cafe-grader-web Files · app/controllers/application

cafe-grader-web

Location: cafe-grader-web/app/controllers/application_controller.rb - annotation

Commit Description:

Merge pull request #20 from nattee/master...

Commit Description:

Merge pull request #20 from nattee/master feature merge

References:

r719:19bd5319581a default

File last commit:

r670:f90ec3934e15 java

Show/Diff file:

Action:

            
                    app/controllers/application_controller.rb
                
             | 138 lines
             | 4.1 KiB
             | text/x-ruby 
             | RubyLexer
             | 
      
            History
        
           Show Full History
         |
          Source
         | Raw
         |
              
              Download
              
     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
      class ApplicationController < ActionController::Base

     Jittat Fakcharoenphol
  
boots into rails 3

              r318
            
        protect_from_forgery

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
     admin
  
more login test...

              r627
            
        before_filter :current_user

     admin
  
use jquery by default

              r554
            
     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
        SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'

     admin
  
add option to disable login from multiple ip

              r525
            
        MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
     admin
  
- fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...

              r593
            
        #report and redirect for unauthorized activities

        def unauthorized_redirect

          flash[:notice] = 'You are not authorized to view the page you requested'

          redirect_to :controller => 'main', :action => 'login'

        end

     admin
  
use jquery by default

              r554
            
        # Returns the current logged-in user (if any).

        def current_user

     admin
  
wip: bootstrap toggle switch...

              r556
            
          return nil unless session[:user_id]

     admin
  
use jquery by default

              r554
            
          @current_user ||= User.find(session[:user_id])

        end

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
        def admin_authorization

          return false unless authenticate

     admin
  
change find(:xxx) to correct syntax for rails 4

              r619
            
          user = User.includes(:roles).find(session[:user_id])

     admin
  
prepare for better hall of fame

              r425
            
          unless user.admin?

     admin
  
- fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...

              r593
            
            unauthorized_redirect

     admin
  
prepare for better hall of fame

              r425
            
            return false

          end

          return true

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
        end

        def authorization_by_roles(allowed_roles)

          return false unless authenticate

          user = User.find(session[:user_id])

          unless user.roles.detect { |role| allowed_roles.member?(role.name) }

     admin
  
- fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...

              r593
            
            unauthorized_redirect

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
            return false

          end

        end

     admin
  
add show testcase feature

              r625
            
        def testcase_authorization

          #admin always has privileged

          if @current_user.admin?

            return true

          end

     admin
  
- add view testcase toggle for each problem...

              r632
            
          unauthorized_redirect unless GraderConfiguration["right.view_testcase"]

     admin
  
add show testcase feature

              r625
            
        end

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
        protected

        def authenticate

          unless session[:user_id]

     admin
  
add options to allow hall of fame viewing by any user...

              r424
            
            flash[:notice] = 'You need to login'

            if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]

              flash[:notice] = 'You need to login but you cannot log in at this time'

            end

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
            redirect_to :controller => 'main', :action => 'login'

            return false

          end

     admin
  
add enabled option for user

              r670
            
     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
          # check if run in single user mode

     Jittat Fakcharoenphol
  
renamed model Configuration to GraderConfiguration, renamed rhtml views to erb, fixed other small errors

              r320
            
          if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]

     admin
  
add enabled option for user

              r670
            
            if @current_user==nil or (not @current_user.admin?)

     Jittat Fakcharoenphol
  
shows warning message when user cannot log in in single user mode

              r301
            
              flash[:notice] = 'You cannot log in at this time'

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
              redirect_to :controller => 'main', :action => 'login'

              return false

            end

     Jittat Fakcharoenphol
  
a cleaner, testable way to log out user after contest changed

              r295
            
            return true

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
          end

     admin
  
add enabled option for user

              r670
            
          # check if the user is enabled

          unless @current_user.enabled? or @current_user.admin?

            flash[:notice] = 'Your account is disabled'

            redirect_to :controller => 'main', :action => 'login'

            return false

          end

     Jittat Fakcharoenphol
  
renamed model Configuration to GraderConfiguration, renamed rhtml views to erb, fixed other small errors

              r320
            
          if GraderConfiguration.multicontests? 

     admin
  
add enabled option for user

              r670
            
            return true if @current_user.admin?

     Jittat Fakcharoenphol
  
a cleaner, testable way to log out user after contest changed

              r295
            
            begin

     admin
  
add enabled option for user

              r670
            
              if @current_user.contest_stat(true).forced_logout

     Jittat Fakcharoenphol
  
a cleaner, testable way to log out user after contest changed

              r295
            
                flash[:notice] = 'You have been automatically logged out.'

                redirect_to :controller => 'main', :action => 'index'

              end

            rescue

            end

          end

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
          return true

        end

     admin
  
add option to disable login from multiple ip

              r525
            
        def authenticate_by_ip_address

          #this assume that we have already authenticate normally

          unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]

            user = User.find(session[:user_id])

            if (not user.admin? and user.last_ip and user.last_ip != request.remote_ip)

              flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"

              redirect_to :controller => 'main', :action => 'login'

     admin
  
update heartbeat...

              r539
            
              puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"

     admin
  
add option to disable login from multiple ip

              r525
            
              return false

            end

            unless user.last_ip

              user.last_ip = request.remote_ip

              user.save

            end

          end

          return true

        end

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
        def authorization

          return false unless authenticate

          user = User.find(session[:user_id])

          unless user.roles.detect { |role|

     admin
  
- add view testcase toggle for each problem...

              r632
            
              role.rights.detect{ |right|

                right.controller == self.class.controller_name and

                  (right.action == 'all' or right.action == action_name)

              }

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
            }

            flash[:notice] = 'You are not authorized to view the page you requested'

            #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')

            redirect_to :controller => 'main', :action => 'login'

            return false

          end

        end

        def verify_time_limit

          return true if session[:user_id]==nil

          user = User.find(session[:user_id], :include => :site)

          return true if user==nil or user.site == nil

     Jittat Fakcharoenphol
  
added individual contest mode

              r217
            
          if user.contest_finished?

            flash[:notice] = 'Error: the contest you are participating is over.'

     jittat
  
MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...

              r162
            
            redirect_to :back

            return false

          end

          return true

        end

      end

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Last Author

jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	class ApplicationController < ActionController::Base
Jittat Fakcharoenphol boots into rails 3	r318	protect_from_forgery
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162
admin more login test...	r627	before_filter :current_user
admin use jquery by default	r554
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
admin add option to disable login from multiple ip	r525	MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162
admin - fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...	r593	#report and redirect for unauthorized activities
		def unauthorized_redirect
		flash[:notice] = 'You are not authorized to view the page you requested'
		redirect_to :controller => 'main', :action => 'login'
		end

admin use jquery by default	r554	# Returns the current logged-in user (if any).
		def current_user
admin wip: bootstrap toggle switch...	r556	return nil unless session[:user_id]
admin use jquery by default	r554	@current_user \|\|= User.find(session[:user_id])
		end

jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	def admin_authorization
		return false unless authenticate
admin change find(:xxx) to correct syntax for rails 4	r619	user = User.includes(:roles).find(session[:user_id])
admin prepare for better hall of fame	r425	unless user.admin?
admin - fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...	r593	unauthorized_redirect
admin prepare for better hall of fame	r425	return false
		end
		return true
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	end

		def authorization_by_roles(allowed_roles)
		return false unless authenticate
		user = User.find(session[:user_id])
		unless user.roles.detect { \|role\| allowed_roles.member?(role.name) }
admin - fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?...	r593	unauthorized_redirect
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	return false
		end
		end

admin add show testcase feature	r625	def testcase_authorization
		#admin always has privileged
		if @current_user.admin?
		return true
		end

admin - add view testcase toggle for each problem...	r632	unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
admin add show testcase feature	r625	end

jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	protected

		def authenticate
		unless session[:user_id]
admin add options to allow hall of fame viewing by any user...	r424	flash[:notice] = 'You need to login'
		if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
		flash[:notice] = 'You need to login but you cannot log in at this time'
		end
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	redirect_to :controller => 'main', :action => 'login'
		return false
		end

admin add enabled option for user	r670
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	# check if run in single user mode
Jittat Fakcharoenphol renamed model Configuration to GraderConfiguration, renamed rhtml views to erb, fixed other small errors	r320	if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
admin add enabled option for user	r670	if @current_user==nil or (not @current_user.admin?)
Jittat Fakcharoenphol shows warning message when user cannot log in in single user mode	r301	flash[:notice] = 'You cannot log in at this time'
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	redirect_to :controller => 'main', :action => 'login'
		return false
		end
Jittat Fakcharoenphol a cleaner, testable way to log out user after contest changed	r295	return true
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	end

admin add enabled option for user	r670	# check if the user is enabled
		unless @current_user.enabled? or @current_user.admin?
		flash[:notice] = 'Your account is disabled'
		redirect_to :controller => 'main', :action => 'login'
		return false
		end

Jittat Fakcharoenphol renamed model Configuration to GraderConfiguration, renamed rhtml views to erb, fixed other small errors	r320	if GraderConfiguration.multicontests?
admin add enabled option for user	r670	return true if @current_user.admin?
Jittat Fakcharoenphol a cleaner, testable way to log out user after contest changed	r295	begin
admin add enabled option for user	r670	if @current_user.contest_stat(true).forced_logout
Jittat Fakcharoenphol a cleaner, testable way to log out user after contest changed	r295	flash[:notice] = 'You have been automatically logged out.'
		redirect_to :controller => 'main', :action => 'index'
		end
		rescue
		end
		end
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	return true
		end

admin add option to disable login from multiple ip	r525	def authenticate_by_ip_address
		#this assume that we have already authenticate normally
		unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
		user = User.find(session[:user_id])
		if (not user.admin? and user.last_ip and user.last_ip != request.remote_ip)
		flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
		redirect_to :controller => 'main', :action => 'login'
admin update heartbeat...	r539	puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
admin add option to disable login from multiple ip	r525	return false
		end
		unless user.last_ip
		user.last_ip = request.remote_ip
		user.save
		end
		end
		return true
		end

jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	def authorization
		return false unless authenticate
		user = User.find(session[:user_id])
		unless user.roles.detect { \|role\|
admin - add view testcase toggle for each problem...	r632	role.rights.detect{ \|right\|
		right.controller == self.class.controller_name and
		(right.action == 'all' or right.action == action_name)
		}
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	}
		flash[:notice] = 'You are not authorized to view the page you requested'
		#request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
		redirect_to :controller => 'main', :action => 'login'
		return false
		end
		end

		def verify_time_limit
		return true if session[:user_id]==nil
		user = User.find(session[:user_id], :include => :site)
		return true if user==nil or user.site == nil
Jittat Fakcharoenphol added individual contest mode	r217	if user.contest_finished?
		flash[:notice] = 'Error: the contest you are participating is over.'
jittat MERGED 308:HEAD from http://theory.cpe.ku.ac.th/grader/web/branches/ytopc08-2/, removed some registration info...	r162	redirect_to :back
		return false
		end
		return true
		end

		end