Description:
more test and clean up authorization
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
-
r756:aa79958f6521 - - 13 files changed: 53 inserted, 38 deleted
| @@ -91,12 +91,13 | |||
|
|
91 | 91 | coffee-script (2.4.1) |
|
|
92 | 92 | coffee-script-source |
|
|
93 | 93 | execjs |
|
|
94 | 94 | coffee-script-source (1.12.2) |
|
|
95 | 95 | concurrent-ruby (1.1.5) |
|
|
96 | 96 | crass (1.0.4) |
|
|
97 | + diff-lcs (1.3) | |
|
|
97 | 98 | dynamic_form (1.1.4) |
|
|
98 | 99 | erubi (1.8.0) |
|
|
99 | 100 | erubis (2.7.0) |
|
|
100 | 101 | execjs (2.7.0) |
|
|
101 | 102 | ffi (1.11.1) |
|
|
102 | 103 | fuzzy-string-match (1.0.1) |
| @@ -207,12 +208,29 | |||
|
|
207 | 208 | rb-fsevent (0.10.3) |
|
|
208 | 209 | rb-inotify (0.10.0) |
|
|
209 | 210 | ffi (~> 1.0) |
|
|
210 | 211 | rdiscount (2.2.0.1) |
|
|
211 | 212 | regexp_parser (1.5.1) |
|
|
212 | 213 | rouge (3.3.0) |
|
|
214 | + rspec-core (3.8.2) | |
|
|
215 | + rspec-support (~> 3.8.0) | |
|
|
216 | + rspec-expectations (3.8.4) | |
|
|
217 | + diff-lcs (>= 1.2.0, < 2.0) | |
|
|
218 | + rspec-support (~> 3.8.0) | |
|
|
219 | + rspec-mocks (3.8.1) | |
|
|
220 | + diff-lcs (>= 1.2.0, < 2.0) | |
|
|
221 | + rspec-support (~> 3.8.0) | |
|
|
222 | + rspec-rails (3.8.2) | |
|
|
223 | + actionpack (>= 3.0) | |
|
|
224 | + activesupport (>= 3.0) | |
|
|
225 | + railties (>= 3.0) | |
|
|
226 | + rspec-core (~> 3.8.0) | |
|
|
227 | + rspec-expectations (~> 3.8.0) | |
|
|
228 | + rspec-mocks (~> 3.8.0) | |
|
|
229 | + rspec-support (~> 3.8.0) | |
|
|
230 | + rspec-support (3.8.2) | |
|
|
213 | 231 | ruby-progressbar (1.10.0) |
|
|
214 | 232 | ruby_dep (1.5.0) |
|
|
215 | 233 | ruby_parser (3.13.1) |
|
|
216 | 234 | sexp_processor (~> 4.9) |
|
|
217 | 235 | rubyzip (1.2.3) |
|
|
218 | 236 | sass (3.7.4) |
| @@ -317,12 +335,13 | |||
|
|
317 | 335 | puma |
|
|
318 | 336 | rails (~> 5.2) |
|
|
319 | 337 | rails-controller-testing |
|
|
320 | 338 | rails_bootstrap_sortable |
|
|
321 | 339 | rdiscount |
|
|
322 | 340 | rouge |
|
|
341 | + rspec-rails | |
|
|
323 | 342 | sassc-rails |
|
|
324 | 343 | select2-rails |
|
|
325 | 344 | selenium-webdriver |
|
|
326 | 345 | simple_form |
|
|
327 | 346 | spring |
|
|
328 | 347 | spring-watcher-listen (~> 2.0.0) |
| @@ -8,35 +8,35 | |||
|
|
8 | 8 | SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode' |
|
|
9 | 9 | MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login' |
|
|
10 | 10 | ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only' |
|
|
11 | 11 | WHITELIST_IP_CONF_KEY = 'right.whitelist_ip' |
|
|
12 | 12 | |
|
|
13 | 13 | #report and redirect for unauthorized activities |
|
|
14 | - def unauthorized_redirect | |
|
|
15 | - flash[:notice] = 'You are not authorized to view the page you requested' | |
|
|
16 | - redirect_to :controller => 'main', :action => 'login' | |
|
|
14 | + def unauthorized_redirect(notice = 'You are not authorized to view the page you requested') | |
|
|
15 | + flash[:notice] = notice | |
|
|
16 | + redirect_to login_main_path | |
|
|
17 | 17 | end |
|
|
18 | 18 | |
|
|
19 | 19 | # Returns the current logged-in user (if any). |
|
|
20 | 20 | def current_user |
|
|
21 | 21 | return nil unless session[:user_id] |
|
|
22 | 22 | @current_user ||= User.find(session[:user_id]) |
|
|
23 | 23 | end |
|
|
24 | 24 | |
|
|
25 | 25 | def admin_authorization |
|
|
26 |
- return false unless |
|
|
|
26 | + return false unless check_valid_login | |
|
|
27 | 27 | user = User.includes(:roles).find(session[:user_id]) |
|
|
28 | 28 | unless user.admin? |
|
|
29 | 29 | unauthorized_redirect |
|
|
30 | 30 | return false |
|
|
31 | 31 | end |
|
|
32 | 32 | return true |
|
|
33 | 33 | end |
|
|
34 | 34 | |
|
|
35 | 35 | def authorization_by_roles(allowed_roles) |
|
|
36 |
- return false unless |
|
|
|
36 | + return false unless check_valid_login | |
|
|
37 | 37 | user = User.find(session[:user_id]) |
|
|
38 | 38 | unless user.roles.detect { |role| allowed_roles.member?(role.name) } |
|
|
39 | 39 | unauthorized_redirect |
|
|
40 | 40 | return false |
|
|
41 | 41 | end |
|
|
42 | 42 | end |
| @@ -52,43 +52,42 | |||
|
|
52 | 52 | |
|
|
53 | 53 | |
|
|
54 | 54 | protected |
|
|
55 | 55 | |
|
|
56 | 56 | #redirect to root (and also force logout) |
|
|
57 | 57 | #if the user is not logged_in or the system is in "ADMIN ONLY" mode |
|
|
58 | - def authenticate | |
|
|
58 | + def check_valid_login | |
|
|
59 | + #check if logged in | |
|
|
59 | 60 | unless session[:user_id] |
|
|
60 | - flash[:notice] = 'You need to login' | |
|
|
61 | 61 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
62 |
- |
|
|
|
62 | + unauthorized_redirect('You need to login but you cannot log in at this time') | |
|
|
63 | + else | |
|
|
64 | + unauthorized_redirect('You need to login') | |
|
|
63 | 65 | end |
|
|
64 | - redirect_to :controller => 'main', :action => 'login' | |
|
|
65 | 66 | return false |
|
|
66 | 67 | end |
|
|
67 | 68 | |
|
|
68 | 69 | # check if run in single user mode |
|
|
69 | 70 | if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY] |
|
|
70 | 71 | if @current_user==nil || (not @current_user.admin?) |
|
|
71 |
- |
|
|
|
72 | - redirect_to :controller => 'main', :action => 'login' | |
|
|
72 | + unauthorized_redirect('You cannot log in at this time') | |
|
|
73 | 73 | return false |
|
|
74 | 74 | end |
|
|
75 | 75 | end |
|
|
76 | 76 | |
|
|
77 | 77 | # check if the user is enabled |
|
|
78 | 78 | unless @current_user.enabled? || @current_user.admin? |
|
|
79 |
- |
|
|
|
80 | - redirect_to :controller => 'main', :action => 'login' | |
|
|
79 | + unauthorized_redirect 'Your account is disabled' | |
|
|
81 | 80 | return false |
|
|
82 | 81 | end |
|
|
83 | 82 | |
|
|
84 | 83 | # check if user ip is allowed |
|
|
85 | 84 | unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY] |
|
|
86 | 85 | unless is_request_ip_allowed? |
|
|
87 |
- |
|
|
|
88 | - redirect_to root_path | |
|
|
86 | + unauthorized_redirect 'Your IP is not allowed' | |
|
|
87 | + return false | |
|
|
89 | 88 | end |
|
|
90 | 89 | end |
|
|
91 | 90 | |
|
|
92 | 91 | if GraderConfiguration.multicontests? |
|
|
93 | 92 | return true if @current_user.admin? |
|
|
94 | 93 | begin |
| @@ -121,13 +120,13 | |||
|
|
121 | 120 | end |
|
|
122 | 121 | end |
|
|
123 | 122 | return true |
|
|
124 | 123 | end |
|
|
125 | 124 | |
|
|
126 | 125 | def authorization |
|
|
127 |
- return false unless |
|
|
|
126 | + return false unless check_valid_login | |
|
|
128 | 127 | user = User.find(session[:user_id]) |
|
|
129 | 128 | unless user.roles.detect { |role| |
|
|
130 | 129 | role.rights.detect{ |right| |
|
|
131 | 130 | right.controller == self.class.controller_name and |
|
|
132 | 131 | (right.action == 'all' || right.action == action_name) |
|
|
133 | 132 | } |
| @@ -1,11 +1,9 | |||
|
|
1 | 1 | class ConfigurationsController < ApplicationController |
|
|
2 | 2 | |
|
|
3 |
- before_action :a |
|
|
|
4 | - before_action { |controller| controller.authorization_by_roles(['admin'])} | |
|
|
5 | - | |
|
|
3 | + before_action :admin_authorization | |
|
|
6 | 4 | |
|
|
7 | 5 | def index |
|
|
8 | 6 | @configurations = GraderConfiguration.order(:key) |
|
|
9 | 7 | @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort |
|
|
10 | 8 | end |
|
|
11 | 9 | |
| @@ -1,12 +1,12 | |||
|
|
1 | 1 | class GroupsController < ApplicationController |
|
|
2 | 2 | before_action :set_group, only: [:show, :edit, :update, :destroy, |
|
|
3 | 3 | :add_user, :remove_user,:remove_all_user, |
|
|
4 | 4 | :add_problem, :remove_problem,:remove_all_problem, |
|
|
5 | 5 | ] |
|
|
6 |
- before_action |
|
|
|
6 | + before_action :admin_authorization | |
|
|
7 | 7 | |
|
|
8 | 8 | # GET /groups |
|
|
9 | 9 | def index |
|
|
10 | 10 | @groups = Group.all |
|
|
11 | 11 | end |
|
|
12 | 12 | |
| @@ -1,9 +1,9 | |||
|
|
1 | 1 | class MainController < ApplicationController |
|
|
2 | 2 | |
|
|
3 |
- before_action : |
|
|
|
3 | + before_action :check_valid_login, :except => [:login] | |
|
|
4 | 4 | before_action :check_viewability, :except => [:index, :login] |
|
|
5 | 5 | |
|
|
6 | 6 | append_before_action :confirm_and_update_start_time, |
|
|
7 | 7 | :except => [:index, |
|
|
8 | 8 | :login, |
|
|
9 | 9 | :confirm_contest_start] |
| @@ -12,19 +12,14 | |||
|
|
12 | 12 | # system only in some tab |
|
|
13 | 13 | prepend_before_action :reject_announcement_refresh_when_logged_out, |
|
|
14 | 14 | :only => [:announcements] |
|
|
15 | 15 | |
|
|
16 | 16 | before_action :authenticate_by_ip_address, :only => [:list] |
|
|
17 | 17 | |
|
|
18 | - # NOTE: This method is not actually needed, 'config/routes.rb' has | |
|
|
19 | - # assigned action login as a default action. | |
|
|
20 | - def index | |
|
|
21 | - redirect_to :action => 'login' | |
|
|
22 | - end | |
|
|
23 | - | |
|
|
24 | 18 | #reset login, clear session |
|
|
19 | + #front page | |
|
|
25 | 20 | def login |
|
|
26 | 21 | saved_notice = flash[:notice] |
|
|
27 | 22 | reset_session |
|
|
28 | 23 | flash.now[:notice] = saved_notice |
|
|
29 | 24 | |
|
|
30 | 25 | # EXPERIMENT: |
| @@ -1,10 +1,13 | |||
|
|
1 | 1 | class ProblemsController < ApplicationController |
|
|
2 | 2 | |
|
|
3 |
- before_action :a |
|
|
|
4 | - before_action :testcase_authorization, only: [:show_testcase] | |
|
|
3 | + before_action :admin_authorization | |
|
|
4 | + | |
|
|
5 | + #NOTE: ghost from the past? | |
|
|
6 | + #before_action :testcase_authorization, only: [:show_testcase] | |
|
|
7 | + | |
|
|
5 | 8 | |
|
|
6 | 9 | in_place_edit_for :problem, :name |
|
|
7 | 10 | in_place_edit_for :problem, :full_name |
|
|
8 | 11 | in_place_edit_for :problem, :full_score |
|
|
9 | 12 | |
|
|
10 | 13 | def index |
| @@ -1,16 +1,16 | |||
|
|
1 | 1 | require 'csv' |
|
|
2 | 2 | |
|
|
3 | 3 | class ReportController < ApplicationController |
|
|
4 | 4 | |
|
|
5 |
- before_action : |
|
|
|
5 | + before_action :check_valid_login | |
|
|
6 | 6 | |
|
|
7 | 7 | before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score] |
|
|
8 | 8 | |
|
|
9 | 9 | before_action(only: [:problem_hof]) { |c| |
|
|
10 |
- return false unless |
|
|
|
10 | + return false unless check_valid_login | |
|
|
11 | 11 | |
|
|
12 | 12 | admin_authorization unless GraderConfiguration["right.user_view_submission"] |
|
|
13 | 13 | } |
|
|
14 | 14 | |
|
|
15 | 15 | def max_score |
|
|
16 | 16 | end |
| @@ -1,8 +1,8 | |||
|
|
1 | 1 | class SubmissionsController < ApplicationController |
|
|
2 |
- before_action : |
|
|
|
2 | + before_action :check_valid_login | |
|
|
3 | 3 | before_action :submission_authorization, only: [:show, :download, :edit] |
|
|
4 | 4 | before_action :admin_authorization, only: [:rejudge] |
|
|
5 | 5 | |
|
|
6 | 6 | # GET /submissions |
|
|
7 | 7 | # GET /submissions.json |
|
|
8 | 8 | # Show problem selection and user's submission of that problem |
| @@ -1,7 +1,8 | |||
|
|
1 | 1 | class TagsController < ApplicationController |
|
|
2 | + before_action :admin_authorization | |
|
|
2 | 3 | before_action :set_tag, only: [:show, :edit, :update, :destroy] |
|
|
3 | 4 | |
|
|
4 | 5 | # GET /tags |
|
|
5 | 6 | def index |
|
|
6 | 7 | @tags = Tag.all |
|
|
7 | 8 | end |
| @@ -1,9 +1,9 | |||
|
|
1 | 1 | class TasksController < ApplicationController |
|
|
2 | 2 | |
|
|
3 |
- before_action : |
|
|
|
3 | + before_action :check_valid_login, :check_viewability | |
|
|
4 | 4 | |
|
|
5 | 5 | def index |
|
|
6 | 6 | redirect_to :action => 'list' |
|
|
7 | 7 | end |
|
|
8 | 8 | |
|
|
9 | 9 | def list |
| @@ -1,9 +1,9 | |||
|
|
1 | 1 | class TestController < ApplicationController |
|
|
2 | 2 | |
|
|
3 |
- before_action : |
|
|
|
3 | + before_action :check_valid_login, :check_viewability | |
|
|
4 | 4 | |
|
|
5 | 5 | |
|
|
6 | 6 | def index |
|
|
7 | 7 | prepare_index_information |
|
|
8 | 8 | end |
|
|
9 | 9 | |
| @@ -1,23 +1,23 | |||
|
|
1 | 1 | require 'net/smtp' |
|
|
2 | 2 | |
|
|
3 | 3 | class UsersController < ApplicationController |
|
|
4 | 4 | |
|
|
5 | 5 | include MailHelperMethods |
|
|
6 | 6 | |
|
|
7 |
- before_action : |
|
|
|
7 | + before_action :check_valid_login, :except => [:new, | |
|
|
8 | 8 | :register, |
|
|
9 | 9 | :confirm, |
|
|
10 | 10 | :forget, |
|
|
11 | 11 | :retrieve_password] |
|
|
12 | 12 | |
|
|
13 | 13 | before_action :verify_online_registration, :only => [:new, |
|
|
14 | 14 | :register, |
|
|
15 | 15 | :forget, |
|
|
16 | 16 | :retrieve_password] |
|
|
17 |
- before_action : |
|
|
|
17 | + before_action :check_valid_login, :profile_authorization, only: [:profile] | |
|
|
18 | 18 | |
|
|
19 | 19 | before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable] |
|
|
20 | 20 | |
|
|
21 | 21 | |
|
|
22 | 22 | #in_place_edit_for :user, :alias_for_editing |
|
|
23 | 23 | #in_place_edit_for :user, :email_for_editing |
| @@ -81,19 +81,19 | |||
|
|
81 | 81 | visit bulk_manage_user_admin_index_path |
|
|
82 | 82 | assert_current_path bulk_manage_user_admin_index_path |
|
|
83 | 83 | visit logout_main_path |
|
|
84 | 84 | |
|
|
85 | 85 | login 'jack','morning' |
|
|
86 | 86 | visit bulk_manage_user_admin_index_path |
|
|
87 | - assert_current_path root_path | |
|
|
88 | 87 | assert_text 'You are not authorized' |
|
|
88 | + assert_current_path login_main_path | |
|
|
89 | 89 | |
|
|
90 | 90 | login 'james','morning' |
|
|
91 | 91 | visit new_list_user_admin_index_path |
|
|
92 | - assert_current_path root_path | |
|
|
93 | 92 | assert_text 'You are not authorized' |
|
|
93 | + assert_current_path login_main_path | |
|
|
94 | 94 | end |
|
|
95 | 95 | |
|
|
96 | 96 | def login(username,password) |
|
|
97 | 97 | visit root_path |
|
|
98 | 98 | fill_in "Login", with: username |
|
|
99 | 99 | fill_in "Password", with: password |
You need to be logged in to leave comments.
Login now