cafe-grader-web Commit - r282:6dab27215603

cafe-grader-web

Commit `r282:6dab27215603` public

parent | child

Description:

added contest problem access control

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 77 inserted, 18 deleted

app/controllers/tasks_controller.rb ¶ +28 -13

                 def list
                   @problems = Problem.find_available_problems
-            -     @user = User.find(session[:user_id])
                 end
+            +   # this has contest-wide access control
                 def view
                   base_name = params[:file]
-            -     if !check_user_viewability(base_name)
+            +     base_filename = File.basename("#{base_name}.#{params[:ext]}")
+            +     filename = "#{Problem.download_file_basedir}/#{base_filename}"
+            +
+            +     if !FileTest.exists?(filename)
                     redirect_to :action => 'index' and return
                   end
-            -     base_filename = File.basename("#{base_name}.#{params[:ext]}")
+            +     send_file_to_user(filename, base_filename)
-            -     filename = "#{Problem.download_file_basedir}/#{base_filename}"
+            +   end
-            -     if !check_user_viewability(base_name) or !FileTest.exists?(filename)
+            +   # this has problem-level access control
+            +   def download
+            +     problem = Problem.find(params[:id])
+            +     if !problem or !problem.available or !@user.can_view_problem? problem
                     redirect_to :action => 'index' and return
                   end
+            +     base_name = params[:file]
+            +     base_filename = File.basename("#{base_name}.#{params[:ext]}")
+            +     filename = "#{Problem.download_file_basedir}/#{params[:id]}/#{base_filename}"
+            +     puts "SENDING: #{filename}"
+            +
+            +     if !FileTest.exists?(filename)
+            +       redirect_to :action => 'index' and return
+            +     end
+            +
+            +     puts "SENDING: #{filename}"
+            +
+            +     send_file_to_user(filename, base_filename)
+            +   end
+            +
+            +   protected
+            +
+            +   def send_file_to_user(filename, base_filename)
                   if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
                     response.headers['Content-Type'] = "application/force-download"
                     response.headers['Content-Disposition'] = "attachment; filename=\"#{File.basename(filename)}\""
                   end
                 end
-            -   protected
                 def check_viewability
                   @user = User.find(session[:user_id])
                   if @user==nil or !Configuration.show_tasks_to?(@user)
                   end
                 end
-            -   def check_user_viewability(filename)
-            -     # individual file access control shall be added here
-            -     return false if not @user
-            -     return Configuration.show_tasks_to?(@user)
-            -   end
               end

app/helpers/main_helper.rb ¶ +2 -1

                   elsif !problem.description_filename.blank?
                     basename, ext = problem.description_filename.split('.')
                     options[:controller] = 'tasks'
-            -       options[:action] = 'view'
+            +       options[:action] = 'download'
+            +       options[:id] = problem.id
                     options[:file] = basename
                     options[:ext] = ext
                     return link_to name, options

app/models/user.rb ¶ +23

@@ -182,6 +182,29
182	end	182	end
183	end	183	end
184		184
		185	+ def problem_in_user_contests?(problem)
		186	+ problem_contests = problem.contests.all
		187	+
		188	+ if problem_contests.length == 0 # this is public contest
		189	+ return true
		190	+ end
		191	+
		192	+ contests.each do \|contest\|
		193	+ if problem_contests.find {\|c\| c.id == contest.id }
		194	+ return true
		195	+ end
		196	+ end
		197	+ return false
		198	+ end
		199	+
		200	+ def can_view_problem?(problem)
		201	+ if not Configuration.multicontests?
		202	+ return problem.available
		203	+ else
		204	+ return problem_in_user_contests? problem
		205	+ end
		206	+ end
		207	+
185	protected	208	protected
186	def encrypt_new_password	209	def encrypt_new_password
187	return if password.blank?	210	return if password.blank?

config/routes.rb ¶ +1

                 map.connect ':controller/service.wsdl', :action => 'wsdl'
                 map.connect 'tasks/view/:file.:ext', :controller => 'tasks', :action => 'view'
+            +   map.connect 'tasks/download/:id/:file.:ext', :controller => 'tasks', :action => 'download'
                 # Install the default route as the lowest priority.
                 map.connect ':controller/:action/:id.:format'

lib/testdata_importer.rb ¶ +23 -4

@@ -51,10 +51,15
51	ext = TestdataImporter.long_ext(tempfile.original_filename)	51	ext = TestdataImporter.long_ext(tempfile.original_filename)
52		52
53	extract_dir = File.join(GraderScript.raw_dir, @problem.name)	53	extract_dir = File.join(GraderScript.raw_dir, @problem.name)
54	- begin	54	+ if File.exists? extract_dir
55	- Dir.mkdir extract_dir	55	+ backup_count = 0
56	- rescue Errno::EEXIST	56	+ begin
		57	+ backup_count += 1
		58	+ backup_dirname = "#{extract_dir}.backup.#{backup_count}"
		59	+ end while File.exists? backup_dirname
		60	+ File.rename(extract_dir, backup_dirname)
57	end	61	end
		62	+ Dir.mkdir extract_dir
58		63
59	if ext=='.tar.gz' or ext=='.tgz'	64	if ext=='.tar.gz' or ext=='.tgz'
60	cmd = "tar -zxvf #{testdata_filename} -C #{extract_dir}"	65	cmd = "tar -zxvf #{testdata_filename} -C #{extract_dir}"
@@ -138,9 +143,23
138		143
139	def import_problem_pdf(dirname)	144	def import_problem_pdf(dirname)
140	pdf_files = Dir["#{dirname}/*.pdf"]	145	pdf_files = Dir["#{dirname}/*.pdf"]
		146	+ puts "CHECKING... #{dirname}"
141	if pdf_files.length != 0	147	if pdf_files.length != 0
		148	+ puts "HAS PDF FILE"
142	filename = pdf_files[0]	149	filename = pdf_files[0]
143	- out_filename = "#{Problem.download_file_basedir}/#{@problem.name}.pdf"	150	+
		151	+ @problem.save if not @problem.id
		152	+ out_dirname = "#{Problem.download_file_basedir}/#{@problem.id}"
		153	+ if not FileTest.exists? out_dirname
		154	+ Dir.mkdir out_dirname
		155	+ end
		156	+
		157	+ out_filename = "#{out_dirname}/#{@problem.name}.pdf"
		158	+
		159	+ if FileTest.exists? out_filename
		160	+ File.delete out_filename
		161	+ end
		162	+
144	File.rename(filename, out_filename)	163	File.rename(filename, out_filename)
145	@problem.description_filename = "#{@problem.name}.pdf"	164	@problem.description_filename = "#{@problem.name}.pdf"
146	@problem.save	165	@problem.save

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 77 inserted, 18 deleted

Sign in to your account

Commit r282:6dab27215603 public

Author

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 77 inserted, 18 deleted

Commit `r282:6dab27215603` public