Description:
allow ta to view problem stat
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r803:30dd5b343f6b - - 2 files changed: 5 inserted, 3 deleted
| @@ -1,86 +1,85 | |||
|
|
1 | 1 | require 'ipaddr' |
|
|
2 | 2 | |
|
|
3 | 3 | class ApplicationController < ActionController::Base |
|
|
4 | 4 | protect_from_forgery |
|
|
5 | 5 | |
|
|
6 | 6 | before_action :current_user |
|
|
7 | 7 | |
|
|
8 | 8 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
9 | 9 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
|
10 | 10 | WHITELIST_IGNORE_CONF_KEY = 'right.whitelist_ignore' |
|
|
11 | 11 | WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' |
|
|
12 | 12 | |
|
|
13 | 13 | #report and redirect for unauthorized activities |
|
|
14 | 14 | def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') |
|
|
15 | 15 | flash[:notice] = notice |
|
|
16 | 16 | redirect_to login_main_path |
|
|
17 | 17 | end |
|
|
18 | 18 | |
|
|
19 | 19 | # Returns the current logged-in user (if any). |
|
|
20 | 20 | def current_user |
|
|
21 | 21 | return nil unless session[:user_id] |
|
|
22 | 22 | @current_user ||= User.find(session[:user_id]) |
|
|
23 | 23 | end |
|
|
24 | 24 | |
|
|
25 | 25 | def admin_authorization |
|
|
26 | 26 | return false unless check_valid_login |
|
|
27 | 27 | user = User.includes(:roles).find(session[:user_id]) |
|
|
28 | 28 | unless user.admin? |
|
|
29 | 29 | unauthorized_redirect |
|
|
30 | 30 | return false |
|
|
31 | 31 | end |
|
|
32 | 32 | return true |
|
|
33 | 33 | end |
|
|
34 | 34 | |
|
|
35 | 35 | def authorization_by_roles(allowed_roles) |
|
|
36 | 36 | return false unless check_valid_login |
|
|
37 | - user = User.find(session[:user_id]) | |
|
|
38 | - unless user.roles.detect { |role| allowed_roles.member?(role.name) } | |
|
|
37 | + unless @current_user.roles.detect { |role| allowed_roles.member?(role.name) } | |
|
|
39 | 38 | unauthorized_redirect |
|
|
40 | 39 | return false |
|
|
41 | 40 | end |
|
|
42 | 41 | end |
|
|
43 | 42 | |
|
|
44 | 43 | def testcase_authorization |
|
|
45 | 44 | #admin always has privileged |
|
|
46 | 45 | if @current_user.admin? |
|
|
47 | 46 | return true |
|
|
48 | 47 | end |
|
|
49 | 48 | |
|
|
50 | 49 | unauthorized_redirect unless GraderConfiguration["right.view_testcase"] |
|
|
51 | 50 | end |
|
|
52 | 51 | |
|
|
53 | 52 | |
|
|
54 | 53 | protected |
|
|
55 | 54 | |
|
|
56 | 55 | #redirect to root (and also force logout) |
|
|
57 | 56 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
|
58 | 57 | def check_valid_login |
|
|
59 | 58 | #check if logged in |
|
|
60 | 59 | unless session[:user_id] |
|
|
61 | 60 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
62 | 61 | unauthorized_redirect('You need to login but you cannot log in at this time') |
|
|
63 | 62 | else |
|
|
64 | 63 | unauthorized_redirect('You need to login') |
|
|
65 | 64 | end |
|
|
66 | 65 | return false |
|
|
67 | 66 | end |
|
|
68 | 67 | |
|
|
69 | 68 | # check if run in single user mode |
|
|
70 | 69 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
71 | 70 | if @current_user==nil || (!@current_user.admin?) |
|
|
72 | 71 | unauthorized_redirect('You cannot log in at this time') |
|
|
73 | 72 | return false |
|
|
74 | 73 | end |
|
|
75 | 74 | end |
|
|
76 | 75 | |
|
|
77 | 76 | # check if the user is enabled |
|
|
78 | 77 | unless @current_user.enabled? || @current_user.admin? |
|
|
79 | 78 | unauthorized_redirect 'Your account is disabled' |
|
|
80 | 79 | return false |
|
|
81 | 80 | end |
|
|
82 | 81 | |
|
|
83 | 82 | # check if user ip is allowed |
|
|
84 | 83 | unless @current_user.admin? || GraderConfiguration[WHITELIST_IGNORE_CONF_KEY] |
|
|
85 | 84 | unless is_request_ip_allowed? |
|
|
86 | 85 | unauthorized_redirect 'Your IP is not allowed to login at this time.' |
| @@ -1,51 +1,54 | |||
|
|
1 | 1 | class ProblemsController < ApplicationController |
|
|
2 | 2 | |
|
|
3 | - before_action :admin_authorization | |
|
|
3 | + before_action :admin_authorization, except: [:stat] | |
|
|
4 | + before_action only: [:stat] do | |
|
|
5 | + authorization_by_roles(['admin','ta']) | |
|
|
6 | + end | |
|
|
4 | 7 | |
|
|
5 | 8 | in_place_edit_for :problem, :name |
|
|
6 | 9 | in_place_edit_for :problem, :full_name |
|
|
7 | 10 | in_place_edit_for :problem, :full_score |
|
|
8 | 11 | |
|
|
9 | 12 | def index |
|
|
10 | 13 | @problems = Problem.order(date_added: :desc) |
|
|
11 | 14 | end |
|
|
12 | 15 | |
|
|
13 | 16 | |
|
|
14 | 17 | def show |
|
|
15 | 18 | @problem = Problem.find(params[:id]) |
|
|
16 | 19 | end |
|
|
17 | 20 | |
|
|
18 | 21 | def new |
|
|
19 | 22 | @problem = Problem.new |
|
|
20 | 23 | @description = nil |
|
|
21 | 24 | end |
|
|
22 | 25 | |
|
|
23 | 26 | def create |
|
|
24 | 27 | @problem = Problem.new(problem_params) |
|
|
25 | 28 | @description = Description.new(description_params) |
|
|
26 | 29 | if @description.body!='' |
|
|
27 | 30 | if !@description.save |
|
|
28 | 31 | render :action => new and return |
|
|
29 | 32 | end |
|
|
30 | 33 | else |
|
|
31 | 34 | @description = nil |
|
|
32 | 35 | end |
|
|
33 | 36 | @problem.description = @description |
|
|
34 | 37 | if @problem.save |
|
|
35 | 38 | flash[:notice] = 'Problem was successfully created.' |
|
|
36 | 39 | redirect_to action: :index |
|
|
37 | 40 | else |
|
|
38 | 41 | render :action => 'new' |
|
|
39 | 42 | end |
|
|
40 | 43 | end |
|
|
41 | 44 | |
|
|
42 | 45 | def quick_create |
|
|
43 | 46 | @problem = Problem.new(problem_params) |
|
|
44 | 47 | @problem.full_name = @problem.name if @problem.full_name == '' |
|
|
45 | 48 | @problem.full_score = 100 |
|
|
46 | 49 | @problem.available = false |
|
|
47 | 50 | @problem.test_allowed = true |
|
|
48 | 51 | @problem.output_only = false |
|
|
49 | 52 | @problem.date_added = Time.new |
|
|
50 | 53 | if @problem.save |
|
|
51 | 54 | flash[:notice] = 'Problem was successfully created.' |
You need to be logged in to leave comments.
Login now