I got the url required for non-authenticated homework file viewing down to this:
http://files.anise:8080/files/12/download?verifier=d58163ba9efaa2873ddc98a66d316dbf308d761a
I then tried to download file 13, which was another student's file with this url:
http://files.anise:8080/files/13/download?verifier=d58163ba9efaa2873ddc98a66d316dbf308d761a
and it led to a 500, when i was expecting a 401. Here's the trace from production.log:
Processing FilesController#show (for 127.0.1.1 at 2011-05-26 13:23:41) [GET]
Parameters: {"verifier"=>"d58163ba9efaa2873ddc98a66d316dbf308d761a", "download"=>"1", "action"=>"show", "controller"=>"files", "file_id"=>"13"}
Rendering template within layouts/application
Rendering shared/unauthorized (unauthorized)
ActionView::TemplateError (undefined method `asset_string' for nil:NilClass) on line #18 of app/views/layouts/application.html.erb:
15: #we dont want to render a right side unless there is actually content in it.
16: @body_classes << "with-right-side" if right_side and not right_side.strip.empty?
17: @body_classes << "padless-content" if @padless
18: @body_classes << "context-#{@context.asset_string}" if @context
19: -%>
20:
21:
app/models/user_profile.rb:34:in `asset_string'
app/views/layouts/application.html.erb:18
haml (3.0.22) rails/./lib/haml/helpers/action_view_mods.rb:13:in `render'
haml (3.0.22) rails/./lib/haml/helpers/action_view_mods.rb:13:in `render'
app/controllers/application_controller.rb:153:in `render_unauthorized_action'
app/controllers/application_controller.rb:141:in `render_unauthorized_action'
app/controllers/application_controller.rb:114:in `authorized_action'
app/controllers/files_controller.rb:208:in `show'
compass (0.10.5) lib/compass/app_integration/rails/actionpack2/action_controller.rb:7:in `process'
haml (3.0.22) rails/./lib/sass/plugin/rack.rb:41:in `call'
haml (3.0.22) rails/./lib/sass/plugin/rack.rb:41:in `call'
lib/request_context_generator.rb:29:in `call'
app/middleware/prevent_non_multipart_parse.rb:32:in `call'
app/middleware/load_account.rb:11:in `call'
/usr/lib/ruby/1.8/phusion_passenger/rack/request_handler.rb:92:in `process_request'
/usr/lib/ruby/1.8/phusion_passenger/abstract_request_handler.rb:207:in `main_loop'
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:418:in `start_request_handler'
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:358:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/utils.rb:184:in `safe_fork'
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:354:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `__send__'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `main_loop'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:196:in `start_synchronously'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:163:in `start'
/usr/lib/ruby/1.8/phusion_passenger/railz/application_spawner.rb:213:in `start'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:262:in `spawn_rails_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:126:in `lookup_or_add'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:256:in `spawn_rails_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:80:in `synchronize'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server_collection.rb:79:in `synchronize'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:255:in `spawn_rails_application'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:154:in `spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/spawn_manager.rb:287:in `handle_spawn_application'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `__send__'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:352:in `main_loop'
/usr/lib/ruby/1.8/phusion_passenger/abstract_server.rb:196:in `start_synchronously'
/usr/lib/phusion_passenger/passenger-spawn-server:61
Rendering template within layouts/application
Rendering shared/errors/500_message.html.erb (500 Internal Server Error)
Rendering /home/pmichaud/canvas/canvas/public/500.html (500 Internal Server Error)
After authenticating to files.anise:8080 as a user without access, I got the 401:
Processing FilesController#show (for 127.0.1.1 at 2011-05-26 13:28:34) [GET]
Parameters: {"verifier"=>"d58163ba9efaa2873ddc98a66d316dbf308d761a", "download"=>"1", "action"=>"show", "controller"=>"files", "file_id"=>"13"}
patrick(2) impersonating user1 on page http://files.anise:8080/files/13/download?verifier=d58163ba9efaa2873ddc98a66d316dbf308d761a
Rendering template within layouts/application
Rendering shared/unauthorized (unauthorized)
Completed in 529ms (View: 27, DB: 56) | 401 Unauthorized [http://files.anise/files/13/download?verifier=d58163ba9efaa2873ddc98a66d316dbf308d761a]