.gitlab-ci.yml

-image: ruby:2.3.1
+image: ruby:2.7
 
 services:
-  - postgres:9.5
+  - postgres:11
   - elasticsearch:6.5.1
   - redis:latest
 
@@ -17,6 +17,7 @@ variables:
 
 stages:
   - test
+  - apidoc
   - deploy
 
 before_script:
@@ -43,13 +44,26 @@ test:
     - elasticsearch
     - redis
 
-#deploy:
-#  stage: deploy
-#  script:
-#    - mina deploy
-#  only:
-#    - master
-#  tags:
+doc:
+  stage: apidoc
+  script:
+    - bundle exec rake db:migrate:reset RAILS_ENV=test
+    - bundle exec rake docs:generate
+    - ./docploy.sh
+  only:
+    - stable
+  tags:
+    - ruby
+    - postgres
+    - elasticsearch
+    - redis
+# deploy:
+#   stage: deploy
+#   script:
+#   #   - mina deploy
+#   only:
+#     - master
+#   tags:
 #    - ruby
 #    - postgres
 #    - elasticsearch

.ruby-version

-2.3.1
+3.0.1

Gemfile

 source 'https://rubygems.org'
 
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '5.0.0.1'
+gem 'rails', '>=6.0.0'
 # Use postgresql as the database for Active Record
 gem 'pg'
 
 # bundle exec rake doc:rails generates the API under doc/api.
-gem 'sdoc', '~> 0.4.0', group: :doc
+gem 'sdoc', '>= 0.4.0', group: :doc
 
 # Use ActiveModel has_secure_password
-gem 'bcrypt', '~> 3.1.7'
+gem 'bcrypt', '>= 3.1.7'
 
 # memcached
 gem 'dalli'
@@ -30,10 +30,10 @@ gem 'whenever', require: false
 gem 'devise'
 
 # files
-gem 'paperclip'
+gem 'kt-paperclip', github: 'kreeti/kt-paperclip', branch: 'master'
 
 # enable login via rest
-gem 'devise_token_auth'
+gem 'devise_token_auth', github: 'lynndylanhurley/devise_token_auth', branch: 'master'
 gem 'rack-cors', require: 'rack/cors'
 
 gem 'rmagick'
@@ -81,13 +81,13 @@ group :development do
   # reduce queries - https://github.com/flyerhzm/bullet
   gem 'bullet'
 
-  gem 'better_errors'
+  gem 'better_errors', '~>2.8.0'
 
   # Call 'byebug' anywhere in the code to stop execution and get a debugger console
   gem 'byebug'
 
   # Access an IRB console on exception pages or by using <%= console %> in views
-  gem 'web-console', '~> 2.0'
+  gem 'web-console', '~>4.0.4'
 
   # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
   gem 'spring'
@@ -107,12 +107,12 @@ group :test do
 end
 
 group :development, :test do
-  gem 'rspec-rails', '~> 3.8' #original is 3.6
+  gem 'rspec-rails', '>= 3.8' #original is 3.6
   gem 'rspec_api_documentation'
-  gem 'factory_girl_rails'
+  gem 'factory_bot_rails'
 end
 
-gem 'streamio-ffmpeg', '~> 1.0.0'
+gem 'streamio-ffmpeg', '>= 1.0.0'
 
 # sidekiq
 gem 'sidekiq'
@@ -120,13 +120,13 @@ gem 'sinatra', require: false
 gem 'slim'
 
 # CUrl
-gem 'curb', '~> 0.8.8'
+gem 'curb', '>= 0.8.8'
 
 # libArchive (Zip, Rar, ...)
 # C extension is required
 # For Mac OSX: brew install libarchive && bundle config build.libarchive "--with-opt-dir=/usr/local/opt/libarchive"
 # gem 'libarchive', '~> 0.1.2', :require => 'libarchive_ruby'
-gem 'libarchive-static'
+gem 'ffi-libarchive'
 
 gem 'gitlab'
 
@@ -145,7 +145,7 @@ gem 'activerecord-import'
 # social connect
 gem 'omniauth-facebook'
 gem 'omniauth-twitter'
-gem 'omniauth-google-oauth2'
+gem 'omniauth-google-oauth2', '~>0.8.2'
 
 # get mime type
 gem 'mimemagic'
@@ -165,7 +165,8 @@ gem 'public_activity'
 # gem 'rails-observers'
 
 # soft-deleted for active record models
-gem 'paranoia', github: 'rubysherpas/paranoia', branch: 'rails4'
+#gem 'paranoia', github: 'rubysherpas/paranoia', branch: 'rails4'
+gem 'paranoia' 
 
 # models versioning
 gem 'paper_trail'

README.md

@@ -23,33 +23,45 @@ along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
 
 ## Requirements
  * rvm
-    * Using rvm you will install ruby "2.3.1"
-* ruby "2.3.1"
- * Dspace server "5.x"
- * Postgres >=9.4
-    * If you will install Dspace, it is recommended to use Postgres "9.4"
- * Elasticsearch "6.2.4"
- * Redis
+    * Using rvm you will install ruby "3.0.1"
+ * ruby "3.0.1"
+ * Dspace server "6.x"
+ * Postgres "13"
+ * Elasticsearch "6.8.13"
+ * Redis ">=5.0"
+ * nvm
+    * Using nvm you will install Node.js "14.15.1"
+
+## NVM and Node.js
+
+For install NVM and Node.js, use this follwing commands:
+```
+$ wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.37.0/install.sh | bash
+```
+
+```
+$ nvm install 14.15.1
+``` 
 
 ## Postgres
 
 After the first install, you can run this commands:
 
 * ``` sudo passwd postgres ```
-* ```su postgres```
-* ``` psql -c "ALTER USER postgres WITH PASSWORD 'your_new_password'" -d template1 ```
-* ``` createuser -h localhost -U postgres -d [user_db] ```
+* ``` su postgres```
+* ``` psql -c "ALTER USER postgres WITH PASSWORD '$PASSWORD'" -d template1 ```
+* ``` createuser -h localhost -U postgres -d $USER_DB ```
+* ``` psql -c "ALTER USER $USER_DB WITH PASSWORD '$PASSWORD'" -d template1 ```
 
 Note: You can ask for the database dump for someone in the project.
 
-You need to modify the file "/etc/postgresql/10/main/pg_hba.conf", the modification is
+You need to modify the file "/etc/postgresql/11/main/pg_hba.conf", the modification is
 
-    * comment all lines with "peer" and copy them replacing "peer" with "md5".
+    * comment the 1st and 2nd lines with "peer" and copy them replacing "peer" with "md5".
     
 After this, run this command:
 
-* ``` systemctl stop postgresql ```
-* ``` systemctl start postgresql ```
+* ``` systemctl restart postgresql ```
 
 ## Rvm
 
@@ -73,9 +85,11 @@ After this setup, open the configuration files inside the project repository and
     * config/database.yml: change your postgres credentials for development and test environment.
     * config/dspace.yml: change your dspace host and credentials for development and test environment.
     * config/sidekiq.yml: change your redis hosts and ports.
+    * config/initializers/elasticsearch.rb: inside elsif Rails.env.test? change url 'elasticsearch:9200' to 'localhost:9200'.
     * config/initializers/gitlab.rb: change your gitlab host for bug reports and set env var with private token. ( $ export GITLAB_PORTALMEC_PRIVATE_TOKEN=131237128937128937 )
 
 
+
 ## Install
 After installed the requeriments, the first you will need to do is run:
 
@@ -88,7 +102,7 @@ This command will install all required gems for the project.
 After all gems were installed succesfuly. Please create the database using the following commands:
 *  ``` rake db:create ```
 * If you have the dump of the database, use it before db:migrate.
-    * To use the dump, run this commands:  ```psql -U [database_user] -d [database_name] < dump_name.sql ```  
+    * To use the dump, run this commands:  ```psql -U $DATABASE_USER -d $DATABASE_NAME < $DATABASE_PATH/dump_name.sql ```  
 *  ``` rake db:migrate ```
 
 ``` Note ``` : You need to load the dump in the database_dev.
@@ -96,8 +110,7 @@ After all gems were installed succesfuly. Please create the database using the f
 
 This procedure will create and configure all table in the project database  
 
-For the search mechanism to works, it is required to copy ``` your_directory_path/portalmec/calculate_score.painless ``` to ``` /etc/elasticsearch/scripts ```. After this is done, 
-execute the CMD in the portalmec directory ``` rake searchkick:reindex:all ```.
+For the search mechanism to works, execute the CMD in the portalmec directory ``` rake searchkick:reindex:all ```.
 
 
 <!--### Development environment-->
@@ -125,18 +138,29 @@ Se a rotina de testes descrita pelo rake test for arrumada, o comando a baixo fu
 ### Running tests suite
 For tests, TestUnit is used, and to run it
 ``` bundle exec rake test ```-->
-For tests, run this command: 
+
+
+For tests, run this commands:
+
+* ``` export DSPACE_LOGIN=your_login ```
+* ``` export DSPACE_PASS=your_password ```
+* ``` source ~/.bashrc ```
 
 * ``` bundle exec rake spec:acceptance ```
 
 ### Production environment
-As you set development and test environment vars, now production vars will be needed to be set.
-For that, open the file config/env_vars.sh and set them. After, run:
-``` ./config/env_vars.sh ```
+When working in the production environment, the environment variables must be set in the file config/env_vars.sh.
+After setting the variables in the file, you must include the following line into your user's .bashrc file:
+* ``` source /home/portalmec/portalmec/config/env_vars.sh ```
 
-    * Redis vars need to be set on config/sidekiq.yml
-    * In config/initializers/devise.rb, change the emails addresses. (Ex.: config.mailer_sender = 'suporte@c3sl.ufpr.br')
-
-Now that your application is ready, you can run it using sames commands used in the install section.
+You will also need to make some other configurations:
 
-After the setup, link your webserver to the app. Some OS services are in root of the project and can be used.
\ No newline at end of file
+    * Redis vars need to be set on config/sidekiq.yml
+    * In config/initializers/devise.rb, change the e-mail addresses. (Ex.: config.mailer_sender = 'suporte@suporte.com')
+    * In app/services/learning_object_publisher.rb, in the create_dspace_item change the DSpace collection where the items are gonna be created.
+    * Change the paths in the *.sh and *.service files in the root of the project to the absolute path of the project in the production server.
+    * As root, copy the *.service files to the server's systemd directory (Ex.: /lib/systemd/system), then run systemctl enable portalmec and systemctl enable portalmec-sidekiq.
+    * As root, copy the sidekiq_log.conf file to the rsyslog directory (/etc/rsyslog.d/) and give the shared/logs/sidekiq.log file the same permissions and ownership as the /var/log/syslog file.
+
+Now that your application is ready, you can run it with:
+* ``` systemctl start portalmec portalmec-sidekiq ```

app/builders/learning_object_builder.rb

@@ -18,6 +18,9 @@
 # along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
 
 class LearningObjectBuilder
+
+   I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil
+
   def self.build_from_dspace(item, publisher)
     lo = LearningObject.new(
       name: item.name,
@@ -26,6 +29,8 @@ class LearningObjectBuilder
       metadata: dspace_metadata_to_hash(item.metadata)
     )
 
+    lo.name = "Recurso Sem Nome" if lo.name.blank?
+
     lo.curator = lo.get_metadata_value_of('dc.curator')
     # institution = lo.get_metadata_value_of('dc.creator')
     # institution = 'Desconhecido' if institution.blank?
@@ -34,7 +39,32 @@ class LearningObjectBuilder
 
     object_type = lo.get_metadata_value_of('dc.type')
     object_type = 'Desconhecido' if object_type.blank?
-    lo.object_type = ObjectType.where(name: object_type).first_or_create
+
+    ot = ObjectType.where(name: object_type)
+    if ot.blank?
+      lo.object_type = ObjectType.where(name: 'Outros').first
+    else
+      lo.object_type = ot.first
+    end
+
+    subjects = lo.get_metadata_values_of('dc.subject')
+    subjects = ['Outros'] if subjects.blank?
+
+    subjects.uniq.each do |subject|
+      s = Subject.where(name: subject)
+      if s.blank?
+        insert_tag(subject, lo, publisher)
+      else
+        lo.subjects << s
+      end
+    end
+
+    tags = lo.get_metadata_values_of('dc.subject.keyword')
+    tags = ['Outros'] if tags.blank?
+
+    tags.uniq.each do |tg|
+      insert_tag(tg, lo, publisher)
+    end
 
     # date = lo.get_metadata_value_of('dc.date.issued')
     # lo.published_at = Time.iso8601(date) unless date.nil?
@@ -43,14 +73,18 @@ class LearningObjectBuilder
     code = lo.get_metadata_value_of('dc.language')
     code = 'pt' if code.blank?
     language = Language.where(code: code).first
-    language = Language.create(name: code, code: code) if language.nil?
-    lo.language = language
+    language = Language.where(code: "Outro").first if language.nil?
+    # language = Language.create(name: code, code: code) if language.nil?
+    lo.language << language
 
     lo.author = lo.get_metadata_values_of('dc.contributor.author').join(', ')
     lo.author = publisher.name if lo.author.blank?
     lo.description = lo.get_metadata_value_of('dc.description')
 
-    lo.state = LearningObject.states[:published]
+    lo.link = lo.get_metadata_value_of('dc.relation.uri')
+    lo.link = lo.get_metadata_value_of('dc.relation') if lo.link.blank?
+
+    # lo.state = LearningObject.states[:published]
 
     lo
   end
@@ -60,4 +94,14 @@ class LearningObjectBuilder
     metadata.each { |m| hash[m.key] << m.value }
     hash
   end
+
+  private
+
+  def self.insert_tag(tag_str, lo, publisher)
+    tag = Tag.where(name: tag_str).first_or_create
+    if !lo.tags.include?(tag)
+      tagging = Tagging.new(tag: tag, tagger: publisher, taggable: lo)
+      lo.taggings << tagging
+    end
+  end
 end

app/controllers/application_controller.rb

@@ -27,6 +27,7 @@ class ApplicationController < ActionController::API
   before_action :set_paper_trail_whodunnit
 
   rescue_from Exception do |exception|
+    logger.fatal "The request raised an exception:"
     logger.fatal exception
     logger.fatal exception.backtrace.first(10).join("\n")
     unless response_body

app/controllers/concerns/paginator.rb

@@ -38,7 +38,7 @@ module Paginator
 
     def offset
       return params[:offset].to_i if !params[:offset].blank?
-      return params[:page].to_i*params[:results_per_page].to_i if !params[:page].blank? && !params[:results_per_page].blank?
+      return params[:page].to_i*limit if !params[:page].blank?
       return 0
     end
 
@@ -51,7 +51,7 @@ module Paginator
           if(model.columns_hash[key].type == :integer)
             model = model.where("#{key}": value)
           else
-            model = model.where("#{key} ILIKE ?", "%#{value}%")
+            model = model.where("#{key} ILIKE  '%'|| ? || '%'", value)
           end
         end
       end

app/controllers/concerns/publisher_controller.rb

@@ -22,9 +22,9 @@ module PublisherController
   include Paginator
 
   included do
-    before_action :authenticate, only: [:show_all_drafts, :show_liked_learning_objects, :show_submitted_learning_objects, :show_liked_collections]
-    before_action :set_publisher, only: [:show_all_drafts, :show_all_learning_objects, :show_submitted_learning_objects, :show_all_collections, :show_liked_learning_objects, :show_liked_collections]
-    before_action -> { authorize @publisher }, only: [:show_all_drafts, :show_submitted_learning_objects, :show_liked_learning_objects, :show_liked_collections]
+    before_action :authenticate, only: [:show_all_drafts, :show_liked_learning_objects, :show_submissions, :show_liked_collections]
+    before_action :set_publisher, only: [:show_all_drafts, :show_all_learning_objects, :show_submissions, :show_all_collections, :show_liked_learning_objects, :show_liked_collections]
+    before_action -> { authorize @publisher }, only: [:show_all_drafts, :show_submissions, :show_liked_learning_objects, :show_liked_collections]
   end
 
   def show_all_drafts
@@ -38,9 +38,20 @@ module PublisherController
     render json: learning_objects
   end
 
-  def show_submitted_learning_objects
-    learning_objects = paginate LearningObject.where(publisher: @publisher, state: LearningObject.states[:submitted])
-    render json: learning_objects
+  # GET /v1/users/:id/submissions
+  def show_submissions
+    status = params[:status]
+    if !status.nil? && !Submission.statuses.has_key?(status) && status != 'all'
+      render json: {"error": "Status not found."}, status: :unprocessable_entity
+    else
+      if current_user.is_curator?
+        submissions = current_user.assignments
+      else
+        submissions = current_user.submissions
+      end
+      submissions = submissions.where(status: status) unless status.nil? || status == 'all'
+      render json: paginate(submissions), status: :ok
+    end
   end
 
   def show_all_collections
@@ -71,6 +82,10 @@ module PublisherController
     user, id = request.path.split('/')[2, 2]
     return nil unless %w(users institutions).include? user
     publisher_model = user.singularize.classify.constantize
-    @publisher = publisher_model.find(id)
+    @publisher = publisher_model.where(id: params[:id]).first
+
+    render status: :not_found if @publisher.blank?
+
+    @publisher
   end
 end

app/controllers/concerns/reviewable_controller.rb

@@ -29,7 +29,7 @@ module ReviewableController
 
   # GET /v1/collections/1/reviews
   def index
-    render json: Review.where(reviewable: reviewable)
+    render json: paginate(Review.where(reviewable: reviewable)), each_serializer: ReviewSerializer
   end
 
   # GET /v1/collections/1/reviews/1

app/controllers/v1/activities_controller.rb

@@ -40,6 +40,14 @@ class V1::ActivitiesController < ApplicationController
     render json: @activity
   end
 
+  def view
+    PublicActivity::Activity.where(id: view_params[:ids]).each do |activity|
+      # Change request.remote_ip to req.env["HTTP_X_REAL_IP"] in production
+      activity.view(current_user, request.remote_ip)
+    end
+    render status: :ok
+  end
+
   # GET v1/users/1/activities
   # GET v1/users/1/activities.json
   # Render specific user activities
@@ -58,8 +66,17 @@ class V1::ActivitiesController < ApplicationController
 
   private
 
-    def set_activity
-      @activity = ::ActivityPolicy::Scope.new(current_user, ::PublicActivity::Activity).resolve.find(params[:id])
-    end
+  def view_params
+    return nil if params[:activities].nil?
+    params[:activities].permit(ids: [])
+  end
+
+  def set_activity
+    @activity = ::ActivityPolicy::Scope.new(current_user, ::PublicActivity::Activity).resolve.where(id: params[:id]).first
+
+    render status: :not_found if @activity.blank?
+
+    @activity
+  end
 
 end

app/controllers/v1/collections_controller.rb

@@ -114,7 +114,11 @@ class V1::CollectionsController < ApplicationController
   def stageable; set_collection; end
 
   def set_collection
-    @collection ||= Collection.find(params[:id])
+    @collection ||= Collection.where(id: params[:id]).first
+
+    render status: :not_found if @collection.blank?
+
+    @collection
   end
 
   def set_new_collection

app/controllers/v1/complaint_reasons_controller.rb

@@ -68,6 +68,10 @@ class V1::ComplaintReasonsController < ApplicationController
   end
 
   def set_complaint_reason
-    @complaint_reason = ComplaintReason.find(params[:id])
+    @complaint_reason = ComplaintReason.where(id: params[:id]).first
+    
+    render status: :not_found if @complaint_reason.blank?
+
+    @complaint_reason
   end
 end

app/controllers/v1/complaints_controller.rb

@@ -42,7 +42,7 @@ class V1::ComplaintsController < ApplicationController
   # GET /v1/complaints/1/show_related.json
   def show_related
     response = Complaint.where(complainable: @complaint.complainable, state: "complained")
-    render status: :ok, json: response
+    render status: :ok, json: response , :include => {:complaint_reason => {:except => [:updated_at, :created_at]}}
   end
 
   
@@ -125,6 +125,10 @@ class V1::ComplaintsController < ApplicationController
   end
 
   def set_complaint
-    @complaint ||= Complaint.find(params[:id])
+    @complaint ||= Complaint.where(id: params[:id]).first
+
+    render status: :not_found if @complaint.blank?
+
+    @complaint
   end
 end

app/controllers/v1/contacts_controller.rb

@@ -67,7 +67,11 @@ class V1::ContactsController < ApplicationController
   private
     # Use callbacks to share common setup or constraints between actions.
     def set_contact
-      @contact = Contact.find(params[:id])
+      @contact = Contact.where(id: params[:id]).first
+
+      render status: :not_found if @contact.blank?
+
+      @contact
     end
 
     # Only allow a trusted parameter "white list" through.

test/models/review_rating_test.rb → app/controllers/v1/email_controller.rb

@@ -17,27 +17,37 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with portalmec.  If not, see <http://www.gnu.org/licenses/>.
 
-# == Schema Information
-#
-# Table name: review_ratings
-#
-#  id         :integer          not null, primary key
-#  review_id  :integer
-#  rating_id  :integer
-#  value      :integer
-#  created_at :datetime         not null
-#  updated_at :datetime         not null
-#
+class V1::EmailController < ApplicationController
+  before_action :authenticate, only: [:create]
+  before_action -> { authorize current_user }, only: [:create]
+
+  def create
+    email = Email.new(email_params)
+    email.role_ids = roles_params[:roles]
+    email.user = current_user
+    if email.save
+      email.emails.each do |address|
+        EmailMailer.new_email(email, address).deliver_now
+      end
+      render status: :ok
+    else
+      render status: :unprocessable_entity
+    end
+  end
+
+  protected
 
-require 'test_helper'
+  def email_params
+    return nil if params[:email].nil?
+    params[:email].permit(:all_users, :subject, :body, emails: [])
+  end
 
-class ReviewRatingTest < ActiveSupport::TestCase
-  should belong_to :review
-  should belong_to :rating
+  def roles_params
+    params[:email].permit(roles: [])
+  end
 
-  should validate_presence_of(:rating)
-  should validate_inclusion_of(:value).in_array(Array(1..5)).with_message('Review Rating must be between 1 and 5.')
+  def authenticate
+    authenticate_user!
+  end
 
-  # TODO: shoulda try to insert user with id 0, but that's non existent and not allowed by database
-  # should validate_uniqueness_of(:rating).scoped_to(:review_id)
 end

app/controllers/v1/feed_controller.rb

@@ -33,26 +33,36 @@ class V1::FeedController < ApplicationController
   private
 
   def activities_followed
-    query = "privacy = 'public' and ("
+    query = ""
     values = [""]
 
     # builds a query string to find all relevant activities
     current_user.watching.each do |watching|
       if !watching.respond_to?(:state) || watching.state == "published"
-        # Activities that are made by, owned by, or change the object you follow should be found
-        query += " (trackable_type = ? and trackable_id = ?) or (owner_type = ? and owner_id = ?) or (recipient_type = ? and recipient_id = ?) or"
-        3.times do
+        if (watching.class == Submission || watching.class == CuratorAssignment)
+          query += " ((trackable_type = ? and trackable_id = ?) and (owner_type = 'User' and owner_id = #{current_user.id})"
           values << watching.class.to_s
           values << watching.id
+          if watching.class == CuratorAssignment
+            query += " and (parameters is null or parameters not like '%ignored%')"
+          end
+          query += ")"
+        else
+          query += " (((trackable_type = ? and trackable_id = ?) or (owner_type = ? and owner_id = ?) or (recipient_type = ? and recipient_id = ?)) and (owner_type <> 'User' or (owner_type = 'User' and owner_id <> #{current_user.id})) and privacy = 'public')"
+          3.times do
+            values << watching.class.to_s
+            values << watching.id
+          end
         end
+        query += " or"
+        # Activities that are made by, owned by, or change the object you follow should be found
+
       end
     end
-
-    if query[-1] == "("
-      query = query[0..-6]
-    else
-      values[0] = query[0..-3]+")" # remove trailing "or" on the query
+    if query[-1] == "r"
+      values[0] = query[0..-3] # remove trailing "or" on the query
     end
+    return [] if query.blank?
     return PublicActivity::Activity.where(key: activities_filter).where(values).order(created_at: :desc)
   end
 

app/controllers/v1/institutions_controller.rb

@@ -82,7 +82,11 @@ class V1::InstitutionsController < ApplicationController
   end
 
   def set_institution
-    @institution = Institution.find(params[:id])
+    @institution = Institution.where(id: params[:id]).first
+
+    render status: :not_found if @institution.blank?
+
+    @institution
   end
 
   def institution_params

app/controllers/v1/languages_controller.rb

@@ -72,7 +72,11 @@ class V1::LanguagesController < ApplicationController
 
   # Use callbacks to share common setup or constraints between actions.
   def set_language
-    @language = Language.find(params[:id])
+    @language = Language.where(id: params[:id]).first
+
+    render status: :not_found if @language.blank?
+
+    @language
   end
 
   # Never trust parameters from the scary internet, only allow the white list through.

app/controllers/v1/learning_objects/attachment_controller.rb

@@ -73,16 +73,20 @@ class V1::LearningObjects::AttachmentController < ApplicationController
 
   def set_objects
     if current_user.try(:is_admin?)
-      @learning_object = LearningObject.unscoped.find(attachment_params[:learning_object_id])
+      @learning_object = LearningObject.unscoped.where(id: attachment_params[:learning_object_id]).first
     else
-      @learning_object = LearningObject.find(attachment_params[:learning_object_id])
+      @learning_object = LearningObject.where(id: attachment_params[:learning_object_id]).first
     end
 
+    render status: :not_found if @learning_object.blank?
+
     if ( attachment_params[:id].blank? )
       @attachment = @learning_object.attachments
     else
-      @attachment = LearningObject::Attachment.find(attachment_params[:id])
+      @attachment = LearningObject::Attachment.where(id: attachment_params[:id]).first
     end
+
+    render status: :not_found if @attachment.blank?
   end
 
   def authorize!