From 571fe40256be5bb8ac3421a7ec8c58e7b8a100ed Mon Sep 17 00:00:00 2001
From: Tom Levy <tomlevy93@gmail.com>
Date: Tue, 9 Jan 2024 01:21:16 +1300
Subject: [PATCH] Render 404 Not Found for invalid problem filelink path

Previously, /problems/:id/files/download/:path with a non-existent
path would crash with Pundit::NotDefinedError (unable to find policy
of nil), because `find_by_filepath` returns nil if the record is not
found and then `authorize @filelink, :show?` fails.
---
 app/controllers/filelinks/roots_controller.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/filelinks/roots_controller.rb b/app/controllers/filelinks/roots_controller.rb
index eeb2dc75..0ef3bb39 100644
--- a/app/controllers/filelinks/roots_controller.rb
+++ b/app/controllers/filelinks/roots_controller.rb
@@ -56,7 +56,7 @@ def show
     else
       raise ActiveRecord::RecordNotFound if params[:filepath].nil?
       filepath = [params[:filepath], params[:format]].compact.join('.')
-      @filelink = model.filelinks.find_by_filepath(filepath)
+      @filelink = model.filelinks.find_by_filepath!(filepath)
     end
     authorize @filelink, :show?
     send_file FileAttachmentUploader.root + @filelink.file_attachment_url, :filename => File.basename(@filelink.filepath), :disposition => 'inline'