cafe-grader-web

Commit r683:d4ac431eeeb6 public

parent | child
Description:
fix access right control bugs
Commit status:
[Not Reviewed]
References:
java
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r683:d4ac431eeeb6 - - 2 files changed: 9 inserted, 7 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,27 +1,27
1 1 class SubmissionsController < ApplicationController
2 2 before_action :authenticate
3 - before_action :submission_authorization, only: [:show, :direct_edit_submission, :download, :edit]
3 + before_action :submission_authorization, only: [:show, :download, :edit]
4 4 before_action :admin_authorization, only: [:rejudge]
5 5
6 6 # GET /submissions
7 7 # GET /submissions.json
8 8 # Show problem selection and user's submission of that problem
9 9 def index
10 10 @user = @current_user
11 11 @problems = @user.available_problems
12 12
13 13 if params[:problem_id]==nil
14 14 @problem = nil
15 15 @submissions = nil
16 16 else
17 17 @problem = Problem.find_by_id(params[:problem_id])
18 18 if (@problem == nil) or (not @problem.available)
19 19 redirect_to main_list_path
20 20 flash[:notice] = 'Error: submissions for that problem are not viewable.'
21 21 return
22 22 end
23 23 @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id).order(id: :desc)
24 24 end
25 25 end
26 26
27 27 # GET /submissions/1
@@ -30,84 +30,86
30 30 @submission = Submission.find(params[:id])
31 31
32 32 #log the viewing
33 33 user = User.find(session[:user_id])
34 34 SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
35 35
36 36 @task = @submission.task
37 37 end
38 38
39 39 def download
40 40 @submission = Submission.find(params[:id])
41 41 send_data(@submission.source, {:filename => @submission.download_filename, :type => 'text/plain'})
42 42 end
43 43
44 44 def compiler_msg
45 45 @submission = Submission.find(params[:id])
46 46 respond_to do |format|
47 47 format.js
48 48 end
49 49 end
50 50
51 51 #on-site new submission on specific problem
52 52 def direct_edit_problem
53 53 @problem = Problem.find(params[:problem_id])
54 + unless @current_user.can_view_problem?(@problem)
55 + unauthorized_redirect
56 + return
57 + end
54 58 @source = ''
55 - if (params[:user_id])
56 - u = User.find(params[:user_id])
57 - @submission = Submission.find_last_by_user_and_problem(u.id,@problem.id)
59 + if (params[:view_latest])
60 + sub = Submission.find_last_by_user_and_problem(@current_user.id,@problem.id)
58 61 @source = @submission.source.to_s if @submission and @submission.source
59 62 end
60 63 render 'edit'
61 64 end
62 65
63 66 # GET /submissions/1/edit
64 67 def edit
65 68 @submission = Submission.find(params[:id])
66 69 @source = @submission.source.to_s
67 70 @problem = @submission.problem
68 71 @lang_id = @submission.language.id
69 72 end
70 73
71 74
72 75 def get_latest_submission_status
73 76 @problem = Problem.find(params[:pid])
74 77 @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
75 78 puts User.find(params[:uid]).login
76 79 puts Problem.find(params[:pid]).name
77 80 puts 'nil' unless @submission
78 81 respond_to do |format|
79 82 format.js
80 83 end
81 84 end
82 85
83 86 # GET /submissions/:id/rejudge
84 87 def rejudge
85 88 @submission = Submission.find(params[:id])
86 89 @task = @submission.task
87 90 @task.status_inqueue! if @task
88 91 respond_to do |format|
89 92 format.js
90 93 end
91 94 end
92 95
93 96 protected
94 97
95 98 def submission_authorization
96 99 #admin always has privileged
97 100 if @current_user.admin?
98 101 return true
99 102 end
100 103
101 104 sub = Submission.find(params[:id])
102 - if sub.problem.available?
103 - puts "sub = #{sub.user.id}, current = #{@current_user.id}"
105 + if @current_user.available_problems.include? sub.problem
104 106 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
105 107 end
106 108
107 109 #default to NO
108 110 unauthorized_redirect
109 111 return false
110 112 end
111 113
112 114
113 115 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -131,36 +131,36
131 131 self.source_filename)
132 132 end
133 133
134 134 # validation codes
135 135 def must_specify_language
136 136 return if self.source==nil
137 137
138 138 # for output_only tasks
139 139 return if self.problem!=nil and self.problem.output_only
140 140
141 141 if self.language==nil
142 142 errors.add('source',"Cannot detect language. Did you submit a correct source file?") unless self.language!=nil
143 143 end
144 144 end
145 145
146 146 def must_have_valid_problem
147 147 return if self.source==nil
148 148 if self.problem==nil
149 149 errors.add('problem',"must be specified.")
150 150 else
151 151 #admin always have right
152 152 return if self.user.admin?
153 153
154 154 #check if user has the right to submit the problem
155 - errors.add('problem',"must be valid.") if (!self.user.available_problem.include?(self.problem)) and (self.new_record?)
155 + errors.add('problem',"must be valid.") if (!self.user.available_problems.include?(self.problem)) and (self.new_record?)
156 156 end
157 157 end
158 158
159 159 # callbacks
160 160 def assign_latest_number_if_new_recond
161 161 return if !self.new_record?
162 162 latest = Submission.find_last_by_user_and_problem(self.user_id, self.problem_id)
163 163 self.number = (latest==nil) ? 1 : latest.number + 1;
164 164 end
165 165
166 166 end
You need to be logged in to leave comments. Login now