract! annotation, :question_state
@@ -41,3 +41,5 @@ json.responses annotation.responses do |response|
   json.partial! response, as: :annotation
 end
 json.thread_root_id annotation.thread_root_id
+
+json.saved_annotation_id annotation.saved_annotation_id if annotation.saved_annotation.present? && SavedAnnotationPolicy.new(current_user, annotation.saved_annotation).show?

From 6820df521c851b7ccc622fc6afd5cd41add03746 Mon Sep 17 00:00:00 2001
From: jorg-vr <jorg.vr@live.be>
Date: Wed, 16 Aug 2023 15:18:32 +0200
Subject: [PATCH 2/4] Remove unneeded change

---
 app/assets/javascripts/state/SavedAnnotations.ts | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/app/assets/javascripts/state/SavedAnnotations.ts b/app/assets/javascripts/state/SavedAnnotations.ts
index 4489d76344..1bb1ce1716 100644
--- a/app/assets/javascripts/state/SavedAnnotations.ts
+++ b/app/assets/javascripts/state/SavedAnnotations.ts
@@ -44,10 +44,6 @@ class SavedAnnotationState extends State {
         const url = `${URL}/${id}.json`;
         const response = await fetch(url);
 
-        if (response.status === 403) {
-            return undefined;
-        }
-
         this.byId.set(id, await response.json());
         return this.byId.get(id);
     }

From abd094a50a659a0059bcf1c63128728a17cbd678 Mon Sep 17 00:00:00 2001
From: jorg-vr <jorg.vr@live.be>
Date: Wed, 16 Aug 2023 15:19:28 +0200
Subject: [PATCH 3/4] Add comment

---
 app/views/annotations/_annotation.json.jbuilder | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/annotations/_annotation.json.jbuilder b/app/views/annotations/_annotation.json.jbuilder
index 04c539b066..beeaf1119b 100644
--- a/app/views/annotations/_annotation.json.jbuilder
+++ b/app/views/annotations/_annotation.json.jbuilder
@@ -42,4 +42,5 @@ json.responses annotation.responses do |response|
 end
 json.thread_root_id annotation.thread_root_id
 
+# Only include the saved annotation id if the user is allowed to see it
 json.saved_annotation_id annotation.saved_annotation_id if annotation.saved_annotation.present? && SavedAnnotationPolicy.new(current_user, annotation.saved_annotation).show?

From 239d015061beae563f2e87c3028c23b0c7d2d47c Mon Sep 17 00:00:00 2001
From: jorg-vr <jorg.vr@live.be>
Date: Wed, 16 Aug 2023 15:19:59 +0200
Subject: [PATCH 4/4] Do not add newline

---
 app/assets/javascripts/state/SavedAnnotations.ts | 1 -
 1 file changed, 1 deletion(-)

diff --git a/app/assets/javascripts/state/SavedAnnotations.ts b/app/assets/javascripts/state/SavedAnnotations.ts
index 1bb1ce1716..9870c2d405 100644
--- a/app/assets/javascripts/state/SavedAnnotations.ts
+++ b/app/assets/javascripts/state/SavedAnnotations.ts
@@ -43,7 +43,6 @@ class SavedAnnotationState extends State {
     private async fetch(id: number): Promise<SavedAnnotation> {
         const url = `${URL}/${id}.json`;
         const response = await fetch(url);
-
         this.byId.set(id, await response.json());
         return this.byId.get(id);
     }