diff --git a/Gemfile.lock b/Gemfile.lock --- a/Gemfile.lock +++ b/Gemfile.lock @@ -94,6 +94,7 @@ coffee-script-source (1.12.2) concurrent-ruby (1.1.5) crass (1.0.4) + diff-lcs (1.3) dynamic_form (1.1.4) erubi (1.8.0) erubis (2.7.0) @@ -210,6 +211,23 @@ rdiscount (2.2.0.1) regexp_parser (1.5.1) rouge (3.3.0) + rspec-core (3.8.2) + rspec-support (~> 3.8.0) + rspec-expectations (3.8.4) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-mocks (3.8.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.8.0) + rspec-rails (3.8.2) + actionpack (>= 3.0) + activesupport (>= 3.0) + railties (>= 3.0) + rspec-core (~> 3.8.0) + rspec-expectations (~> 3.8.0) + rspec-mocks (~> 3.8.0) + rspec-support (~> 3.8.0) + rspec-support (3.8.2) ruby-progressbar (1.10.0) ruby_dep (1.5.0) ruby_parser (3.13.1) @@ -320,6 +338,7 @@ rails_bootstrap_sortable rdiscount rouge + rspec-rails sassc-rails select2-rails selenium-webdriver diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -11,9 +11,9 @@ WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' #report and redirect for unauthorized activities - def unauthorized_redirect - flash[:notice] = 'You are not authorized to view the page you requested' - redirect_to :controller => 'main', :action => 'login' + def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') + flash[:notice] = notice + redirect_to login_main_path end # Returns the current logged-in user (if any). @@ -23,7 +23,7 @@ end def admin_authorization - return false unless authenticate + return false unless check_valid_login user = User.includes(:roles).find(session[:user_id]) unless user.admin? unauthorized_redirect @@ -33,7 +33,7 @@ end def authorization_by_roles(allowed_roles) - return false unless authenticate + return false unless check_valid_login user = User.find(session[:user_id]) unless user.roles.detect { |role| allowed_roles.member?(role.name) } unauthorized_redirect @@ -55,37 +55,36 @@ #redirect to root (and also force logout) #if the user is not logged_in or the system is in "ADMIN ONLY" mode - def authenticate + def check_valid_login + #check if logged in unless session[:user_id] - flash[:notice] = 'You need to login' if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] - flash[:notice] = 'You need to login but you cannot log in at this time' + unauthorized_redirect('You need to login but you cannot log in at this time') + else + unauthorized_redirect('You need to login') end - redirect_to :controller => 'main', :action => 'login' return false end # check if run in single user mode if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] if @current_user==nil || (not @current_user.admin?) - flash[:notice] = 'You cannot log in at this time' - redirect_to :controller => 'main', :action => 'login' + unauthorized_redirect('You cannot log in at this time') return false end end # check if the user is enabled unless @current_user.enabled? || @current_user.admin? - flash[:notice] = 'Your account is disabled' - redirect_to :controller => 'main', :action => 'login' + unauthorized_redirect 'Your account is disabled' return false end # check if user ip is allowed unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY] unless is_request_ip_allowed? - flash[:notice] = 'Your IP is not allowed' - redirect_to root_path + unauthorized_redirect 'Your IP is not allowed' + return false end end @@ -124,7 +123,7 @@ end def authorization - return false unless authenticate + return false unless check_valid_login user = User.find(session[:user_id]) unless user.roles.detect { |role| role.rights.detect{ |right| diff --git a/app/controllers/configurations_controller.rb b/app/controllers/configurations_controller.rb --- a/app/controllers/configurations_controller.rb +++ b/app/controllers/configurations_controller.rb @@ -1,8 +1,6 @@ class ConfigurationsController < ApplicationController - before_action :authenticate - before_action { |controller| controller.authorization_by_roles(['admin'])} - + before_action :admin_authorization def index @configurations = GraderConfiguration.order(:key) diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -3,7 +3,7 @@ :add_user, :remove_user,:remove_all_user, :add_problem, :remove_problem,:remove_all_problem, ] - before_action :authenticate, :admin_authorization + before_action :admin_authorization # GET /groups def index diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb --- a/app/controllers/main_controller.rb +++ b/app/controllers/main_controller.rb @@ -1,6 +1,6 @@ class MainController < ApplicationController - before_action :authenticate, :except => [:index, :login] + before_action :check_valid_login, :except => [:login] before_action :check_viewability, :except => [:index, :login] append_before_action :confirm_and_update_start_time, @@ -15,13 +15,8 @@ before_action :authenticate_by_ip_address, :only => [:list] - # NOTE: This method is not actually needed, 'config/routes.rb' has - # assigned action login as a default action. - def index - redirect_to :action => 'login' - end - #reset login, clear session + #front page def login saved_notice = flash[:notice] reset_session diff --git a/app/controllers/problems_controller.rb b/app/controllers/problems_controller.rb --- a/app/controllers/problems_controller.rb +++ b/app/controllers/problems_controller.rb @@ -1,7 +1,10 @@ class ProblemsController < ApplicationController - before_action :authenticate, :authorization - before_action :testcase_authorization, only: [:show_testcase] + before_action :admin_authorization + + #NOTE: ghost from the past? + #before_action :testcase_authorization, only: [:show_testcase] + in_place_edit_for :problem, :name in_place_edit_for :problem, :full_name diff --git a/app/controllers/report_controller.rb b/app/controllers/report_controller.rb --- a/app/controllers/report_controller.rb +++ b/app/controllers/report_controller.rb @@ -2,12 +2,12 @@ class ReportController < ApplicationController - before_action :authenticate + before_action :check_valid_login before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score] before_action(only: [:problem_hof]) { |c| - return false unless authenticate + return false unless check_valid_login admin_authorization unless GraderConfiguration["right.user_view_submission"] } diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -1,5 +1,5 @@ class SubmissionsController < ApplicationController - before_action :authenticate + before_action :check_valid_login before_action :submission_authorization, only: [:show, :download, :edit] before_action :admin_authorization, only: [:rejudge] diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -1,4 +1,5 @@ class TagsController < ApplicationController + before_action :admin_authorization before_action :set_tag, only: [:show, :edit, :update, :destroy] # GET /tags diff --git a/app/controllers/tasks_controller.rb b/app/controllers/tasks_controller.rb --- a/app/controllers/tasks_controller.rb +++ b/app/controllers/tasks_controller.rb @@ -1,6 +1,6 @@ class TasksController < ApplicationController - before_action :authenticate, :check_viewability + before_action :check_valid_login, :check_viewability def index redirect_to :action => 'list' diff --git a/app/controllers/test_controller.rb b/app/controllers/test_controller.rb --- a/app/controllers/test_controller.rb +++ b/app/controllers/test_controller.rb @@ -1,6 +1,6 @@ class TestController < ApplicationController - before_action :authenticate, :check_viewability + before_action :check_valid_login, :check_viewability def index diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -4,7 +4,7 @@ include MailHelperMethods - before_action :authenticate, :except => [:new, + before_action :check_valid_login, :except => [:new, :register, :confirm, :forget, @@ -14,7 +14,7 @@ :register, :forget, :retrieve_password] - before_action :authenticate, :profile_authorization, only: [:profile] + before_action :check_valid_login, :profile_authorization, only: [:profile] before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable] diff --git a/test/system/users_test.rb b/test/system/users_test.rb --- a/test/system/users_test.rb +++ b/test/system/users_test.rb @@ -84,13 +84,13 @@ login 'jack','morning' visit bulk_manage_user_admin_index_path - assert_current_path root_path assert_text 'You are not authorized' + assert_current_path login_main_path login 'james','morning' visit new_list_user_admin_index_path - assert_current_path root_path assert_text 'You are not authorized' + assert_current_path login_main_path end def login(username,password)