Description:
allow ta to view problem stat
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r803:30dd5b343f6b - - 2 files changed: 5 inserted, 3 deleted
| @@ -13,50 +13,49 | |||
|
|
13 | 13 | #report and redirect for unauthorized activities |
|
|
14 | 14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
|
15 | 15 | flash[:notice] = notice |
|
|
16 | 16 | redirect_to login_main_path |
|
|
17 | 17 | end |
|
|
18 | 18 | |
|
|
19 | 19 | # Returns the current logged-in user (if any). |
|
|
20 | 20 | def current_user |
|
|
21 | 21 | return nil unless session[:user_id] |
|
|
22 | 22 | @current_user ||= User.find(session[:user_id]) |
|
|
23 | 23 | end |
|
|
24 | 24 | |
|
|
25 | 25 | def admin_authorization |
|
|
26 | 26 | return false unless check_valid_login |
|
|
27 | 27 | user = User.includes(:roles).find(session[:user_id]) |
|
|
28 | 28 | unless user.admin? |
|
|
29 | 29 | unauthorized_redirect |
|
|
30 | 30 | return false |
|
|
31 | 31 | end |
|
|
32 | 32 | return true |
|
|
33 | 33 | end |
|
|
34 | 34 | |
|
|
35 | 35 | def authorization_by_roles(allowed_roles) |
|
|
36 | 36 | return false unless check_valid_login |
|
|
37 | - user = User.find(session[:user_id]) | |
|
|
38 | - unless user.roles.detect { |role| allowed_roles.member?(role.name) } | |
|
|
37 | + unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) } | |
|
|
39 | 38 | unauthorized_redirect |
|
|
40 | 39 | return false |
|
|
41 | 40 | end |
|
|
42 | 41 | end |
|
|
43 | 42 | |
|
|
44 | 43 | def testcase_authorization |
|
|
45 | 44 | #admin always has privileged |
|
|
46 | 45 | if @current_user.admin? |
|
|
47 | 46 | return true |
|
|
48 | 47 | end |
|
|
49 | 48 | |
|
|
50 | 49 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
|
51 | 50 | end |
|
|
52 | 51 | |
|
|
53 | 52 | |
|
|
54 | 53 | protected |
|
|
55 | 54 | |
|
|
56 | 55 | #redirect to root (and also force logout) |
|
|
57 | 56 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
|
58 | 57 | def check_valid_login |
|
|
59 | 58 | #check if logged in |
|
|
60 | 59 | unless session[:user_id] |
|
|
61 | 60 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
62 | 61 | unauthorized_redirect('You need to login but you cannot log in at this time') |
| @@ -1,27 +1,30 | |||
|
|
1 | 1 | class ProblemsController < ApplicationController |
|
|
2 | 2 | |
|
|
3 | - before_action :admin_authorization | |
|
|
3 | + before_action :admin_authorization, except: [:stat] | |
|
|
4 | + before_action only: [:stat] do | |
|
|
5 | + authorization_by_roles(['admin','ta']) | |
|
|
6 | + end | |
|
|
4 | 7 | |
|
|
5 | 8 | in_place_edit_for :problem, :name |
|
|
6 | 9 | in_place_edit_for :problem, :full_name |
|
|
7 | 10 | in_place_edit_for :problem, :full_score |
|
|
8 | 11 | |
|
|
9 | 12 | def index |
|
|
10 | 13 | @problems = Problem.order(date_added: :desc) |
|
|
11 | 14 | end |
|
|
12 | 15 | |
|
|
13 | 16 | |
|
|
14 | 17 | def show |
|
|
15 | 18 | @problem = Problem.find(params[:id]) |
|
|
16 | 19 | end |
|
|
17 | 20 | |
|
|
18 | 21 | def new |
|
|
19 | 22 | @problem = Problem.new |
|
|
20 | 23 | @description = nil |
|
|
21 | 24 | end |
|
|
22 | 25 | |
|
|
23 | 26 | def create |
|
|
24 | 27 | @problem = Problem.new(problem_params) |
|
|
25 | 28 | @description = Description.new(description_params) |
|
|
26 | 29 | if @description.body!='' |
|
|
27 | 30 | if !@description.save |
You need to be logged in to leave comments.
Login now