Description:
allow ta to view problem stat
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r803:30dd5b343f6b - - 2 files changed: 5 inserted, 3 deleted
| @@ -13,50 +13,49 | |||||
|
|
13 | #report and redirect for unauthorized activities |
|
13 | #report and redirect for unauthorized activities |
|
|
14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
|
15 | flash[:notice] = notice |
|
15 | flash[:notice] = notice |
|
|
16 | redirect_to login_main_path |
|
16 | redirect_to login_main_path |
|
|
17 | end |
|
17 | end |
|
|
18 |
|
18 | ||
|
|
19 | # Returns the current logged-in user (if any). |
|
19 | # Returns the current logged-in user (if any). |
|
|
20 | def current_user |
|
20 | def current_user |
|
|
21 | return nil unless session[:user_id] |
|
21 | return nil unless session[:user_id] |
|
|
22 | @current_user ||= User.find(session[:user_id]) |
|
22 | @current_user ||= User.find(session[:user_id]) |
|
|
23 | end |
|
23 | end |
|
|
24 |
|
24 | ||
|
|
25 | def admin_authorization |
|
25 | def admin_authorization |
|
|
26 | return false unless check_valid_login |
|
26 | return false unless check_valid_login |
|
|
27 | user = User.includes(:roles).find(session[:user_id]) |
|
27 | user = User.includes(:roles).find(session[:user_id]) |
|
|
28 | unless user.admin? |
|
28 | unless user.admin? |
|
|
29 | unauthorized_redirect |
|
29 | unauthorized_redirect |
|
|
30 | return false |
|
30 | return false |
|
|
31 | end |
|
31 | end |
|
|
32 | return true |
|
32 | return true |
|
|
33 | end |
|
33 | end |
|
|
34 |
|
34 | ||
|
|
35 | def authorization_by_roles(allowed_roles) |
|
35 | def authorization_by_roles(allowed_roles) |
|
|
36 | return false unless check_valid_login |
|
36 | return false unless check_valid_login |
|
|
37 | - user = User.find(session[:user_id]) |
|
37 | + unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
38 | - unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
||
|
|
39 | unauthorized_redirect |
|
38 | unauthorized_redirect |
|
|
40 | return false |
|
39 | return false |
|
|
41 | end |
|
40 | end |
|
|
42 | end |
|
41 | end |
|
|
43 |
|
42 | ||
|
|
44 | def testcase_authorization |
|
43 | def testcase_authorization |
|
|
45 | #admin always has privileged |
|
44 | #admin always has privileged |
|
|
46 | if @current_user.admin? |
|
45 | if @current_user.admin? |
|
|
47 | return true |
|
46 | return true |
|
|
48 | end |
|
47 | end |
|
|
49 |
|
48 | ||
|
|
50 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
49 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
|
51 | end |
|
50 | end |
|
|
52 |
|
51 | ||
|
|
53 |
|
52 | ||
|
|
54 | protected |
|
53 | protected |
|
|
55 |
|
54 | ||
|
|
56 | #redirect to root (and also force logout) |
|
55 | #redirect to root (and also force logout) |
|
|
57 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
56 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
|
58 | def check_valid_login |
|
57 | def check_valid_login |
|
|
59 | #check if logged in |
|
58 | #check if logged in |
|
|
60 | unless session[:user_id] |
|
59 | unless session[:user_id] |
|
|
61 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
60 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
62 | unauthorized_redirect('You need to login but you cannot log in at this time') |
|
61 | unauthorized_redirect('You need to login but you cannot log in at this time') |
| @@ -1,27 +1,30 | |||||
|
|
1 | class ProblemsController < ApplicationController |
|
1 | class ProblemsController < ApplicationController |
|
|
2 |
|
2 | ||
|
|
3 | - before_action :admin_authorization |
|
3 | + before_action :admin_authorization, except: [:stat] |
|
|
|
4 | + before_action only: [:stat] do | ||
|
|
|
5 | + authorization_by_roles(['admin','ta']) | ||
|
|
|
6 | + end | ||
|
|
4 |
|
7 | ||
|
|
5 | in_place_edit_for :problem, :name |
|
8 | in_place_edit_for :problem, :name |
|
|
6 | in_place_edit_for :problem, :full_name |
|
9 | in_place_edit_for :problem, :full_name |
|
|
7 | in_place_edit_for :problem, :full_score |
|
10 | in_place_edit_for :problem, :full_score |
|
|
8 |
|
11 | ||
|
|
9 | def index |
|
12 | def index |
|
|
10 | @problems = Problem.order(date_added: :desc) |
|
13 | @problems = Problem.order(date_added: :desc) |
|
|
11 | end |
|
14 | end |
|
|
12 |
|
15 | ||
|
|
13 |
|
16 | ||
|
|
14 | def show |
|
17 | def show |
|
|
15 | @problem = Problem.find(params[:id]) |
|
18 | @problem = Problem.find(params[:id]) |
|
|
16 | end |
|
19 | end |
|
|
17 |
|
20 | ||
|
|
18 | def new |
|
21 | def new |
|
|
19 | @problem = Problem.new |
|
22 | @problem = Problem.new |
|
|
20 | @description = nil |
|
23 | @description = nil |
|
|
21 | end |
|
24 | end |
|
|
22 |
|
25 | ||
|
|
23 | def create |
|
26 | def create |
|
|
24 | @problem = Problem.new(problem_params) |
|
27 | @problem = Problem.new(problem_params) |
|
|
25 | @description = Description.new(description_params) |
|
28 | @description = Description.new(description_params) |
|
|
26 | if @description.body!='' |
|
29 | if @description.body!='' |
|
|
27 | if !@description.save |
|
30 | if !@description.save |
You need to be logged in to leave comments.
Login now