Description:
allow ta to view problem stat
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r803:30dd5b343f6b - - 2 files changed: 5 inserted, 3 deleted
| @@ -1,86 +1,85 | |||||
|
|
1 | require 'ipaddr' |
|
1 | require 'ipaddr' |
|
|
2 |
|
2 | ||
|
|
3 | class ApplicationController < ActionController::Base |
|
3 | class ApplicationController < ActionController::Base |
|
|
4 | protect_from_forgery |
|
4 | protect_from_forgery |
|
|
5 |
|
5 | ||
|
|
6 | before_action :current_user |
|
6 | before_action :current_user |
|
|
7 |
|
7 | ||
|
|
8 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
8 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
9 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
9 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
|
10 | WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore' |
|
10 | WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore' |
|
|
11 | WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' |
|
11 | WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' |
|
|
12 |
|
12 | ||
|
|
13 | #report and redirect for unauthorized activities |
|
13 | #report and redirect for unauthorized activities |
|
|
14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
|
15 | flash[:notice] = notice |
|
15 | flash[:notice] = notice |
|
|
16 | redirect_to login_main_path |
|
16 | redirect_to login_main_path |
|
|
17 | end |
|
17 | end |
|
|
18 |
|
18 | ||
|
|
19 | # Returns the current logged-in user (if any). |
|
19 | # Returns the current logged-in user (if any). |
|
|
20 | def current_user |
|
20 | def current_user |
|
|
21 | return nil unless session[:user_id] |
|
21 | return nil unless session[:user_id] |
|
|
22 | @current_user ||= User.find(session[:user_id]) |
|
22 | @current_user ||= User.find(session[:user_id]) |
|
|
23 | end |
|
23 | end |
|
|
24 |
|
24 | ||
|
|
25 | def admin_authorization |
|
25 | def admin_authorization |
|
|
26 | return false unless check_valid_login |
|
26 | return false unless check_valid_login |
|
|
27 | user = User.includes(:roles).find(session[:user_id]) |
|
27 | user = User.includes(:roles).find(session[:user_id]) |
|
|
28 | unless user.admin? |
|
28 | unless user.admin? |
|
|
29 | unauthorized_redirect |
|
29 | unauthorized_redirect |
|
|
30 | return false |
|
30 | return false |
|
|
31 | end |
|
31 | end |
|
|
32 | return true |
|
32 | return true |
|
|
33 | end |
|
33 | end |
|
|
34 |
|
34 | ||
|
|
35 | def authorization_by_roles(allowed_roles) |
|
35 | def authorization_by_roles(allowed_roles) |
|
|
36 | return false unless check_valid_login |
|
36 | return false unless check_valid_login |
|
|
37 | - user = User.find(session[:user_id]) |
|
37 | + unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
38 | - unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
||
|
|
39 | unauthorized_redirect |
|
38 | unauthorized_redirect |
|
|
40 | return false |
|
39 | return false |
|
|
41 | end |
|
40 | end |
|
|
42 | end |
|
41 | end |
|
|
43 |
|
42 | ||
|
|
44 | def testcase_authorization |
|
43 | def testcase_authorization |
|
|
45 | #admin always has privileged |
|
44 | #admin always has privileged |
|
|
46 | if @current_user.admin? |
|
45 | if @current_user.admin? |
|
|
47 | return true |
|
46 | return true |
|
|
48 | end |
|
47 | end |
|
|
49 |
|
48 | ||
|
|
50 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
49 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
|
51 | end |
|
50 | end |
|
|
52 |
|
51 | ||
|
|
53 |
|
52 | ||
|
|
54 | protected |
|
53 | protected |
|
|
55 |
|
54 | ||
|
|
56 | #redirect to root (and also force logout) |
|
55 | #redirect to root (and also force logout) |
|
|
57 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
56 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
|
58 | def check_valid_login |
|
57 | def check_valid_login |
|
|
59 | #check if logged in |
|
58 | #check if logged in |
|
|
60 | unless session[:user_id] |
|
59 | unless session[:user_id] |
|
|
61 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
60 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
62 | unauthorized_redirect('You need to login but you cannot log in at this time') |
|
61 | unauthorized_redirect('You need to login but you cannot log in at this time') |
|
|
63 | else |
|
62 | else |
|
|
64 | unauthorized_redirect('You need to login') |
|
63 | unauthorized_redirect('You need to login') |
|
|
65 | end |
|
64 | end |
|
|
66 | return false |
|
65 | return false |
|
|
67 | end |
|
66 | end |
|
|
68 |
|
67 | ||
|
|
69 | # check if run in single user mode |
|
68 | # check if run in single user mode |
|
|
70 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
69 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
71 | if @current_user==nil || (!@current_user.admin?) |
|
70 | if @current_user==nil || (!@current_user.admin?) |
|
|
72 | unauthorized_redirect('You cannot log in at this time') |
|
71 | unauthorized_redirect('You cannot log in at this time') |
|
|
73 | return false |
|
72 | return false |
|
|
74 | end |
|
73 | end |
|
|
75 | end |
|
74 | end |
|
|
76 |
|
75 | ||
|
|
77 | # check if the user is enabled |
|
76 | # check if the user is enabled |
|
|
78 | unless @current_user.enabled? || @current_user.admin? |
|
77 | unless @current_user.enabled? || @current_user.admin? |
|
|
79 | unauthorized_redirect 'Your account is disabled' |
|
78 | unauthorized_redirect 'Your account is disabled' |
|
|
80 | return false |
|
79 | return false |
|
|
81 | end |
|
80 | end |
|
|
82 |
|
81 | ||
|
|
83 | # check if user ip is allowed |
|
82 | # check if user ip is allowed |
|
|
84 | unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] |
|
83 | unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] |
|
|
85 | unless is_request_ip_allowed? |
|
84 | unless is_request_ip_allowed? |
|
|
86 | unauthorized_redirect 'Your IP is not allowed to login at this time.' |
|
85 | unauthorized_redirect 'Your IP is not allowed to login at this time.' |
| @@ -1,51 +1,54 | |||||
|
|
1 | class ProblemsController < ApplicationController |
|
1 | class ProblemsController < ApplicationController |
|
|
2 |
|
2 | ||
|
|
3 | - before_action :admin_authorization |
|
3 | + before_action :admin_authorization, except: [:stat] |
|
|
|
4 | + before_action only: [:stat] do | ||
|
|
|
5 | + authorization_by_roles(['admin','ta']) | ||
|
|
|
6 | + end | ||
|
|
4 |
|
7 | ||
|
|
5 | in_place_edit_for :problem, :name |
|
8 | in_place_edit_for :problem, :name |
|
|
6 | in_place_edit_for :problem, :full_name |
|
9 | in_place_edit_for :problem, :full_name |
|
|
7 | in_place_edit_for :problem, :full_score |
|
10 | in_place_edit_for :problem, :full_score |
|
|
8 |
|
11 | ||
|
|
9 | def index |
|
12 | def index |
|
|
10 | @problems = Problem.order(date_added: :desc) |
|
13 | @problems = Problem.order(date_added: :desc) |
|
|
11 | end |
|
14 | end |
|
|
12 |
|
15 | ||
|
|
13 |
|
16 | ||
|
|
14 | def show |
|
17 | def show |
|
|
15 | @problem = Problem.find(params[:id]) |
|
18 | @problem = Problem.find(params[:id]) |
|
|
16 | end |
|
19 | end |
|
|
17 |
|
20 | ||
|
|
18 | def new |
|
21 | def new |
|
|
19 | @problem = Problem.new |
|
22 | @problem = Problem.new |
|
|
20 | @description = nil |
|
23 | @description = nil |
|
|
21 | end |
|
24 | end |
|
|
22 |
|
25 | ||
|
|
23 | def create |
|
26 | def create |
|
|
24 | @problem = Problem.new(problem_params) |
|
27 | @problem = Problem.new(problem_params) |
|
|
25 | @description = Description.new(description_params) |
|
28 | @description = Description.new(description_params) |
|
|
26 | if @description.body!='' |
|
29 | if @description.body!='' |
|
|
27 | if !@description.save |
|
30 | if !@description.save |
|
|
28 | render :action => new and return |
|
31 | render :action => new and return |
|
|
29 | end |
|
32 | end |
|
|
30 | else |
|
33 | else |
|
|
31 | @description = nil |
|
34 | @description = nil |
|
|
32 | end |
|
35 | end |
|
|
33 | @problem.description = @description |
|
36 | @problem.description = @description |
|
|
34 | if @problem.save |
|
37 | if @problem.save |
|
|
35 | flash[:notice] = 'Problem was successfully created.' |
|
38 | flash[:notice] = 'Problem was successfully created.' |
|
|
36 | redirect_to action: :index |
|
39 | redirect_to action: :index |
|
|
37 | else |
|
40 | else |
|
|
38 | render :action => 'new' |
|
41 | render :action => 'new' |
|
|
39 | end |
|
42 | end |
|
|
40 | end |
|
43 | end |
|
|
41 |
|
44 | ||
|
|
42 | def quick_create |
|
45 | def quick_create |
|
|
43 | @problem = Problem.new(problem_params) |
|
46 | @problem = Problem.new(problem_params) |
|
|
44 | @problem.full_name = @problem.name if @problem.full_name == '' |
|
47 | @problem.full_name = @problem.name if @problem.full_name == '' |
|
|
45 | @problem.full_score = 100 |
|
48 | @problem.full_score = 100 |
|
|
46 | @problem.available = false |
|
49 | @problem.available = false |
|
|
47 | @problem.test_allowed = true |
|
50 | @problem.test_allowed = true |
|
|
48 | @problem.output_only = false |
|
51 | @problem.output_only = false |
|
|
49 | @problem.date_added = Time.new |
|
52 | @problem.date_added = Time.new |
|
|
50 | if @problem.save |
|
53 | if @problem.save |
|
|
51 | flash[:notice] = 'Problem was successfully created.' |
|
54 | flash[:notice] = 'Problem was successfully created.' |
You need to be logged in to leave comments.
Login now