cafe-grader-web

Commit r756:aa79958f6521 public

parent | child
Description:
more test and clean up authorization
Commit status:
[Not Reviewed]
References:
algo
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r756:aa79958f6521 - - 13 files changed: 53 inserted, 38 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,337 +1,356
1 1 GEM
2 2 remote: https://rubygems.org/
3 3 specs:
4 4 RubyInline (3.12.4)
5 5 ZenTest (~> 4.3)
6 6 ZenTest (4.11.2)
7 7 ace-rails-ap (4.2)
8 8 actioncable (5.2.3)
9 9 actionpack (= 5.2.3)
10 10 nio4r (~> 2.0)
11 11 websocket-driver (>= 0.6.1)
12 12 actionmailer (5.2.3)
13 13 actionpack (= 5.2.3)
14 14 actionview (= 5.2.3)
15 15 activejob (= 5.2.3)
16 16 mail (~> 2.5, >= 2.5.4)
17 17 rails-dom-testing (~> 2.0)
18 18 actionpack (5.2.3)
19 19 actionview (= 5.2.3)
20 20 activesupport (= 5.2.3)
21 21 rack (~> 2.0)
22 22 rack-test (>= 0.6.3)
23 23 rails-dom-testing (~> 2.0)
24 24 rails-html-sanitizer (~> 1.0, >= 1.0.2)
25 25 actionview (5.2.3)
26 26 activesupport (= 5.2.3)
27 27 builder (~> 3.1)
28 28 erubi (~> 1.4)
29 29 rails-dom-testing (~> 2.0)
30 30 rails-html-sanitizer (~> 1.0, >= 1.0.3)
31 31 activejob (5.2.3)
32 32 activesupport (= 5.2.3)
33 33 globalid (>= 0.3.6)
34 34 activemodel (5.2.3)
35 35 activesupport (= 5.2.3)
36 36 activerecord (5.2.3)
37 37 activemodel (= 5.2.3)
38 38 activesupport (= 5.2.3)
39 39 arel (>= 9.0)
40 40 activerecord-session_store (1.1.3)
41 41 actionpack (>= 4.0)
42 42 activerecord (>= 4.0)
43 43 multi_json (~> 1.11, >= 1.11.2)
44 44 rack (>= 1.5.2, < 3)
45 45 railties (>= 4.0)
46 46 activestorage (5.2.3)
47 47 actionpack (= 5.2.3)
48 48 activerecord (= 5.2.3)
49 49 marcel (~> 0.3.1)
50 50 activesupport (5.2.3)
51 51 concurrent-ruby (~> 1.0, >= 1.0.2)
52 52 i18n (>= 0.7, < 2)
53 53 minitest (~> 5.1)
54 54 tzinfo (~> 1.1)
55 55 addressable (2.6.0)
56 56 public_suffix (>= 2.0.2, < 4.0)
57 57 ansi (1.5.0)
58 58 arel (9.0.0)
59 59 autoprefixer-rails (9.5.1.1)
60 60 execjs
61 61 best_in_place (3.0.3)
62 62 actionpack (>= 3.2)
63 63 railties (>= 3.2)
64 64 bindex (0.7.0)
65 65 bootsnap (1.4.4)
66 66 msgpack (~> 1.0)
67 67 bootstrap-datepicker-rails (1.8.0.1)
68 68 railties (>= 3.0)
69 69 bootstrap-sass (3.4.1)
70 70 autoprefixer-rails (>= 5.2.1)
71 71 sassc (>= 2.0.0)
72 72 bootstrap-switch-rails (3.3.4)
73 73 bootstrap-toggle-rails (2.2.1.0)
74 74 bootstrap3-datetimepicker-rails (4.17.47)
75 75 momentjs-rails (>= 2.8.1)
76 76 builder (3.2.3)
77 77 byebug (11.0.1)
78 78 capybara (3.25.0)
79 79 addressable
80 80 mini_mime (>= 0.1.3)
81 81 nokogiri (~> 1.8)
82 82 rack (>= 1.6.0)
83 83 rack-test (>= 0.6.3)
84 84 regexp_parser (~> 1.5)
85 85 xpath (~> 3.2)
86 86 childprocess (1.0.1)
87 87 rake (< 13.0)
88 88 coffee-rails (4.2.2)
89 89 coffee-script (>= 2.2.0)
90 90 railties (>= 4.0.0)
91 91 coffee-script (2.4.1)
92 92 coffee-script-source
93 93 execjs
94 94 coffee-script-source (1.12.2)
95 95 concurrent-ruby (1.1.5)
96 96 crass (1.0.4)
97 + diff-lcs (1.3)
97 98 dynamic_form (1.1.4)
98 99 erubi (1.8.0)
99 100 erubis (2.7.0)
100 101 execjs (2.7.0)
101 102 ffi (1.11.1)
102 103 fuzzy-string-match (1.0.1)
103 104 RubyInline (>= 3.8.6)
104 105 globalid (0.4.2)
105 106 activesupport (>= 4.2.0)
106 107 haml (5.1.0)
107 108 temple (>= 0.8.0)
108 109 tilt
109 110 haml-rails (1.0.0)
110 111 actionpack (>= 4.0.1)
111 112 activesupport (>= 4.0.1)
112 113 haml (>= 4.0.6, < 6.0)
113 114 html2haml (>= 1.0.1)
114 115 railties (>= 4.0.1)
115 116 html2haml (2.2.0)
116 117 erubis (~> 2.7.0)
117 118 haml (>= 4.0, < 6)
118 119 nokogiri (>= 1.6.0)
119 120 ruby_parser (~> 3.5)
120 121 i18n (1.6.0)
121 122 concurrent-ruby (~> 1.0)
122 123 in_place_editing (1.2.0)
123 124 jbuilder (2.9.1)
124 125 activesupport (>= 4.2.0)
125 126 jquery-countdown-rails (2.0.2)
126 127 jquery-datatables-rails (3.4.0)
127 128 actionpack (>= 3.1)
128 129 jquery-rails
129 130 railties (>= 3.1)
130 131 sass-rails
131 132 jquery-rails (4.3.3)
132 133 rails-dom-testing (>= 1, < 3)
133 134 railties (>= 4.2.0)
134 135 thor (>= 0.14, < 2.0)
135 136 jquery-tablesorter (1.26.1)
136 137 railties (>= 3.2, < 6)
137 138 jquery-timepicker-addon-rails (1.4.1)
138 139 railties (>= 3.1)
139 140 jquery-ui-rails (6.0.1)
140 141 railties (>= 3.2.16)
141 142 listen (3.1.5)
142 143 rb-fsevent (~> 0.9, >= 0.9.4)
143 144 rb-inotify (~> 0.9, >= 0.9.7)
144 145 ruby_dep (~> 1.2)
145 146 loofah (2.2.3)
146 147 crass (~> 1.0.2)
147 148 nokogiri (>= 1.5.9)
148 149 mail (2.7.1)
149 150 mini_mime (>= 0.1.1)
150 151 marcel (0.3.3)
151 152 mimemagic (~> 0.3.2)
152 153 method_source (0.9.2)
153 154 mimemagic (0.3.3)
154 155 mini_mime (1.0.1)
155 156 mini_portile2 (2.4.0)
156 157 minitest (5.11.3)
157 158 minitest-reporters (1.3.6)
158 159 ansi
159 160 builder
160 161 minitest (>= 5.0)
161 162 ruby-progressbar
162 163 momentjs-rails (2.20.1)
163 164 railties (>= 3.1)
164 165 msgpack (1.3.0)
165 166 multi_json (1.13.1)
166 167 mysql2 (0.5.2)
167 168 nio4r (2.3.1)
168 169 nokogiri (1.10.3)
169 170 mini_portile2 (~> 2.4.0)
170 171 public_suffix (3.1.1)
171 172 puma (4.0.0)
172 173 nio4r (~> 2.0)
173 174 rack (2.0.7)
174 175 rack-test (1.1.0)
175 176 rack (>= 1.0, < 3)
176 177 rails (5.2.3)
177 178 actioncable (= 5.2.3)
178 179 actionmailer (= 5.2.3)
179 180 actionpack (= 5.2.3)
180 181 actionview (= 5.2.3)
181 182 activejob (= 5.2.3)
182 183 activemodel (= 5.2.3)
183 184 activerecord (= 5.2.3)
184 185 activestorage (= 5.2.3)
185 186 activesupport (= 5.2.3)
186 187 bundler (>= 1.3.0)
187 188 railties (= 5.2.3)
188 189 sprockets-rails (>= 2.0.0)
189 190 rails-controller-testing (1.0.4)
190 191 actionpack (>= 5.0.1.x)
191 192 actionview (>= 5.0.1.x)
192 193 activesupport (>= 5.0.1.x)
193 194 rails-dom-testing (2.0.3)
194 195 activesupport (>= 4.2.0)
195 196 nokogiri (>= 1.6)
196 197 rails-html-sanitizer (1.0.4)
197 198 loofah (~> 2.2, >= 2.2.2)
198 199 rails_bootstrap_sortable (2.0.6)
199 200 momentjs-rails (>= 2.8.3)
200 201 railties (5.2.3)
201 202 actionpack (= 5.2.3)
202 203 activesupport (= 5.2.3)
203 204 method_source
204 205 rake (>= 0.8.7)
205 206 thor (>= 0.19.0, < 2.0)
206 207 rake (12.3.2)
207 208 rb-fsevent (0.10.3)
208 209 rb-inotify (0.10.0)
209 210 ffi (~> 1.0)
210 211 rdiscount (2.2.0.1)
211 212 regexp_parser (1.5.1)
212 213 rouge (3.3.0)
214 + rspec-core (3.8.2)
215 + rspec-support (~> 3.8.0)
216 + rspec-expectations (3.8.4)
217 + diff-lcs (>= 1.2.0, < 2.0)
218 + rspec-support (~> 3.8.0)
219 + rspec-mocks (3.8.1)
220 + diff-lcs (>= 1.2.0, < 2.0)
221 + rspec-support (~> 3.8.0)
222 + rspec-rails (3.8.2)
223 + actionpack (>= 3.0)
224 + activesupport (>= 3.0)
225 + railties (>= 3.0)
226 + rspec-core (~> 3.8.0)
227 + rspec-expectations (~> 3.8.0)
228 + rspec-mocks (~> 3.8.0)
229 + rspec-support (~> 3.8.0)
230 + rspec-support (3.8.2)
213 231 ruby-progressbar (1.10.0)
214 232 ruby_dep (1.5.0)
215 233 ruby_parser (3.13.1)
216 234 sexp_processor (~> 4.9)
217 235 rubyzip (1.2.3)
218 236 sass (3.7.4)
219 237 sass-listen (~> 4.0.0)
220 238 sass-listen (4.0.0)
221 239 rb-fsevent (~> 0.9, >= 0.9.4)
222 240 rb-inotify (~> 0.9, >= 0.9.7)
223 241 sass-rails (5.0.7)
224 242 railties (>= 4.0.0, < 6)
225 243 sass (~> 3.1)
226 244 sprockets (>= 2.8, < 4.0)
227 245 sprockets-rails (>= 2.0, < 4.0)
228 246 tilt (>= 1.1, < 3)
229 247 sassc (2.0.1)
230 248 ffi (~> 1.9)
231 249 rake
232 250 sassc-rails (2.1.1)
233 251 railties (>= 4.0.0)
234 252 sassc (>= 2.0)
235 253 sprockets (> 3.0)
236 254 sprockets-rails
237 255 tilt
238 256 select2-rails (4.0.3)
239 257 thor (~> 0.14)
240 258 selenium-webdriver (3.142.3)
241 259 childprocess (>= 0.5, < 2.0)
242 260 rubyzip (~> 1.2, >= 1.2.2)
243 261 sexp_processor (4.12.0)
244 262 simple_form (4.1.0)
245 263 actionpack (>= 5.0)
246 264 activemodel (>= 5.0)
247 265 spring (2.1.0)
248 266 spring-watcher-listen (2.0.1)
249 267 listen (>= 2.7, < 4.0)
250 268 spring (>= 1.2, < 3.0)
251 269 sprockets (3.7.2)
252 270 concurrent-ruby (~> 1.0)
253 271 rack (> 1, < 3)
254 272 sprockets-rails (3.2.1)
255 273 actionpack (>= 4.0)
256 274 activesupport (>= 4.0)
257 275 sprockets (>= 3.0.0)
258 276 sqlite3 (1.4.1)
259 277 temple (0.8.1)
260 278 thor (0.20.3)
261 279 thread_safe (0.3.6)
262 280 tilt (2.0.9)
263 281 tzinfo (1.2.5)
264 282 thread_safe (~> 0.1)
265 283 uglifier (4.1.20)
266 284 execjs (>= 0.3.0, < 3)
267 285 web-console (3.7.0)
268 286 actionview (>= 5.0)
269 287 activemodel (>= 5.0)
270 288 bindex (>= 0.4.0)
271 289 railties (>= 5.0)
272 290 webdriver (0.1.0)
273 291 websocket-driver (0.7.1)
274 292 websocket-extensions (>= 0.1.0)
275 293 websocket-extensions (0.1.4)
276 294 will_paginate (3.0.12)
277 295 xpath (3.2.0)
278 296 nokogiri (~> 1.8)
279 297 yaml_db (0.7.0)
280 298 rails (>= 3.0)
281 299 rake (>= 0.8.7)
282 300
283 301 PLATFORMS
284 302 ruby
285 303
286 304 DEPENDENCIES
287 305 ace-rails-ap
288 306 activerecord-session_store
289 307 autoprefixer-rails
290 308 best_in_place (~> 3.0.1)
291 309 bootsnap (>= 1.1.0)
292 310 bootstrap-datepicker-rails
293 311 bootstrap-sass (~> 3.4.1)
294 312 bootstrap-switch-rails
295 313 bootstrap-toggle-rails
296 314 bootstrap3-datetimepicker-rails
297 315 byebug
298 316 capybara (>= 2.15)
299 317 coffee-rails
300 318 dynamic_form
301 319 fuzzy-string-match
302 320 haml
303 321 haml-rails
304 322 in_place_editing
305 323 jbuilder (~> 2.5)
306 324 jquery-countdown-rails
307 325 jquery-datatables-rails
308 326 jquery-rails
309 327 jquery-tablesorter
310 328 jquery-timepicker-addon-rails
311 329 jquery-ui-rails
312 330 listen (>= 3.0.5, < 3.2)
313 331 mail
314 332 minitest-reporters
315 333 momentjs-rails
316 334 mysql2
317 335 puma
318 336 rails (~> 5.2)
319 337 rails-controller-testing
320 338 rails_bootstrap_sortable
321 339 rdiscount
322 340 rouge
341 + rspec-rails
323 342 sassc-rails
324 343 select2-rails
325 344 selenium-webdriver
326 345 simple_form
327 346 spring
328 347 spring-watcher-listen (~> 2.0.0)
329 348 sqlite3
330 349 uglifier
331 350 web-console (>= 3.3.0)
332 351 webdriver
333 352 will_paginate (~> 3.0.7)
334 353 yaml_db
335 354
336 355 BUNDLED WITH
337 356 1.17.2
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,167 +1,166
1 1 require 'ipaddr'
2 2
3 3 class ApplicationController < ActionController::Base
4 4 protect_from_forgery
5 5
6 6 before_action :current_user
7 7
8 8 SINGLE_USER_MODE_CONF_KEY = 'system.single_user_mode'
9 9 MULTIPLE_IP_LOGIN_CONF_KEY = 'right.multiple_ip_login'
10 10 ALLOW_WHITELIST_IP_ONLY_CONF_KEY = 'right.allow_whitelist_ip_only'
11 11 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
12 12
13 13 #report and redirect for unauthorized activities
14 - def unauthorized_redirect
15 - flash[:notice] = 'You are not authorized to view the page you requested'
16 - redirect_to :controller => 'main', :action => 'login'
14 + def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
15 + flash[:notice] = notice
16 + redirect_to login_main_path
17 17 end
18 18
19 19 # Returns the current logged-in user (if any).
20 20 def current_user
21 21 return nil unless session[:user_id]
22 22 @current_user ||= User.find(session[:user_id])
23 23 end
24 24
25 25 def admin_authorization
26 - return false unless authenticate
26 + return false unless check_valid_login
27 27 user = User.includes(:roles).find(session[:user_id])
28 28 unless user.admin?
29 29 unauthorized_redirect
30 30 return false
31 31 end
32 32 return true
33 33 end
34 34
35 35 def authorization_by_roles(allowed_roles)
36 - return false unless authenticate
36 + return false unless check_valid_login
37 37 user = User.find(session[:user_id])
38 38 unless user.roles.detect { |role| allowed_roles.member?(role.name) }
39 39 unauthorized_redirect
40 40 return false
41 41 end
42 42 end
43 43
44 44 def testcase_authorization
45 45 #admin always has privileged
46 46 if @current_user.admin?
47 47 return true
48 48 end
49 49
50 50 unauthorized_redirect unless GraderConfiguration["right.view_testcase"]
51 51 end
52 52
53 53
54 54 protected
55 55
56 56 #redirect to root (and also force logout)
57 57 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
58 - def authenticate
58 + def check_valid_login
59 + #check if logged in
59 60 unless session[:user_id]
60 - flash[:notice] = 'You need to login'
61 61 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
62 - flash[:notice] = 'You need to login but you cannot log in at this time'
62 + unauthorized_redirect('You need to login but you cannot log in at this time')
63 + else
64 + unauthorized_redirect('You need to login')
63 65 end
64 - redirect_to :controller => 'main', :action => 'login'
65 66 return false
66 67 end
67 68
68 69 # check if run in single user mode
69 70 if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
70 71 if @current_user==nil || (not @current_user.admin?)
71 - flash[:notice] = 'You cannot log in at this time'
72 - redirect_to :controller => 'main', :action => 'login'
72 + unauthorized_redirect('You cannot log in at this time')
73 73 return false
74 74 end
75 75 end
76 76
77 77 # check if the user is enabled
78 78 unless @current_user.enabled? || @current_user.admin?
79 - flash[:notice] = 'Your account is disabled'
80 - redirect_to :controller => 'main', :action => 'login'
79 + unauthorized_redirect 'Your account is disabled'
81 80 return false
82 81 end
83 82
84 83 # check if user ip is allowed
85 84 unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
86 85 unless is_request_ip_allowed?
87 - flash[:notice] = 'Your IP is not allowed'
88 - redirect_to root_path
86 + unauthorized_redirect 'Your IP is not allowed'
87 + return false
89 88 end
90 89 end
91 90
92 91 if GraderConfiguration.multicontests?
93 92 return true if @current_user.admin?
94 93 begin
95 94 if @current_user.contest_stat(true).forced_logout
96 95 flash[:notice] = 'You have been automatically logged out.'
97 96 redirect_to :controller => 'main', :action => 'index'
98 97 end
99 98 rescue
100 99 end
101 100 end
102 101 return true
103 102 end
104 103
105 104 #redirect to root (and also force logout)
106 105 #if the user use different ip from the previous connection
107 106 # only applicable when MULTIPLE_IP_LOGIN options is false only
108 107 def authenticate_by_ip_address
109 108 #this assume that we have already authenticate normally
110 109 unless GraderConfiguration[MULTIPLE_IP_LOGIN_CONF_KEY]
111 110 user = User.find(session[:user_id])
112 111 if (not @current_user.admin? && user.last_ip && user.last_ip != request.remote_ip)
113 112 flash[:notice] = "You cannot use the system from #{request.remote_ip}. Your last ip is #{user.last_ip}"
114 113 redirect_to :controller => 'main', :action => 'login'
115 114 puts "CHEAT: user #{user.login} tried to login from '#{request.remote_ip}' while last ip is '#{user.last_ip}' at #{Time.zone.now}"
116 115 return false
117 116 end
118 117 unless user.last_ip
119 118 user.last_ip = request.remote_ip
120 119 user.save
121 120 end
122 121 end
123 122 return true
124 123 end
125 124
126 125 def authorization
127 - return false unless authenticate
126 + return false unless check_valid_login
128 127 user = User.find(session[:user_id])
129 128 unless user.roles.detect { |role|
130 129 role.rights.detect{ |right|
131 130 right.controller == self.class.controller_name and
132 131 (right.action == 'all' || right.action == action_name)
133 132 }
134 133 }
135 134 flash[:notice] = 'You are not authorized to view the page you requested'
136 135 #request.env['HTTP_REFERER'] ? (redirect_to :back) : (redirect_to :controller => 'login')
137 136 redirect_to :controller => 'main', :action => 'login'
138 137 return false
139 138 end
140 139 end
141 140
142 141 def verify_time_limit
143 142 return true if session[:user_id]==nil
144 143 user = User.find(session[:user_id], :include => :site)
145 144 return true if user==nil || user.site == nil
146 145 if user.contest_finished?
147 146 flash[:notice] = 'Error: the contest you are participating is over.'
148 147 redirect_to :back
149 148 return false
150 149 end
151 150 return true
152 151 end
153 152
154 153 def is_request_ip_allowed?
155 154 if GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
156 155 user_ip = IPAddr.new(request.remote_ip)
157 156 GraderConfiguration[WHITELIST_IP_LIST_CONF_KEY].delete(' ').split(',').each do |ips|
158 157 allow_ips = IPAddr.new(ips)
159 158 unless allow_ips.includes(user_ip)
160 159 return false
161 160 end
162 161 end
163 162 end
164 163 return true
165 164 end
166 165
167 166 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,34 +1,32
1 1 class ConfigurationsController < ApplicationController
2 2
3 - before_action :authenticate
4 - before_action { |controller| controller.authorization_by_roles(['admin'])}
5 -
3 + before_action :admin_authorization
6 4
7 5 def index
8 6 @configurations = GraderConfiguration.order(:key)
9 7 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
10 8 end
11 9
12 10 def reload
13 11 GraderConfiguration.reload
14 12 redirect_to :action => 'index'
15 13 end
16 14
17 15 def update
18 16 @config = GraderConfiguration.find(params[:id])
19 17 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
20 18 respond_to do |format|
21 19 if @config.update_attributes(configuration_params)
22 20 format.json { head :ok }
23 21 else
24 22 format.json { respond_with_bip(@config) }
25 23 end
26 24 end
27 25 end
28 26
29 27 private
30 28 def configuration_params
31 29 params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
32 30 end
33 31
34 32 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,102 +1,102
1 1 class GroupsController < ApplicationController
2 2 before_action :set_group, only: [:show, :edit, :update, :destroy,
3 3 :add_user, :remove_user,:remove_all_user,
4 4 :add_problem, :remove_problem,:remove_all_problem,
5 5 ]
6 - before_action :authenticate, :admin_authorization
6 + before_action :admin_authorization
7 7
8 8 # GET /groups
9 9 def index
10 10 @groups = Group.all
11 11 end
12 12
13 13 # GET /groups/1
14 14 def show
15 15 end
16 16
17 17 # GET /groups/new
18 18 def new
19 19 @group = Group.new
20 20 end
21 21
22 22 # GET /groups/1/edit
23 23 def edit
24 24 end
25 25
26 26 # POST /groups
27 27 def create
28 28 @group = Group.new(group_params)
29 29
30 30 if @group.save
31 31 redirect_to @group, notice: 'Group was successfully created.'
32 32 else
33 33 render :new
34 34 end
35 35 end
36 36
37 37 # PATCH/PUT /groups/1
38 38 def update
39 39 if @group.update(group_params)
40 40 redirect_to @group, notice: 'Group was successfully updated.'
41 41 else
42 42 render :edit
43 43 end
44 44 end
45 45
46 46 # DELETE /groups/1
47 47 def destroy
48 48 @group.destroy
49 49 redirect_to groups_url, notice: 'Group was successfully destroyed.'
50 50 end
51 51
52 52 def remove_user
53 53 user = User.find(params[:user_id])
54 54 @group.users.delete(user)
55 55 redirect_to group_path(@group), flash: {success: "User #{user.login} was removed from the group #{@group.name}"}
56 56 end
57 57
58 58 def remove_all_user
59 59 @group.users.clear
60 60 redirect_to group_path(@group), alert: 'All users removed'
61 61 end
62 62
63 63 def remove_all_problem
64 64 @group.problems.clear
65 65 redirect_to group_path(@group), alert: 'All problems removed'
66 66 end
67 67
68 68 def add_user
69 69 user = User.find(params[:user_id])
70 70 begin
71 71 @group.users << user
72 72 redirect_to group_path(@group), flash: { success: "User #{user.login} was add to the group #{@group.name}"}
73 73 rescue => e
74 74 redirect_to group_path(@group), alert: e.message
75 75 end
76 76 end
77 77
78 78 def remove_problem
79 79 problem = Problem.find(params[:problem_id])
80 80 @group.problems.delete(problem)
81 81 redirect_to group_path(@group), flash: {success: "Problem #{problem.name} was removed from the group #{@group.name}" }
82 82 end
83 83
84 84 def add_problem
85 85 problem = Problem.find(params[:problem_id])
86 86 begin
87 87 @group.problems << problem
88 88 redirect_to group_path(@group), flash: {success: "Problem #{problem.name} was add to the group #{@group.name}" }
89 89 rescue => e
90 90 redirect_to group_path(@group), alert: e.message
91 91 end
92 92 end
93 93
94 94 private
95 95 # Use callbacks to share common setup or constraints between actions.
96 96 def set_group
97 97 @group = Group.find(params[:id])
98 98 end
99 99
100 100 # Only allow a trusted parameter "white list" through.
101 101 def group_params
102 102 params.require(:group).permit(:name, :description)
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,120 +1,115
1 1 class MainController < ApplicationController
2 2
3 - before_action :authenticate, :except => [:index, :login]
3 + before_action :check_valid_login, :except => [:login]
4 4 before_action :check_viewability, :except => [:index, :login]
5 5
6 6 append_before_action :confirm_and_update_start_time,
7 7 :except => [:index,
8 8 :login,
9 9 :confirm_contest_start]
10 10
11 11 # to prevent log in box to be shown when user logged out of the
12 12 # system only in some tab
13 13 prepend_before_action :reject_announcement_refresh_when_logged_out,
14 14 :only => [:announcements]
15 15
16 16 before_action :authenticate_by_ip_address, :only => [:list]
17 17
18 - # NOTE: This method is not actually needed, 'config/routes.rb' has
19 - # assigned action login as a default action.
20 - def index
21 - redirect_to :action => 'login'
22 - end
23 -
24 18 #reset login, clear session
19 + #front page
25 20 def login
26 21 saved_notice = flash[:notice]
27 22 reset_session
28 23 flash.now[:notice] = saved_notice
29 24
30 25 # EXPERIMENT:
31 26 # Hide login if in single user mode and the url does not
32 27 # explicitly specify /login
33 28 #
34 29 # logger.info "PATH: #{request.path}"
35 30 # if GraderConfiguration['system.single_user_mode'] and
36 31 # request.path!='/main/login'
37 32 # @hidelogin = true
38 33 # end
39 34
40 35 @announcements = Announcement.frontpage
41 36 render :action => 'login', :layout => 'empty'
42 37 end
43 38
44 39 def logout
45 40 reset_session
46 41 redirect_to root_path
47 42 end
48 43
49 44 def list
50 45 prepare_list_information
51 46 end
52 47
53 48 def help
54 49 @user = User.find(session[:user_id])
55 50 end
56 51
57 52 def submit
58 53 user = User.find(session[:user_id])
59 54
60 55 @submission = Submission.new
61 56 @submission.problem_id = params[:submission][:problem_id]
62 57 @submission.user = user
63 58 @submission.language_id = 0
64 59 if (params['file']) and (params['file']!='')
65 60 @submission.source = File.open(params['file'].path,'r:UTF-8',&:read)
66 61 @submission.source.encode!('UTF-8','UTF-8',invalid: :replace, replace: '')
67 62 @submission.source_filename = params['file'].original_filename
68 63 end
69 64
70 65 if (params[:editor_text])
71 66 language = Language.find_by_id(params[:language_id])
72 67 @submission.source = params[:editor_text]
73 68 @submission.source_filename = "live_edit.#{language.ext}"
74 69 @submission.language = language
75 70 end
76 71
77 72 @submission.submitted_at = Time.new.gmtime
78 73 @submission.ip_address = request.remote_ip
79 74
80 75 if GraderConfiguration.time_limit_mode? and user.contest_finished?
81 76 @submission.errors.add(:base,"The contest is over.")
82 77 prepare_list_information
83 78 render :action => 'list' and return
84 79 end
85 80
86 81 if @submission.valid?(@current_user)
87 82 if @submission.save == false
88 83 flash[:notice] = 'Error saving your submission'
89 84 elsif Task.create(:submission_id => @submission.id,
90 85 :status => Task::STATUS_INQUEUE) == false
91 86 flash[:notice] = 'Error adding your submission to task queue'
92 87 end
93 88 else
94 89 prepare_list_information
95 90 render :action => 'list' and return
96 91 end
97 92 redirect_to edit_submission_path(@submission)
98 93 end
99 94
100 95 def source
101 96 submission = Submission.find(params[:id])
102 97 if ((submission.user_id == session[:user_id]) and
103 98 (submission.problem != nil) and
104 99 (submission.problem.available))
105 100 send_data(submission.source,
106 101 {:filename => submission.download_filename,
107 102 :type => 'text/plain'})
108 103 else
109 104 flash[:notice] = 'Error viewing source'
110 105 redirect_to :action => 'list'
111 106 end
112 107 end
113 108
114 109 def compiler_msg
115 110 @submission = Submission.find(params[:id])
116 111 if @submission.user_id == session[:user_id]
117 112 render :action => 'compiler_msg', :layout => 'empty'
118 113 else
119 114 flash[:notice] = 'Error viewing source'
120 115 redirect_to :action => 'list'
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,100 +1,103
1 1 class ProblemsController < ApplicationController
2 2
3 - before_action :authenticate, :authorization
4 - before_action :testcase_authorization, only: [:show_testcase]
3 + before_action :admin_authorization
4 +
5 + #NOTE: ghost from the past?
6 + #before_action :testcase_authorization, only: [:show_testcase]
7 +
5 8
6 9 in_place_edit_for :problem, :name
7 10 in_place_edit_for :problem, :full_name
8 11 in_place_edit_for :problem, :full_score
9 12
10 13 def index
11 14 @problems = Problem.order(date_added: :desc)
12 15 end
13 16
14 17
15 18 def show
16 19 @problem = Problem.find(params[:id])
17 20 end
18 21
19 22 def new
20 23 @problem = Problem.new
21 24 @description = nil
22 25 end
23 26
24 27 def create
25 28 @problem = Problem.new(problem_params)
26 29 @description = Description.new(problem_params[:description])
27 30 if @description.body!=''
28 31 if !@description.save
29 32 render :action => new and return
30 33 end
31 34 else
32 35 @description = nil
33 36 end
34 37 @problem.description = @description
35 38 if @problem.save
36 39 flash[:notice] = 'Problem was successfully created.'
37 40 redirect_to action: :index
38 41 else
39 42 render :action => 'new'
40 43 end
41 44 end
42 45
43 46 def quick_create
44 47 @problem = Problem.new(problem_params)
45 48 @problem.full_name = @problem.name if @problem.full_name == ''
46 49 @problem.full_score = 100
47 50 @problem.available = false
48 51 @problem.test_allowed = true
49 52 @problem.output_only = false
50 53 @problem.date_added = Time.new
51 54 if @problem.save
52 55 flash[:notice] = 'Problem was successfully created.'
53 56 redirect_to action: :index
54 57 else
55 58 flash[:notice] = 'Error saving problem'
56 59 redirect_to action: :index
57 60 end
58 61 end
59 62
60 63 def edit
61 64 @problem = Problem.find(params[:id])
62 65 @description = @problem.description
63 66 end
64 67
65 68 def update
66 69 @problem = Problem.find(params[:id])
67 70 @description = @problem.description
68 71 if @description.nil? and params[:description][:body]!=''
69 72 @description = Description.new(description_params)
70 73 if !@description.save
71 74 flash[:notice] = 'Error saving description'
72 75 render :action => 'edit' and return
73 76 end
74 77 @problem.description = @description
75 78 elsif @description
76 79 if !@description.update_attributes(description_params)
77 80 flash[:notice] = 'Error saving description'
78 81 render :action => 'edit' and return
79 82 end
80 83 end
81 84 if params[:file] and params[:file].content_type != 'application/pdf'
82 85 flash[:notice] = 'Error: Uploaded file is not PDF'
83 86 render :action => 'edit' and return
84 87 end
85 88 if @problem.update_attributes(problem_params)
86 89 flash[:notice] = 'Problem was successfully updated.'
87 90 unless params[:file] == nil or params[:file] == ''
88 91 flash[:notice] = 'Problem was successfully updated and a new PDF file is uploaded.'
89 92 out_dirname = "#{Problem.download_file_basedir}/#{@problem.id}"
90 93 if not FileTest.exists? out_dirname
91 94 Dir.mkdir out_dirname
92 95 end
93 96
94 97 out_filename = "#{out_dirname}/#{@problem.name}.pdf"
95 98 if FileTest.exists? out_filename
96 99 File.delete out_filename
97 100 end
98 101
99 102 File.open(out_filename,"wb") do |file|
100 103 file.write(params[:file].read)
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,106 +1,106
1 1 require 'csv'
2 2
3 3 class ReportController < ApplicationController
4 4
5 - before_action :authenticate
5 + before_action :check_valid_login
6 6
7 7 before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score]
8 8
9 9 before_action(only: [:problem_hof]) { |c|
10 - return false unless authenticate
10 + return false unless check_valid_login
11 11
12 12 admin_authorization unless GraderConfiguration["right.user_view_submission"]
13 13 }
14 14
15 15 def max_score
16 16 end
17 17
18 18 def current_score
19 19 @problems = Problem.available_problems
20 20 @users = User.includes(:contests).includes(:contest_stat).where(enabled: true)
21 21 @scorearray = calculate_max_score(@problems, @users,0,0,true)
22 22
23 23 #rencer accordingly
24 24 if params[:button] == 'download' then
25 25 csv = gen_csv_from_scorearray(@scorearray,@problems)
26 26 send_data csv, filename: 'max_score.csv'
27 27 else
28 28 #render template: 'user_admin/user_stat'
29 29 render 'current_score'
30 30 end
31 31 end
32 32
33 33 def show_max_score
34 34 #process parameters
35 35 #problems
36 36 @problems = []
37 37 if params[:problem_id]
38 38 params[:problem_id].each do |id|
39 39 next unless id.strip != ""
40 40 pid = Problem.find_by_id(id.to_i)
41 41 @problems << pid if pid
42 42 end
43 43 end
44 44
45 45 #users
46 46 @users = if params[:users] == "all" then
47 47 User.includes(:contests).includes(:contest_stat)
48 48 else
49 49 User.includes(:contests).includes(:contest_stat).where(enabled: true)
50 50 end
51 51
52 52 #set up range from param
53 53 @since_id = params.fetch(:from_id, 0).to_i
54 54 @until_id = params.fetch(:to_id, 0).to_i
55 55 @since_id = nil if @since_id == 0
56 56 @until_id = nil if @until_id == 0
57 57
58 58 #calculate the routine
59 59 @scorearray = calculate_max_score(@problems, @users, @since_id, @until_id)
60 60
61 61 #rencer accordingly
62 62 if params[:button] == 'download' then
63 63 csv = gen_csv_from_scorearray(@scorearray,@problems)
64 64 send_data csv, filename: 'max_score.csv'
65 65 else
66 66 #render template: 'user_admin/user_stat'
67 67 render 'max_score'
68 68 end
69 69
70 70 end
71 71
72 72 def score
73 73 if params[:commit] == 'download csv'
74 74 @problems = Problem.all
75 75 else
76 76 @problems = Problem.available_problems
77 77 end
78 78 @users = User.includes(:contests, :contest_stat).where(enabled: true)
79 79 @scorearray = Array.new
80 80 @users.each do |u|
81 81 ustat = Array.new
82 82 ustat[0] = u
83 83 @problems.each do |p|
84 84 sub = Submission.find_last_by_user_and_problem(u.id,p.id)
85 85 if (sub!=nil) and (sub.points!=nil) and p and p.full_score
86 86 ustat << [(sub.points.to_f*100/p.full_score).round, (sub.points>=p.full_score)]
87 87 else
88 88 ustat << [0,false]
89 89 end
90 90 end
91 91 @scorearray << ustat
92 92 end
93 93 if params[:commit] == 'download csv' then
94 94 csv = gen_csv_from_scorearray(@scorearray,@problems)
95 95 send_data csv, filename: 'last_score.csv'
96 96 else
97 97 render template: 'user_admin/user_stat'
98 98 end
99 99
100 100 end
101 101
102 102 def login_stat
103 103 @logins = Array.new
104 104
105 105 date_and_time = '%Y-%m-%d %H:%M'
106 106 begin
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,98 +1,98
1 1 class SubmissionsController < ApplicationController
2 - before_action :authenticate
2 + before_action :check_valid_login
3 3 before_action :submission_authorization, only: [:show, :download, :edit]
4 4 before_action :admin_authorization, only: [:rejudge]
5 5
6 6 # GET /submissions
7 7 # GET /submissions.json
8 8 # Show problem selection and user's submission of that problem
9 9 def index
10 10 @user = @current_user
11 11 @problems = @user.available_problems
12 12
13 13 if params[:problem_id]==nil
14 14 @problem = nil
15 15 @submissions = nil
16 16 else
17 17 @problem = Problem.find_by_id(params[:problem_id])
18 18 if (@problem == nil) or (not @problem.available)
19 19 redirect_to main_list_path
20 20 flash[:notice] = 'Error: submissions for that problem are not viewable.'
21 21 return
22 22 end
23 23 @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc)
24 24 end
25 25 end
26 26
27 27 # GET /submissions/1
28 28 # GET /submissions/1.json
29 29 def show
30 30 @submission = Submission.find(params[:id])
31 31
32 32 #log the viewing
33 33 user = User.find(session[:user_id])
34 34 SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
35 35
36 36 @task = @submission.task
37 37 end
38 38
39 39 def download
40 40 @submission = Submission.find(params[:id])
41 41 send_data(@submission.source, {:filename => @submission.download_filename, :type => 'text/plain'})
42 42 end
43 43
44 44 def compiler_msg
45 45 @submission = Submission.find(params[:id])
46 46 respond_to do |format|
47 47 format.js
48 48 end
49 49 end
50 50
51 51 #on-site new submission on specific problem
52 52 def direct_edit_problem
53 53 @problem = Problem.find(params[:problem_id])
54 54 unless @current_user.can_view_problem?(@problem)
55 55 unauthorized_redirect
56 56 return
57 57 end
58 58 @source = ''
59 59 if (params[:view_latest])
60 60 sub = Submission.find_last_by_user_and_problem(@current_user.id,@problem.id)
61 61 @source = @submission.source.to_s if @submission and @submission.source
62 62 end
63 63 render 'edit'
64 64 end
65 65
66 66 # GET /submissions/1/edit
67 67 def edit
68 68 @submission = Submission.find(params[:id])
69 69 @source = @submission.source.to_s
70 70 @problem = @submission.problem
71 71 @lang_id = @submission.language.id
72 72 end
73 73
74 74
75 75 def get_latest_submission_status
76 76 @problem = Problem.find(params[:pid])
77 77 @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
78 78 puts User.find(params[:uid]).login
79 79 puts Problem.find(params[:pid]).name
80 80 puts 'nil' unless @submission
81 81 respond_to do |format|
82 82 format.js
83 83 end
84 84 end
85 85
86 86 # GET /submissions/:id/rejudge
87 87 def rejudge
88 88 @submission = Submission.find(params[:id])
89 89 @task = @submission.task
90 90 @task.status_inqueue! if @task
91 91 respond_to do |format|
92 92 format.js
93 93 end
94 94 end
95 95
96 96 protected
97 97
98 98 def submission_authorization
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,60 +1,61
1 1 class TagsController < ApplicationController
2 + before_action :admin_authorization
2 3 before_action :set_tag, only: [:show, :edit, :update, :destroy]
3 4
4 5 # GET /tags
5 6 def index
6 7 @tags = Tag.all
7 8 end
8 9
9 10 # GET /tags/1
10 11 def show
11 12 end
12 13
13 14 # GET /tags/new
14 15 def new
15 16 @tag = Tag.new
16 17 end
17 18
18 19 # GET /tags/1/edit
19 20 def edit
20 21 end
21 22
22 23 # POST /tags
23 24 def create
24 25 @tag = Tag.new(tag_params)
25 26
26 27 if @tag.save
27 28 redirect_to @tag, notice: 'Tag was successfully created.'
28 29 else
29 30 render :new
30 31 end
31 32 end
32 33
33 34 # PATCH/PUT /tags/1
34 35 def update
35 36 if @tag.update(tag_params)
36 37 redirect_to @tag, notice: 'Tag was successfully updated.'
37 38 else
38 39 render :edit
39 40 end
40 41 end
41 42
42 43 # DELETE /tags/1
43 44 def destroy
44 45 #remove any association
45 46 ProblemTag.where(tag_id: @tag.id).destroy_all
46 47 @tag.destroy
47 48 redirect_to tags_url, notice: 'Tag was successfully destroyed.'
48 49 end
49 50
50 51 private
51 52 # Use callbacks to share common setup or constraints between actions.
52 53 def set_tag
53 54 @tag = Tag.find(params[:id])
54 55 end
55 56
56 57 # Only allow a trusted parameter "white list" through.
57 58 def tag_params
58 59 params.require(:tag).permit(:name, :description, :public)
59 60 end
60 61 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,75 +1,75
1 1 class TasksController < ApplicationController
2 2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4 4
5 5 def index
6 6 redirect_to :action => 'list'
7 7 end
8 8
9 9 def list
10 10 @problems = @user.available_problems
11 11 end
12 12
13 13 # this has contest-wide access control
14 14 def view
15 15 base_name = params[:file]
16 16 base_filename = File.basename("#{base_name}.#{params[:ext]}")
17 17 filename = "#{Problem.download_file_basedir}/#{base_filename}"
18 18
19 19 if !FileTest.exists?(filename)
20 20 redirect_to :action => 'index' and return
21 21 end
22 22
23 23 send_file_to_user(filename, base_filename)
24 24 end
25 25
26 26 # this has problem-level access control
27 27 def download
28 28 problem = Problem.find(params[:id])
29 29 unless @current_user.can_view_problem? problem
30 30 redirect_to :action => 'index' and return
31 31 end
32 32
33 33 base_name = params[:file]
34 34 base_filename = File.basename("#{base_name}.#{params[:ext]}")
35 35 filename = "#{Problem.download_file_basedir}/#{params[:id]}/#{base_filename}"
36 36 puts "SENDING: #{filename}"
37 37
38 38 if !FileTest.exists?(filename)
39 39 redirect_to :action => 'index' and return
40 40 end
41 41
42 42 puts "SENDING: #{filename}"
43 43
44 44 send_file_to_user(filename, base_filename)
45 45 end
46 46
47 47 protected
48 48
49 49 def send_file_to_user(filename, base_filename)
50 50 if defined?(USE_APACHE_XSENDFILE) and USE_APACHE_XSENDFILE
51 51 response.headers['Content-Type'] = "application/force-download"
52 52 response.headers['Content-Disposition'] = "attachment; filename=\"#{File.basename(filename)}\""
53 53 response.headers["X-Sendfile"] = filename
54 54 response.headers['Content-length'] = File.size(filename)
55 55 render :nothing => true
56 56 else
57 57 if params[:ext]=='pdf'
58 58 content_type = 'application/pdf'
59 59 else
60 60 content_type = 'application/octet-stream'
61 61 end
62 62
63 63 send_file filename, :stream => false, :disposition => 'inline', :filename => base_filename, :type => content_type
64 64 end
65 65 end
66 66
67 67 def check_viewability
68 68 @user = User.find(session[:user_id])
69 69 if @user==nil or !GraderConfiguration.show_tasks_to?(@user)
70 70 redirect_to :controller => 'main', :action => 'list'
71 71 return false
72 72 end
73 73 end
74 74
75 75 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,99 +1,99
1 1 class TestController < ApplicationController
2 2
3 - before_action :authenticate, :check_viewability
3 + before_action :check_valid_login, :check_viewability
4 4
5 5
6 6 def index
7 7 prepare_index_information
8 8 end
9 9
10 10 def submit
11 11 @user = User.find(session[:user_id])
12 12
13 13 @submitted_test_request = TestRequest.new_from_form_params(@user,params[:test_request])
14 14
15 15 if ! @submitted_test_request.errors.empty?
16 16 prepare_index_information
17 17 render :action => 'index' and return
18 18 end
19 19
20 20 if GraderConfiguration.time_limit_mode?
21 21 if @user.contest_finished?
22 22 @submitted_test_request.errors.add(:base,'Contest is over.')
23 23 prepare_index_information
24 24 render :action => 'index' and return
25 25 end
26 26
27 27 if !GraderConfiguration.allow_test_request(@user)
28 28 prepare_index_information
29 29 flash[:notice] = 'Test request is not allowed during the last 30 minutes'
30 30 redirect_to :action => 'index' and return
31 31 end
32 32 end
33 33
34 34 if @submitted_test_request.save
35 35 redirect_to :action => 'index'
36 36 else
37 37 prepare_index_information
38 38 render :action => 'index'
39 39 end
40 40 end
41 41
42 42 def read
43 43 user = User.find(session[:user_id])
44 44 begin
45 45 test_request = TestRequest.find(params[:id])
46 46 rescue
47 47 test_request = nil
48 48 end
49 49 if test_request==nil or test_request.user_id != user.id
50 50 flash[:notice] = 'Invalid output'
51 51 redirect_to :action => 'index'
52 52 return
53 53 end
54 54 if test_request.output_file_name!=nil
55 55 data = File.open(test_request.output_file_name).read(2048)
56 56 if data==nil
57 57 data=""
58 58 end
59 59 send_data(data,
60 60 {:filename => 'output.txt',
61 61 :type => 'text/plain'})
62 62 return
63 63 end
64 64 redirect_to :action => 'index'
65 65 end
66 66
67 67 def result
68 68 @user = User.find(session[:user_id])
69 69 begin
70 70 @test_request = TestRequest.find(params[:id])
71 71 rescue
72 72 @test_request = nil
73 73 end
74 74 if @test_request==nil or @test_request.user_id != @user.id
75 75 flash[:notice] = 'Invalid request'
76 76 redirect_to :action => 'index'
77 77 return
78 78 end
79 79 end
80 80
81 81 protected
82 82
83 83 def prepare_index_information
84 84 @user = User.find(session[:user_id])
85 85 @submissions = Submission.find_last_for_all_available_problems(@user.id)
86 86 all_problems = @submissions.collect { |submission| submission.problem }
87 87 @problems = []
88 88 all_problems.each do |problem|
89 89 if problem.test_allowed
90 90 @problems << problem
91 91 end
92 92 end
93 93 @test_requests = []
94 94 @user.test_requests.each do |ts|
95 95 if ts.problem and ts.problem.available
96 96 @test_requests << ts
97 97 end
98 98 end
99 99 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,113 +1,113
1 1 require 'net/smtp'
2 2
3 3 class UsersController < ApplicationController
4 4
5 5 include MailHelperMethods
6 6
7 - before_action :authenticate, :except => [:new,
7 + before_action :check_valid_login, :except => [:new,
8 8 :register,
9 9 :confirm,
10 10 :forget,
11 11 :retrieve_password]
12 12
13 13 before_action :verify_online_registration, :only => [:new,
14 14 :register,
15 15 :forget,
16 16 :retrieve_password]
17 - before_action :authenticate, :profile_authorization, only: [:profile]
17 + before_action :check_valid_login, :profile_authorization, only: [:profile]
18 18
19 19 before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable]
20 20
21 21
22 22 #in_place_edit_for :user, :alias_for_editing
23 23 #in_place_edit_for :user, :email_for_editing
24 24
25 25 def index
26 26 if !GraderConfiguration['system.user_setting_enabled']
27 27 redirect_to :controller => 'main', :action => 'list'
28 28 else
29 29 @user = User.find(session[:user_id])
30 30 end
31 31 end
32 32
33 33 def chg_passwd
34 34 user = User.find(session[:user_id])
35 35 user.password = params[:passwd]
36 36 user.password_confirmation = params[:passwd_verify]
37 37 if user.save
38 38 flash[:notice] = 'password changed'
39 39 else
40 40 flash[:notice] = 'Error: password changing failed'
41 41 end
42 42 redirect_to :action => 'index'
43 43 end
44 44
45 45 def new
46 46 @user = User.new
47 47 render :action => 'new', :layout => 'empty'
48 48 end
49 49
50 50 def register
51 51 if(params[:cancel])
52 52 redirect_to :controller => 'main', :action => 'login'
53 53 return
54 54 end
55 55 @user = User.new(user_params)
56 56 @user.password_confirmation = @user.password = User.random_password
57 57 @user.activated = false
58 58 if (@user.valid?) and (@user.save)
59 59 if send_confirmation_email(@user)
60 60 render :action => 'new_splash', :layout => 'empty'
61 61 else
62 62 @admin_email = GraderConfiguration['system.admin_email']
63 63 render :action => 'email_error', :layout => 'empty'
64 64 end
65 65 else
66 66 @user.errors.add(:base,"Email cannot be blank") if @user.email==''
67 67 render :action => 'new', :layout => 'empty'
68 68 end
69 69 end
70 70
71 71 def confirm
72 72 login = params[:login]
73 73 key = params[:activation]
74 74 @user = User.find_by_login(login)
75 75 if (@user) and (@user.verify_activation_key(key))
76 76 if @user.valid? # check uniquenss of email
77 77 @user.activated = true
78 78 @user.save
79 79 @result = :successful
80 80 else
81 81 @result = :email_used
82 82 end
83 83 else
84 84 @result = :failed
85 85 end
86 86 render :action => 'confirm', :layout => 'empty'
87 87 end
88 88
89 89 def forget
90 90 render :action => 'forget', :layout => 'empty'
91 91 end
92 92
93 93 def retrieve_password
94 94 email = params[:email]
95 95 user = User.find_by_email(email)
96 96 if user
97 97 last_updated_time = user.updated_at || user.created_at || (Time.now.gmtime - 1.hour)
98 98 if last_updated_time > Time.now.gmtime - 5.minutes
99 99 flash[:notice] = 'The account has recently created or new password has recently been requested. Please wait for 5 minutes'
100 100 else
101 101 user.password = user.password_confirmation = User.random_password
102 102 user.save
103 103 send_new_password_email(user)
104 104 flash[:notice] = 'New password has been mailed to you.'
105 105 end
106 106 else
107 107 flash[:notice] = I18n.t 'registration.password_retrieval.no_email'
108 108 end
109 109 redirect_to :action => 'forget'
110 110 end
111 111
112 112 def stat
113 113 @user = User.find(params[:id])
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,102 +1,102
1 1 require "application_system_test_case"
2 2
3 3 class UsersTest < ApplicationSystemTestCase
4 4 # test "visiting the index" do
5 5 # visit users_url
6 6 #
7 7 # assert_selector "h1", text: "User"
8 8 # end
9 9
10 10 test "add new user and edit" do
11 11 login('admin','admin')
12 12 within 'header' do
13 13 click_on 'Manage'
14 14 click_on 'Users', match: :first
15 15 end
16 16
17 17 assert_text "Users"
18 18 assert_text "New user"
19 19
20 20 click_on "New user", match: :first
21 21 fill_in 'Login', with: 'test1'
22 22 fill_in 'Full name', with: 'test1 McTestface'
23 23 fill_in 'e-mail', with: 'a@a.com'
24 24 fill_in 'Password', with: 'abcdef'
25 25 fill_in 'Password confirmation', with: 'abcdef'
26 26
27 27 click_on 'Create'
28 28
29 29 assert_text 'User was successfully created'
30 30 assert_text 'a@a.com'
31 31 assert_text 'test1 McTestface'
32 32
33 33 within('tr', text: 'McTestface') do
34 34 click_on 'Edit'
35 35 end
36 36
37 37 fill_in 'Alias', with: 'hahaha'
38 38 fill_in 'Remark', with: 'section 2'
39 39 click_on 'Update User'
40 40
41 41 assert_text 'section 2'
42 42 end
43 43
44 44 test "add multiple users" do
45 45 login 'admin', 'admin'
46 46 within 'header' do
47 47 click_on 'Manage'
48 48 click_on 'Users', match: :first
49 49 end
50 50
51 51 click_on 'New list of users', match: :first
52 52 find(:css, 'textarea').fill_in with:"abc1,Boaty McBoatface,abcdef,alias1,remark1,\nabc2,Boaty2 McSecond,acbdef123,aias2,remark2"
53 53 click_on 'create users'
54 54
55 55 assert_text('remark1')
56 56 assert_text('remark2')
57 57 end
58 58
59 59 test "grant admin right" do
60 60 login 'admin', 'admin'
61 61 within 'header' do
62 62 click_on 'Manage'
63 63 click_on 'Users', match: :first
64 64 end
65 65
66 66 click_on "View administrator"
67 67 fill_in 'login', with: 'john'
68 68 click_on "Grant"
69 69
70 70 visit logout_main_path
71 71 login 'john','hello'
72 72 within 'header' do
73 73 click_on 'Manage'
74 74 click_on 'Problem', match: :first
75 75 end
76 76 assert_text "Turn off all problems"
77 77 end
78 78
79 79 test "try using admin from normal user" do
80 80 login 'admin','admin'
81 81 visit bulk_manage_user_admin_index_path
82 82 assert_current_path bulk_manage_user_admin_index_path
83 83 visit logout_main_path
84 84
85 85 login 'jack','morning'
86 86 visit bulk_manage_user_admin_index_path
87 - assert_current_path root_path
88 87 assert_text 'You are not authorized'
88 + assert_current_path login_main_path
89 89
90 90 login 'james','morning'
91 91 visit new_list_user_admin_index_path
92 - assert_current_path root_path
93 92 assert_text 'You are not authorized'
93 + assert_current_path login_main_path
94 94 end
95 95
96 96 def login(username,password)
97 97 visit root_path
98 98 fill_in "Login", with: username
99 99 fill_in "Password", with: password
100 100 click_on "Login"
101 101 end
102 102 end
You need to be logged in to leave comments. Login now