diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -94,9 +94,8 @@ def submission_authorization #admin always has privileged - if @current_user.admin? - return true - end + return true if @current_user.admin? + return true if @current_user.has_role?('TA') && (['show','download'].include? action_name) sub = Submission.find(params[:id]) if @current_user.available_problems.include? sub.problem diff --git a/app/controllers/user_admin_controller.rb b/app/controllers/user_admin_controller.rb --- a/app/controllers/user_admin_controller.rb +++ b/app/controllers/user_admin_controller.rb @@ -362,36 +362,33 @@ # admin management def admin - @admins = User.all.find_all {|user| user.admin? } + @admins = Role.where(name: 'admin').take.users + @tas = Role.where(name: 'ta').take.users end - def grant_admin - login = params[:login] - user = User.find_by_login(login) - if user!=nil - admin_role = Role.find_by_name('admin') - user.roles << admin_role - else - flash[:notice] = 'Unknown user' + def modify_role + user = User.find_by_login(params[:login]) + role = Role.find_by_name(params[:role]) + unless user && role + flash[:error] = 'Unknown user or role' + redirect_to admin_user_admin_index_path + return end - flash[:notice] = 'User added as admins' - redirect_to :action => 'admin' - end - - def revoke_admin - user = User.find(params[:id]) - if user==nil - flash[:notice] = 'Unknown user' - redirect_to :action => 'admin' and return - elsif user.login == 'root' - flash[:notice] = 'You cannot revoke admisnistrator permission from root.' - redirect_to :action => 'admin' and return + if params[:commit] == 'Grant' + #grant role + user.roles << role + flash[:notice] = "User '#{user.login}' has been granted the role '#{role.name}'" + else + #revoke role + if user.login == 'root' && role.name == 'admin' + flash[:error] = 'You cannot revoke admisnistrator permission from root.' + redirect_to admin_user_admin_index_path + return + end + user.roles.delete(role) + flash[:notice] = "The role '#{role.name}' has been revoked from User '#{user.login}'" end - - admin_role = Role.find_by_name('admin') - user.roles.delete(admin_role) - flash[:notice] = 'User permission revoked' - redirect_to :action => 'admin' + redirect_to admin_user_admin_index_path end # mass mailing diff --git a/app/models/user.rb b/app/models/user.rb --- a/app/models/user.rb +++ b/app/models/user.rb @@ -81,7 +81,11 @@ end def admin? - self.roles.where(name: 'admin').count > 0 + has_role?('admin') + end + + def has_role?(role) + self.roles.where(name: role).count > 0 end def email_for_editing diff --git a/app/views/user_admin/admin.html.haml b/app/views/user_admin/admin.html.haml --- a/app/views/user_admin/admin.html.haml +++ b/app/views/user_admin/admin.html.haml @@ -1,25 +1,54 @@ -%h1 Administrators +%h1 Modify Role +.row + .col-md-6 + %h4 Administrators + = form_tag modify_role_user_admin_index_path, method: 'post', class: 'form-inline' do + = hidden_field_tag :role, 'admin' + .form-group + = label_tag :login, 'Grant admin role to:' + = text_field_tag 'login',nil, class: 'form-control' + .form-group + = submit_tag 'Grant', class: 'btn btn-primary' + %br + %table.table.table-condense.table-hover.table-striped.table-bordered + %thead{:class => 'info-head'} + %th # + %th Login + %th Full name + %th + - @admins.each_with_index do |user, i| + %tr + %td= i+1 + %td= user.login + %td= user.full_name + %td + - if user.login!='root' + = link_to '[revoke]', modify_role_user_admin_index_path( login: user.login, role: 'admin', commit: 'revoke') + .col-md-6 + %h4 Teacher Assistants (TA) + = form_tag modify_role_user_admin_index_path, method: 'post', class: 'form-inline' do + = hidden_field_tag :role, 'TA' + .form-group + = label_tag :login, 'Grant TA role to:' + = text_field_tag 'login',nil, class: 'form-control' + .form-group + = submit_tag 'Grant', class: 'btn btn-primary' + %br + %table.table.table-condense.table-hover.table-striped.table-bordered + %thead{:class => 'info-head'} + %th # + %th Login + %th Full name + %th + - @tas.each_with_index do |user, i| + %tr + %td= i+1 + %td= user.login + %td= user.full_name + %td + - if user.login!='root' + = link_to '[revoke]', modify_role_user_admin_index_path( login: user.login, role: 'TA', commit: 'revoke') -%table{:class => 'info'} - %tr{:class => 'info-head'} - %th # - %th Login - %th Full name - %th - - @admins.each_with_index do |user, i| - %tr - %td= i+1 - %td= user.login - %td= user.full_name - %td - - if user.login!='root' - = link_to '[revoke]', :action => 'revoke_admin', :id => user.id -%hr - -= form_tag :action => 'grant_admin' do - = label_tag :login, 'Grant admin permission to:' - = text_field_tag 'login',nil, class: 'input-field' - = submit_tag 'Grant', class: 'btn btn-primary' %hr/ = link_to '[go back to index]', :action => 'index' diff --git a/config/routes.rb b/config/routes.rb --- a/config/routes.rb +++ b/config/routes.rb @@ -113,8 +113,7 @@ get 'admin' get 'active' get 'mass_mailing' - get 'revoke_admin' - post 'grant_admin' + match 'modify_role', via: [:get, :post] match 'create_from_list', via: [:get, :post] match 'random_all_passwords', via: [:get, :post] end diff --git a/db/seeds.rb b/db/seeds.rb --- a/db/seeds.rb +++ b/db/seeds.rb @@ -225,6 +225,7 @@ end def seed_roles + Role.find_or_create_by(name: 'TA') return if Role.find_by_name('admin') role = Role.create(:name => 'admin')