cafe-grader-web

Commit r593:a1d7330b2f43 public

parent | child
Description:
- fix authorization for viewing submission, only admin can view all problems all the time, normal user depends on right.view_submission and problem.available? - add max score query
Commit status:
[Not Reviewed]
References:
java
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r593:a1d7330b2f43 - - 6 files changed: 106 inserted, 7 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -0,0 +1,43
1 + %h1 Maximum score
2 +
3 + = form_tag report_max_score_path
4 + .row
5 + .col-md-4
6 + .panel.panel-primary
7 + .panel-heading
8 + Problems
9 + .panel-body
10 + = label_tag :problems, "Problems"
11 + = select 'problems', 'problem_id', [[(t 'main.specified_in_header'),'-1']] + Problem.all.collect {|p| ["[#{p.name}] #{p.full_name}", p.id]}, {:selected => '-1'}, { class: 'select2 form-control' }
12 + .col-md-4
13 + .panel.panel-primary
14 + .panel-heading
15 + Submission range
16 + .panel-body
17 + .form-group
18 + = label_tag :from, "From"
19 + = text_field_tag 'from_id', nil, class: "form-control"
20 + .form-group
21 + = label_tag :from, "To"
22 + = text_field_tag 'to_id', nil, class: "form-control"
23 + .col-md-4
24 + .panel.panel-primary
25 + .panel-heading
26 + Users
27 + .panel-body
28 + .radio
29 + %label
30 + = radio_button_tag 'users', 'all', true
31 + All users
32 + .radio
33 + %label
34 + = radio_button_tag 'users', 'enabled'
35 + Only enabled users
36 + .row
37 + .col-md-12
38 + = button_tag 'Show', class: "btn btn-primary btn-large"
39 + = button_tag 'Download CSV', class: "btn btn-primary btn-large"
40 + /.col-md-4.col-md-offset-1
41 + / = button_tag 'Show', class: "btn btn-primary btn-block"
42 + /.col-md-4.col-md-offset-2
43 + / = button_tag 'Download CSV', class: "btn btn-primary btn-block"
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -18,12 +18,16
18
18
19 /vendor/plugins/rails_upgrade
19 /vendor/plugins/rails_upgrade
20
20
21 #ignore public assets???
21 #ignore public assets???
22 /public/assets
22 /public/assets
23 /public
23 /public
24
24
25 /data
25 /data
26
26
27 #ignore .orig and .swp
27 #ignore .orig and .swp
28 *.orig
28 *.orig
29 *.swp
29 *.swp
30 +
31 + #ignore rvm setting file
32 + .ruby-gemset
33 + .ruby-version
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,43 +1,47
1 class ApplicationController < ActionController::Base
1 class ApplicationController < ActionController::Base
2 protect_from_forgery
2 protect_from_forgery
3
3
4 before_filter :current_user
4 before_filter :current_user
5
5
6 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
6 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
7 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
7 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
8
8
9 + #report and redirect for unauthorized activities
10 + def unauthorized_redirect
11 + flash[:notice] = 'You are not authorized to view the page you requested'
12 + redirect_to :controller => 'main', :action => 'login'
13 + end
14 +
9 # Returns the current logged-in user (if any).
15 # Returns the current logged-in user (if any).
10 def current_user
16 def current_user
11 return nil unless session[:user_id]
17 return nil unless session[:user_id]
12 @current_user ||= User.find(session[:user_id])
18 @current_user ||= User.find(session[:user_id])
13 end
19 end
14
20
15 def admin_authorization
21 def admin_authorization
16 return false unless authenticate
22 return false unless authenticate
17 user = User.find(session[:user_id], :include => ['roles'])
23 user = User.find(session[:user_id], :include => ['roles'])
18 unless user.admin?
24 unless user.admin?
19 - flash[:notice] = 'You are not authorized to view the page you requested'
25 + unauthorized_redirect
20 - redirect_to :controller => 'main', :action => 'login' unless user.admin?
21 return false
26 return false
22 end
27 end
23 return true
28 return true
24 end
29 end
25
30
26 def authorization_by_roles(allowed_roles)
31 def authorization_by_roles(allowed_roles)
27 return false unless authenticate
32 return false unless authenticate
28 user = User.find(session[:user_id])
33 user = User.find(session[:user_id])
29 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
34 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
30 - flash[:notice] = 'You are not authorized to view the page you requested'
35 + unauthorized_redirect
31 - redirect_to :controller => 'main', :action => 'login'
32 return false
36 return false
33 end
37 end
34 end
38 end
35
39
36 protected
40 protected
37
41
38 def authenticate
42 def authenticate
39 unless session[:user_id]
43 unless session[:user_id]
40 flash[:notice] = 'You need to login'
44 flash[:notice] = 'You need to login'
41 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
45 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
42 flash[:notice] = 'You need to login but you cannot log in at this time'
46 flash[:notice] = 'You need to login but you cannot log in at this time'
43 end
47 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,23 +1,30
1 class GradersController < ApplicationController
1 class GradersController < ApplicationController
2
2
3 before_filter :admin_authorization, except: [ :submission ]
3 before_filter :admin_authorization, except: [ :submission ]
4 before_filter(only: [:submission]) {
4 before_filter(only: [:submission]) {
5 + #check if authenticated
5 return false unless authenticate
6 return false unless authenticate
6
7
7 - if GraderConfiguration["right.user_view_submission"]
8 + #admin always has privileged
8 - return true;
9 + if @current_user.admin?
10 + return true
9 end
11 end
10
12
11 - admin_authorization
13 + if GraderConfiguration["right.user_view_submission"] and Submission.find(params[:id]).problem.available?
14 + return true
15 + else
16 + unauthorized_redirect
17 + return false
18 + end
12 }
19 }
13
20
14 verify :method => :post, :only => ['clear_all',
21 verify :method => :post, :only => ['clear_all',
15 'start_exam',
22 'start_exam',
16 'start_grading',
23 'start_grading',
17 'stop_all',
24 'stop_all',
18 'clear_terminated'],
25 'clear_terminated'],
19 :redirect_to => {:action => 'index'}
26 :redirect_to => {:action => 'index'}
20
27
21 def index
28 def index
22 redirect_to :action => 'list'
29 redirect_to :action => 'list'
23 end
30 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -3,24 +3,63
3 before_filter :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize]
3 before_filter :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize]
4
4
5 before_filter(only: [:problem_hof]) { |c|
5 before_filter(only: [:problem_hof]) { |c|
6 return false unless authenticate
6 return false unless authenticate
7
7
8 if GraderConfiguration["right.user_view_submission"]
8 if GraderConfiguration["right.user_view_submission"]
9 return true;
9 return true;
10 end
10 end
11
11
12 admin_authorization
12 admin_authorization
13 }
13 }
14
14
15 + def show_max_score
16 + end
17 +
18 + def get_max_score
19 + #process list of problems
20 +
21 + #process submission range
22 + if params[:commit] == 'download csv'
23 + @problems = Problem.all
24 + else
25 + @problems = Problem.find_available_problems
26 + end
27 + @users = User.find(:all, :include => [:contests, :contest_stat])
28 + @scorearray = Array.new
29 + #set up range from param
30 + since_id = params.fetch(:since_id, 0).to_i
31 + until_id = params.fetch(:until_id, 0).to_i
32 + @users.each do |u|
33 + ustat = Array.new
34 + ustat[0] = u
35 + @problems.each do |p|
36 + max_points = 0
37 + Submission.find_in_range_by_user_and_problem(u.id,p.id,since_id,until_id).each do |sub|
38 + max_points = sub.points if sub and sub.points and (sub.points > max_points)
39 + end
40 + ustat << [(max_points.to_f*100/p.full_score).round, (max_points>=p.full_score)]
41 + end
42 + @scorearray << ustat
43 + end
44 +
45 + if params[:commit] == 'download csv' then
46 + csv = gen_csv_from_scorearray(@scorearray,@problems)
47 + send_data csv, filename: 'max_score.csv'
48 + else
49 + render template: 'user_admin/user_stat'
50 + end
51 +
52 + end
53 +
15 def score
54 def score
16 if params[:commit] == 'download csv'
55 if params[:commit] == 'download csv'
17 @problems = Problem.all
56 @problems = Problem.all
18 else
57 else
19 @problems = Problem.find_available_problems
58 @problems = Problem.find_available_problems
20 end
59 end
21 @users = User.includes(:contests, :contest_stat).where(enabled: true) #find(:all, :include => [:contests, :contest_stat]).where(enabled: true)
60 @users = User.includes(:contests, :contest_stat).where(enabled: true) #find(:all, :include => [:contests, :contest_stat]).where(enabled: true)
22 @scorearray = Array.new
61 @scorearray = Array.new
23 @users.each do |u|
62 @users.each do |u|
24 ustat = Array.new
63 ustat = Array.new
25 ustat[0] = u
64 ustat[0] = u
26 @problems.each do |p|
65 @problems.each do |p|
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -42,24 +42,26
42
42
43 match 'tasks/view/:file.:ext' => 'tasks#view'
43 match 'tasks/view/:file.:ext' => 'tasks#view'
44 match 'tasks/download/:id/:file.:ext' => 'tasks#download'
44 match 'tasks/download/:id/:file.:ext' => 'tasks#download'
45 match 'heartbeat/:id/edit' => 'heartbeat#edit'
45 match 'heartbeat/:id/edit' => 'heartbeat#edit'
46
46
47 #main
47 #main
48 get "main/list"
48 get "main/list"
49 get 'main/submission(/:id)', to: 'main#submission', as: 'main_submission'
49 get 'main/submission(/:id)', to: 'main#submission', as: 'main_submission'
50
50
51 #report
51 #report
52 get 'report/problem_hof(/:id)', to: 'report#problem_hof', as: 'report_problem_hof'
52 get 'report/problem_hof(/:id)', to: 'report#problem_hof', as: 'report_problem_hof'
53 get "report/login"
53 get "report/login"
54 + get 'report/max_score', to: 'report#max_score', as: 'report_max_score'
54
55
55 #grader
56 #grader
56 get 'graders/list', to: 'graders#list', as: 'grader_list'
57 get 'graders/list', to: 'graders#list', as: 'grader_list'
58 +
57
59
58 match 'heartbeat/:id/edit' => 'heartbeat#edit'
60 match 'heartbeat/:id/edit' => 'heartbeat#edit'
59
61
60 # See how all your routes lay out with "rake routes"
62 # See how all your routes lay out with "rake routes"
61
63
62 # This is a legacy wild controller route that's not recommended for RESTful applications.
64 # This is a legacy wild controller route that's not recommended for RESTful applications.
63 # Note: This route will make all actions in every controller accessible via GET requests.
65 # Note: This route will make all actions in every controller accessible via GET requests.
64 match ':controller(/:action(/:id))(.:format)'
66 match ':controller(/:action(/:id))(.:format)'
65 end
67 end
You need to be logged in to leave comments. Login now