diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -152,8 +152,9 @@ def is_request_ip_allowed? unless GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] user_ip = IPAddr.new(request.remote_ip) + allowed = GraderConfiguration[WHITELIST_IP_CONF_KEY] || '' - GraderConfiguration[WHITELIST_IP_CONF_KEY].delete(' ').split(',').each do |ips| + allowed.delete(' ').split(',').each do |ips| allow_ips = IPAddr.new(ips) if allow_ips.include?(user_ip) return true diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -2,6 +2,7 @@ before_action :set_group, only: [:show, :edit, :update, :destroy, :add_user, :remove_user,:remove_all_user, :add_problem, :remove_problem,:remove_all_problem, + :toggle, ] before_action :admin_authorization @@ -49,6 +50,11 @@ redirect_to groups_url, notice: 'Group was successfully destroyed.' end + def toggle + @group.enabled = @group.enabled? ? false : true + @group.save + end + def remove_user user = User.find(params[:user_id]) @group.users.delete(user) @@ -99,6 +105,6 @@ # Only allow a trusted parameter "white list" through. def group_params - params.require(:group).permit(:name, :description) + params.require(:group).permit(:name, :description, :enabled) end end diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb --- a/app/controllers/main_controller.rb +++ b/app/controllers/main_controller.rb @@ -188,7 +188,7 @@ @user = user end end - + protected def prepare_announcements(recent=nil) diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -16,8 +16,8 @@ else @problem = Problem.find_by_id(params[:problem_id]) if (@problem == nil) or (not @problem.available) - redirect_to main_list_path - flash[:notice] = 'Error: submissions for that problem are not viewable.' + redirect_to list_main_path + flash[:error] = 'Authorization error: You have no right to view submissions for this problem' return end @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc) @@ -94,9 +94,8 @@ def submission_authorization #admin always has privileged - if @current_user.admin? - return true - end + return true if @current_user.admin? + return true if @current_user.has_role?('TA') && (['show','download'].include? action_name) sub = Submission.find(params[:id]) if @current_user.available_problems.include? sub.problem diff --git a/app/controllers/tasks_controller.rb b/app/controllers/tasks_controller.rb --- a/app/controllers/tasks_controller.rb +++ b/app/controllers/tasks_controller.rb @@ -27,8 +27,9 @@ def download problem = Problem.find(params[:id]) unless @current_user.can_view_problem? problem - flash[:notice] = 'You are not authorized to access this file' - redirect_to :action => 'index' and return + flash[:error] = 'You are not authorized to access this file' + redirect_to list_main_path + return end base_name = params[:file] @@ -37,7 +38,8 @@ if !FileTest.exists?(filename) flash[:notice] = 'File does not exists' - redirect_to :action => 'index' and return + redirect_to list_main_path + return end send_file_to_user(filename, base_filename) diff --git a/app/controllers/user_admin_controller.rb b/app/controllers/user_admin_controller.rb --- a/app/controllers/user_admin_controller.rb +++ b/app/controllers/user_admin_controller.rb @@ -58,7 +58,8 @@ ok_user = [] lines.split("\n").each do |line| - items = line.chomp.split(',') + #split with large limit, this will cause consecutive ',' to be result in a blank + items = line.chomp.split(',',1000) if items.length>=2 login = items[0] full_name = items[1] @@ -66,8 +67,12 @@ user_alias = '' added_random_password = false - if items.length >= 3 and items[2].chomp(" ").length > 0; - password = items[2].chomp(" ") + added_password = false + if items.length >= 3 + if items[2].chomp(" ").length > 0 + password = items[2].chomp(" ") + added_password = true + end else password = random_password added_random_password=true; @@ -79,16 +84,21 @@ user_alias = login end + + has_remark = false if items.length>=5 remark = items[4].strip; + has_remark = true end user = User.find_by_login(login) if (user) user.full_name = full_name - user.password = password - user.remark = remark + user.remark = remark if has_remark + user.password = password if added_password || added_random_password else + #create a random password if none are given + password = random_password unless password user = User.new({:login => login, :full_name => full_name, :password => password, @@ -345,36 +355,33 @@ # admin management def admin - @admins = User.all.find_all {|user| user.admin? } + @admins = Role.where(name: 'admin').take.users + @tas = Role.where(name: 'ta').take.users end - def grant_admin - login = params[:login] - user = User.find_by_login(login) - if user!=nil - admin_role = Role.find_by_name('admin') - user.roles << admin_role - else - flash[:notice] = 'Unknown user' + def modify_role + user = User.find_by_login(params[:login]) + role = Role.find_by_name(params[:role]) + unless user && role + flash[:error] = 'Unknown user or role' + redirect_to admin_user_admin_index_path + return end - flash[:notice] = 'User added as admins' - redirect_to :action => 'admin' - end - - def revoke_admin - user = User.find(params[:id]) - if user==nil - flash[:notice] = 'Unknown user' - redirect_to :action => 'admin' and return - elsif user.login == 'root' - flash[:notice] = 'You cannot revoke admisnistrator permission from root.' - redirect_to :action => 'admin' and return + if params[:commit] == 'Grant' + #grant role + user.roles << role + flash[:notice] = "User '#{user.login}' has been granted the role '#{role.name}'" + else + #revoke role + if user.login == 'root' && role.name == 'admin' + flash[:error] = 'You cannot revoke admisnistrator permission from root.' + redirect_to admin_user_admin_index_path + return + end + user.roles.delete(role) + flash[:notice] = "The role '#{role.name}' has been revoked from User '#{user.login}'" end - - admin_role = Role.find_by_name('admin') - user.roles.delete(admin_role) - flash[:notice] = 'User permission revoked' - redirect_to :action => 'admin' + redirect_to admin_user_admin_index_path end # mass mailing diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb --- a/app/helpers/application_helper.rb +++ b/app/helpers/application_helper.rb @@ -113,8 +113,9 @@ def toggle_button(on,toggle_url,id, option={}) btn_size = option[:size] || 'btn-xs' + btn_block = option[:block] || 'btn-block' link_to (on ? "Yes" : "No"), toggle_url, - {class: "btn btn-block #{btn_size} btn-#{on ? 'success' : 'default'} ajax-toggle", + {class: "btn #{btn_block} #{btn_size} btn-#{on ? 'success' : 'default'} ajax-toggle", id: id, data: {remote: true, method: 'get'}} end @@ -181,9 +182,6 @@ #{header} -#{user.full_name}
-#{t 'title_bar.current_time'} #{format_short_time(Time.zone.now)} -#{time_left}
#{contest_name} diff --git a/app/helpers/main_helper.rb b/app/helpers/main_helper.rb --- a/app/helpers/main_helper.rb +++ b/app/helpers/main_helper.rb @@ -1,17 +1,11 @@ module MainHelper - def link_to_description_if_any(name, problem, options={}) + def link_to_description_if_any(name, problem) if !problem.url.blank? - return link_to name, problem.url, options + return link_to name, problem.url elsif !problem.description_filename.blank? - #build a link to a problem (via task controller) basename, ext = problem.description_filename.split('.') - options[:controller] = 'tasks' - options[:action] = 'download' - options[:id] = problem.id - options[:file] = basename - options[:ext] = ext - return link_to name, options + return link_to name, download_task_path(problem.id,basename,ext), target: '_blank' else return '' end diff --git a/app/models/submission.rb b/app/models/submission.rb --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -154,7 +154,7 @@ return if self.user.admin? #check if user has the right to submit the problem - errors.add('problem',"must be valid.") if (!self.user.available_problems.include?(self.problem)) and (self.new_record?) + errors[:base] << "Authorization error: you have no right to submit to this problem" if (!self.user.available_problems.include?(self.problem)) and (self.new_record?) end end diff --git a/app/models/user.rb b/app/models/user.rb --- a/app/models/user.rb +++ b/app/models/user.rb @@ -83,7 +83,11 @@ end def admin? - self.roles.where(name: 'admin').count > 0 + has_role?('admin') + end + + def has_role?(role) + self.roles.where(name: role).count > 0 end def email_for_editing @@ -275,9 +279,10 @@ end end + # new feature, get list of available problem in all enabled group that the user belongs to def available_problems_in_group problem = [] - self.groups.each do |group| + self.groups.where(enabled: true).each do |group| group.problems.where(available: true).each { |p| problem << p } end problem.uniq! @@ -298,6 +303,8 @@ end end + #check if the user has the right to view that problem + #this also consider group based problem policy def can_view_problem?(problem) return true if admin? return available_problems.include? problem diff --git a/app/views/application/_submission.html.haml b/app/views/application/_submission.html.haml --- a/app/views/application/_submission.html.haml +++ b/app/views/application/_submission.html.haml @@ -10,7 +10,7 @@ %td = submission.source_filename = " (#{submission.language.pretty_name}) " - = link_to('[load]',{:action => 'source', :id => submission.id}) + = link_to '[load]', download_submission_path(submission) %td - if submission.graded_at = "Graded at #{format_short_time(submission.graded_at)}." diff --git a/app/views/graders/list.html.haml b/app/views/graders/list.html.haml --- a/app/views/graders/list.html.haml +++ b/app/views/graders/list.html.haml @@ -10,10 +10,10 @@ .panel-heading Grader control: .panel-body - =link_to 'Start Graders in grading env', { action: 'start_grading'}, class: 'btn btn-default', method: 'post' - =link_to 'Start Graders in exam env', { action: 'start_exam'}, class: 'btn btn-default', method: 'post' - =link_to 'Stop all running Graders', { action: 'stop_all'}, class: 'btn btn-default', method: 'post' - =link_to 'Clear all data', { action: 'clear_all'}, class: 'btn btn-default', method: 'post' + =link_to 'Start Graders in grading env', { action: 'start_grading'}, class: 'btn btn-default' + =link_to 'Start Graders in exam env', { action: 'start_exam'}, class: 'btn btn-default' + =link_to 'Stop all running Graders', { action: 'stop_all'}, class: 'btn btn-default' + =link_to 'Clear all data', { action: 'clear_all'}, class: 'btn btn-default' .row .col-md-6 diff --git a/app/views/groups/_form.html.haml b/app/views/groups/_form.html.haml --- a/app/views/groups/_form.html.haml +++ b/app/views/groups/_form.html.haml @@ -5,12 +5,23 @@ %ul - @group.errors.full_messages.each do |msg| %li= msg - - .form-group.field - = f.label :name - = f.text_field :name, class: 'form-control' - .form-group.field - = f.label :description - = f.text_field :description, class: 'form-control' - .form-group.actions - = f.submit 'Save', class: 'btn btn-primary' + .row + .col-md-6 + .form-group.field + = f.label :name + = f.text_field :name, class: 'form-control' + .row + .col-md-6 + .form-group.field + = f.label :description + = f.text_field :description, class: 'form-control' + .row + .col-md-6 + .checkbox + = f.label :enabled do + = f.check_box :enabled + Enabled + .row + .col-md-6 + .form-group.actions + = f.submit 'Save', class: 'btn btn-primary' diff --git a/app/views/groups/index.html.haml b/app/views/groups/index.html.haml --- a/app/views/groups/index.html.haml +++ b/app/views/groups/index.html.haml @@ -7,14 +7,16 @@ %tr %th Name %th Description + %th Enabled? %th %th %tbody - @groups.each do |group| - %tr + %tr{:class => "#{(group.enabled?) ? "success" : "danger"}", id: "group-#{group.id}"} %td= group.name %td= group.description + %td= toggle_button(group.enabled?, toggle_group_path(group), "group-enabled-#{group.id}", size: ' ', block: ' ') %td= link_to 'View', group, class: 'btn btn-default' %td= link_to 'Destroy', group, :method => :delete, :data => { :confirm => 'Are you sure?' }, class: 'btn btn-danger' diff --git a/app/views/groups/toggle.js.haml b/app/views/groups/toggle.js.haml new file mode 100644 --- /dev/null +++ b/app/views/groups/toggle.js.haml @@ -0,0 +1,8 @@ += render partial: 'toggle_button', + locals: {button_id: "#group-enabled-#{@group.id}",button_on: @group.enabled } +:plain + r = $("#group-#{@group.id}"); + r.removeClass('success'); + r.removeClass('danger'); + r.addClass("#{@group.enabled? ? 'success' : 'danger'}"); + diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -68,7 +68,7 @@ = add_menu( 'Login Report', 'report', 'login') - if (ungraded = Submission.where('graded_at is null').where('submitted_at < ?', 1.minutes.ago).count) > 0 =link_to "#{ungraded} backlogs!", - grader_list_path, + graders_list_path, class: 'navbar-btn btn btn-default btn-warning', data: {toggle: 'tooltip'},title: 'Number of ungraded submission' %ul.nav.navbar-nav.navbar-right diff --git a/app/views/main/help.html.haml b/app/views/main/help.html.haml --- a/app/views/main/help.html.haml +++ b/app/views/main/help.html.haml @@ -43,5 +43,5 @@ %tt {
LANG: Pascal
TASK: mobiles
} %p - = raw(t('help.ask_questions_at_messages',:message_link_name => (t 'menu.messages'),:url => url_for(:controller => 'messages', :action => 'list'))) + = raw(t('help.ask_questions_at_messages',:message_link_name => (t 'menu.messages'),url: messages_path )) diff --git a/app/views/problems/stat.html.haml b/app/views/problems/stat.html.haml --- a/app/views/problems/stat.html.haml +++ b/app/views/problems/stat.html.haml @@ -6,19 +6,23 @@ %h1 Problem stat: #{@problem.name} %h2 Overview +.row + .col-md-2 + %strong Name: + .col-md-10 + = @problem.full_name #in_place_editor_field :problem, :full_name, {}, :rows=>1 + = link_to_description_if_any "[#{t 'main.problem_desc'}] ".html_safe, @problem +.row + .col-md-2.strong + %strong Submissions: + .col-md-10 + = @submissions.count +.row + .col-md-2.strong + %strong Solved/Attemped User + .col-md-10 + #{@summary[:solve]}/#{@summary[:attempt]} (#{(@summary[:solve]*100.0/@summary[:attempt]).round(1)}%) -%table.info - %thead - %tr.info-head - %th Stat - %th Value - %tbody - %tr{class: cycle('info-even','info-odd')} - %td Submissions - %td= @submissions.count - %tr{class: cycle('info-even','info-odd')} - %td Solved/Attempted User - %td #{@summary[:solve]}/#{@summary[:attempt]} (#{(@summary[:solve]*100.0/@summary[:attempt]).round(1)}%) %h2 Submissions Count = render partial: 'application/bar_graph', locals: { histogram: @histogram } diff --git a/app/views/submissions/show.html.haml b/app/views/submissions/show.html.haml --- a/app/views/submissions/show.html.haml +++ b/app/views/submissions/show.html.haml @@ -42,6 +42,7 @@ - if @submission.problem!=nil = link_to "[#{@submission.problem.name}]", stat_problem_path(@submission.problem) = @submission.problem.full_name + = link_to_description_if_any "[download] ".html_safe, @submission.problem - else = "(n/a)" %tr diff --git a/app/views/user_admin/admin.html.haml b/app/views/user_admin/admin.html.haml --- a/app/views/user_admin/admin.html.haml +++ b/app/views/user_admin/admin.html.haml @@ -1,25 +1,54 @@ -%h1 Administrators +%h1 Modify Role +.row + .col-md-6 + %h4 Administrators + = form_tag modify_role_user_admin_index_path, method: 'post', class: 'form-inline' do + = hidden_field_tag :role, 'admin' + .form-group + = label_tag :login, 'Grant admin role to:' + = text_field_tag 'login',nil, class: 'form-control' + .form-group + = submit_tag 'Grant', class: 'btn btn-primary' + %br + %table.table.table-condense.table-hover.table-striped.table-bordered + %thead{:class => 'info-head'} + %th # + %th Login + %th Full name + %th + - @admins.each_with_index do |user, i| + %tr + %td= i+1 + %td= user.login + %td= user.full_name + %td + - if user.login!='root' + = link_to '[revoke]', modify_role_user_admin_index_path( login: user.login, role: 'admin', commit: 'revoke') + .col-md-6 + %h4 Teacher Assistants (TA) + = form_tag modify_role_user_admin_index_path, method: 'post', class: 'form-inline' do + = hidden_field_tag :role, 'TA' + .form-group + = label_tag :login, 'Grant TA role to:' + = text_field_tag 'login',nil, class: 'form-control' + .form-group + = submit_tag 'Grant', class: 'btn btn-primary' + %br + %table.table.table-condense.table-hover.table-striped.table-bordered + %thead{:class => 'info-head'} + %th # + %th Login + %th Full name + %th + - @tas.each_with_index do |user, i| + %tr + %td= i+1 + %td= user.login + %td= user.full_name + %td + - if user.login!='root' + = link_to '[revoke]', modify_role_user_admin_index_path( login: user.login, role: 'TA', commit: 'revoke') -%table{:class => 'info'} - %tr{:class => 'info-head'} - %th # - %th Login - %th Full name - %th - - @admins.each_with_index do |user, i| - %tr - %td= i+1 - %td= user.login - %td= user.full_name - %td - - if user.login!='root' - = link_to '[revoke]', :action => 'revoke_admin', :id => user.id -%hr - -= form_tag :action => 'grant_admin' do - = label_tag :login, 'Grant admin permission to:' - = text_field_tag 'login',nil, class: 'input-field' - = submit_tag 'Grant', class: 'btn btn-primary' %hr/ = link_to '[go back to index]', :action => 'index' diff --git a/app/views/user_admin/new_list.html.haml b/app/views/user_admin/new_list.html.haml --- a/app/views/user_admin/new_list.html.haml +++ b/app/views/user_admin/new_list.html.haml @@ -26,6 +26,15 @@ is empty, the original value will be used instead. %li If the users with the same user_id already exists, existing information will be overwritten. + Example: + %ol + %li + %pre user1,Somchai Jaidee + will create (or update) a user with login "user1" and setting the fullname to "Somchai Jaidee", also setting a random password. + %li + %pre user1,Somchai Jaidee, + will create (or update) a user with login "user1" and and setting the fullname "Somchai Jaidee". No change is made to the password unless this is a new user. If this is a new user, a random password will be generated. + .row .col-md-6 diff --git a/config/routes.rb b/config/routes.rb --- a/config/routes.rb +++ b/config/routes.rb @@ -54,6 +54,7 @@ post 'add_problem', to: 'groups#add_problem', as: 'add_problem' delete 'remove_problem/:problem_id', to: 'groups#remove_problem', as: 'remove_problem' delete 'remove_all_problem', to: 'groups#remove_all_problem', as: 'remove_all_problem' + get 'toggle' end collection do @@ -92,7 +93,6 @@ get 'download' get 'compiler_msg' get 'rejudge' - get 'source' end collection do get 'prob/:problem_id', to: 'submissions#index', as: 'problem' @@ -113,8 +113,7 @@ get 'admin' get 'active' get 'mass_mailing' - get 'revoke_admin' - post 'grant_admin' + match 'modify_role', via: [:get, :post] match 'create_from_list', via: [:get, :post] match 'random_all_passwords', via: [:get, :post] end @@ -184,22 +183,23 @@ # get 'tasks/view/:file.:ext' => 'tasks#view' - get 'tasks/download/:id/:file.:ext' => 'tasks#download' + get 'tasks/download/:id/:file.:ext' => 'tasks#download', as: 'download_task' get 'heartbeat/:id/edit' => 'heartbeat#edit' #grader - get 'graders/list', to: 'graders#list', as: 'grader_list' + #get 'graders/list', to: 'graders#list', as: 'grader_list' namespace :graders do get 'task/:id/:type', action: 'task', as: 'task' get 'view/:id/:type', action: 'view', as: 'view' get 'clear/:id', action: 'clear', as: 'clear' - get 'stop' - get 'stop_all' - get 'clear_all' - get 'clear_terminated' get 'start_grading' get 'start_exam' + get 'clear_all' + get 'stop_all' + get 'stop' + get 'clear_terminated' + get 'list' end diff --git a/db/migrate/20200813083020_add_enabled_to_group.rb b/db/migrate/20200813083020_add_enabled_to_group.rb new file mode 100644 --- /dev/null +++ b/db/migrate/20200813083020_add_enabled_to_group.rb @@ -0,0 +1,5 @@ +class AddEnabledToGroup < ActiveRecord::Migration[5.2] + def change + add_column :groups, :enabled, :boolean, default: true + end +end diff --git a/db/seeds.rb b/db/seeds.rb --- a/db/seeds.rb +++ b/db/seeds.rb @@ -225,6 +225,7 @@ end def seed_roles + Role.find_or_create_by(name: 'TA') return if Role.find_by_name('admin') role = Role.create(:name => 'admin')