cafe-grader-web

Commit r637:d56b2e7de528 public

parent | child
Description:
NEED TESTING move to stronger parameter for xxx.new(params[
Commit status:
[Not Reviewed]
References:
java
Diff options:
Raw Diff | Patch Diff | Download Diff | Show whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r637:d56b2e7de528 - - 4 files changed: 9 inserted, 5 deleted

Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,96 +1,96
1 1 class AnnouncementsController < ApplicationController
2 2
3 3 before_filter :admin_authorization
4 4
5 5 in_place_edit_for :announcement, :published
6 6
7 7 # GET /announcements
8 8 # GET /announcements.xml
9 9 def index
10 10 @announcements = Announcement.order(created_at: :desc)
11 11
12 12 respond_to do |format|
13 13 format.html # index.html.erb
14 14 format.xml { render :xml => @announcements }
15 15 end
16 16 end
17 17
18 18 # GET /announcements/1
19 19 # GET /announcements/1.xml
20 20 def show
21 21 @announcement = Announcement.find(params[:id])
22 22
23 23 respond_to do |format|
24 24 format.html # show.html.erb
25 25 format.xml { render :xml => @announcement }
26 26 end
27 27 end
28 28
29 29 # GET /announcements/new
30 30 # GET /announcements/new.xml
31 31 def new
32 32 @announcement = Announcement.new
33 33
34 34 respond_to do |format|
35 35 format.html # new.html.erb
36 36 format.xml { render :xml => @announcement }
37 37 end
38 38 end
39 39
40 40 # GET /announcements/1/edit
41 41 def edit
42 42 @announcement = Announcement.find(params[:id])
43 43 end
44 44
45 45 # POST /announcements
46 46 # POST /announcements.xml
47 47 def create
48 - @announcement = Announcement.new(params[:announcement])
48 + @announcement = Announcement.new(announcement_params)
49 49
50 50 respond_to do |format|
51 51 if @announcement.save
52 52 flash[:notice] = 'Announcement was successfully created.'
53 53 format.html { redirect_to(@announcement) }
54 54 format.xml { render :xml => @announcement, :status => :created, :location => @announcement }
55 55 else
56 56 format.html { render :action => "new" }
57 57 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
58 58 end
59 59 end
60 60 end
61 61
62 62 # PUT /announcements/1
63 63 # PUT /announcements/1.xml
64 64 def update
65 65 @announcement = Announcement.find(params[:id])
66 66
67 67 respond_to do |format|
68 68 if @announcement.update_attributes(announcement_params)
69 69 flash[:notice] = 'Announcement was successfully updated.'
70 70 format.html { redirect_to(@announcement) }
71 71 format.js {}
72 72 format.xml { head :ok }
73 73 else
74 74 format.html { render :action => "edit" }
75 75 format.js {}
76 76 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
77 77 end
78 78 end
79 79 end
80 80
81 81 def toggle
82 82 @announcement = Announcement.find(params[:id])
83 83 @announcement.update_attributes( published: !@announcement.published? )
84 84 respond_to do |format|
85 85 format.js { render partial: 'toggle_button',
86 86 locals: {button_id: "#announcement_toggle_#{@announcement.id}",button_on: @announcement.published? } }
87 87 end
88 88 end
89 89
90 90 def toggle_front
91 91 @announcement = Announcement.find(params[:id])
92 92 @announcement.update_attributes( frontpage: !@announcement.frontpage? )
93 93 respond_to do |format|
94 94 format.js { render partial: 'toggle_button',
95 95 locals: {button_id: "#announcement_toggle_front_#{@announcement.id}",button_on: @announcement.frontpage? } }
96 96 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -1,98 +1,98
1 1 class ProblemsController < ApplicationController
2 2
3 3 before_action :authenticate, :authorization
4 4 before_action :testcase_authorization, only: [:show_testcase]
5 5
6 6 in_place_edit_for :problem, :name
7 7 in_place_edit_for :problem, :full_name
8 8 in_place_edit_for :problem, :full_score
9 9
10 10 def index
11 11 @problems = Problem.order(date_added: :desc)
12 12 end
13 13
14 14 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
15 15 verify :method => :post, :only => [ :create, :quick_create,
16 16 :do_manage,
17 17 :do_import,
18 18 ],
19 19 :redirect_to => { :action => :index }
20 20
21 21 def show
22 22 @problem = Problem.find(params[:id])
23 23 end
24 24
25 25 def new
26 26 @problem = Problem.new
27 27 @description = nil
28 28 end
29 29
30 30 def create
31 - @problem = Problem.new(params[:problem])
31 + @problem = Problem.new(problem_params)
32 32 @description = Description.new(params[:description])
33 33 if @description.body!=''
34 34 if !@description.save
35 35 render :action => new and return
36 36 end
37 37 else
38 38 @description = nil
39 39 end
40 40 @problem.description = @description
41 41 if @problem.save
42 42 flash[:notice] = 'Problem was successfully created.'
43 43 redirect_to action: :index
44 44 else
45 45 render :action => 'new'
46 46 end
47 47 end
48 48
49 49 def quick_create
50 - @problem = Problem.new(params[:problem])
50 + @problem = Problem.new(problem_params)
51 51 @problem.full_name = @problem.name if @problem.full_name == ''
52 52 @problem.full_score = 100
53 53 @problem.available = false
54 54 @problem.test_allowed = true
55 55 @problem.output_only = false
56 56 @problem.date_added = Time.new
57 57 if @problem.save
58 58 flash[:notice] = 'Problem was successfully created.'
59 59 redirect_to action: :index
60 60 else
61 61 flash[:notice] = 'Error saving problem'
62 62 redirect_to action: :index
63 63 end
64 64 end
65 65
66 66 def edit
67 67 @problem = Problem.find(params[:id])
68 68 @description = @problem.description
69 69 end
70 70
71 71 def update
72 72 @problem = Problem.find(params[:id])
73 73 @description = @problem.description
74 74 if @description.nil? and params[:description][:body]!=''
75 75 @description = Description.new(params[:description])
76 76 if !@description.save
77 77 flash[:notice] = 'Error saving description'
78 78 render :action => 'edit' and return
79 79 end
80 80 @problem.description = @description
81 81 elsif @description
82 82 if !@description.update_attributes(params[:description])
83 83 flash[:notice] = 'Error saving description'
84 84 render :action => 'edit' and return
85 85 end
86 86 end
87 87 if params[:file] and params[:file].content_type != 'application/pdf'
88 88 flash[:notice] = 'Error: Uploaded file is not PDF'
89 89 render :action => 'edit' and return
90 90 end
91 91 if @problem.update_attributes(problem_params)
92 92 flash[:notice] = 'Problem was successfully updated.'
93 93 unless params[:file] == nil or params[:file] == ''
94 94 flash[:notice] = 'Problem was successfully updated and a new PDF file is uploaded.'
95 95 out_dirname = "#{Problem.download_file_basedir}/#{@problem.id}"
96 96 if not FileTest.exists? out_dirname
97 97 Dir.mkdir out_dirname
98 98 end
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -2,97 +2,97
2 2
3 3 class UserAdminController < ApplicationController
4 4
5 5 include MailHelperMethods
6 6
7 7 before_filter :admin_authorization
8 8
9 9 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
10 10 verify :method => :post, :only => [
11 11 :create, :create_from_list,
12 12 :update,
13 13 :manage_contest,
14 14 :bulk_mail
15 15 ],
16 16 :redirect_to => { :action => :list }
17 17
18 18 def index
19 19 @user_count = User.count
20 20 if params[:page] == 'all'
21 21 @users = User.all
22 22 @paginated = false
23 23 else
24 24 @users = User.paginate :page => params[:page]
25 25 @paginated = true
26 26 end
27 27 @hidden_columns = ['hashed_password', 'salt', 'created_at', 'updated_at']
28 28 @contests = Contest.enabled
29 29 end
30 30
31 31 def active
32 32 sessions = ActiveRecord::SessionStore::Session.where("updated_at >= ?", 60.minutes.ago)
33 33 @users = []
34 34 sessions.each do |session|
35 35 if session.data[:user_id]
36 36 @users << User.find(session.data[:user_id])
37 37 end
38 38 end
39 39 end
40 40
41 41 def show
42 42 @user = User.find(params[:id])
43 43 end
44 44
45 45 def new
46 46 @user = User.new
47 47 end
48 48
49 49 def create
50 - @user = User.new(params[:user])
50 + @user = User.new(user_params)
51 51 @user.activated = true
52 52 if @user.save
53 53 flash[:notice] = 'User was successfully created.'
54 54 redirect_to :action => 'index'
55 55 else
56 56 render :action => 'new'
57 57 end
58 58 end
59 59
60 60 def clear_last_ip
61 61 @user = User.find(params[:id])
62 62 @user.last_ip = nil
63 63 @user.save
64 64 redirect_to action: 'index', page: params[:page]
65 65 end
66 66
67 67 def create_from_list
68 68 lines = params[:user_list]
69 69
70 70 note = []
71 71
72 72 lines.split("\n").each do |line|
73 73 items = line.chomp.split(',')
74 74 if items.length>=2
75 75 login = items[0]
76 76 full_name = items[1]
77 77 remark =''
78 78 user_alias = ''
79 79
80 80 added_random_password = false
81 81 if items.length >= 3 and items[2].chomp(" ").length > 0;
82 82 password = items[2].chomp(" ")
83 83 else
84 84 password = random_password
85 85 add_random_password=true;
86 86 end
87 87
88 88 if items.length>= 4 and items[3].chomp(" ").length > 0;
89 89 user_alias = items[3].chomp(" ")
90 90 else
91 91 user_alias = login
92 92 end
93 93
94 94 if items.length>=5
95 95 remark = items[4].strip;
96 96 end
97 97
98 98 user = User.find_by_login(login)
Show file before | Show file after | Raw diff | Download diff | Show whitespace Increase context Show commentsHide comments
@@ -7,97 +7,97
7 7 before_filter :authenticate, :except => [:new,
8 8 :register,
9 9 :confirm,
10 10 :forget,
11 11 :retrieve_password]
12 12
13 13 before_filter :verify_online_registration, :only => [:new,
14 14 :register,
15 15 :forget,
16 16 :retrieve_password]
17 17 before_filter :authenticate, :profile_authorization, only: [:profile]
18 18
19 19 verify :method => :post, :only => [:chg_passwd],
20 20 :redirect_to => { :action => :index }
21 21
22 22 #in_place_edit_for :user, :alias_for_editing
23 23 #in_place_edit_for :user, :email_for_editing
24 24
25 25 def index
26 26 if !GraderConfiguration['system.user_setting_enabled']
27 27 redirect_to :controller => 'main', :action => 'list'
28 28 else
29 29 @user = User.find(session[:user_id])
30 30 end
31 31 end
32 32
33 33 def chg_passwd
34 34 user = User.find(session[:user_id])
35 35 user.password = params[:passwd]
36 36 user.password_confirmation = params[:passwd_verify]
37 37 if user.save
38 38 flash[:notice] = 'password changed'
39 39 else
40 40 flash[:notice] = 'Error: password changing failed'
41 41 end
42 42 redirect_to :action => 'index'
43 43 end
44 44
45 45 def new
46 46 @user = User.new
47 47 render :action => 'new', :layout => 'empty'
48 48 end
49 49
50 50 def register
51 51 if(params[:cancel])
52 52 redirect_to :controller => 'main', :action => 'login'
53 53 return
54 54 end
55 - @user = User.new(params[:user])
55 + @user = User.new(user_params)
56 56 @user.password_confirmation = @user.password = User.random_password
57 57 @user.activated = false
58 58 if (@user.valid?) and (@user.save)
59 59 if send_confirmation_email(@user)
60 60 render :action => 'new_splash', :layout => 'empty'
61 61 else
62 62 @admin_email = GraderConfiguration['system.admin_email']
63 63 render :action => 'email_error', :layout => 'empty'
64 64 end
65 65 else
66 66 @user.errors.add(:base,"Email cannot be blank") if @user.email==''
67 67 render :action => 'new', :layout => 'empty'
68 68 end
69 69 end
70 70
71 71 def confirm
72 72 login = params[:login]
73 73 key = params[:activation]
74 74 @user = User.find_by_login(login)
75 75 if (@user) and (@user.verify_activation_key(key))
76 76 if @user.valid? # check uniquenss of email
77 77 @user.activated = true
78 78 @user.save
79 79 @result = :successful
80 80 else
81 81 @result = :email_used
82 82 end
83 83 else
84 84 @result = :failed
85 85 end
86 86 render :action => 'confirm', :layout => 'empty'
87 87 end
88 88
89 89 def forget
90 90 render :action => 'forget', :layout => 'empty'
91 91 end
92 92
93 93 def retrieve_password
94 94 email = params[:email]
95 95 user = User.find_by_email(email)
96 96 if user
97 97 last_updated_time = user.updated_at || user.created_at || (Time.now.gmtime - 1.hour)
98 98 if last_updated_time > Time.now.gmtime - 5.minutes
99 99 flash[:notice] = 'The account has recently created or new password has recently been requested. Please wait for 5 minutes'
100 100 else
101 101 user.password = user.password_confirmation = User.random_password
102 102 user.save
103 103 send_new_password_email(user)
@@ -165,50 +165,54
165 165 :login => user.login,
166 166 :activation => user.activation_key)
167 167 home_url = url_for(:controller => 'main', :action => 'index')
168 168 mail_subject = "[#{contest_name}] Confirmation"
169 169 mail_body = t('registration.email_body', {
170 170 :full_name => user.full_name,
171 171 :contest_name => contest_name,
172 172 :login => user.login,
173 173 :password => user.password,
174 174 :activation_url => activation_url,
175 175 :admin_email => GraderConfiguration['system.admin_email']
176 176 })
177 177
178 178 logger.info mail_body
179 179
180 180 send_mail(user.email, mail_subject, mail_body)
181 181 end
182 182
183 183 def send_new_password_email(user)
184 184 contest_name = GraderConfiguration['contest.name']
185 185 mail_subject = "[#{contest_name}] Password recovery"
186 186 mail_body = t('registration.password_retrieval.email_body', {
187 187 :full_name => user.full_name,
188 188 :contest_name => contest_name,
189 189 :login => user.login,
190 190 :password => user.password,
191 191 :admin_email => GraderConfiguration['system.admin_email']
192 192 })
193 193
194 194 logger.info mail_body
195 195
196 196 send_mail(user.email, mail_subject, mail_body)
197 197 end
198 198
199 199 # allow viewing of regular user profile only when options allow so
200 200 # only admins can view admins profile
201 201 def profile_authorization
202 202 #if view admins' profile, allow only admin
203 203 return false unless(params[:id])
204 204 user = User.find(params[:id])
205 205 return false unless user
206 206 return admin_authorization if user.admin?
207 207 return true if GraderConfiguration["right.user_view_submission"]
208 208
209 209 #finally, we allow only admin
210 210 admin_authorization
211 211 end
212 212
213 + private
214 + def user_params
215 + params.require(:user).permit(:login, :full_name, :email)
216 + end
213 217
214 218 end
You need to be logged in to leave comments. Login now