cafe-grader-web

Commit r756:aa79958f6521 public

parent | child
Description:
more test and clean up authorization
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r756:aa79958f6521 - - 13 files changed: 53 inserted, 38 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -49,96 +49,97
49 marcel (~> 0.3.1)
49 marcel (~> 0.3.1)
50 activesupport (5.2.3)
50 activesupport (5.2.3)
51 concurrent-ruby (~> 1.0, >= 1.0.2)
51 concurrent-ruby (~> 1.0, >= 1.0.2)
52 i18n (>= 0.7, < 2)
52 i18n (>= 0.7, < 2)
53 minitest (~> 5.1)
53 minitest (~> 5.1)
54 tzinfo (~> 1.1)
54 tzinfo (~> 1.1)
55 addressable (2.6.0)
55 addressable (2.6.0)
56 public_suffix (>= 2.0.2, < 4.0)
56 public_suffix (>= 2.0.2, < 4.0)
57 ansi (1.5.0)
57 ansi (1.5.0)
58 arel (9.0.0)
58 arel (9.0.0)
59 autoprefixer-rails (9.5.1.1)
59 autoprefixer-rails (9.5.1.1)
60 execjs
60 execjs
61 best_in_place (3.0.3)
61 best_in_place (3.0.3)
62 actionpack (>= 3.2)
62 actionpack (>= 3.2)
63 railties (>= 3.2)
63 railties (>= 3.2)
64 bindex (0.7.0)
64 bindex (0.7.0)
65 bootsnap (1.4.4)
65 bootsnap (1.4.4)
66 msgpack (~> 1.0)
66 msgpack (~> 1.0)
67 bootstrap-datepicker-rails (1.8.0.1)
67 bootstrap-datepicker-rails (1.8.0.1)
68 railties (>= 3.0)
68 railties (>= 3.0)
69 bootstrap-sass (3.4.1)
69 bootstrap-sass (3.4.1)
70 autoprefixer-rails (>= 5.2.1)
70 autoprefixer-rails (>= 5.2.1)
71 sassc (>= 2.0.0)
71 sassc (>= 2.0.0)
72 bootstrap-switch-rails (3.3.4)
72 bootstrap-switch-rails (3.3.4)
73 bootstrap-toggle-rails (2.2.1.0)
73 bootstrap-toggle-rails (2.2.1.0)
74 bootstrap3-datetimepicker-rails (4.17.47)
74 bootstrap3-datetimepicker-rails (4.17.47)
75 momentjs-rails (>= 2.8.1)
75 momentjs-rails (>= 2.8.1)
76 builder (3.2.3)
76 builder (3.2.3)
77 byebug (11.0.1)
77 byebug (11.0.1)
78 capybara (3.25.0)
78 capybara (3.25.0)
79 addressable
79 addressable
80 mini_mime (>= 0.1.3)
80 mini_mime (>= 0.1.3)
81 nokogiri (~> 1.8)
81 nokogiri (~> 1.8)
82 rack (>= 1.6.0)
82 rack (>= 1.6.0)
83 rack-test (>= 0.6.3)
83 rack-test (>= 0.6.3)
84 regexp_parser (~> 1.5)
84 regexp_parser (~> 1.5)
85 xpath (~> 3.2)
85 xpath (~> 3.2)
86 childprocess (1.0.1)
86 childprocess (1.0.1)
87 rake (< 13.0)
87 rake (< 13.0)
88 coffee-rails (4.2.2)
88 coffee-rails (4.2.2)
89 coffee-script (>= 2.2.0)
89 coffee-script (>= 2.2.0)
90 railties (>= 4.0.0)
90 railties (>= 4.0.0)
91 coffee-script (2.4.1)
91 coffee-script (2.4.1)
92 coffee-script-source
92 coffee-script-source
93 execjs
93 execjs
94 coffee-script-source (1.12.2)
94 coffee-script-source (1.12.2)
95 concurrent-ruby (1.1.5)
95 concurrent-ruby (1.1.5)
96 crass (1.0.4)
96 crass (1.0.4)
97 + diff-lcs (1.3)
97 dynamic_form (1.1.4)
98 dynamic_form (1.1.4)
98 erubi (1.8.0)
99 erubi (1.8.0)
99 erubis (2.7.0)
100 erubis (2.7.0)
100 execjs (2.7.0)
101 execjs (2.7.0)
101 ffi (1.11.1)
102 ffi (1.11.1)
102 fuzzy-string-match (1.0.1)
103 fuzzy-string-match (1.0.1)
103 RubyInline (>= 3.8.6)
104 RubyInline (>= 3.8.6)
104 globalid (0.4.2)
105 globalid (0.4.2)
105 activesupport (>= 4.2.0)
106 activesupport (>= 4.2.0)
106 haml (5.1.0)
107 haml (5.1.0)
107 temple (>= 0.8.0)
108 temple (>= 0.8.0)
108 tilt
109 tilt
109 haml-rails (1.0.0)
110 haml-rails (1.0.0)
110 actionpack (>= 4.0.1)
111 actionpack (>= 4.0.1)
111 activesupport (>= 4.0.1)
112 activesupport (>= 4.0.1)
112 haml (>= 4.0.6, < 6.0)
113 haml (>= 4.0.6, < 6.0)
113 html2haml (>= 1.0.1)
114 html2haml (>= 1.0.1)
114 railties (>= 4.0.1)
115 railties (>= 4.0.1)
115 html2haml (2.2.0)
116 html2haml (2.2.0)
116 erubis (~> 2.7.0)
117 erubis (~> 2.7.0)
117 haml (>= 4.0, < 6)
118 haml (>= 4.0, < 6)
118 nokogiri (>= 1.6.0)
119 nokogiri (>= 1.6.0)
119 ruby_parser (~> 3.5)
120 ruby_parser (~> 3.5)
120 i18n (1.6.0)
121 i18n (1.6.0)
121 concurrent-ruby (~> 1.0)
122 concurrent-ruby (~> 1.0)
122 in_place_editing (1.2.0)
123 in_place_editing (1.2.0)
123 jbuilder (2.9.1)
124 jbuilder (2.9.1)
124 activesupport (>= 4.2.0)
125 activesupport (>= 4.2.0)
125 jquery-countdown-rails (2.0.2)
126 jquery-countdown-rails (2.0.2)
126 jquery-datatables-rails (3.4.0)
127 jquery-datatables-rails (3.4.0)
127 actionpack (>= 3.1)
128 actionpack (>= 3.1)
128 jquery-rails
129 jquery-rails
129 railties (>= 3.1)
130 railties (>= 3.1)
130 sass-rails
131 sass-rails
131 jquery-rails (4.3.3)
132 jquery-rails (4.3.3)
132 rails-dom-testing (>= 1, < 3)
133 rails-dom-testing (>= 1, < 3)
133 railties (>= 4.2.0)
134 railties (>= 4.2.0)
134 thor (>= 0.14, < 2.0)
135 thor (>= 0.14, < 2.0)
135 jquery-tablesorter (1.26.1)
136 jquery-tablesorter (1.26.1)
136 railties (>= 3.2, < 6)
137 railties (>= 3.2, < 6)
137 jquery-timepicker-addon-rails (1.4.1)
138 jquery-timepicker-addon-rails (1.4.1)
138 railties (>= 3.1)
139 railties (>= 3.1)
139 jquery-ui-rails (6.0.1)
140 jquery-ui-rails (6.0.1)
140 railties (>= 3.2.16)
141 railties (>= 3.2.16)
141 listen (3.1.5)
142 listen (3.1.5)
142 rb-fsevent (~> 0.9, >= 0.9.4)
143 rb-fsevent (~> 0.9, >= 0.9.4)
143 rb-inotify (~> 0.9, >= 0.9.7)
144 rb-inotify (~> 0.9, >= 0.9.7)
144 ruby_dep (~> 1.2)
145 ruby_dep (~> 1.2)
@@ -165,96 +166,113
165 multi_json (1.13.1)
166 multi_json (1.13.1)
166 mysql2 (0.5.2)
167 mysql2 (0.5.2)
167 nio4r (2.3.1)
168 nio4r (2.3.1)
168 nokogiri (1.10.3)
169 nokogiri (1.10.3)
169 mini_portile2 (~> 2.4.0)
170 mini_portile2 (~> 2.4.0)
170 public_suffix (3.1.1)
171 public_suffix (3.1.1)
171 puma (4.0.0)
172 puma (4.0.0)
172 nio4r (~> 2.0)
173 nio4r (~> 2.0)
173 rack (2.0.7)
174 rack (2.0.7)
174 rack-test (1.1.0)
175 rack-test (1.1.0)
175 rack (>= 1.0, < 3)
176 rack (>= 1.0, < 3)
176 rails (5.2.3)
177 rails (5.2.3)
177 actioncable (= 5.2.3)
178 actioncable (= 5.2.3)
178 actionmailer (= 5.2.3)
179 actionmailer (= 5.2.3)
179 actionpack (= 5.2.3)
180 actionpack (= 5.2.3)
180 actionview (= 5.2.3)
181 actionview (= 5.2.3)
181 activejob (= 5.2.3)
182 activejob (= 5.2.3)
182 activemodel (= 5.2.3)
183 activemodel (= 5.2.3)
183 activerecord (= 5.2.3)
184 activerecord (= 5.2.3)
184 activestorage (= 5.2.3)
185 activestorage (= 5.2.3)
185 activesupport (= 5.2.3)
186 activesupport (= 5.2.3)
186 bundler (>= 1.3.0)
187 bundler (>= 1.3.0)
187 railties (= 5.2.3)
188 railties (= 5.2.3)
188 sprockets-rails (>= 2.0.0)
189 sprockets-rails (>= 2.0.0)
189 rails-controller-testing (1.0.4)
190 rails-controller-testing (1.0.4)
190 actionpack (>= 5.0.1.x)
191 actionpack (>= 5.0.1.x)
191 actionview (>= 5.0.1.x)
192 actionview (>= 5.0.1.x)
192 activesupport (>= 5.0.1.x)
193 activesupport (>= 5.0.1.x)
193 rails-dom-testing (2.0.3)
194 rails-dom-testing (2.0.3)
194 activesupport (>= 4.2.0)
195 activesupport (>= 4.2.0)
195 nokogiri (>= 1.6)
196 nokogiri (>= 1.6)
196 rails-html-sanitizer (1.0.4)
197 rails-html-sanitizer (1.0.4)
197 loofah (~> 2.2, >= 2.2.2)
198 loofah (~> 2.2, >= 2.2.2)
198 rails_bootstrap_sortable (2.0.6)
199 rails_bootstrap_sortable (2.0.6)
199 momentjs-rails (>= 2.8.3)
200 momentjs-rails (>= 2.8.3)
200 railties (5.2.3)
201 railties (5.2.3)
201 actionpack (= 5.2.3)
202 actionpack (= 5.2.3)
202 activesupport (= 5.2.3)
203 activesupport (= 5.2.3)
203 method_source
204 method_source
204 rake (>= 0.8.7)
205 rake (>= 0.8.7)
205 thor (>= 0.19.0, < 2.0)
206 thor (>= 0.19.0, < 2.0)
206 rake (12.3.2)
207 rake (12.3.2)
207 rb-fsevent (0.10.3)
208 rb-fsevent (0.10.3)
208 rb-inotify (0.10.0)
209 rb-inotify (0.10.0)
209 ffi (~> 1.0)
210 ffi (~> 1.0)
210 rdiscount (2.2.0.1)
211 rdiscount (2.2.0.1)
211 regexp_parser (1.5.1)
212 regexp_parser (1.5.1)
212 rouge (3.3.0)
213 rouge (3.3.0)
214 + rspec-core (3.8.2)
215 + rspec-support (~> 3.8.0)
216 + rspec-expectations (3.8.4)
217 + diff-lcs (>= 1.2.0, < 2.0)
218 + rspec-support (~> 3.8.0)
219 + rspec-mocks (3.8.1)
220 + diff-lcs (>= 1.2.0, < 2.0)
221 + rspec-support (~> 3.8.0)
222 + rspec-rails (3.8.2)
223 + actionpack (>= 3.0)
224 + activesupport (>= 3.0)
225 + railties (>= 3.0)
226 + rspec-core (~> 3.8.0)
227 + rspec-expectations (~> 3.8.0)
228 + rspec-mocks (~> 3.8.0)
229 + rspec-support (~> 3.8.0)
230 + rspec-support (3.8.2)
213 ruby-progressbar (1.10.0)
231 ruby-progressbar (1.10.0)
214 ruby_dep (1.5.0)
232 ruby_dep (1.5.0)
215 ruby_parser (3.13.1)
233 ruby_parser (3.13.1)
216 sexp_processor (~> 4.9)
234 sexp_processor (~> 4.9)
217 rubyzip (1.2.3)
235 rubyzip (1.2.3)
218 sass (3.7.4)
236 sass (3.7.4)
219 sass-listen (~> 4.0.0)
237 sass-listen (~> 4.0.0)
220 sass-listen (4.0.0)
238 sass-listen (4.0.0)
221 rb-fsevent (~> 0.9, >= 0.9.4)
239 rb-fsevent (~> 0.9, >= 0.9.4)
222 rb-inotify (~> 0.9, >= 0.9.7)
240 rb-inotify (~> 0.9, >= 0.9.7)
223 sass-rails (5.0.7)
241 sass-rails (5.0.7)
224 railties (>= 4.0.0, < 6)
242 railties (>= 4.0.0, < 6)
225 sass (~> 3.1)
243 sass (~> 3.1)
226 sprockets (>= 2.8, < 4.0)
244 sprockets (>= 2.8, < 4.0)
227 sprockets-rails (>= 2.0, < 4.0)
245 sprockets-rails (>= 2.0, < 4.0)
228 tilt (>= 1.1, < 3)
246 tilt (>= 1.1, < 3)
229 sassc (2.0.1)
247 sassc (2.0.1)
230 ffi (~> 1.9)
248 ffi (~> 1.9)
231 rake
249 rake
232 sassc-rails (2.1.1)
250 sassc-rails (2.1.1)
233 railties (>= 4.0.0)
251 railties (>= 4.0.0)
234 sassc (>= 2.0)
252 sassc (>= 2.0)
235 sprockets (> 3.0)
253 sprockets (> 3.0)
236 sprockets-rails
254 sprockets-rails
237 tilt
255 tilt
238 select2-rails (4.0.3)
256 select2-rails (4.0.3)
239 thor (~> 0.14)
257 thor (~> 0.14)
240 selenium-webdriver (3.142.3)
258 selenium-webdriver (3.142.3)
241 childprocess (>= 0.5, < 2.0)
259 childprocess (>= 0.5, < 2.0)
242 rubyzip (~> 1.2, >= 1.2.2)
260 rubyzip (~> 1.2, >= 1.2.2)
243 sexp_processor (4.12.0)
261 sexp_processor (4.12.0)
244 simple_form (4.1.0)
262 simple_form (4.1.0)
245 actionpack (>= 5.0)
263 actionpack (>= 5.0)
246 activemodel (>= 5.0)
264 activemodel (>= 5.0)
247 spring (2.1.0)
265 spring (2.1.0)
248 spring-watcher-listen (2.0.1)
266 spring-watcher-listen (2.0.1)
249 listen (>= 2.7, < 4.0)
267 listen (>= 2.7, < 4.0)
250 spring (>= 1.2, < 3.0)
268 spring (>= 1.2, < 3.0)
251 sprockets (3.7.2)
269 sprockets (3.7.2)
252 concurrent-ruby (~> 1.0)
270 concurrent-ruby (~> 1.0)
253 rack (> 1, < 3)
271 rack (> 1, < 3)
254 sprockets-rails (3.2.1)
272 sprockets-rails (3.2.1)
255 actionpack (>= 4.0)
273 actionpack (>= 4.0)
256 activesupport (>= 4.0)
274 activesupport (>= 4.0)
257 sprockets (>= 3.0.0)
275 sprockets (>= 3.0.0)
258 sqlite3 (1.4.1)
276 sqlite3 (1.4.1)
259 temple (0.8.1)
277 temple (0.8.1)
260 thor (0.20.3)
278 thor (0.20.3)
@@ -275,63 +293,64
275 websocket-extensions (0.1.4)
293 websocket-extensions (0.1.4)
276 will_paginate (3.0.12)
294 will_paginate (3.0.12)
277 xpath (3.2.0)
295 xpath (3.2.0)
278 nokogiri (~> 1.8)
296 nokogiri (~> 1.8)
279 yaml_db (0.7.0)
297 yaml_db (0.7.0)
280 rails (>= 3.0)
298 rails (>= 3.0)
281 rake (>= 0.8.7)
299 rake (>= 0.8.7)
282
300
283 PLATFORMS
301 PLATFORMS
284 ruby
302 ruby
285
303
286 DEPENDENCIES
304 DEPENDENCIES
287 ace-rails-ap
305 ace-rails-ap
288 activerecord-session_store
306 activerecord-session_store
289 autoprefixer-rails
307 autoprefixer-rails
290 best_in_place (~> 3.0.1)
308 best_in_place (~> 3.0.1)
291 bootsnap (>= 1.1.0)
309 bootsnap (>= 1.1.0)
292 bootstrap-datepicker-rails
310 bootstrap-datepicker-rails
293 bootstrap-sass (~> 3.4.1)
311 bootstrap-sass (~> 3.4.1)
294 bootstrap-switch-rails
312 bootstrap-switch-rails
295 bootstrap-toggle-rails
313 bootstrap-toggle-rails
296 bootstrap3-datetimepicker-rails
314 bootstrap3-datetimepicker-rails
297 byebug
315 byebug
298 capybara (>= 2.15)
316 capybara (>= 2.15)
299 coffee-rails
317 coffee-rails
300 dynamic_form
318 dynamic_form
301 fuzzy-string-match
319 fuzzy-string-match
302 haml
320 haml
303 haml-rails
321 haml-rails
304 in_place_editing
322 in_place_editing
305 jbuilder (~> 2.5)
323 jbuilder (~> 2.5)
306 jquery-countdown-rails
324 jquery-countdown-rails
307 jquery-datatables-rails
325 jquery-datatables-rails
308 jquery-rails
326 jquery-rails
309 jquery-tablesorter
327 jquery-tablesorter
310 jquery-timepicker-addon-rails
328 jquery-timepicker-addon-rails
311 jquery-ui-rails
329 jquery-ui-rails
312 listen (>= 3.0.5, < 3.2)
330 listen (>= 3.0.5, < 3.2)
313 mail
331 mail
314 minitest-reporters
332 minitest-reporters
315 momentjs-rails
333 momentjs-rails
316 mysql2
334 mysql2
317 puma
335 puma
318 rails (~> 5.2)
336 rails (~> 5.2)
319 rails-controller-testing
337 rails-controller-testing
320 rails_bootstrap_sortable
338 rails_bootstrap_sortable
321 rdiscount
339 rdiscount
322 rouge
340 rouge
341 + rspec-rails
323 sassc-rails
342 sassc-rails
324 select2-rails
343 select2-rails
325 selenium-webdriver
344 selenium-webdriver
326 simple_form
345 simple_form
327 spring
346 spring
328 spring-watcher-listen (~> 2.0.0)
347 spring-watcher-listen (~> 2.0.0)
329 sqlite3
348 sqlite3
330 uglifier
349 uglifier
331 web-console (>= 3.3.0)
350 web-console (>= 3.3.0)
332 webdriver
351 webdriver
333 will_paginate (~> 3.0.7)
352 will_paginate (~> 3.0.7)
334 yaml_db
353 yaml_db
335
354
336 BUNDLED WITH
355 BUNDLED WITH
337 1.17.2
356 1.17.2
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,167 +1,166
1 require 'ipaddr'
1 require 'ipaddr'
2
2
3 class ApplicationController < ActionController::Base
3 class ApplicationController < ActionController::Base
4 protect_from_forgery
4 protect_from_forgery
5
5
6 before_action :current_user
6 before_action :current_user
7
7
8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
9 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
9 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
10 ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only'
10 ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only'
11 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
11 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
12
12
13 #report and redirect for unauthorized activities
13 #report and redirect for unauthorized activities
14 - def unauthorized_redirect
14 + def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
15 - flash[:notice] = 'You are not authorized to view the page you requested'
15 + flash[:notice] = notice
16 - redirect_to :controller => 'main', :action => 'login'
16 + redirect_to login_main_path
17 end
17 end
18
18
19 # Returns the current logged-in user (if any).
19 # Returns the current logged-in user (if any).
20 def current_user
20 def current_user
21 return nil unless session[:user_id]
21 return nil unless session[:user_id]
22 @current_user ||= User.find(session[:user_id])
22 @current_user ||= User.find(session[:user_id])
23 end
23 end
24
24
25 def admin_authorization
25 def admin_authorization
26 - return false unless authenticate
26 + return false unless check_valid_login
27 user = User.includes(:roles).find(session[:user_id])
27 user = User.includes(:roles).find(session[:user_id])
28 unless user.admin?
28 unless user.admin?
29 unauthorized_redirect
29 unauthorized_redirect
30 return false
30 return false
31 end
31 end
32 return true
32 return true
33 end
33 end
34
34
35 def authorization_by_roles(allowed_roles)
35 def authorization_by_roles(allowed_roles)
36 - return false unless authenticate
36 + return false unless check_valid_login
37 user = User.find(session[:user_id])
37 user = User.find(session[:user_id])
38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
39 unauthorized_redirect
39 unauthorized_redirect
40 return false
40 return false
41 end
41 end
42 end
42 end
43
43
44 def testcase_authorization
44 def testcase_authorization
45 #admin always has privileged
45 #admin always has privileged
46 if @current_user.admin?
46 if @current_user.admin?
47 return true
47 return true
48 end
48 end
49
49
50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
51 end
51 end
52
52
53
53
54 protected
54 protected
55
55
56 #redirect to root (and also force logout)
56 #redirect to root (and also force logout)
57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
58 - def authenticate
58 + def check_valid_login
59 + #check if logged in
59 unless session[:user_id]
60 unless session[:user_id]
60 - flash[:notice] = 'You need to login'
61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
62 - flash[:notice] = 'You need to login but you cannot log in at this time'
62 + unauthorized_redirect('You need to login but you cannot log in at this time')
63 + else
64 + unauthorized_redirect('You need to login')
63 end
65 end
64 - redirect_to :controller => 'main', :action => 'login'
65 return false
66 return false
66 end
67 end
67
68
68 # check if run in single user mode
69 # check if run in single user mode
69 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
70 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
70 if @current_user==nil || (not @current_user.admin?)
71 if @current_user==nil || (not @current_user.admin?)
71 - flash[:notice] = 'You cannot log in at this time'
72 + unauthorized_redirect('You cannot log in at this time')
72 - redirect_to :controller => 'main', :action => 'login'
73 return false
73 return false
74 end
74 end
75 end
75 end
76
76
77 # check if the user is enabled
77 # check if the user is enabled
78 unless @current_user.enabled? || @current_user.admin?
78 unless @current_user.enabled? || @current_user.admin?
79 - flash[:notice] = 'Your account is disabled'
79 + unauthorized_redirect 'Your account is disabled'
80 - redirect_to :controller => 'main', :action => 'login'
81 return false
80 return false
82 end
81 end
83
82
84 # check if user ip is allowed
83 # check if user ip is allowed
85 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
84 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
86 unless is_request_ip_allowed?
85 unless is_request_ip_allowed?
87 - flash[:notice] = 'Your IP is not allowed'
86 + unauthorized_redirect 'Your IP is not allowed'
88 - redirect_to root_path
87 + return false
89 end
88 end
90 end
89 end
91
90
92 if GraderConfiguration.multicontests?
91 if GraderConfiguration.multicontests?
93 return true if @current_user.admin?
92 return true if @current_user.admin?
94 begin
93 begin
95 if @current_user.contest_stat(true).forced_logout
94 if @current_user.contest_stat(true).forced_logout
96 flash[:notice] = 'You have been automatically logged out.'
95 flash[:notice] = 'You have been automatically logged out.'
97 redirect_to :controller => 'main', :action => 'index'
96 redirect_to :controller => 'main', :action => 'index'
98 end
97 end
99 rescue
98 rescue
100 end
99 end
101 end
100 end
102 return true
101 return true
103 end
102 end
104
103
105 #redirect to root (and also force logout)
104 #redirect to root (and also force logout)
106 #if the user use different ip from the previous connection
105 #if the user use different ip from the previous connection
107 # only applicable when MULTIPLE_IP_LOGIN options is false only
106 # only applicable when MULTIPLE_IP_LOGIN options is false only
108 def authenticate_by_ip_address
107 def authenticate_by_ip_address
109 #this assume that we have already authenticate normally
108 #this assume that we have already authenticate normally
110 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
109 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
111 user = User.find(session[:user_id])
110 user = User.find(session[:user_id])
112 if (not @current_user.admin? && user.last_ip && user.last_ip != request.remote_ip)
111 if (not @current_user.admin? && user.last_ip && user.last_ip != request.remote_ip)
113 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
112 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
114 redirect_to :controller => 'main', :action => 'login'
113 redirect_to :controller => 'main', :action => 'login'
115 puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
114 puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
116 return false
115 return false
117 end
116 end
118 unless user.last_ip
117 unless user.last_ip
119 user.last_ip = request.remote_ip
118 user.last_ip = request.remote_ip
120 user.save
119 user.save
121 end
120 end
122 end
121 end
123 return true
122 return true
124 end
123 end
125
124
126 def authorization
125 def authorization
127 - return false unless authenticate
126 + return false unless check_valid_login
128 user = User.find(session[:user_id])
127 user = User.find(session[:user_id])
129 unless user.roles.detect { |role|
128 unless user.roles.detect { |role|
130 role.rights.detect{ |right|
129 role.rights.detect{ |right|
131 right.controller == self.class.controller_name and
130 right.controller == self.class.controller_name and
132 (right.action == 'all' || right.action == action_name)
131 (right.action == 'all' || right.action == action_name)
133 }
132 }
134 }
133 }
135 flash[:notice] = 'You are not authorized to view the page you requested'
134 flash[:notice] = 'You are not authorized to view the page you requested'
136 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
135 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
137 redirect_to :controller => 'main', :action => 'login'
136 redirect_to :controller => 'main', :action => 'login'
138 return false
137 return false
139 end
138 end
140 end
139 end
141
140
142 def verify_time_limit
141 def verify_time_limit
143 return true if session[:user_id]==nil
142 return true if session[:user_id]==nil
144 user = User.find(session[:user_id], :include => :site)
143 user = User.find(session[:user_id], :include => :site)
145 return true if user==nil || user.site == nil
144 return true if user==nil || user.site == nil
146 if user.contest_finished?
145 if user.contest_finished?
147 flash[:notice] = 'Error: the contest you are participating is over.'
146 flash[:notice] = 'Error: the contest you are participating is over.'
148 redirect_to :back
147 redirect_to :back
149 return false
148 return false
150 end
149 end
151 return true
150 return true
152 end
151 end
153
152
154 def is_request_ip_allowed?
153 def is_request_ip_allowed?
155 if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
154 if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
156 user_ip = IPAddr.new(request.remote_ip)
155 user_ip = IPAddr.new(request.remote_ip)
157 GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
156 GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
158 allow_ips = IPAddr.new(ips)
157 allow_ips = IPAddr.new(ips)
159 unless allow_ips.includes(user_ip)
158 unless allow_ips.includes(user_ip)
160 return false
159 return false
161 end
160 end
162 end
161 end
163 end
162 end
164 return true
163 return true
165 end
164 end
166
165
167 end
166 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,34 +1,32
1 class ConfigurationsController < ApplicationController
1 class ConfigurationsController < ApplicationController
2
2
3 - before_action :authenticate
3 + before_action :admin_authorization
4 - before_action { |controller| controller.authorization_by_roles(['admin'])}
5 -
6
4
7 def index
5 def index
8 @configurations = GraderConfiguration.order(:key)
6 @configurations = GraderConfiguration.order(:key)
9 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
7 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
10 end
8 end
11
9
12 def reload
10 def reload
13 GraderConfiguration.reload
11 GraderConfiguration.reload
14 redirect_to :action => 'index'
12 redirect_to :action => 'index'
15 end
13 end
16
14
17 def update
15 def update
18 @config = GraderConfiguration.find(params[:id])
16 @config = GraderConfiguration.find(params[:id])
19 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
17 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
20 respond_to do |format|
18 respond_to do |format|
21 if @config.update_attributes(configuration_params)
19 if @config.update_attributes(configuration_params)
22 format.json { head :ok }
20 format.json { head :ok }
23 else
21 else
24 format.json { respond_with_bip(@config) }
22 format.json { respond_with_bip(@config) }
25 end
23 end
26 end
24 end
27 end
25 end
28
26
29 private
27 private
30 def configuration_params
28 def configuration_params
31 params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
29 params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
32 end
30 end
33
31
34 end
32 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,54 +1,54
1 class GroupsController < ApplicationController
1 class GroupsController < ApplicationController
2 before_action :set_group, only: [:show, :edit, :update, :destroy,
2 before_action :set_group, only: [:show, :edit, :update, :destroy,
3 :add_user, :remove_user,:remove_all_user,
3 :add_user, :remove_user,:remove_all_user,
4 :add_problem, :remove_problem,:remove_all_problem,
4 :add_problem, :remove_problem,:remove_all_problem,
5 ]
5 ]
6 - before_action :authenticate, :admin_authorization
6 + before_action :admin_authorization
7
7
8 # GET /groups
8 # GET /groups
9 def index
9 def index
10 @groups = Group.all
10 @groups = Group.all
11 end
11 end
12
12
13 # GET /groups/1
13 # GET /groups/1
14 def show
14 def show
15 end
15 end
16
16
17 # GET /groups/new
17 # GET /groups/new
18 def new
18 def new
19 @group = Group.new
19 @group = Group.new
20 end
20 end
21
21
22 # GET /groups/1/edit
22 # GET /groups/1/edit
23 def edit
23 def edit
24 end
24 end
25
25
26 # POST /groups
26 # POST /groups
27 def create
27 def create
28 @group = Group.new(group_params)
28 @group = Group.new(group_params)
29
29
30 if @group.save
30 if @group.save
31 redirect_to @group, notice: 'Group was successfully created.'
31 redirect_to @group, notice: 'Group was successfully created.'
32 else
32 else
33 render :new
33 render :new
34 end
34 end
35 end
35 end
36
36
37 # PATCH/PUT /groups/1
37 # PATCH/PUT /groups/1
38 def update
38 def update
39 if @group.update(group_params)
39 if @group.update(group_params)
40 redirect_to @group, notice: 'Group was successfully updated.'
40 redirect_to @group, notice: 'Group was successfully updated.'
41 else
41 else
42 render :edit
42 render :edit
43 end
43 end
44 end
44 end
45
45
46 # DELETE /groups/1
46 # DELETE /groups/1
47 def destroy
47 def destroy
48 @group.destroy
48 @group.destroy
49 redirect_to groups_url, notice: 'Group was successfully destroyed.'
49 redirect_to groups_url, notice: 'Group was successfully destroyed.'
50 end
50 end
51
51
52 def remove_user
52 def remove_user
53 user = User.find(params[:user_id])
53 user = User.find(params[:user_id])
54 @group.users.delete(user)
54 @group.users.delete(user)
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,72 +1,67
1 class MainController < ApplicationController
1 class MainController < ApplicationController
2
2
3 - before_action :authenticate, :except => [:index, :login]
3 + before_action :check_valid_login, :except => [:login]
4 before_action :check_viewability, :except => [:index, :login]
4 before_action :check_viewability, :except => [:index, :login]
5
5
6 append_before_action :confirm_and_update_start_time,
6 append_before_action :confirm_and_update_start_time,
7 :except => [:index,
7 :except => [:index,
8 :login,
8 :login,
9 :confirm_contest_start]
9 :confirm_contest_start]
10
10
11 # to prevent log in box to be shown when user logged out of the
11 # to prevent log in box to be shown when user logged out of the
12 # system only in some tab
12 # system only in some tab
13 prepend_before_action :reject_announcement_refresh_when_logged_out,
13 prepend_before_action :reject_announcement_refresh_when_logged_out,
14 :only => [:announcements]
14 :only => [:announcements]
15
15
16 before_action :authenticate_by_ip_address, :only => [:list]
16 before_action :authenticate_by_ip_address, :only => [:list]
17
17
18 - # NOTE: This method is not actually needed, 'config/routes.rb' has
19 - # assigned action login as a default action.
20 - def index
21 - redirect_to :action => 'login'
22 - end
23 -
24 #reset login, clear session
18 #reset login, clear session
19 + #front page
25 def login
20 def login
26 saved_notice = flash[:notice]
21 saved_notice = flash[:notice]
27 reset_session
22 reset_session
28 flash.now[:notice] = saved_notice
23 flash.now[:notice] = saved_notice
29
24
30 # EXPERIMENT:
25 # EXPERIMENT:
31 # Hide login if in single user mode and the url does not
26 # Hide login if in single user mode and the url does not
32 # explicitly specify /login
27 # explicitly specify /login
33 #
28 #
34 # logger.info "PATH: #{request.path}"
29 # logger.info "PATH: #{request.path}"
35 # if GraderConfiguration['system.single_user_mode'] and
30 # if GraderConfiguration['system.single_user_mode'] and
36 # request.path!='/main/login'
31 # request.path!='/main/login'
37 # @hidelogin = true
32 # @hidelogin = true
38 # end
33 # end
39
34
40 @announcements = Announcement.frontpage
35 @announcements = Announcement.frontpage
41 render :action => 'login', :layout => 'empty'
36 render :action => 'login', :layout => 'empty'
42 end
37 end
43
38
44 def logout
39 def logout
45 reset_session
40 reset_session
46 redirect_to root_path
41 redirect_to root_path
47 end
42 end
48
43
49 def list
44 def list
50 prepare_list_information
45 prepare_list_information
51 end
46 end
52
47
53 def help
48 def help
54 @user = User.find(session[:user_id])
49 @user = User.find(session[:user_id])
55 end
50 end
56
51
57 def submit
52 def submit
58 user = User.find(session[:user_id])
53 user = User.find(session[:user_id])
59
54
60 @submission = Submission.new
55 @submission = Submission.new
61 @submission.problem_id = params[:submission][:problem_id]
56 @submission.problem_id = params[:submission][:problem_id]
62 @submission.user = user
57 @submission.user = user
63 @submission.language_id = 0
58 @submission.language_id = 0
64 if (params['file']) and (params['file']!='')
59 if (params['file']) and (params['file']!='')
65 @submission.source = File.open(params['file'].path,'r:UTF-8',&:read)
60 @submission.source = File.open(params['file'].path,'r:UTF-8',&:read)
66 @submission.source.encode!('UTF-8','UTF-8',invalid: :replace, replace: '')
61 @submission.source.encode!('UTF-8','UTF-8',invalid: :replace, replace: '')
67 @submission.source_filename = params['file'].original_filename
62 @submission.source_filename = params['file'].original_filename
68 end
63 end
69
64
70 if (params[:editor_text])
65 if (params[:editor_text])
71 language = Language.find_by_id(params[:language_id])
66 language = Language.find_by_id(params[:language_id])
72 @submission.source = params[:editor_text]
67 @submission.source = params[:editor_text]
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,52 +1,55
1 class ProblemsController < ApplicationController
1 class ProblemsController < ApplicationController
2
2
3 - before_action :authenticate, :authorization
3 + before_action :admin_authorization
4 - before_action :testcase_authorization, only: [:show_testcase]
4 +
5 + #NOTE: ghost from the past?
6 + #before_action :testcase_authorization, only: [:show_testcase]
7 +
5
8
6 in_place_edit_for :problem, :name
9 in_place_edit_for :problem, :name
7 in_place_edit_for :problem, :full_name
10 in_place_edit_for :problem, :full_name
8 in_place_edit_for :problem, :full_score
11 in_place_edit_for :problem, :full_score
9
12
10 def index
13 def index
11 @problems = Problem.order(date_added: :desc)
14 @problems = Problem.order(date_added: :desc)
12 end
15 end
13
16
14
17
15 def show
18 def show
16 @problem = Problem.find(params[:id])
19 @problem = Problem.find(params[:id])
17 end
20 end
18
21
19 def new
22 def new
20 @problem = Problem.new
23 @problem = Problem.new
21 @description = nil
24 @description = nil
22 end
25 end
23
26
24 def create
27 def create
25 @problem = Problem.new(problem_params)
28 @problem = Problem.new(problem_params)
26 @description = Description.new(problem_params[:description])
29 @description = Description.new(problem_params[:description])
27 if @description.body!=''
30 if @description.body!=''
28 if !@description.save
31 if !@description.save
29 render :action => new and return
32 render :action => new and return
30 end
33 end
31 else
34 else
32 @description = nil
35 @description = nil
33 end
36 end
34 @problem.description = @description
37 @problem.description = @description
35 if @problem.save
38 if @problem.save
36 flash[:notice] = 'Problem was successfully created.'
39 flash[:notice] = 'Problem was successfully created.'
37 redirect_to action: :index
40 redirect_to action: :index
38 else
41 else
39 render :action => 'new'
42 render :action => 'new'
40 end
43 end
41 end
44 end
42
45
43 def quick_create
46 def quick_create
44 @problem = Problem.new(problem_params)
47 @problem = Problem.new(problem_params)
45 @problem.full_name = @problem.name if @problem.full_name == ''
48 @problem.full_name = @problem.name if @problem.full_name == ''
46 @problem.full_score = 100
49 @problem.full_score = 100
47 @problem.available = false
50 @problem.available = false
48 @problem.test_allowed = true
51 @problem.test_allowed = true
49 @problem.output_only = false
52 @problem.output_only = false
50 @problem.date_added = Time.new
53 @problem.date_added = Time.new
51 if @problem.save
54 if @problem.save
52 flash[:notice] = 'Problem was successfully created.'
55 flash[:notice] = 'Problem was successfully created.'
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,58 +1,58
1 require 'csv'
1 require 'csv'
2
2
3 class ReportController < ApplicationController
3 class ReportController < ApplicationController
4
4
5 - before_action :authenticate
5 + before_action :check_valid_login
6
6
7 before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score]
7 before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score]
8
8
9 before_action(only: [:problem_hof]) { |c|
9 before_action(only: [:problem_hof]) { |c|
10 - return false unless authenticate
10 + return false unless check_valid_login
11
11
12 admin_authorization unless GraderConfiguration["right.user_view_submission"]
12 admin_authorization unless GraderConfiguration["right.user_view_submission"]
13 }
13 }
14
14
15 def max_score
15 def max_score
16 end
16 end
17
17
18 def current_score
18 def current_score
19 @problems = Problem.available_problems
19 @problems = Problem.available_problems
20 @users = User.includes(:contests).includes(:contest_stat).where(enabled: true)
20 @users = User.includes(:contests).includes(:contest_stat).where(enabled: true)
21 @scorearray = calculate_max_score(@problems, @users,0,0,true)
21 @scorearray = calculate_max_score(@problems, @users,0,0,true)
22
22
23 #rencer accordingly
23 #rencer accordingly
24 if params[:button] == 'download' then
24 if params[:button] == 'download' then
25 csv = gen_csv_from_scorearray(@scorearray,@problems)
25 csv = gen_csv_from_scorearray(@scorearray,@problems)
26 send_data csv, filename: 'max_score.csv'
26 send_data csv, filename: 'max_score.csv'
27 else
27 else
28 #render template: 'user_admin/user_stat'
28 #render template: 'user_admin/user_stat'
29 render 'current_score'
29 render 'current_score'
30 end
30 end
31 end
31 end
32
32
33 def show_max_score
33 def show_max_score
34 #process parameters
34 #process parameters
35 #problems
35 #problems
36 @problems = []
36 @problems = []
37 if params[:problem_id]
37 if params[:problem_id]
38 params[:problem_id].each do |id|
38 params[:problem_id].each do |id|
39 next unless id.strip != ""
39 next unless id.strip != ""
40 pid = Problem.find_by_id(id.to_i)
40 pid = Problem.find_by_id(id.to_i)
41 @problems << pid if pid
41 @problems << pid if pid
42 end
42 end
43 end
43 end
44
44
45 #users
45 #users
46 @users = if params[:users] == "all" then
46 @users = if params[:users] == "all" then
47 User.includes(:contests).includes(:contest_stat)
47 User.includes(:contests).includes(:contest_stat)
48 else
48 else
49 User.includes(:contests).includes(:contest_stat).where(enabled: true)
49 User.includes(:contests).includes(:contest_stat).where(enabled: true)
50 end
50 end
51
51
52 #set up range from param
52 #set up range from param
53 @since_id = params.fetch(:from_id, 0).to_i
53 @since_id = params.fetch(:from_id, 0).to_i
54 @until_id = params.fetch(:to_id, 0).to_i
54 @until_id = params.fetch(:to_id, 0).to_i
55 @since_id = nil if @since_id == 0
55 @since_id = nil if @since_id == 0
56 @until_id = nil if @until_id == 0
56 @until_id = nil if @until_id == 0
57
57
58 #calculate the routine
58 #calculate the routine
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,50 +1,50
1 class SubmissionsController < ApplicationController
1 class SubmissionsController < ApplicationController
2 - before_action :authenticate
2 + before_action :check_valid_login
3 before_action :submission_authorization, only: [:show, :download, :edit]
3 before_action :submission_authorization, only: [:show, :download, :edit]
4 before_action :admin_authorization, only: [:rejudge]
4 before_action :admin_authorization, only: [:rejudge]
5
5
6 # GET /submissions
6 # GET /submissions
7 # GET /submissions.json
7 # GET /submissions.json
8 # Show problem selection and user's submission of that problem
8 # Show problem selection and user's submission of that problem
9 def index
9 def index
10 @user = @current_user
10 @user = @current_user
11 @problems = @user.available_problems
11 @problems = @user.available_problems
12
12
13 if params[:problem_id]==nil
13 if params[:problem_id]==nil
14 @problem = nil
14 @problem = nil
15 @submissions = nil
15 @submissions = nil
16 else
16 else
17 @problem = Problem.find_by_id(params[:problem_id])
17 @problem = Problem.find_by_id(params[:problem_id])
18 if (@problem == nil) or (not @problem.available)
18 if (@problem == nil) or (not @problem.available)
19 redirect_to main_list_path
19 redirect_to main_list_path
20 flash[:notice] = 'Error: submissions for that problem are not viewable.'
20 flash[:notice] = 'Error: submissions for that problem are not viewable.'
21 return
21 return
22 end
22 end
23 @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc)
23 @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc)
24 end
24 end
25 end
25 end
26
26
27 # GET /submissions/1
27 # GET /submissions/1
28 # GET /submissions/1.json
28 # GET /submissions/1.json
29 def show
29 def show
30 @submission = Submission.find(params[:id])
30 @submission = Submission.find(params[:id])
31
31
32 #log the viewing
32 #log the viewing
33 user = User.find(session[:user_id])
33 user = User.find(session[:user_id])
34 SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
34 SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
35
35
36 @task = @submission.task
36 @task = @submission.task
37 end
37 end
38
38
39 def download
39 def download
40 @submission = Submission.find(params[:id])
40 @submission = Submission.find(params[:id])
41 send_data(@submission.source, {:filename => @submission.download_filename, :type => 'text/plain'})
41 send_data(@submission.source, {:filename => @submission.download_filename, :type => 'text/plain'})
42 end
42 end
43
43
44 def compiler_msg
44 def compiler_msg
45 @submission = Submission.find(params[:id])
45 @submission = Submission.find(params[:id])
46 respond_to do |format|
46 respond_to do |format|
47 format.js
47 format.js
48 end
48 end
49 end
49 end
50
50
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,49 +1,50
1 class TagsController < ApplicationController
1 class TagsController < ApplicationController
2 + before_action :admin_authorization
2 before_action :set_tag, only: [:show, :edit, :update, :destroy]
3 before_action :set_tag, only: [:show, :edit, :update, :destroy]
3
4
4 # GET /tags
5 # GET /tags
5 def index
6 def index
6 @tags = Tag.all
7 @tags = Tag.all
7 end
8 end
8
9
9 # GET /tags/1
10 # GET /tags/1
10 def show
11 def show
11 end
12 end
12
13
13 # GET /tags/new
14 # GET /tags/new
14 def new
15 def new
15 @tag = Tag.new
16 @tag = Tag.new
16 end
17 end
17
18
18 # GET /tags/1/edit
19 # GET /tags/1/edit
19 def edit
20 def edit
20 end
21 end
21
22
22 # POST /tags
23 # POST /tags
23 def create
24 def create
24 @tag = Tag.new(tag_params)
25 @tag = Tag.new(tag_params)
25
26
26 if @tag.save
27 if @tag.save
27 redirect_to @tag, notice: 'Tag was successfully created.'
28 redirect_to @tag, notice: 'Tag was successfully created.'
28 else
29 else
29 render :new
30 render :new
30 end
31 end
31 end
32 end
32
33
33 # PATCH/PUT /tags/1
34 # PATCH/PUT /tags/1
34 def update
35 def update
35 if @tag.update(tag_params)
36 if @tag.update(tag_params)
36 redirect_to @tag, notice: 'Tag was successfully updated.'
37 redirect_to @tag, notice: 'Tag was successfully updated.'
37 else
38 else
38 render :edit
39 render :edit
39 end
40 end
40 end
41 end
41
42
42 # DELETE /tags/1
43 # DELETE /tags/1
43 def destroy
44 def destroy
44 #remove any association
45 #remove any association
45 ProblemTag.where(tag_id: @tag.id).destroy_all
46 ProblemTag.where(tag_id: @tag.id).destroy_all
46 @tag.destroy
47 @tag.destroy
47 redirect_to tags_url, notice: 'Tag was successfully destroyed.'
48 redirect_to tags_url, notice: 'Tag was successfully destroyed.'
48 end
49 end
49
50
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,51 +1,51
1 class TasksController < ApplicationController
1 class TasksController < ApplicationController
2
2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4
4
5 def index
5 def index
6 redirect_to :action => 'list'
6 redirect_to :action => 'list'
7 end
7 end
8
8
9 def list
9 def list
10 @problems = @user.available_problems
10 @problems = @user.available_problems
11 end
11 end
12
12
13 # this has contest-wide access control
13 # this has contest-wide access control
14 def view
14 def view
15 base_name = params[:file]
15 base_name = params[:file]
16 base_filename = File.basename("#{base_name}.#{params[:ext]}")
16 base_filename = File.basename("#{base_name}.#{params[:ext]}")
17 filename = "#{Problem.download_file_basedir}/#{base_filename}"
17 filename = "#{Problem.download_file_basedir}/#{base_filename}"
18
18
19 if !FileTest.exists?(filename)
19 if !FileTest.exists?(filename)
20 redirect_to :action => 'index' and return
20 redirect_to :action => 'index' and return
21 end
21 end
22
22
23 send_file_to_user(filename, base_filename)
23 send_file_to_user(filename, base_filename)
24 end
24 end
25
25
26 # this has problem-level access control
26 # this has problem-level access control
27 def download
27 def download
28 problem = Problem.find(params[:id])
28 problem = Problem.find(params[:id])
29 unless @current_user.can_view_problem? problem
29 unless @current_user.can_view_problem? problem
30 redirect_to :action => 'index' and return
30 redirect_to :action => 'index' and return
31 end
31 end
32
32
33 base_name = params[:file]
33 base_name = params[:file]
34 base_filename = File.basename("#{base_name}.#{params[:ext]}")
34 base_filename = File.basename("#{base_name}.#{params[:ext]}")
35 filename = "#{Problem.download_file_basedir}/#{params[:id]}/#{base_filename}"
35 filename = "#{Problem.download_file_basedir}/#{params[:id]}/#{base_filename}"
36 puts "SENDING: #{filename}"
36 puts "SENDING: #{filename}"
37
37
38 if !FileTest.exists?(filename)
38 if !FileTest.exists?(filename)
39 redirect_to :action => 'index' and return
39 redirect_to :action => 'index' and return
40 end
40 end
41
41
42 puts "SENDING: #{filename}"
42 puts "SENDING: #{filename}"
43
43
44 send_file_to_user(filename, base_filename)
44 send_file_to_user(filename, base_filename)
45 end
45 end
46
46
47 protected
47 protected
48
48
49 def send_file_to_user(filename, base_filename)
49 def send_file_to_user(filename, base_filename)
50 if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
50 if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
51 response.headers['Content-Type'] = "application/force-download"
51 response.headers['Content-Type'] = "application/force-download"
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,51 +1,51
1 class TestController < ApplicationController
1 class TestController < ApplicationController
2
2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4
4
5
5
6 def index
6 def index
7 prepare_index_information
7 prepare_index_information
8 end
8 end
9
9
10 def submit
10 def submit
11 @user = User.find(session[:user_id])
11 @user = User.find(session[:user_id])
12
12
13 @submitted_test_request = TestRequest.new_from_form_params(@user,params[:test_request])
13 @submitted_test_request = TestRequest.new_from_form_params(@user,params[:test_request])
14
14
15 if ! @submitted_test_request.errors.empty?
15 if ! @submitted_test_request.errors.empty?
16 prepare_index_information
16 prepare_index_information
17 render :action => 'index' and return
17 render :action => 'index' and return
18 end
18 end
19
19
20 if GraderConfiguration.time_limit_mode?
20 if GraderConfiguration.time_limit_mode?
21 if @user.contest_finished?
21 if @user.contest_finished?
22 @submitted_test_request.errors.add(:base,'Contest is over.')
22 @submitted_test_request.errors.add(:base,'Contest is over.')
23 prepare_index_information
23 prepare_index_information
24 render :action => 'index' and return
24 render :action => 'index' and return
25 end
25 end
26
26
27 if !GraderConfiguration.allow_test_request(@user)
27 if !GraderConfiguration.allow_test_request(@user)
28 prepare_index_information
28 prepare_index_information
29 flash[:notice] = 'Test request is not allowed during the last 30 minutes'
29 flash[:notice] = 'Test request is not allowed during the last 30 minutes'
30 redirect_to :action => 'index' and return
30 redirect_to :action => 'index' and return
31 end
31 end
32 end
32 end
33
33
34 if @submitted_test_request.save
34 if @submitted_test_request.save
35 redirect_to :action => 'index'
35 redirect_to :action => 'index'
36 else
36 else
37 prepare_index_information
37 prepare_index_information
38 render :action => 'index'
38 render :action => 'index'
39 end
39 end
40 end
40 end
41
41
42 def read
42 def read
43 user = User.find(session[:user_id])
43 user = User.find(session[:user_id])
44 begin
44 begin
45 test_request = TestRequest.find(params[:id])
45 test_request = TestRequest.find(params[:id])
46 rescue
46 rescue
47 test_request = nil
47 test_request = nil
48 end
48 end
49 if test_request==nil or test_request.user_id != user.id
49 if test_request==nil or test_request.user_id != user.id
50 flash[:notice] = 'Invalid output'
50 flash[:notice] = 'Invalid output'
51 redirect_to :action => 'index'
51 redirect_to :action => 'index'
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,65 +1,65
1 require 'net/smtp'
1 require 'net/smtp'
2
2
3 class UsersController < ApplicationController
3 class UsersController < ApplicationController
4
4
5 include MailHelperMethods
5 include MailHelperMethods
6
6
7 - before_action :authenticate, :except => [:new,
7 + before_action :check_valid_login, :except => [:new,
8 :register,
8 :register,
9 :confirm,
9 :confirm,
10 :forget,
10 :forget,
11 :retrieve_password]
11 :retrieve_password]
12
12
13 before_action :verify_online_registration, :only => [:new,
13 before_action :verify_online_registration, :only => [:new,
14 :register,
14 :register,
15 :forget,
15 :forget,
16 :retrieve_password]
16 :retrieve_password]
17 - before_action :authenticate, :profile_authorization, only: [:profile]
17 + before_action :check_valid_login, :profile_authorization, only: [:profile]
18
18
19 before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable]
19 before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable]
20
20
21
21
22 #in_place_edit_for :user, :alias_for_editing
22 #in_place_edit_for :user, :alias_for_editing
23 #in_place_edit_for :user, :email_for_editing
23 #in_place_edit_for :user, :email_for_editing
24
24
25 def index
25 def index
26 if !GraderConfiguration['system.user_setting_enabled']
26 if !GraderConfiguration['system.user_setting_enabled']
27 redirect_to :controller => 'main', :action => 'list'
27 redirect_to :controller => 'main', :action => 'list'
28 else
28 else
29 @user = User.find(session[:user_id])
29 @user = User.find(session[:user_id])
30 end
30 end
31 end
31 end
32
32
33 def chg_passwd
33 def chg_passwd
34 user = User.find(session[:user_id])
34 user = User.find(session[:user_id])
35 user.password = params[:passwd]
35 user.password = params[:passwd]
36 user.password_confirmation = params[:passwd_verify]
36 user.password_confirmation = params[:passwd_verify]
37 if user.save
37 if user.save
38 flash[:notice] = 'password changed'
38 flash[:notice] = 'password changed'
39 else
39 else
40 flash[:notice] = 'Error: password changing failed'
40 flash[:notice] = 'Error: password changing failed'
41 end
41 end
42 redirect_to :action => 'index'
42 redirect_to :action => 'index'
43 end
43 end
44
44
45 def new
45 def new
46 @user = User.new
46 @user = User.new
47 render :action => 'new', :layout => 'empty'
47 render :action => 'new', :layout => 'empty'
48 end
48 end
49
49
50 def register
50 def register
51 if(params[:cancel])
51 if(params[:cancel])
52 redirect_to :controller => 'main', :action => 'login'
52 redirect_to :controller => 'main', :action => 'login'
53 return
53 return
54 end
54 end
55 @user = User.new(user_params)
55 @user = User.new(user_params)
56 @user.password_confirmation = @user.password = User.random_password
56 @user.password_confirmation = @user.password = User.random_password
57 @user.activated = false
57 @user.activated = false
58 if (@user.valid?) and (@user.save)
58 if (@user.valid?) and (@user.save)
59 if send_confirmation_email(@user)
59 if send_confirmation_email(@user)
60 render :action => 'new_splash', :layout => 'empty'
60 render :action => 'new_splash', :layout => 'empty'
61 else
61 else
62 @admin_email = GraderConfiguration['system.admin_email']
62 @admin_email = GraderConfiguration['system.admin_email']
63 render :action => 'email_error', :layout => 'empty'
63 render :action => 'email_error', :layout => 'empty'
64 end
64 end
65 else
65 else
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -39,64 +39,64
39 click_on 'Update User'
39 click_on 'Update User'
40
40
41 assert_text 'section 2'
41 assert_text 'section 2'
42 end
42 end
43
43
44 test "add multiple users" do
44 test "add multiple users" do
45 login 'admin', 'admin'
45 login 'admin', 'admin'
46 within 'header' do
46 within 'header' do
47 click_on 'Manage'
47 click_on 'Manage'
48 click_on 'Users', match: :first
48 click_on 'Users', match: :first
49 end
49 end
50
50
51 click_on 'New list of users', match: :first
51 click_on 'New list of users', match: :first
52 find(:css, 'textarea').fill_in with:"abc1,Boaty McBoatface,abcdef,alias1,remark1,\nabc2,Boaty2 McSecond,acbdef123,aias2,remark2"
52 find(:css, 'textarea').fill_in with:"abc1,Boaty McBoatface,abcdef,alias1,remark1,\nabc2,Boaty2 McSecond,acbdef123,aias2,remark2"
53 click_on 'create users'
53 click_on 'create users'
54
54
55 assert_text('remark1')
55 assert_text('remark1')
56 assert_text('remark2')
56 assert_text('remark2')
57 end
57 end
58
58
59 test "grant admin right" do
59 test "grant admin right" do
60 login 'admin', 'admin'
60 login 'admin', 'admin'
61 within 'header' do
61 within 'header' do
62 click_on 'Manage'
62 click_on 'Manage'
63 click_on 'Users', match: :first
63 click_on 'Users', match: :first
64 end
64 end
65
65
66 click_on "View administrator"
66 click_on "View administrator"
67 fill_in 'login', with: 'john'
67 fill_in 'login', with: 'john'
68 click_on "Grant"
68 click_on "Grant"
69
69
70 visit logout_main_path
70 visit logout_main_path
71 login 'john','hello'
71 login 'john','hello'
72 within 'header' do
72 within 'header' do
73 click_on 'Manage'
73 click_on 'Manage'
74 click_on 'Problem', match: :first
74 click_on 'Problem', match: :first
75 end
75 end
76 assert_text "Turn off all problems"
76 assert_text "Turn off all problems"
77 end
77 end
78
78
79 test "try using admin from normal user" do
79 test "try using admin from normal user" do
80 login 'admin','admin'
80 login 'admin','admin'
81 visit bulk_manage_user_admin_index_path
81 visit bulk_manage_user_admin_index_path
82 assert_current_path bulk_manage_user_admin_index_path
82 assert_current_path bulk_manage_user_admin_index_path
83 visit logout_main_path
83 visit logout_main_path
84
84
85 login 'jack','morning'
85 login 'jack','morning'
86 visit bulk_manage_user_admin_index_path
86 visit bulk_manage_user_admin_index_path
87 - assert_current_path root_path
88 assert_text 'You are not authorized'
87 assert_text 'You are not authorized'
88 + assert_current_path login_main_path
89
89
90 login 'james','morning'
90 login 'james','morning'
91 visit new_list_user_admin_index_path
91 visit new_list_user_admin_index_path
92 - assert_current_path root_path
93 assert_text 'You are not authorized'
92 assert_text 'You are not authorized'
93 + assert_current_path login_main_path
94 end
94 end
95
95
96 def login(username,password)
96 def login(username,password)
97 visit root_path
97 visit root_path
98 fill_in "Login", with: username
98 fill_in "Login", with: username
99 fill_in "Password", with: password
99 fill_in "Password", with: password
100 click_on "Login"
100 click_on "Login"
101 end
101 end
102 end
102 end
You need to be logged in to leave comments. Login now