cafe-grader-web Commit - r756:aa79958f6521

r756:aa79958f6521 - Mon, 08 Jul 2019 04:08:41 - 13 files changed: 53 inserted, 38 deleted

Gemfile.lock ¶ +19

                   coffee-script-source (1.12.2)
                   concurrent-ruby (1.1.5)
                   crass (1.0.4)
+            +     diff-lcs (1.3)
                   dynamic_form (1.1.4)
                   erubi (1.8.0)
                   erubis (2.7.0)
                   rdiscount (2.2.0.1)
                   regexp_parser (1.5.1)
                   rouge (3.3.0)
+            +     rspec-core (3.8.2)
+            +       rspec-support (~> 3.8.0)
+            +     rspec-expectations (3.8.4)
+            +       diff-lcs (>= 1.2.0, < 2.0)
+            +       rspec-support (~> 3.8.0)
+            +     rspec-mocks (3.8.1)
+            +       diff-lcs (>= 1.2.0, < 2.0)
+            +       rspec-support (~> 3.8.0)
+            +     rspec-rails (3.8.2)
+            +       actionpack (>= 3.0)
+            +       activesupport (>= 3.0)
+            +       railties (>= 3.0)
+            +       rspec-core (~> 3.8.0)
+            +       rspec-expectations (~> 3.8.0)
+            +       rspec-mocks (~> 3.8.0)
+            +       rspec-support (~> 3.8.0)
+            +     rspec-support (3.8.2)
                   ruby-progressbar (1.10.0)
                   ruby_dep (1.5.0)
                   ruby_parser (3.13.1)
                 rails_bootstrap_sortable
                 rdiscount
                 rouge
+            +   rspec-rails
                 sassc-rails
                 select2-rails
                 selenium-webdriver

app/controllers/application_controller.rb ¶ +15 -16

                 WHITELIST_IP_CONF_KEY = 'right.whitelist_ip'
                 #report and redirect for unauthorized activities
-            -   def unauthorized_redirect
-            -     flash[:notice] = 'You are not authorized to view the page you requested'
-            -     redirect_to :controller => 'main', :action => 'login'
+            +   def unauthorized_redirect(notice = 'You are not authorized to view the page you requested')
+            +     flash[:notice] = notice
+            +     redirect_to login_main_path
                 end
                 # Returns the current logged-in user (if any).
                 end
                 def admin_authorization
-            -     return false unless authenticate
+            +     return false unless check_valid_login
                   user = User.includes(:roles).find(session[:user_id])
                   unless user.admin?
                     unauthorized_redirect
                 end
                 def authorization_by_roles(allowed_roles)
-            -     return false unless authenticate
+            +     return false unless check_valid_login
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role| allowed_roles.member?(role.name) }
                     unauthorized_redirect
                 #redirect to root (and also force logout)
                 #if the user is not logged_in or the system is in "ADMIN ONLY" mode
-            -   def authenticate
+            +   def check_valid_login
+            +     #check if logged in
                   unless session[:user_id]
-            -       flash[:notice] = 'You need to login'
                     if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
-            -         flash[:notice] = 'You need to login but you cannot log in at this time'
+            +         unauthorized_redirect('You need to login but you cannot log in at this time')
+            +       else
+            +         unauthorized_redirect('You need to login')
                     end
-            -       redirect_to :controller => 'main', :action => 'login'
                     return false
                   end
                   # check if run in single user mode
                   if GraderConfiguration[SINGLE_USER_MODE_CONF_KEY]
                     if @current_user==nil || (not @current_user.admin?)
-            -         flash[:notice] = 'You cannot log in at this time'
-            -         redirect_to :controller => 'main', :action => 'login'
+            +         unauthorized_redirect('You cannot log in at this time')
                       return false
                     end
                   end
                   # check if the user is enabled
                   unless @current_user.enabled? || @current_user.admin?
-            -       flash[:notice] = 'Your account is disabled'
-            -       redirect_to :controller => 'main', :action => 'login'
+            +       unauthorized_redirect 'Your account is disabled'
                     return false
                   end
                   # check if user ip is allowed
                   unless @current_user.admin? || !GraderConfiguration[ALLOW_WHITELIST_IP_ONLY_CONF_KEY]
                     unless is_request_ip_allowed?
-            -         flash[:notice] = 'Your IP is not allowed'
-            -         redirect_to root_path
+            +         unauthorized_redirect 'Your IP is not allowed'
+            +         return false
                     end
                   end
                 end
                 def authorization
-            -     return false unless authenticate
+            +     return false unless check_valid_login
                   user = User.find(session[:user_id])
                   unless user.roles.detect { |role|
                       role.rights.detect{ |right|

app/controllers/configurations_controller.rb ¶ +1 -3

               class ConfigurationsController < ApplicationController
-            -   before_action :authenticate
-            -   before_action { |controller| controller.authorization_by_roles(['admin'])}
+            -
+            +   before_action :admin_authorization
                 def index
                   @configurations = GraderConfiguration.order(:key)

app/controllers/groups_controller.rb ¶ +1 -1

                                                  :add_user, :remove_user,:remove_all_user,
                                                  :add_problem, :remove_problem,:remove_all_problem,
                                                 ]
-            -   before_action :authenticate, :admin_authorization
+            +   before_action :admin_authorization
                 # GET /groups
                 def index

app/controllers/main_controller.rb ¶ +2 -7

               class MainController < ApplicationController
-            -   before_action :authenticate, :except => [:index, :login]
+            +   before_action :check_valid_login, :except => [:login]
                 before_action :check_viewability, :except => [:index, :login]
                 append_before_action :confirm_and_update_start_time,
                 before_action :authenticate_by_ip_address, :only => [:list]
-            -   # NOTE: This method is not actually needed, 'config/routes.rb' has
-            -   # assigned action login as a default action.
-            -   def index
-            -     redirect_to :action => 'login'
-            -   end
+            -
                 #reset login, clear session
+            +   #front page
                 def login
                   saved_notice = flash[:notice]
                   reset_session

app/controllers/problems_controller.rb ¶ +5 -2

               class ProblemsController < ApplicationController
-            -   before_action :authenticate, :authorization
-            -   before_action :testcase_authorization, only: [:show_testcase]
+            +   before_action :admin_authorization
+            +
+            +   #NOTE: ghost from the past?
+            +   #before_action :testcase_authorization, only: [:show_testcase]
+            +
                 in_place_edit_for :problem, :name
                 in_place_edit_for :problem, :full_name

app/controllers/report_controller.rb ¶ +2 -2

               class ReportController < ApplicationController
-            -   before_action :authenticate
+            +   before_action :check_valid_login
                 before_action :admin_authorization, only: [:login_stat,:submission_stat, :stuck, :cheat_report, :cheat_scruntinize, :show_max_score, :current_score]
                 before_action(only: [:problem_hof]) { |c|
-            -     return false unless authenticate
+            +     return false unless check_valid_login
                   admin_authorization unless GraderConfiguration["right.user_view_submission"]
                 }

app/controllers/submissions_controller.rb ¶ +1 -1

               class SubmissionsController < ApplicationController
-            -   before_action :authenticate
+            +   before_action :check_valid_login
                 before_action :submission_authorization, only: [:show, :download, :edit]
                 before_action :admin_authorization, only: [:rejudge]

app/controllers/tags_controller.rb ¶ +1

               class TagsController < ApplicationController
+            +   before_action :admin_authorization
                 before_action :set_tag, only: [:show, :edit, :update, :destroy]
                 # GET /tags

app/controllers/tasks_controller.rb ¶ +1 -1

               class TasksController < ApplicationController
-            -   before_action :authenticate, :check_viewability
+            +   before_action :check_valid_login, :check_viewability
                 def index
                   redirect_to :action => 'list'

app/controllers/test_controller.rb ¶ +1 -1

               class TestController < ApplicationController
-            -   before_action :authenticate, :check_viewability
+            +   before_action :check_valid_login, :check_viewability
                 def index

app/controllers/users_controller.rb ¶ +2 -2

                 include MailHelperMethods
-            -   before_action :authenticate, :except => [:new,
+            +   before_action :check_valid_login, :except => [:new,
                                                          :register,
                                                          :confirm,
                                                          :forget,
                                                                      :register,
                                                                      :forget,
                                                                      :retrieve_password]
-            -   before_action :authenticate, :profile_authorization, only: [:profile]
+            +   before_action :check_valid_login, :profile_authorization, only: [:profile]
                 before_action :admin_authorization, only: [:stat, :toggle_activate, :toggle_enable]

test/system/users_test.rb ¶ +2 -2

                   login 'jack','morning'
                   visit  bulk_manage_user_admin_index_path
-            -     assert_current_path root_path
                   assert_text 'You are not authorized'
+            +     assert_current_path login_main_path
                   login 'james','morning'
                   visit  new_list_user_admin_index_path
-            -     assert_current_path root_path
                   assert_text 'You are not authorized'
+            +     assert_current_path login_main_path
                 end
                 def login(username,password)

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r756:aa79958f6521 - Mon, 08 Jul 2019 04:08:41 - 13 files changed: 53 inserted, 38 deleted

Sign in to your account

Commit r756:aa79958f6521 public

Author

r756:aa79958f6521 - Mon, 08 Jul 2019 04:08:41 - 13 files changed: 53 inserted, 38 deleted

Commit `r756:aa79958f6521` public