cafe-grader-web

Commit r757:35d86dd3635c public

parent | child
Description:
fix user.admin? bug
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r757:35d86dd3635c - - 2 files changed: 5 inserted, 4 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -23,140 +23,141
23 end
23 end
24
24
25 def admin_authorization
25 def admin_authorization
26 return false unless check_valid_login
26 return false unless check_valid_login
27 user = User.includes(:roles).find(session[:user_id])
27 user = User.includes(:roles).find(session[:user_id])
28 unless user.admin?
28 unless user.admin?
29 unauthorized_redirect
29 unauthorized_redirect
30 return false
30 return false
31 end
31 end
32 return true
32 return true
33 end
33 end
34
34
35 def authorization_by_roles(allowed_roles)
35 def authorization_by_roles(allowed_roles)
36 return false unless check_valid_login
36 return false unless check_valid_login
37 user = User.find(session[:user_id])
37 user = User.find(session[:user_id])
38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
39 unauthorized_redirect
39 unauthorized_redirect
40 return false
40 return false
41 end
41 end
42 end
42 end
43
43
44 def testcase_authorization
44 def testcase_authorization
45 #admin always has privileged
45 #admin always has privileged
46 if @current_user.admin?
46 if @current_user.admin?
47 return true
47 return true
48 end
48 end
49
49
50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
51 end
51 end
52
52
53
53
54 protected
54 protected
55
55
56 #redirect to root (and also force logout)
56 #redirect to root (and also force logout)
57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
58 def check_valid_login
58 def check_valid_login
59 #check if logged in
59 #check if logged in
60 unless session[:user_id]
60 unless session[:user_id]
61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
62 unauthorized_redirect('You need to login but you cannot log in at this time')
62 unauthorized_redirect('You need to login but you cannot log in at this time')
63 else
63 else
64 unauthorized_redirect('You need to login')
64 unauthorized_redirect('You need to login')
65 end
65 end
66 return false
66 return false
67 end
67 end
68
68
69 # check if run in single user mode
69 # check if run in single user mode
70 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
70 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
71 - if @current_user==nil || (not @current_user.admin?)
71 + if @current_user==nil || (!@current_user.admin?)
72 unauthorized_redirect('You cannot log in at this time')
72 unauthorized_redirect('You cannot log in at this time')
73 return false
73 return false
74 end
74 end
75 end
75 end
76
76
77 # check if the user is enabled
77 # check if the user is enabled
78 unless @current_user.enabled? || @current_user.admin?
78 unless @current_user.enabled? || @current_user.admin?
79 unauthorized_redirect 'Your account is disabled'
79 unauthorized_redirect 'Your account is disabled'
80 return false
80 return false
81 end
81 end
82
82
83 # check if user ip is allowed
83 # check if user ip is allowed
84 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
84 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
85 unless is_request_ip_allowed?
85 unless is_request_ip_allowed?
86 unauthorized_redirect 'Your IP is not allowed'
86 unauthorized_redirect 'Your IP is not allowed'
87 return false
87 return false
88 end
88 end
89 end
89 end
90
90
91 if GraderConfiguration.multicontests?
91 if GraderConfiguration.multicontests?
92 return true if @current_user.admin?
92 return true if @current_user.admin?
93 begin
93 begin
94 if @current_user.contest_stat(true).forced_logout
94 if @current_user.contest_stat(true).forced_logout
95 flash[:notice] = 'You have been automatically logged out.'
95 flash[:notice] = 'You have been automatically logged out.'
96 redirect_to :controller => 'main', :action => 'index'
96 redirect_to :controller => 'main', :action => 'index'
97 end
97 end
98 rescue
98 rescue
99 end
99 end
100 end
100 end
101 return true
101 return true
102 end
102 end
103
103
104 #redirect to root (and also force logout)
104 #redirect to root (and also force logout)
105 #if the user use different ip from the previous connection
105 #if the user use different ip from the previous connection
106 # only applicable when MULTIPLE_IP_LOGIN options is false only
106 # only applicable when MULTIPLE_IP_LOGIN options is false only
107 def authenticate_by_ip_address
107 def authenticate_by_ip_address
108 #this assume that we have already authenticate normally
108 #this assume that we have already authenticate normally
109 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
109 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
110 user = User.find(session[:user_id])
110 user = User.find(session[:user_id])
111 - if (not @current_user.admin? && user.last_ip && user.last_ip != request.remote_ip)
111 + puts "User admin #{user.admin?}"
112 + if (!user.admin? && user.last_ip && user.last_ip != request.remote_ip)
112 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
113 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
114 + puts "hahaha"
113 redirect_to :controller => 'main', :action => 'login'
115 redirect_to :controller => 'main', :action => 'login'
114 - puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
115 return false
116 return false
116 end
117 end
117 unless user.last_ip
118 unless user.last_ip
118 user.last_ip = request.remote_ip
119 user.last_ip = request.remote_ip
119 user.save
120 user.save
120 end
121 end
121 end
122 end
122 return true
123 return true
123 end
124 end
124
125
125 def authorization
126 def authorization
126 return false unless check_valid_login
127 return false unless check_valid_login
127 user = User.find(session[:user_id])
128 user = User.find(session[:user_id])
128 unless user.roles.detect { |role|
129 unless user.roles.detect { |role|
129 role.rights.detect{ |right|
130 role.rights.detect{ |right|
130 right.controller == self.class.controller_name and
131 right.controller == self.class.controller_name and
131 (right.action == 'all' || right.action == action_name)
132 (right.action == 'all' || right.action == action_name)
132 }
133 }
133 }
134 }
134 flash[:notice] = 'You are not authorized to view the page you requested'
135 flash[:notice] = 'You are not authorized to view the page you requested'
135 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
136 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
136 redirect_to :controller => 'main', :action => 'login'
137 redirect_to :controller => 'main', :action => 'login'
137 return false
138 return false
138 end
139 end
139 end
140 end
140
141
141 def verify_time_limit
142 def verify_time_limit
142 return true if session[:user_id]==nil
143 return true if session[:user_id]==nil
143 user = User.find(session[:user_id], :include => :site)
144 user = User.find(session[:user_id], :include => :site)
144 return true if user==nil || user.site == nil
145 return true if user==nil || user.site == nil
145 if user.contest_finished?
146 if user.contest_finished?
146 flash[:notice] = 'Error: the contest you are participating is over.'
147 flash[:notice] = 'Error: the contest you are participating is over.'
147 redirect_to :back
148 redirect_to :back
148 return false
149 return false
149 end
150 end
150 return true
151 return true
151 end
152 end
152
153
153 def is_request_ip_allowed?
154 def is_request_ip_allowed?
154 if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
155 if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
155 user_ip = IPAddr.new(request.remote_ip)
156 user_ip = IPAddr.new(request.remote_ip)
156 GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
157 GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
157 allow_ips = IPAddr.new(ips)
158 allow_ips = IPAddr.new(ips)
158 unless allow_ips.includes(user_ip)
159 unless allow_ips.includes(user_ip)
159 return false
160 return false
160 end
161 end
161 end
162 end
162 end
163 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -36,97 +36,97
36 validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
36 validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
37 validates_length_of :login, :within => 3..30
37 validates_length_of :login, :within => 3..30
38
38
39 validates_presence_of :full_name
39 validates_presence_of :full_name
40 validates_length_of :full_name, :minimum => 1
40 validates_length_of :full_name, :minimum => 1
41
41
42 validates_presence_of :password, :if => :password_required?
42 validates_presence_of :password, :if => :password_required?
43 validates_length_of :password, :within => 4..20, :if => :password_required?
43 validates_length_of :password, :within => 4..20, :if => :password_required?
44 validates_confirmation_of :password, :if => :password_required?
44 validates_confirmation_of :password, :if => :password_required?
45
45
46 validates_format_of :email,
46 validates_format_of :email,
47 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
47 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
48 :if => :email_validation?
48 :if => :email_validation?
49 validate :uniqueness_of_email_from_activated_users,
49 validate :uniqueness_of_email_from_activated_users,
50 :if => :email_validation?
50 :if => :email_validation?
51 validate :enough_time_interval_between_same_email_registrations,
51 validate :enough_time_interval_between_same_email_registrations,
52 :if => :email_validation?
52 :if => :email_validation?
53
53
54 # these are for ytopc
54 # these are for ytopc
55 # disable for now
55 # disable for now
56 #validates_presence_of :province
56 #validates_presence_of :province
57
57
58 attr_accessor :password
58 attr_accessor :password
59
59
60 before_save :encrypt_new_password
60 before_save :encrypt_new_password
61 before_save :assign_default_site
61 before_save :assign_default_site
62 before_save :assign_default_contest
62 before_save :assign_default_contest
63
63
64 # this is for will_paginate
64 # this is for will_paginate
65 cattr_reader :per_page
65 cattr_reader :per_page
66 @@per_page = 50
66 @@per_page = 50
67
67
68 def self.authenticate(login, password)
68 def self.authenticate(login, password)
69 user = find_by_login(login)
69 user = find_by_login(login)
70 if user
70 if user
71 return user if user.authenticated?(password)
71 return user if user.authenticated?(password)
72 end
72 end
73 end
73 end
74
74
75 def authenticated?(password)
75 def authenticated?(password)
76 if self.activated
76 if self.activated
77 hashed_password == User.encrypt(password,self.salt)
77 hashed_password == User.encrypt(password,self.salt)
78 else
78 else
79 false
79 false
80 end
80 end
81 end
81 end
82
82
83 def admin?
83 def admin?
84 - self.roles.detect {|r| r.name == 'admin' }
84 + self.roles.where(name: 'admin').count > 0
85 end
85 end
86
86
87 def email_for_editing
87 def email_for_editing
88 if self.email==nil
88 if self.email==nil
89 "(unknown)"
89 "(unknown)"
90 elsif self.email==''
90 elsif self.email==''
91 "(blank)"
91 "(blank)"
92 else
92 else
93 self.email
93 self.email
94 end
94 end
95 end
95 end
96
96
97 def email_for_editing=(e)
97 def email_for_editing=(e)
98 self.email=e
98 self.email=e
99 end
99 end
100
100
101 def alias_for_editing
101 def alias_for_editing
102 if self.alias==nil
102 if self.alias==nil
103 "(unknown)"
103 "(unknown)"
104 elsif self.alias==''
104 elsif self.alias==''
105 "(blank)"
105 "(blank)"
106 else
106 else
107 self.alias
107 self.alias
108 end
108 end
109 end
109 end
110
110
111 def alias_for_editing=(e)
111 def alias_for_editing=(e)
112 self.alias=e
112 self.alias=e
113 end
113 end
114
114
115 def activation_key
115 def activation_key
116 if self.hashed_password==nil
116 if self.hashed_password==nil
117 encrypt_new_password
117 encrypt_new_password
118 end
118 end
119 Digest::SHA1.hexdigest(self.hashed_password)[0..7]
119 Digest::SHA1.hexdigest(self.hashed_password)[0..7]
120 end
120 end
121
121
122 def verify_activation_key(key)
122 def verify_activation_key(key)
123 key == activation_key
123 key == activation_key
124 end
124 end
125
125
126 def self.random_password(length=5)
126 def self.random_password(length=5)
127 chars = 'abcdefghjkmnopqrstuvwxyz'
127 chars = 'abcdefghjkmnopqrstuvwxyz'
128 password = ''
128 password = ''
129 length.times { password << chars[rand(chars.length - 1)] }
129 length.times { password << chars[rand(chars.length - 1)] }
130 password
130 password
131 end
131 end
132
132
You need to be logged in to leave comments. Login now