cafe-grader-web

Commit r104:7a05c208f2ec public

parent | child
Description:
[web] improved log-in & roles efficiency git-svn-id: http://theory.cpe.ku.ac.th/grader/web/trunk@196 6386c4cd-e34a-4fa8-8920-d93eb39b512e
Commit status:
[Not Reviewed]
References:
default
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r104:7a05c208f2ec - - 6 files changed: 23 inserted, 10 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,92 +1,91
1 class AnnouncementsController < ApplicationController
1 class AnnouncementsController < ApplicationController
2
2
3 - before_filter :authenticate
3 + before_filter :admin_authorization
4 - before_filter { |controller| controller.authorization_by_roles(['admin'])}
5
4
6 in_place_edit_for :announcement, :published
5 in_place_edit_for :announcement, :published
7
6
8 # GET /announcements
7 # GET /announcements
9 # GET /announcements.xml
8 # GET /announcements.xml
10 def index
9 def index
11 @announcements = Announcement.find(:all,
10 @announcements = Announcement.find(:all,
12 :order => "created_at DESC")
11 :order => "created_at DESC")
13
12
14 respond_to do |format|
13 respond_to do |format|
15 format.html # index.html.erb
14 format.html # index.html.erb
16 format.xml { render :xml => @announcements }
15 format.xml { render :xml => @announcements }
17 end
16 end
18 end
17 end
19
18
20 # GET /announcements/1
19 # GET /announcements/1
21 # GET /announcements/1.xml
20 # GET /announcements/1.xml
22 def show
21 def show
23 @announcement = Announcement.find(params[:id])
22 @announcement = Announcement.find(params[:id])
24
23
25 respond_to do |format|
24 respond_to do |format|
26 format.html # show.html.erb
25 format.html # show.html.erb
27 format.xml { render :xml => @announcement }
26 format.xml { render :xml => @announcement }
28 end
27 end
29 end
28 end
30
29
31 # GET /announcements/new
30 # GET /announcements/new
32 # GET /announcements/new.xml
31 # GET /announcements/new.xml
33 def new
32 def new
34 @announcement = Announcement.new
33 @announcement = Announcement.new
35
34
36 respond_to do |format|
35 respond_to do |format|
37 format.html # new.html.erb
36 format.html # new.html.erb
38 format.xml { render :xml => @announcement }
37 format.xml { render :xml => @announcement }
39 end
38 end
40 end
39 end
41
40
42 # GET /announcements/1/edit
41 # GET /announcements/1/edit
43 def edit
42 def edit
44 @announcement = Announcement.find(params[:id])
43 @announcement = Announcement.find(params[:id])
45 end
44 end
46
45
47 # POST /announcements
46 # POST /announcements
48 # POST /announcements.xml
47 # POST /announcements.xml
49 def create
48 def create
50 @announcement = Announcement.new(params[:announcement])
49 @announcement = Announcement.new(params[:announcement])
51
50
52 respond_to do |format|
51 respond_to do |format|
53 if @announcement.save
52 if @announcement.save
54 flash[:notice] = 'Announcement was successfully created.'
53 flash[:notice] = 'Announcement was successfully created.'
55 format.html { redirect_to(@announcement) }
54 format.html { redirect_to(@announcement) }
56 format.xml { render :xml => @announcement, :status => :created, :location => @announcement }
55 format.xml { render :xml => @announcement, :status => :created, :location => @announcement }
57 else
56 else
58 format.html { render :action => "new" }
57 format.html { render :action => "new" }
59 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
58 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
60 end
59 end
61 end
60 end
62 end
61 end
63
62
64 # PUT /announcements/1
63 # PUT /announcements/1
65 # PUT /announcements/1.xml
64 # PUT /announcements/1.xml
66 def update
65 def update
67 @announcement = Announcement.find(params[:id])
66 @announcement = Announcement.find(params[:id])
68
67
69 respond_to do |format|
68 respond_to do |format|
70 if @announcement.update_attributes(params[:announcement])
69 if @announcement.update_attributes(params[:announcement])
71 flash[:notice] = 'Announcement was successfully updated.'
70 flash[:notice] = 'Announcement was successfully updated.'
72 format.html { redirect_to(@announcement) }
71 format.html { redirect_to(@announcement) }
73 format.xml { head :ok }
72 format.xml { head :ok }
74 else
73 else
75 format.html { render :action => "edit" }
74 format.html { render :action => "edit" }
76 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
75 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
77 end
76 end
78 end
77 end
79 end
78 end
80
79
81 # DELETE /announcements/1
80 # DELETE /announcements/1
82 # DELETE /announcements/1.xml
81 # DELETE /announcements/1.xml
83 def destroy
82 def destroy
84 @announcement = Announcement.find(params[:id])
83 @announcement = Announcement.find(params[:id])
85 @announcement.destroy
84 @announcement.destroy
86
85
87 respond_to do |format|
86 respond_to do |format|
88 format.html { redirect_to(announcements_url) }
87 format.html { redirect_to(announcements_url) }
89 format.xml { head :ok }
88 format.xml { head :ok }
90 end
89 end
91 end
90 end
92 end
91 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,69 +1,76
1 # Filters added to this controller apply to all controllers in the application.
1 # Filters added to this controller apply to all controllers in the application.
2 # Likewise, all the methods added will be available for all controllers.
2 # Likewise, all the methods added will be available for all controllers.
3
3
4 class ApplicationController < ActionController::Base
4 class ApplicationController < ActionController::Base
5 # Pick a unique cookie name to distinguish our session data from others'
5 # Pick a unique cookie name to distinguish our session data from others'
6 session :session_key => '_grader_session_id'
6 session :session_key => '_grader_session_id'
7
7
8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
9
9
10 + def admin_authorization
11 + return false unless authenticate
12 + user = User.find(session[:user_id], :include => ['roles'])
13 + redirect_to :controller => 'main', :action => 'login' unless user.admin?
14 + end
15 +
10 def authorization_by_roles(allowed_roles)
16 def authorization_by_roles(allowed_roles)
11 return false unless authenticate
17 return false unless authenticate
12 user = User.find(session[:user_id])
18 user = User.find(session[:user_id])
13 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
19 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
14 flash[:notice] = 'You are not authorized to view the page you requested'
20 flash[:notice] = 'You are not authorized to view the page you requested'
15 redirect_to :controller => 'main', :action => 'login'
21 redirect_to :controller => 'main', :action => 'login'
16 return false
22 return false
17 end
23 end
18 end
24 end
19
25
20 protected
26 protected
27 +
21 def authenticate
28 def authenticate
22 unless session[:user_id]
29 unless session[:user_id]
23 redirect_to :controller => 'main', :action => 'login'
30 redirect_to :controller => 'main', :action => 'login'
24 return false
31 return false
25 end
32 end
26
33
27 - Configuration.reload
34 + #Configuration.reload
28 # check if run in single user mode
35 # check if run in single user mode
29 if (Configuration[SINGLE_USER_MODE_CONF_KEY])
36 if (Configuration[SINGLE_USER_MODE_CONF_KEY])
30 user = User.find(session[:user_id])
37 user = User.find(session[:user_id])
31 if user==nil or user.login != 'root'
38 if user==nil or user.login != 'root'
32 redirect_to :controller => 'main', :action => 'login'
39 redirect_to :controller => 'main', :action => 'login'
33 return false
40 return false
34 end
41 end
35 end
42 end
36
43
37 return true
44 return true
38 end
45 end
39
46
40 def authorization
47 def authorization
41 return false unless authenticate
48 return false unless authenticate
42 user = User.find(session[:user_id])
49 user = User.find(session[:user_id])
43 unless user.roles.detect { |role|
50 unless user.roles.detect { |role|
44 role.rights.detect{ |right|
51 role.rights.detect{ |right|
45 right.controller == self.class.controller_name and
52 right.controller == self.class.controller_name and
46 (right.action == 'all' or right.action == action_name)
53 (right.action == 'all' or right.action == action_name)
47 }
54 }
48 }
55 }
49 flash[:notice] = 'You are not authorized to view the page you requested'
56 flash[:notice] = 'You are not authorized to view the page you requested'
50 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
57 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
51 redirect_to :controller => 'main', :action => 'login'
58 redirect_to :controller => 'main', :action => 'login'
52 return false
59 return false
53 end
60 end
54 end
61 end
55
62
56 def verify_time_limit
63 def verify_time_limit
57 return true if session[:user_id]==nil
64 return true if session[:user_id]==nil
58 user = User.find(session[:user_id], :include => :site)
65 user = User.find(session[:user_id], :include => :site)
59 return true if user==nil or user.site == nil
66 return true if user==nil or user.site == nil
60 if user.site.finished?
67 if user.site.finished?
61 flash[:notice] = 'Error: the contest on your site is over.'
68 flash[:notice] = 'Error: the contest on your site is over.'
62 redirect_to :back
69 redirect_to :back
63 return false
70 return false
64 end
71 end
65 return true
72 return true
66 end
73 end
67
74
68 end
75 end
69
76
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,19 +1,24
1 class LoginController < ApplicationController
1 class LoginController < ApplicationController
2
2
3 def index
3 def index
4 # show login screen
4 # show login screen
5 reset_session
5 reset_session
6 redirect_to :controller => 'main', :action => 'login'
6 redirect_to :controller => 'main', :action => 'login'
7 end
7 end
8
8
9 def login
9 def login
10 if user = User.authenticate(params[:login], params[:password])
10 if user = User.authenticate(params[:login], params[:password])
11 session[:user_id] = user.id
11 session[:user_id] = user.id
12 redirect_to :controller => 'main', :action => 'list'
12 redirect_to :controller => 'main', :action => 'list'
13 + if user.admin?
14 + session[:admin] = true
15 + else
16 + session[:admin] = false
17 + end
13 else
18 else
14 flash[:notice] = 'Wrong password'
19 flash[:notice] = 'Wrong password'
15 redirect_to :controller => 'main', :action => 'login'
20 redirect_to :controller => 'main', :action => 'login'
16 end
21 end
17 end
22 end
18
23
19 end
24 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,73 +1,71
1 class MessagesController < ApplicationController
1 class MessagesController < ApplicationController
2
2
3 before_filter :authenticate
3 before_filter :authenticate
4
4
5 verify :method => :post, :only => ['create'],
5 verify :method => :post, :only => ['create'],
6 :redirect_to => { :action => 'list' }
6 :redirect_to => { :action => 'list' }
7
7
8 - before_filter :only => ['console','show'] do |controller|
8 + before_filter :admin_authorization, :only => ['console','show','reply']
9 - controller.authorization_by_roles(['admin'])
10 - end
11
9
12 def list
10 def list
13 @user = User.find(session[:user_id])
11 @user = User.find(session[:user_id])
14 @messages = Message.find_all_sent_by_user(@user)
12 @messages = Message.find_all_sent_by_user(@user)
15 end
13 end
16
14
17 def console
15 def console
18 @user = User.find(session[:user_id])
16 @user = User.find(session[:user_id])
19 @messages = Message.find_all_system_unreplied_messages
17 @messages = Message.find_all_system_unreplied_messages
20 end
18 end
21
19
22 def show
20 def show
23 @message = Message.find(params[:id])
21 @message = Message.find(params[:id])
24 end
22 end
25
23
26 def create
24 def create
27 user = User.find(session[:user_id])
25 user = User.find(session[:user_id])
28 @message = Message.new(params[:message])
26 @message = Message.new(params[:message])
29 @message.sender = user
27 @message.sender = user
30 if !@message.save
28 if !@message.save
31 render :action => 'list' and return
29 render :action => 'list' and return
32 else
30 else
33 flash[:notice] = 'New message posted'
31 flash[:notice] = 'New message posted'
34 redirect_to :action => 'list'
32 redirect_to :action => 'list'
35 end
33 end
36 end
34 end
37
35
38 def reply
36 def reply
39 user = User.find(session[:user_id])
37 user = User.find(session[:user_id])
40 @message = Message.new(params[:r_message])
38 @message = Message.new(params[:r_message])
41 @message.sender = user
39 @message.sender = user
42 if !@message.save
40 if !@message.save
43 render :action => 'show' and return
41 render :action => 'show' and return
44 else
42 else
45 flash[:notice] = 'Message replied'
43 flash[:notice] = 'Message replied'
46 rep_msg = @message.replying_message
44 rep_msg = @message.replying_message
47 rep_msg.replied = true
45 rep_msg.replied = true
48 rep_msg.save
46 rep_msg.save
49 redirect_to :action => 'console'
47 redirect_to :action => 'console'
50 end
48 end
51 end
49 end
52
50
53 protected
51 protected
54 def build_replying_message_hierarchy(user)
52 def build_replying_message_hierarchy(user)
55 @all_messages = {}
53 @all_messages = {}
56
54
57
55
58 # manually build replies hierarchy (to improve efficiency)
56 # manually build replies hierarchy (to improve efficiency)
59 [@messages, @replied_messages].each do |collection|
57 [@messages, @replied_messages].each do |collection|
60 collection.each do |m|
58 collection.each do |m|
61 @all_messages[m.id] = {:msg => m, :replies => []}
59 @all_messages[m.id] = {:msg => m, :replies => []}
62 end
60 end
63 end
61 end
64
62
65 @all_messages.each do |m|
63 @all_messages.each do |m|
66 rep_id = m.replying_message_id
64 rep_id = m.replying_message_id
67 if @all_messages[rep_id]!=nil
65 if @all_messages[rep_id]!=nil
68 @all_messages[rep_id][:replies] << m
66 @all_messages[rep_id][:replies] << m
69 end
67 end
70 end
68 end
71 end
69 end
72
70
73 end
71 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,75 +1,75
1 # Methods added to this helper will be available to all templates in the application.
1 # Methods added to this helper will be available to all templates in the application.
2 module ApplicationHelper
2 module ApplicationHelper
3
3
4 def user_header
4 def user_header
5 menu_items = ''
5 menu_items = ''
6 user = User.find(session[:user_id])
6 user = User.find(session[:user_id])
7
7
8 - if (user!=nil) and (user.admin?)
8 + if (user!=nil) and (session[:admin])
9 # admin menu
9 # admin menu
10 menu_items << "<b>Administrative task:</b> "
10 menu_items << "<b>Administrative task:</b> "
11 append_to menu_items, '[Announcements]', 'announcements', 'index'
11 append_to menu_items, '[Announcements]', 'announcements', 'index'
12 append_to menu_items, '[Msg console]', 'messages', 'console'
12 append_to menu_items, '[Msg console]', 'messages', 'console'
13 append_to menu_items, '[Problem admin]', 'problems', 'index'
13 append_to menu_items, '[Problem admin]', 'problems', 'index'
14 append_to menu_items, '[User admin]', 'user_admin', 'index'
14 append_to menu_items, '[User admin]', 'user_admin', 'index'
15 append_to menu_items, '[User stat]', 'user_admin', 'user_stat'
15 append_to menu_items, '[User stat]', 'user_admin', 'user_stat'
16 #append_to menu_items, '[Graders]', 'graders', 'list'
16 #append_to menu_items, '[Graders]', 'graders', 'list'
17 append_to menu_items, '[Site config]', 'configurations', 'index'
17 append_to menu_items, '[Site config]', 'configurations', 'index'
18 menu_items << "<br/>"
18 menu_items << "<br/>"
19 end
19 end
20
20
21 # main page
21 # main page
22 append_to menu_items, '[Main]', 'main', 'list'
22 append_to menu_items, '[Main]', 'main', 'list'
23 append_to menu_items, '[Messages]', 'messages', 'list'
23 append_to menu_items, '[Messages]', 'messages', 'list'
24 append_to menu_items, '[Tasks]', 'tasks', 'list'
24 append_to menu_items, '[Tasks]', 'tasks', 'list'
25 append_to menu_items, '[Submissions]', 'main', 'submission'
25 append_to menu_items, '[Submissions]', 'main', 'submission'
26 append_to menu_items, '[Test]', 'test', 'index'
26 append_to menu_items, '[Test]', 'test', 'index'
27 append_to menu_items, '[Settings]', 'users', 'index'
27 append_to menu_items, '[Settings]', 'users', 'index'
28 append_to menu_items, '[Log out]', 'main', 'login'
28 append_to menu_items, '[Log out]', 'main', 'login'
29
29
30 menu_items
30 menu_items
31 end
31 end
32
32
33 def append_to(option,label, controller, action)
33 def append_to(option,label, controller, action)
34 option << ' ' if option!=''
34 option << ' ' if option!=''
35 option << link_to_unless_current(label,
35 option << link_to_unless_current(label,
36 :controller => controller,
36 :controller => controller,
37 :action => action)
37 :action => action)
38 end
38 end
39
39
40 def format_short_time(time)
40 def format_short_time(time)
41 now = Time.now
41 now = Time.now
42 st = ''
42 st = ''
43 if (time.yday != now.yday) or
43 if (time.yday != now.yday) or
44 (time.year != now.year)
44 (time.year != now.year)
45 st = time.strftime("%x ")
45 st = time.strftime("%x ")
46 end
46 end
47 st + time.strftime("%X")
47 st + time.strftime("%X")
48 end
48 end
49
49
50
50
51 def user_title_bar(user)
51 def user_title_bar(user)
52 if user.site!=nil and user.site.finished?
52 if user.site!=nil and user.site.finished?
53 contest_over_string = <<CONTEST_OVER
53 contest_over_string = <<CONTEST_OVER
54 <tr><td colspan="2" align="center">
54 <tr><td colspan="2" align="center">
55 <span class="contest-over-msg">THE CONTEST IS OVER</span>
55 <span class="contest-over-msg">THE CONTEST IS OVER</span>
56 </td></tr>
56 </td></tr>
57 CONTEST_OVER
57 CONTEST_OVER
58 end
58 end
59 <<TITLEBAR
59 <<TITLEBAR
60 <div class="title">
60 <div class="title">
61 <table>
61 <table>
62 #{contest_over_string}
62 #{contest_over_string}
63 <tr>
63 <tr>
64 <td class="left-col">
64 <td class="left-col">
65 #{user.full_name}<br/>
65 #{user.full_name}<br/>
66 Current time is #{format_short_time(Time.new)}<br/>
66 Current time is #{format_short_time(Time.new)}<br/>
67 </td>
67 </td>
68 <td class="right-col">APIO'08</td>
68 <td class="right-col">APIO'08</td>
69 </tr>
69 </tr>
70 </table>
70 </table>
71 </div>
71 </div>
72 TITLEBAR
72 TITLEBAR
73 end
73 end
74
74
75 end
75 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,26 +1,30
1 - content_for :head do
1 - content_for :head do
2 = javascript_include_tag :defaults
2 = javascript_include_tag :defaults
3
3
4 %h1 Grader configuration
4 %h1 Grader configuration
5
5
6 %table.info
6 %table.info
7 %tr.info-head
7 %tr.info-head
8 %th Key
8 %th Key
9 %th Type
9 %th Type
10 %th Value
10 %th Value
11
11
12 - @configurations.each do |conf|
12 - @configurations.each do |conf|
13 - @configuration = conf
13 - @configuration = conf
14 %tr
14 %tr
15 %td
15 %td
16 = in_place_editor_field :configuration, :key, {}, :rows=>1
16 = in_place_editor_field :configuration, :key, {}, :rows=>1
17 %td
17 %td
18 = in_place_editor_field :configuration, :value_type, {}, :rows=>1
18 = in_place_editor_field :configuration, :value_type, {}, :rows=>1
19 %td
19 %td
20 = in_place_editor_field :configuration, :value, {}, :rows=>1
20 = in_place_editor_field :configuration, :value, {}, :rows=>1
21
21
22 %br/
22 %br/
23 - = link_to '[Reload configuration]', :action => 'reload'
23 + Your config is saved, but it does not automatically take effect.
24 %br/
24 %br/
25 - Your config is saved, but it does not automatically take effect.
25 + If you have one mongrel process running, you can
26 - You must reload.
26 + = link_to '[click]', :action => 'reload'
27 + here to reload.
28 + %br/
29 + If you have more than one process running, you should restart
30 + them manually.
You need to be logged in to leave comments. Login now