Description:
- fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available?
- add max score query
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r593:a1d7330b2f43 - - 6 files changed: 106 inserted, 7 deleted
| @@ -0,0 +1,43 | |||||
|
|
|
1 | + %h1 Maximum score | ||
|
|
|
2 | + | ||
|
|
|
3 | + = form_tag report_max_score_path | ||
|
|
|
4 | + .row | ||
|
|
|
5 | + .col-md-4 | ||
|
|
|
6 | + .panel.panel-primary | ||
|
|
|
7 | + .panel-heading | ||
|
|
|
8 | + Problems | ||
|
|
|
9 | + .panel-body | ||
|
|
|
10 | + = label_tag :problems, "Problems" | ||
|
|
|
11 | + = select 'problems', 'problem_id', [[(t 'main.specified_in_header'),'-1']] + Problem.all.collect {|p| ["[#{p.name}] #{p.full_name}", p.id]}, {:selected => '-1'}, { class: 'select2 form-control' } | ||
|
|
|
12 | + .col-md-4 | ||
|
|
|
13 | + .panel.panel-primary | ||
|
|
|
14 | + .panel-heading | ||
|
|
|
15 | + Submission range | ||
|
|
|
16 | + .panel-body | ||
|
|
|
17 | + .form-group | ||
|
|
|
18 | + = label_tag :from, "From" | ||
|
|
|
19 | + = text_field_tag 'from_id', nil, class: "form-control" | ||
|
|
|
20 | + .form-group | ||
|
|
|
21 | + = label_tag :from, "To" | ||
|
|
|
22 | + = text_field_tag 'to_id', nil, class: "form-control" | ||
|
|
|
23 | + .col-md-4 | ||
|
|
|
24 | + .panel.panel-primary | ||
|
|
|
25 | + .panel-heading | ||
|
|
|
26 | + Users | ||
|
|
|
27 | + .panel-body | ||
|
|
|
28 | + .radio | ||
|
|
|
29 | + %label | ||
|
|
|
30 | + = radio_button_tag 'users', 'all', true | ||
|
|
|
31 | + All users | ||
|
|
|
32 | + .radio | ||
|
|
|
33 | + %label | ||
|
|
|
34 | + = radio_button_tag 'users', 'enabled' | ||
|
|
|
35 | + Only enabled users | ||
|
|
|
36 | + .row | ||
|
|
|
37 | + .col-md-12 | ||
|
|
|
38 | + = button_tag 'Show', class: "btn btn-primary btn-large" | ||
|
|
|
39 | + = button_tag 'Download CSV', class: "btn btn-primary btn-large" | ||
|
|
|
40 | + /.col-md-4.col-md-offset-1 | ||
|
|
|
41 | + / = button_tag 'Show', class: "btn btn-primary btn-block" | ||
|
|
|
42 | + /.col-md-4.col-md-offset-2 | ||
|
|
|
43 | + / = button_tag 'Download CSV', class: "btn btn-primary btn-block" | ||
| @@ -24,6 +24,10 | |||||
|
|
24 |
|
24 | ||
|
|
25 | /data |
|
25 | /data |
|
|
26 |
|
26 | ||
|
|
27 | #ignore .orig and .swp |
|
27 | #ignore .orig and .swp |
|
|
28 | *.orig |
|
28 | *.orig |
|
|
29 | *.swp |
|
29 | *.swp |
|
|
|
30 | + | ||
|
|
|
31 | + #ignore rvm setting file | ||
|
|
|
32 | + .ruby-gemset | ||
|
|
|
33 | + .ruby-version | ||
| @@ -3,35 +3,39 | |||||
|
|
3 |
|
3 | ||
|
|
4 | before_filter :current_user |
|
4 | before_filter :current_user |
|
|
5 |
|
5 | ||
|
|
6 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
6 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
7 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
7 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
|
8 |
|
8 | ||
|
|
|
9 | + #report and redirect for unauthorized activities | ||
|
|
|
10 | + def unauthorized_redirect | ||
|
|
|
11 | + flash[:notice] = 'You are not authorized to view the page you requested' | ||
|
|
|
12 | + redirect_to :controller => 'main', :action => 'login' | ||
|
|
|
13 | + end | ||
|
|
|
14 | + | ||
|
|
9 | # Returns the current logged-in user (if any). |
|
15 | # Returns the current logged-in user (if any). |
|
|
10 | def current_user |
|
16 | def current_user |
|
|
11 | return nil unless session[:user_id] |
|
17 | return nil unless session[:user_id] |
|
|
12 | @current_user ||= User.find(session[:user_id]) |
|
18 | @current_user ||= User.find(session[:user_id]) |
|
|
13 | end |
|
19 | end |
|
|
14 |
|
20 | ||
|
|
15 | def admin_authorization |
|
21 | def admin_authorization |
|
|
16 | return false unless authenticate |
|
22 | return false unless authenticate |
|
|
17 | user = User.find(session[:user_id], :include => ['roles']) |
|
23 | user = User.find(session[:user_id], :include => ['roles']) |
|
|
18 | unless user.admin? |
|
24 | unless user.admin? |
|
|
19 | - flash[:notice] = 'You are not authorized to view the page you requested' |
|
25 | + unauthorized_redirect |
|
|
20 | - redirect_to :controller => 'main', :action => 'login' unless user.admin? |
|
||
|
|
21 | return false |
|
26 | return false |
|
|
22 | end |
|
27 | end |
|
|
23 | return true |
|
28 | return true |
|
|
24 | end |
|
29 | end |
|
|
25 |
|
30 | ||
|
|
26 | def authorization_by_roles(allowed_roles) |
|
31 | def authorization_by_roles(allowed_roles) |
|
|
27 | return false unless authenticate |
|
32 | return false unless authenticate |
|
|
28 | user = User.find(session[:user_id]) |
|
33 | user = User.find(session[:user_id]) |
|
|
29 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
34 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
30 | - flash[:notice] = 'You are not authorized to view the page you requested' |
|
35 | + unauthorized_redirect |
|
|
31 | - redirect_to :controller => 'main', :action => 'login' |
|
||
|
|
32 | return false |
|
36 | return false |
|
|
33 | end |
|
37 | end |
|
|
34 | end |
|
38 | end |
|
|
35 |
|
39 | ||
|
|
36 | protected |
|
40 | protected |
|
|
37 |
|
41 | ||
| @@ -1,17 +1,24 | |||||
|
|
1 | class GradersController < ApplicationController |
|
1 | class GradersController < ApplicationController |
|
|
2 |
|
2 | ||
|
|
3 | before_filter :admin_authorization, except: [ :submission ] |
|
3 | before_filter :admin_authorization, except: [ :submission ] |
|
|
4 | before_filter(only: [:submission]) { |
|
4 | before_filter(only: [:submission]) { |
|
|
|
5 | + #check if authenticated | ||
|
|
5 | return false unless authenticate |
|
6 | return false unless authenticate |
|
|
6 |
|
7 | ||
|
|
7 | - if GraderConfiguration["right.user_view_submission"] |
|
8 | + #admin always has privileged |
|
|
8 | - return true; |
|
9 | + if @current_user.admin? |
|
|
|
10 | + return true | ||
|
|
9 | end |
|
11 | end |
|
|
10 |
|
12 | ||
|
|
11 | - admin_authorization |
|
13 | + if GraderConfiguration["right.user_view_submission"] and Submission.find(params[:id]).problem.available? |
|
|
|
14 | + return true | ||
|
|
|
15 | + else | ||
|
|
|
16 | + unauthorized_redirect | ||
|
|
|
17 | + return false | ||
|
|
|
18 | + end | ||
|
|
12 | } |
|
19 | } |
|
|
13 |
|
20 | ||
|
|
14 | verify :method => :post, :only => ['clear_all', |
|
21 | verify :method => :post, :only => ['clear_all', |
|
|
15 | 'start_exam', |
|
22 | 'start_exam', |
|
|
16 | 'start_grading', |
|
23 | 'start_grading', |
|
|
17 | 'stop_all', |
|
24 | 'stop_all', |
| @@ -9,12 +9,51 | |||||
|
|
9 | return true; |
|
9 | return true; |
|
|
10 | end |
|
10 | end |
|
|
11 |
|
11 | ||
|
|
12 | admin_authorization |
|
12 | admin_authorization |
|
|
13 | } |
|
13 | } |
|
|
14 |
|
14 | ||
|
|
|
15 | + def show_max_score | ||
|
|
|
16 | + end | ||
|
|
|
17 | + | ||
|
|
|
18 | + def get_max_score | ||
|
|
|
19 | + #process list of problems | ||
|
|
|
20 | + | ||
|
|
|
21 | + #process submission range | ||
|
|
|
22 | + if params[:commit] == 'download csv' | ||
|
|
|
23 | + @problems = Problem.all | ||
|
|
|
24 | + else | ||
|
|
|
25 | + @problems = Problem.find_available_problems | ||
|
|
|
26 | + end | ||
|
|
|
27 | + @users = User.find(:all, :include => [:contests, :contest_stat]) | ||
|
|
|
28 | + @scorearray = Array.new | ||
|
|
|
29 | + #set up range from param | ||
|
|
|
30 | + since_id = params.fetch(:since_id, 0).to_i | ||
|
|
|
31 | + until_id = params.fetch(:until_id, 0).to_i | ||
|
|
|
32 | + @users.each do |u| | ||
|
|
|
33 | + ustat = Array.new | ||
|
|
|
34 | + ustat[0] = u | ||
|
|
|
35 | + @problems.each do |p| | ||
|
|
|
36 | + max_points = 0 | ||
|
|
|
37 | + Submission.find_in_range_by_user_and_problem(u.id,p.id,since_id,until_id).each do |sub| | ||
|
|
|
38 | + max_points = sub.points if sub and sub.points and (sub.points > max_points) | ||
|
|
|
39 | + end | ||
|
|
|
40 | + ustat << [(max_points.to_f*100/p.full_score).round, (max_points>=p.full_score)] | ||
|
|
|
41 | + end | ||
|
|
|
42 | + @scorearray << ustat | ||
|
|
|
43 | + end | ||
|
|
|
44 | + | ||
|
|
|
45 | + if params[:commit] == 'download csv' then | ||
|
|
|
46 | + csv = gen_csv_from_scorearray(@scorearray,@problems) | ||
|
|
|
47 | + send_data csv, filename: 'max_score.csv' | ||
|
|
|
48 | + else | ||
|
|
|
49 | + render template: 'user_admin/user_stat' | ||
|
|
|
50 | + end | ||
|
|
|
51 | + | ||
|
|
|
52 | + end | ||
|
|
|
53 | + | ||
|
|
15 | def score |
|
54 | def score |
|
|
16 | if params[:commit] == 'download csv' |
|
55 | if params[:commit] == 'download csv' |
|
|
17 | @problems = Problem.all |
|
56 | @problems = Problem.all |
|
|
18 | else |
|
57 | else |
|
|
19 | @problems = Problem.find_available_problems |
|
58 | @problems = Problem.find_available_problems |
|
|
20 | end |
|
59 | end |
| @@ -48,15 +48,17 | |||||
|
|
48 | get "main/list" |
|
48 | get "main/list" |
|
|
49 | get 'main/submission(/:id)', to: 'main#submission', as: 'main_submission' |
|
49 | get 'main/submission(/:id)', to: 'main#submission', as: 'main_submission' |
|
|
50 |
|
50 | ||
|
|
51 | #report |
|
51 | #report |
|
|
52 | get 'report/problem_hof(/:id)', to: 'report#problem_hof', as: 'report_problem_hof' |
|
52 | get 'report/problem_hof(/:id)', to: 'report#problem_hof', as: 'report_problem_hof' |
|
|
53 | get "report/login" |
|
53 | get "report/login" |
|
|
|
54 | + get 'report/max_score', to: 'report#max_score', as: 'report_max_score' | ||
|
|
54 |
|
55 | ||
|
|
55 | #grader |
|
56 | #grader |
|
|
56 | get 'graders/list', to: 'graders#list', as: 'grader_list' |
|
57 | get 'graders/list', to: 'graders#list', as: 'grader_list' |
|
|
|
58 | + | ||
|
|
57 |
|
59 | ||
|
|
58 | match 'heartbeat/:id/edit' => 'heartbeat#edit' |
|
60 | match 'heartbeat/:id/edit' => 'heartbeat#edit' |
|
|
59 |
|
61 | ||
|
|
60 | # See how all your routes lay out with "rake routes" |
|
62 | # See how all your routes lay out with "rake routes" |
|
|
61 |
|
63 | ||
|
|
62 | # This is a legacy wild controller route that's not recommended for RESTful applications. |
|
64 | # This is a legacy wild controller route that's not recommended for RESTful applications. |
You need to be logged in to leave comments.
Login now