File manager exception fix (#2229)

* Flash error if the check instructor fails

* Unit test to check when a user is not authorized

* Unit permission tests for file manager methods

* Added test file in fixtures

* Re routes when user is not instructor of any course

* Fixed broken variable naming

Author: KesterTan

app/controllers/file_manager_controller.rb

@@ -27,7 +27,8 @@ def index
       end
     end
     absolute_path = check_path_exist(path)
-    if (File.directory?(absolute_path) && check_instructor(absolute_path)) || path == ""
+    if (File.directory?(absolute_path) && check_instructor(absolute_path)) ||
+       (path == "" && is_instructor_of_any_course)
       populate_directory(absolute_path, new_url)
       render 'file_manager/index'
     elsif File.file?(absolute_path) && check_instructor(absolute_path)
@@ -42,6 +43,9 @@ def index
                   filename: File.basename(absolute_path),
                   disposition: 'attachment')
       end
+    else
+      flash[:error] = "You are not authorized to view this path"
+      redirect_to root_path
     end
   end
 
@@ -51,12 +55,15 @@ def upload
 
   def delete
     absolute_path = check_path_exist(params[:path])
-    return unless check_instructor(absolute_path)
-
-    parent = absolute_path.parent
-    raise "Unable to delete courses in the root directory." if parent == BASE_DIRECTORY
+    if check_instructor(absolute_path)
+      parent = absolute_path.parent
+      raise "Unable to delete courses in the root directory." if parent == BASE_DIRECTORY
 
-    FileUtils.rm_rf(absolute_path)
+      FileUtils.rm_rf(absolute_path)
+    else
+      flash[:error] = "You are not authorized to delete this"
+      redirect_to root_path
+    end
   end
 
   def rename
@@ -86,6 +93,9 @@ def rename
         FileUtils.mv(absolute_path, new_path)
         flash[:success] = "Successfully renamed file to #{params[:new_name]}"
       end
+    else
+      flash[:error] = "You are not authorized to rename this path"
+      redirect_to root_path
     end
   rescue ArgumentError => e
     flash[:error] = e.message
@@ -95,33 +105,36 @@ def download_tar
     path = params[:path]&.split("/")&.drop(2)&.join("/")
     path = CGI.unescape(path)
     absolute_path = check_path_exist(path)
-    return unless check_instructor(absolute_path)
-
-    if File.directory?(absolute_path)
-      tar_stream = StringIO.new("")
-      Gem::Package::TarWriter.new(tar_stream) do |tar|
-        Dir[File.join(absolute_path.to_s, '**', '**')].each do |file|
-          mode = File.stat(file).mode
-          relative_path = file.sub(%r{^#{Regexp.escape(absolute_path.to_s)}/?}, '')
-          if File.directory?(file)
-            tar.mkdir relative_path, mode
-          else
-            tar.add_file relative_path, mode do |tar_file|
-              File.open(file, "rb") { |f| tar_file.write f.read }
+    if check_instructor(absolute_path)
+      if File.directory?(absolute_path)
+        tar_stream = StringIO.new("")
+        Gem::Package::TarWriter.new(tar_stream) do |tar|
+          Dir[File.join(absolute_path.to_s, '**', '**')].each do |file|
+            mode = File.stat(file).mode
+            relative_path = file.sub(%r{^#{Regexp.escape(absolute_path.to_s)}/?}, '')
+            if File.directory?(file)
+              tar.mkdir relative_path, mode
+            else
+              tar.add_file relative_path, mode do |tar_file|
+                File.open(file, "rb") { |f| tar_file.write f.read }
+              end
             end
           end
         end
+        tar_stream.rewind
+        tar_stream.close
+        send_data tar_stream.string.force_encoding("binary"),
+                  filename: "file_manager.tar",
+                  type: "application/x-tar",
+                  disposition: "attachment"
+      else
+        send_file(absolute_path,
+                  filename: File.basename(absolute_path),
+                  disposition: 'attachment')
       end
-      tar_stream.rewind
-      tar_stream.close
-      send_data tar_stream.string.force_encoding("binary"),
-                filename: "file_manager.tar",
-                type: "application/x-tar",
-                disposition: "attachment"
     else
-      send_file(absolute_path,
-                filename: File.basename(absolute_path),
-                disposition: 'attachment')
+      flash[:error] = "You are not authorized to download attachments at this path"
+      redirect_to root_path
     end
   end
 
@@ -159,6 +172,9 @@ def upload_file(path)
             end
           end
         end
+      else
+        flash[:error] = "You are not authorized to upload files at this path"
+        redirect_to root_path
       end
     end
   end
@@ -223,6 +239,13 @@ def check_path_exist(path)
     @absolute_path
   end
 
+  def is_instructor_of_any_course
+    current_user_id = current_user.id
+    cuds = CourseUserDatum.where(user_id: current_user_id, instructor: true)
+    courses = Course.where(id: cuds.map(&:course_id))
+    !courses.empty?
+  end
+
   def check_instructor(path)
     current_user_id = current_user.id
     cuds = CourseUserDatum.where(user_id: current_user_id, instructor: true)