cafe-grader-web Commit - r282:6dab27215603

cafe-grader-web

Commit `r282:6dab27215603` public

parent | child

Description:

added contest problem access control

Commit status:

[Not Reviewed]

References:

default

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 76 inserted, 17 deleted

app/controllers/tasks_controller.rb ¶ +28 -13

                 def list
                   @problems = Problem.find_available_problems
-            -     @user = User.find(session[:user_id])
                 end
+            +   # this has contest-wide access control
                 def view
                   base_name = params[:file]
-            -     if !check_user_viewability(base_name)
+            +     base_filename = File.basename("#{base_name}.#{params[:ext]}")
+            +     filename = "#{Problem.download_file_basedir}/#{base_filename}"
+            +
+            +     if !FileTest.exists?(filename)
                     redirect_to :action => 'index' and return
                   end
-            -     base_filename = File.basename("#{base_name}.#{params[:ext]}")
-            -     filename = "#{Problem.download_file_basedir}/#{base_filename}"
+            +     send_file_to_user(filename, base_filename)
+            +   end
-            -     if !check_user_viewability(base_name) or !FileTest.exists?(filename)
+            +   # this has problem-level access control
+            +   def download
+            +     problem = Problem.find(params[:id])
+            +     if !problem or !problem.available or !@user.can_view_problem? problem
                     redirect_to :action => 'index' and return
                   end
+            +     base_name = params[:file]
+            +     base_filename = File.basename("#{base_name}.#{params[:ext]}")
+            +     filename = "#{Problem.download_file_basedir}/#{params[:id]}/#{base_filename}"
+            +     puts "SENDING: #{filename}"
+            +
+            +     if !FileTest.exists?(filename)
+            +       redirect_to :action => 'index' and return
+            +     end
+            +
+            +     puts "SENDING: #{filename}"
+            +
+            +     send_file_to_user(filename, base_filename)
+            +   end
+            +
+            +   protected
+            +
+            +   def send_file_to_user(filename, base_filename)
                   if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
                     response.headers['Content-Type'] = "application/force-download"
                     response.headers['Content-Disposition'] = "attachment; filename=\"#{File.basename(filename)}\""
                   end
                 end
-            -   protected
+            -
                 def check_viewability
                   @user = User.find(session[:user_id])
                   if @user==nil or !Configuration.show_tasks_to?(@user)
                   end
                 end
-            -   def check_user_viewability(filename)
-            -     # individual file access control shall be added here
-            -     return false if not @user
-            -     return Configuration.show_tasks_to?(@user)
-                end
+            -
-            - end

app/helpers/main_helper.rb ¶ +2 -1

                   elsif !problem.description_filename.blank?
                     basename, ext = problem.description_filename.split('.')
                     options[:controller] = 'tasks'
-            -       options[:action] = 'view'
+            +       options[:action] = 'download'
+            +       options[:id] = problem.id
                     options[:file] = basename
                     options[:ext] = ext
                     return link_to name, options

app/models/user.rb ¶ +23

		@@ -182,6 +182,29
182	182	end
183	183	end
184	184
	185	+ def problem_in_user_contests?(problem)
	186	+ problem_contests = problem.contests.all
	187	+
	188	+ if problem_contests.length == 0 # this is public contest
	189	+ return true
	190	+ end
	191	+
	192	+ contests.each do \|contest\|
	193	+ if problem_contests.find {\|c\| c.id == contest.id }
	194	+ return true
	195	+ end
	196	+ end
	197	+ return false
	198	+ end
	199	+
	200	+ def can_view_problem?(problem)
	201	+ if not Configuration.multicontests?
	202	+ return problem.available
	203	+ else
	204	+ return problem_in_user_contests? problem
	205	+ end
	206	+ end
	207	+
185	208	protected
186	209	def encrypt_new_password
187	210	return if password.blank?

config/routes.rb ¶ +1

                 map.connect ':controller/service.wsdl', :action => 'wsdl'
                 map.connect 'tasks/view/:file.:ext', :controller => 'tasks', :action => 'view'
+            +   map.connect 'tasks/download/:id/:file.:ext', :controller => 'tasks', :action => 'download'
                 # Install the default route as the lowest priority.
                 map.connect ':controller/:action/:id.:format'

lib/testdata_importer.rb ¶ +22 -3

                   ext = TestdataImporter.long_ext(tempfile.original_filename)
                   extract_dir = File.join(GraderScript.raw_dir, @problem.name)
+            +     if File.exists? extract_dir
+            +       backup_count = 0
                   begin
+            +         backup_count += 1
+            +         backup_dirname = "#{extract_dir}.backup.#{backup_count}"
+            +       end while File.exists? backup_dirname
+            +       File.rename(extract_dir, backup_dirname)
+            +     end
-                    Dir.mkdir extract_dir
-            -     rescue Errno::EEXIST
-            -     end
                   if ext=='.tar.gz' or ext=='.tgz'
                     cmd = "tar -zxvf #{testdata_filename} -C #{extract_dir}"
                 def import_problem_pdf(dirname)
                   pdf_files = Dir["#{dirname}/*.pdf"]
+            +     puts "CHECKING... #{dirname}"
                   if pdf_files.length != 0
+            +       puts "HAS PDF FILE"
                     filename = pdf_files[0]
-            -       out_filename = "#{Problem.download_file_basedir}/#{@problem.name}.pdf"
+            +
+            +       @problem.save if not @problem.id
+            +       out_dirname = "#{Problem.download_file_basedir}/#{@problem.id}"
+            +       if not FileTest.exists? out_dirname
+            +         Dir.mkdir out_dirname
+            +       end
+            +
+            +       out_filename = "#{out_dirname}/#{@problem.name}.pdf"
+            +
+            +       if FileTest.exists? out_filename
+            +         File.delete out_filename
+            +       end
+            +
                     File.rename(filename, out_filename)
                     @problem.description_filename = "#{@problem.name}.pdf"
                     @problem.save

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 76 inserted, 17 deleted

Sign in to your account

Commit r282:6dab27215603 public

Author

r282:6dab27215603 - Thu, 04 Mar 2010 17:56:29 - 5 files changed: 76 inserted, 17 deleted

Commit `r282:6dab27215603` public