diff --git a/Gemfile.lock b/Gemfile.lock --- a/Gemfile.lock +++ b/Gemfile.lock @@ -194,6 +194,8 @@ net-protocol timeout nio4r (2.5.8) + nokogiri (1.13.8-x86_64-darwin) + racc (~> 1.4) nokogiri (1.13.8-x86_64-linux) racc (~> 1.4) popper_js (2.11.6) @@ -267,6 +269,7 @@ actionpack (>= 5.2) activesupport (>= 5.2) sprockets (>= 3.0.0) + sqlite3 (1.5.0-x86_64-darwin) sqlite3 (1.5.0-x86_64-linux) strscan (3.0.4) temple (0.8.2) @@ -293,6 +296,7 @@ zeitwerk (2.6.0) PLATFORMS + x86_64-darwin-20 x86_64-linux DEPENDENCIES diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -15,9 +15,8 @@ WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' #report and redirect for unauthorized activities - def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') - flash[:notice] = notice - redirect_to login_main_path + def unauthorized_redirect(msg = 'You are not authorized to view the page you requested') + redirect_to login_main_path, alert: msg end # Returns the current logged-in user (if any). @@ -46,30 +45,18 @@ return true end - #admin always count as every roles - def role_authorization(roles) + def authorization_by_roles(allowed_roles) return false unless check_valid_login - user = User.find(session[:user_id]) - return true if user.admin? + return true if @current_user.admin? roles.each do |r| - return true if user.has_role?(r) + return true if @current_user.has_role?(r) end unauthorized_redirect end - def authorization_by_roles(allowed_roles) - return false unless check_valid_login - unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) } - unauthorized_redirect - return false - end - end - def testcase_authorization #admin always has privileged - if @current_user.admin? - return true - end + return true if @current_user.admin? unauthorized_redirect unless GraderConfiguration["right.view_testcase"] end diff --git a/app/controllers/login_controller.rb b/app/controllers/login_controller.rb --- a/app/controllers/login_controller.rb +++ b/app/controllers/login_controller.rb @@ -1,7 +1,7 @@ class LoginController < ApplicationController @@authenticators = [] - + def index # show login screen reset_session @@ -11,14 +11,12 @@ def login user = get_authenticated_user(params[:login], params[:password]) unless user - flash[:notice] = 'Wrong password' - redirect_to :controller => 'main', :action => 'login' + redirect_to login_main_path, alert: 'Wrong password' return end if (!GraderConfiguration['right.bypass_agreement']) and (!params[:accept_agree]) and !user.admin? - flash[:notice] = 'You must accept the agreement before logging in' - redirect_to :controller => 'main', :action => 'login' + redirect_to login_main_path, alert: 'You must accept the agreement before logging in' return end @@ -60,14 +58,14 @@ site = nil end if site==nil - flash[:notice] = 'Wrong site' + flash[:alert] = 'Wrong site' redirect_to :controller => 'main', :action => 'login' and return end if (site.password) and (site.password == params[:login][:password]) session[:site_id] = site.id redirect_to :controller => 'site', :action => 'index' else - flash[:notice] = 'Wrong site password' + flash[:alert] = 'Wrong site password' redirect_to :controller => 'site', :action => 'login' end end diff --git a/app/controllers/main_controller.rb b/app/controllers/main_controller.rb --- a/app/controllers/main_controller.rb +++ b/app/controllers/main_controller.rb @@ -18,9 +18,8 @@ #reset login, clear session #front page def login - saved_notice = flash[:notice] - reset_session - flash.now[:notice] = saved_notice + #saved_notice = flash[:notice] + #flash[:notice] = saved_notice @remote_ip = request.remote_ip # EXPERIMENT: diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -2,7 +2,7 @@ before_action :set_submission, only: [:show,:download,:compiler_msg,:rejudge,:set_tag, :edit] before_action :check_valid_login before_action :submission_authorization, only: [:show, :download, :edit] - before_action only: [:rejudge, :set_tag] do role_authorization([:ta]) end + before_action only: [:rejudge, :set_tag] do authorization_by_roles([:ta]) end # GET /submissions # GET /submissions.json diff --git a/app/controllers/tags_controller.rb b/app/controllers/tags_controller.rb --- a/app/controllers/tags_controller.rb +++ b/app/controllers/tags_controller.rb @@ -25,7 +25,7 @@ @tag = Tag.new(tag_params) if @tag.save - redirect_to @tag, notice: 'Tag was successfully created.' + redirect_to tags_path, notice: 'Tag was successfully created.' else render :new end diff --git a/app/views/groups/index.html.haml b/app/views/groups/index.html.haml --- a/app/views/groups/index.html.haml +++ b/app/views/groups/index.html.haml @@ -16,7 +16,7 @@ %td= group.description %td= toggle_button(group.enabled?, toggle_group_path(group), "group-enabled-#{group.id}", block: ' ') %td - = link_to 'Edit members and problems', group, class: 'btn btn-secondary btn-sm' + = link_to 'Edit members and problems', group, class: 'btn btn-info btn-sm' = link_to 'Destroy', group, :method => :delete, :data => { :confirm => 'Are you sure?' }, class: 'btn btn-danger btn-sm' %br diff --git a/app/views/layouts/_header.html.haml b/app/views/layouts/_header.html.haml --- a/app/views/layouts/_header.html.haml +++ b/app/views/layouts/_header.html.haml @@ -82,7 +82,7 @@ %a.nav-link{href: profile_users_path} %span.mi.mi-bs.md-18 settings %li.nav-item - %a.nav-link{href: login_main_path} + %a.nav-link{href: logout_main_path} %span.mi.mi-bs.md-18 exit_to_app = @current_user.full_name :javascript diff --git a/app/views/main/_login_box.html.haml b/app/views/main/_login_box.html.haml --- a/app/views/main/_login_box.html.haml +++ b/app/views/main/_login_box.html.haml @@ -7,9 +7,8 @@ .card-subtitle=t 'login.message' - if flash[:notice] - %hr/ - %b= flash[:notice] - %hr/ + .alert.alert-danger + = flash[:notice] .card .card-body{ style: "background: #eeeeff;"} diff --git a/app/views/tags/_form.html.haml b/app/views/tags/_form.html.haml --- a/app/views/tags/_form.html.haml +++ b/app/views/tags/_form.html.haml @@ -1,22 +1,7 @@ -= form_for @tag do |f| - - if @tag.errors.any? - #error_explanation - %h2= "#{pluralize(@tag.errors.count, "error")} prohibited this tag from being saved:" - %ul - - @tag.errors.full_messages.each do |msg| - %li= msg - += simple_form_for @tag do |f| .row .col-md-6 - .form-group.field - = f.label :name - = f.text_field :name, class: 'form-control' - .form-group.field - = f.label :description - = f.text_area :description, class: 'form-control' - .form-group.field - = f.label :public - = f.text_field :public, class: 'form-control' - .actions - = f.submit 'Save', class: 'btn btn-primary' - .col-md-6 + = f.input :name + = f.input :description + = f.input :public + = f.submit 'Save', class: 'btn btn-primary' diff --git a/app/views/tags/index.html.haml b/app/views/tags/index.html.haml --- a/app/views/tags/index.html.haml +++ b/app/views/tags/index.html.haml @@ -18,9 +18,9 @@ %td= tag.name %td= tag.description %td= tag.public - %td= link_to 'Show', tag - %td= link_to 'Edit', edit_tag_path(tag) - %td= link_to 'Destroy', tag, :method => :delete, :data => { :confirm => 'Are you sure?' } + %td= link_to 'Show', tag, class: 'btn btn-info' + %td= link_to 'Edit', edit_tag_path(tag), class: 'btn btn-info' + %td= button_to 'Destroy', tag, :method => :delete, :data => { :confirm => 'Are you sure?' }, class: 'btn btn-danger' %br diff --git a/app/views/user_admin/index.html.haml b/app/views/user_admin/index.html.haml --- a/app/views/user_admin/index.html.haml +++ b/app/views/user_admin/index.html.haml @@ -76,8 +76,8 @@ %td= toggle_button(user.enabled?, toggle_enable_user_path(user),"toggle_enable_user_#{user.id}") %td= user.last_ip %td= link_to 'Clear IP', {:action => 'clear_last_ip', :id => user, :page=>params[:page]}, :confirm => 'This will reset last logging in ip of the user, are you sure?', class: 'btn btn-secondary btn-sm btn-block' - %td= link_to 'Show', {:action => 'show', :id => user}, class: 'btn btn-secondary btn-sm btn-block' - %td= link_to 'Edit', {:action => 'edit', :id => user}, class: 'btn btn-secondary btn-sm btn-block' + %td= link_to 'Show', {:action => 'show', :id => user}, class: 'btn btn-info btn-sm btn-block' + %td= link_to 'Edit', {:action => 'edit', :id => user}, class: 'btn btn-info btn-sm btn-block' %td= link_to 'Destroy', {action: :destroy, id: user}, data: {confirm: 'Are you sure?'}, method: :delete, class: 'btn btn-danger btn-sm btn-block' %br/ = link_to '+ New user', { :action => 'new' }, { class: 'btn btn-success '} diff --git a/db/schema.rb b/db/schema.rb --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # It's strongly recommended that you check this file into your version control system. ActiveRecord::Schema[7.0].define(version: 2022_09_27_074644) do - create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_attachments", charset: "latin1", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false t.bigint "record_id", null: false @@ -21,7 +21,7 @@ t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true end - create_table "active_storage_blobs", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_blobs", charset: "latin1", force: :cascade do |t| t.string "key", null: false t.string "filename", null: false t.string "content_type" @@ -33,15 +33,15 @@ t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true end - create_table "active_storage_variant_records", charset: "utf8mb4", collation: "utf8mb4_0900_ai_ci", force: :cascade do |t| + create_table "active_storage_variant_records", charset: "latin1", force: :cascade do |t| t.bigint "blob_id", null: false t.string "variation_digest", null: false t.index ["blob_id", "variation_digest"], name: "index_active_storage_variant_records_uniqueness", unique: true end - create_table "announcements", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "announcements", id: :integer, charset: "utf8", force: :cascade do |t| t.string "author" - t.text "body" + t.text "body", size: :medium t.boolean "published" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false @@ -52,7 +52,7 @@ t.boolean "on_nav_bar", default: false end - create_table "contests", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "contests", id: :integer, charset: "utf8", force: :cascade do |t| t.string "title" t.boolean "enabled" t.datetime "created_at", precision: nil, null: false @@ -60,39 +60,39 @@ t.string "name" end - create_table "contests_problems", id: false, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "contests_problems", id: false, charset: "utf8", force: :cascade do |t| t.integer "contest_id" t.integer "problem_id" end - create_table "contests_users", id: false, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "contests_users", id: false, charset: "utf8", force: :cascade do |t| t.integer "contest_id" t.integer "user_id" end - create_table "countries", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "countries", id: :integer, charset: "utf8", force: :cascade do |t| t.string "name" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false end - create_table "descriptions", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| - t.text "body" + create_table "descriptions", id: :integer, charset: "utf8", force: :cascade do |t| + t.text "body", size: :medium t.boolean "markdowned" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false end - create_table "grader_configurations", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "grader_configurations", id: :integer, charset: "utf8", force: :cascade do |t| t.string "key" t.string "value_type" t.string "value" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false - t.text "description" + t.text "description", size: :medium end - create_table "grader_processes", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "grader_processes", id: :integer, charset: "utf8", force: :cascade do |t| t.string "host" t.integer "pid" t.string "mode" @@ -123,7 +123,7 @@ t.index ["user_id", "group_id"], name: "index_groups_users_on_user_id_and_group_id" end - create_table "heart_beats", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "heart_beats", id: :integer, charset: "latin1", force: :cascade do |t| t.integer "user_id" t.string "ip_address" t.datetime "created_at", precision: nil, null: false @@ -132,14 +132,14 @@ t.index ["updated_at"], name: "index_heart_beats_on_updated_at" end - create_table "languages", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "languages", id: :integer, charset: "utf8", force: :cascade do |t| t.string "name", limit: 10 t.string "pretty_name" t.string "ext", limit: 10 t.string "common_ext" end - create_table "logins", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "logins", id: :integer, charset: "latin1", force: :cascade do |t| t.integer "user_id" t.string "ip_address" t.datetime "created_at", precision: nil, null: false @@ -147,18 +147,18 @@ t.index ["user_id"], name: "index_logins_on_user_id" end - create_table "messages", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "messages", id: :integer, charset: "utf8", force: :cascade do |t| t.integer "sender_id" t.integer "receiver_id" t.integer "replying_message_id" - t.text "body" + t.text "body", size: :medium t.boolean "replied" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false end - create_table "problems", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| - t.string "name", limit: 30 + create_table "problems", id: :bigint, default: nil, charset: "utf8", force: :cascade do |t| + t.string "name", limit: 100 t.string "full_name" t.integer "full_score" t.date "date_added" @@ -174,45 +174,45 @@ t.boolean "markdown" end - create_table "problems_tags", id: :integer, charset: "latin1", force: :cascade do |t| - t.integer "problem_id" + create_table "problems_tags", id: :bigint, default: nil, charset: "latin1", force: :cascade do |t| + t.bigint "problem_id" t.integer "tag_id" t.index ["problem_id", "tag_id"], name: "index_problems_tags_on_problem_id_and_tag_id", unique: true t.index ["problem_id"], name: "index_problems_tags_on_problem_id" t.index ["tag_id"], name: "index_problems_tags_on_tag_id" end - create_table "rights", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "rights", id: :integer, charset: "utf8", force: :cascade do |t| t.string "name" t.string "controller" t.string "action" end - create_table "rights_roles", id: false, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "rights_roles", id: false, charset: "utf8", force: :cascade do |t| t.integer "right_id" t.integer "role_id" t.index ["role_id"], name: "index_rights_roles_on_role_id" end - create_table "roles", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "roles", id: :integer, charset: "utf8", force: :cascade do |t| t.string "name" end - create_table "roles_users", id: false, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "roles_users", id: false, charset: "utf8", force: :cascade do |t| t.integer "role_id" t.integer "user_id" t.index ["user_id"], name: "index_roles_users_on_user_id" end - create_table "sessions", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "sessions", id: :integer, charset: "utf8", force: :cascade do |t| t.string "session_id" - t.text "data" + t.text "data", size: :medium t.datetime "updated_at", precision: nil t.index ["session_id"], name: "index_sessions_on_session_id" t.index ["updated_at"], name: "index_sessions_on_updated_at" end - create_table "sites", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "sites", id: :integer, charset: "utf8", force: :cascade do |t| t.string "name" t.boolean "started" t.datetime "start_time", precision: nil @@ -222,14 +222,23 @@ t.string "password" end - create_table "submission_view_logs", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "solutions", charset: "latin1", force: :cascade do |t| + t.string "solution" + t.bigint "problem_id" + t.bigint "submission_id" + t.integer "type" + t.index ["problem_id"], name: "index_solutions_on_problem_id" + t.index ["submission_id"], name: "index_solutions_on_submission_id" + end + + create_table "submission_view_logs", id: :integer, charset: "latin1", force: :cascade do |t| t.integer "user_id" t.integer "submission_id" t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false end - create_table "submissions", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "submissions", id: :bigint, default: nil, charset: "utf8", force: :cascade do |t| t.integer "user_id" t.integer "problem_id" t.integer "language_id" @@ -237,10 +246,10 @@ t.binary "binary" t.datetime "submitted_at", precision: nil t.datetime "compiled_at", precision: nil - t.text "compiler_message" + t.text "compiler_message", size: :medium t.datetime "graded_at", precision: nil t.integer "points" - t.text "grader_comment" + t.text "grader_comment", size: :medium t.integer "number" t.string "source_filename" t.float "max_runtime" @@ -261,7 +270,7 @@ t.datetime "updated_at", precision: nil, null: false end - create_table "tasks", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "tasks", id: :integer, charset: "utf8", force: :cascade do |t| t.integer "submission_id" t.datetime "created_at", precision: nil t.integer "status" @@ -270,15 +279,15 @@ t.index ["submission_id"], name: "index_tasks_on_submission_id" end - create_table "test_pairs", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "test_pairs", id: :integer, charset: "utf8", force: :cascade do |t| t.integer "problem_id" - t.text "input", size: :medium - t.text "solution", size: :medium + t.text "input", size: :long + t.text "solution", size: :long t.datetime "created_at", precision: nil, null: false t.datetime "updated_at", precision: nil, null: false end - create_table "test_requests", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "test_requests", id: :integer, charset: "utf8", force: :cascade do |t| t.integer "user_id" t.integer "problem_id" t.integer "submission_id" @@ -289,7 +298,7 @@ t.datetime "updated_at", precision: nil, null: false t.datetime "submitted_at", precision: nil t.datetime "compiled_at", precision: nil - t.text "compiler_message" + t.text "compiler_message", size: :medium t.datetime "graded_at", precision: nil t.string "grader_comment" t.datetime "created_at", precision: nil, null: false @@ -306,12 +315,12 @@ t.integer "score" t.text "input", size: :long t.text "sol", size: :long - t.datetime "created_at", precision: nil - t.datetime "updated_at", precision: nil + t.datetime "created_at", precision: nil, null: false + t.datetime "updated_at", precision: nil, null: false t.index ["problem_id"], name: "index_testcases_on_problem_id" end - create_table "user_contest_stats", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "user_contest_stats", id: :integer, charset: "utf8", force: :cascade do |t| t.integer "user_id" t.datetime "started_at", precision: nil t.datetime "created_at", precision: nil, null: false @@ -319,7 +328,7 @@ t.boolean "forced_logout" end - create_table "users", id: :integer, charset: "utf8mb3", collation: "utf8mb3_unicode_ci", force: :cascade do |t| + create_table "users", id: :integer, charset: "utf8", force: :cascade do |t| t.string "login", limit: 50 t.string "full_name" t.string "hashed_password" @@ -331,10 +340,10 @@ t.boolean "activated", default: false t.datetime "created_at", precision: nil t.datetime "updated_at", precision: nil + t.string "section" t.boolean "enabled", default: true t.string "remark" t.string "last_ip" - t.string "section" t.integer "default_language" t.index ["login"], name: "index_users_on_login", unique: true end @@ -343,4 +352,6 @@ add_foreign_key "active_storage_variant_records", "active_storage_blobs", column: "blob_id" add_foreign_key "problems_tags", "problems" add_foreign_key "problems_tags", "tags" + add_foreign_key "solutions", "problems" + add_foreign_key "solutions", "submissions" end