cafe-grader-web

Commit r637:d56b2e7de528 public

parent | child
Description:
NEED TESTING move to stronger parameter for xxx.new(params[
Commit status:
[Not Reviewed]
References:
java
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r637:d56b2e7de528 - - 4 files changed: 10 inserted, 6 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,116 +1,116
1 1 class AnnouncementsController < ApplicationController
2 2
3 3 before_filter :admin_authorization
4 4
5 5 in_place_edit_for :announcement, :published
6 6
7 7 # GET /announcements
8 8 # GET /announcements.xml
9 9 def index
10 10 @announcements = Announcement.order(created_at: :desc)
11 11
12 12 respond_to do |format|
13 13 format.html # index.html.erb
14 14 format.xml { render :xml => @announcements }
15 15 end
16 16 end
17 17
18 18 # GET /announcements/1
19 19 # GET /announcements/1.xml
20 20 def show
21 21 @announcement = Announcement.find(params[:id])
22 22
23 23 respond_to do |format|
24 24 format.html # show.html.erb
25 25 format.xml { render :xml => @announcement }
26 26 end
27 27 end
28 28
29 29 # GET /announcements/new
30 30 # GET /announcements/new.xml
31 31 def new
32 32 @announcement = Announcement.new
33 33
34 34 respond_to do |format|
35 35 format.html # new.html.erb
36 36 format.xml { render :xml => @announcement }
37 37 end
38 38 end
39 39
40 40 # GET /announcements/1/edit
41 41 def edit
42 42 @announcement = Announcement.find(params[:id])
43 43 end
44 44
45 45 # POST /announcements
46 46 # POST /announcements.xml
47 47 def create
48 - @announcement = Announcement.new(params[:announcement])
48 + @announcement = Announcement.new(announcement_params)
49 49
50 50 respond_to do |format|
51 51 if @announcement.save
52 52 flash[:notice] = 'Announcement was successfully created.'
53 53 format.html { redirect_to(@announcement) }
54 54 format.xml { render :xml => @announcement, :status => :created, :location => @announcement }
55 55 else
56 56 format.html { render :action => "new" }
57 57 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
58 58 end
59 59 end
60 60 end
61 61
62 62 # PUT /announcements/1
63 63 # PUT /announcements/1.xml
64 64 def update
65 65 @announcement = Announcement.find(params[:id])
66 66
67 67 respond_to do |format|
68 68 if @announcement.update_attributes(announcement_params)
69 69 flash[:notice] = 'Announcement was successfully updated.'
70 70 format.html { redirect_to(@announcement) }
71 71 format.js {}
72 72 format.xml { head :ok }
73 73 else
74 74 format.html { render :action => "edit" }
75 75 format.js {}
76 76 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
77 77 end
78 78 end
79 79 end
80 80
81 81 def toggle
82 82 @announcement = Announcement.find(params[:id])
83 83 @announcement.update_attributes( published: !@announcement.published? )
84 84 respond_to do |format|
85 85 format.js { render partial: 'toggle_button',
86 86 locals: {button_id: "#announcement_toggle_#{@announcement.id}",button_on: @announcement.published? } }
87 87 end
88 88 end
89 89
90 90 def toggle_front
91 91 @announcement = Announcement.find(params[:id])
92 92 @announcement.update_attributes( frontpage: !@announcement.frontpage? )
93 93 respond_to do |format|
94 94 format.js { render partial: 'toggle_button',
95 95 locals: {button_id: "#announcement_toggle_front_#{@announcement.id}",button_on: @announcement.frontpage? } }
96 96 end
97 97 end
98 98
99 99 # DELETE /announcements/1
100 100 # DELETE /announcements/1.xml
101 101 def destroy
102 102 @announcement = Announcement.find(params[:id])
103 103 @announcement.destroy
104 104
105 105 respond_to do |format|
106 106 format.html { redirect_to(announcements_url) }
107 107 format.xml { head :ok }
108 108 end
109 109 end
110 110
111 111 private
112 112
113 113 def announcement_params
114 114 params.require(:announcement).permit(:author, :body, :published, :frontpage, :contest_only,:title, :note)
115 115 end
116 116 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,146 +1,146
1 1 class ProblemsController < ApplicationController
2 2
3 3 before_action :authenticate, :authorization
4 4 before_action :testcase_authorization, only: [:show_testcase]
5 5
6 6 in_place_edit_for :problem, :name
7 7 in_place_edit_for :problem, :full_name
8 8 in_place_edit_for :problem, :full_score
9 9
10 10 def index
11 11 @problems = Problem.order(date_added: :desc)
12 12 end
13 13
14 14 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
15 15 verify :method => :post, :only => [ :create, :quick_create,
16 16 :do_manage,
17 17 :do_import,
18 18 ],
19 19 :redirect_to => { :action => :index }
20 20
21 21 def show
22 22 @problem = Problem.find(params[:id])
23 23 end
24 24
25 25 def new
26 26 @problem = Problem.new
27 27 @description = nil
28 28 end
29 29
30 30 def create
31 - @problem = Problem.new(params[:problem])
31 + @problem = Problem.new(problem_params)
32 32 @description = Description.new(params[:description])
33 33 if @description.body!=''
34 34 if !@description.save
35 35 render :action => new and return
36 36 end
37 37 else
38 38 @description = nil
39 39 end
40 40 @problem.description = @description
41 41 if @problem.save
42 42 flash[:notice] = 'Problem was successfully created.'
43 43 redirect_to action: :index
44 44 else
45 45 render :action => 'new'
46 46 end
47 47 end
48 48
49 49 def quick_create
50 - @problem = Problem.new(params[:problem])
50 + @problem = Problem.new(problem_params)
51 51 @problem.full_name = @problem.name if @problem.full_name == ''
52 52 @problem.full_score = 100
53 53 @problem.available = false
54 54 @problem.test_allowed = true
55 55 @problem.output_only = false
56 56 @problem.date_added = Time.new
57 57 if @problem.save
58 58 flash[:notice] = 'Problem was successfully created.'
59 59 redirect_to action: :index
60 60 else
61 61 flash[:notice] = 'Error saving problem'
62 62 redirect_to action: :index
63 63 end
64 64 end
65 65
66 66 def edit
67 67 @problem = Problem.find(params[:id])
68 68 @description = @problem.description
69 69 end
70 70
71 71 def update
72 72 @problem = Problem.find(params[:id])
73 73 @description = @problem.description
74 74 if @description.nil? and params[:description][:body]!=''
75 75 @description = Description.new(params[:description])
76 76 if !@description.save
77 77 flash[:notice] = 'Error saving description'
78 78 render :action => 'edit' and return
79 79 end
80 80 @problem.description = @description
81 81 elsif @description
82 82 if !@description.update_attributes(params[:description])
83 83 flash[:notice] = 'Error saving description'
84 84 render :action => 'edit' and return
85 85 end
86 86 end
87 87 if params[:file] and params[:file].content_type != 'application/pdf'
88 88 flash[:notice] = 'Error: Uploaded file is not PDF'
89 89 render :action => 'edit' and return
90 90 end
91 91 if @problem.update_attributes(problem_params)
92 92 flash[:notice] = 'Problem was successfully updated.'
93 93 unless params[:file] == nil or params[:file] == ''
94 94 flash[:notice] = 'Problem was successfully updated and a new PDF file is uploaded.'
95 95 out_dirname = "#{Problem.download_file_basedir}/#{@problem.id}"
96 96 if not FileTest.exists? out_dirname
97 97 Dir.mkdir out_dirname
98 98 end
99 99
100 100 out_filename = "#{out_dirname}/#{@problem.name}.pdf"
101 101 if FileTest.exists? out_filename
102 102 File.delete out_filename
103 103 end
104 104
105 105 File.open(out_filename,"wb") do |file|
106 106 file.write(params[:file].read)
107 107 end
108 108 @problem.description_filename = "#{@problem.name}.pdf"
109 109 @problem.save
110 110 end
111 111 redirect_to :action => 'show', :id => @problem
112 112 else
113 113 render :action => 'edit'
114 114 end
115 115 end
116 116
117 117 def destroy
118 118 p = Problem.find(params[:id]).destroy
119 119 redirect_to action: :index
120 120 end
121 121
122 122 def toggle
123 123 @problem = Problem.find(params[:id])
124 124 @problem.update_attributes(available: !(@problem.available) )
125 125 respond_to do |format|
126 126 format.js { }
127 127 end
128 128 end
129 129
130 130 def toggle_test
131 131 @problem = Problem.find(params[:id])
132 132 @problem.update_attributes(test_allowed: !(@problem.test_allowed?) )
133 133 respond_to do |format|
134 134 format.js { }
135 135 end
136 136 end
137 137
138 138 def toggle_view_testcase
139 139 @problem = Problem.find(params[:id])
140 140 @problem.update_attributes(view_testcase: !(@problem.view_testcase?) )
141 141 respond_to do |format|
142 142 format.js { }
143 143 end
144 144 end
145 145
146 146 def turn_all_off
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,146 +1,146
1 1 require 'csv'
2 2
3 3 class UserAdminController < ApplicationController
4 4
5 5 include MailHelperMethods
6 6
7 7 before_filter :admin_authorization
8 8
9 9 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
10 10 verify :method => :post, :only => [
11 11 :create, :create_from_list,
12 12 :update,
13 13 :manage_contest,
14 14 :bulk_mail
15 15 ],
16 16 :redirect_to => { :action => :list }
17 17
18 18 def index
19 19 @user_count = User.count
20 20 if params[:page] == 'all'
21 21 @users = User.all
22 22 @paginated = false
23 23 else
24 24 @users = User.paginate :page => params[:page]
25 25 @paginated = true
26 26 end
27 27 @hidden_columns = ['hashed_password', 'salt', 'created_at', 'updated_at']
28 28 @contests = Contest.enabled
29 29 end
30 30
31 31 def active
32 32 sessions = ActiveRecord::SessionStore::Session.where("updated_at >= ?", 60.minutes.ago)
33 33 @users = []
34 34 sessions.each do |session|
35 35 if session.data[:user_id]
36 36 @users << User.find(session.data[:user_id])
37 37 end
38 38 end
39 39 end
40 40
41 41 def show
42 42 @user = User.find(params[:id])
43 43 end
44 44
45 45 def new
46 46 @user = User.new
47 47 end
48 48
49 49 def create
50 - @user = User.new(params[:user])
50 + @user = User.new(user_params)
51 51 @user.activated = true
52 52 if @user.save
53 53 flash[:notice] = 'User was successfully created.'
54 54 redirect_to :action => 'index'
55 55 else
56 56 render :action => 'new'
57 57 end
58 58 end
59 59
60 60 def clear_last_ip
61 61 @user = User.find(params[:id])
62 62 @user.last_ip = nil
63 63 @user.save
64 64 redirect_to action: 'index', page: params[:page]
65 65 end
66 66
67 67 def create_from_list
68 68 lines = params[:user_list]
69 69
70 70 note = []
71 71
72 72 lines.split("\n").each do |line|
73 73 items = line.chomp.split(',')
74 74 if items.length>=2
75 75 login = items[0]
76 76 full_name = items[1]
77 77 remark =''
78 78 user_alias = ''
79 79
80 80 added_random_password = false
81 81 if items.length >= 3 and items[2].chomp(" ").length > 0;
82 82 password = items[2].chomp(" ")
83 83 else
84 84 password = random_password
85 85 add_random_password=true;
86 86 end
87 87
88 88 if items.length>= 4 and items[3].chomp(" ").length > 0;
89 89 user_alias = items[3].chomp(" ")
90 90 else
91 91 user_alias = login
92 92 end
93 93
94 94 if items.length>=5
95 95 remark = items[4].strip;
96 96 end
97 97
98 98 user = User.find_by_login(login)
99 99 if (user)
100 100 user.full_name = full_name
101 101 user.password = password
102 102 user.remark = remark
103 103 else
104 104 user = User.new({:login => login,
105 105 :full_name => full_name,
106 106 :password => password,
107 107 :password_confirmation => password,
108 108 :alias => user_alias,
109 109 :remark => remark})
110 110 end
111 111 user.activated = true
112 112 user.save
113 113
114 114 if added_random_password
115 115 note << "'#{login}' (+)"
116 116 else
117 117 note << login
118 118 end
119 119 end
120 120 end
121 121 flash[:success] = 'User(s) ' + note.join(', ') +
122 122 ' were successfully created. ' +
123 123 '( (+) - created with random passwords.)'
124 124 redirect_to :action => 'index'
125 125 end
126 126
127 127 def edit
128 128 @user = User.find(params[:id])
129 129 end
130 130
131 131 def update
132 132 @user = User.find(params[:id])
133 133 if @user.update_attributes(user_params)
134 134 flash[:notice] = 'User was successfully updated.'
135 135 redirect_to :action => 'show', :id => @user
136 136 else
137 137 render :action => 'edit'
138 138 end
139 139 end
140 140
141 141 def destroy
142 142 User.find(params[:id]).destroy
143 143 redirect_to :action => 'index'
144 144 end
145 145
146 146 def user_stat
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,214 +1,218
1 1 require 'net/smtp'
2 2
3 3 class UsersController < ApplicationController
4 4
5 5 include MailHelperMethods
6 6
7 7 before_filter :authenticate, :except => [:new,
8 8 :register,
9 9 :confirm,
10 10 :forget,
11 11 :retrieve_password]
12 12
13 13 before_filter :verify_online_registration, :only => [:new,
14 14 :register,
15 15 :forget,
16 16 :retrieve_password]
17 17 before_filter :authenticate, :profile_authorization, only: [:profile]
18 18
19 19 verify :method => :post, :only => [:chg_passwd],
20 20 :redirect_to => { :action => :index }
21 21
22 22 #in_place_edit_for :user, :alias_for_editing
23 23 #in_place_edit_for :user, :email_for_editing
24 24
25 25 def index
26 26 if !GraderConfiguration['system.user_setting_enabled']
27 27 redirect_to :controller => 'main', :action => 'list'
28 28 else
29 29 @user = User.find(session[:user_id])
30 30 end
31 31 end
32 32
33 33 def chg_passwd
34 34 user = User.find(session[:user_id])
35 35 user.password = params[:passwd]
36 36 user.password_confirmation = params[:passwd_verify]
37 37 if user.save
38 38 flash[:notice] = 'password changed'
39 39 else
40 40 flash[:notice] = 'Error: password changing failed'
41 41 end
42 42 redirect_to :action => 'index'
43 43 end
44 44
45 45 def new
46 46 @user = User.new
47 47 render :action => 'new', :layout => 'empty'
48 48 end
49 49
50 50 def register
51 51 if(params[:cancel])
52 52 redirect_to :controller => 'main', :action => 'login'
53 53 return
54 54 end
55 - @user = User.new(params[:user])
55 + @user = User.new(user_params)
56 56 @user.password_confirmation = @user.password = User.random_password
57 57 @user.activated = false
58 58 if (@user.valid?) and (@user.save)
59 59 if send_confirmation_email(@user)
60 60 render :action => 'new_splash', :layout => 'empty'
61 61 else
62 62 @admin_email = GraderConfiguration['system.admin_email']
63 63 render :action => 'email_error', :layout => 'empty'
64 64 end
65 65 else
66 66 @user.errors.add(:base,"Email cannot be blank") if @user.email==''
67 67 render :action => 'new', :layout => 'empty'
68 68 end
69 69 end
70 70
71 71 def confirm
72 72 login = params[:login]
73 73 key = params[:activation]
74 74 @user = User.find_by_login(login)
75 75 if (@user) and (@user.verify_activation_key(key))
76 76 if @user.valid? # check uniquenss of email
77 77 @user.activated = true
78 78 @user.save
79 79 @result = :successful
80 80 else
81 81 @result = :email_used
82 82 end
83 83 else
84 84 @result = :failed
85 85 end
86 86 render :action => 'confirm', :layout => 'empty'
87 87 end
88 88
89 89 def forget
90 90 render :action => 'forget', :layout => 'empty'
91 91 end
92 92
93 93 def retrieve_password
94 94 email = params[:email]
95 95 user = User.find_by_email(email)
96 96 if user
97 97 last_updated_time = user.updated_at || user.created_at || (Time.now.gmtime - 1.hour)
98 98 if last_updated_time > Time.now.gmtime - 5.minutes
99 99 flash[:notice] = 'The account has recently created or new password has recently been requested. Please wait for 5 minutes'
100 100 else
101 101 user.password = user.password_confirmation = User.random_password
102 102 user.save
103 103 send_new_password_email(user)
104 104 flash[:notice] = 'New password has been mailed to you.'
105 105 end
106 106 else
107 107 flash[:notice] = I18n.t 'registration.password_retrieval.no_email'
108 108 end
109 109 redirect_to :action => 'forget'
110 110 end
111 111
112 112 def stat
113 113 @user = User.find(params[:id])
114 114 @submission = Submission.includes(:problem).where(user_id: params[:id])
115 115
116 116 range = 120
117 117 @histogram = { data: Array.new(range,0), summary: {} }
118 118 @summary = {count: 0, solve: 0, attempt: 0}
119 119 problem = Hash.new(0)
120 120
121 121 @submission.find_each do |sub|
122 122 #histogram
123 123 d = (DateTime.now.in_time_zone - sub.submitted_at) / 24 / 60 / 60
124 124 @histogram[:data][d.to_i] += 1 if d < range
125 125
126 126 @summary[:count] += 1
127 127 next unless sub.problem
128 128 problem[sub.problem] = [problem[sub.problem], ( (sub.try(:points) || 0) >= sub.problem.full_score) ? 1 : 0].max
129 129 end
130 130
131 131 @histogram[:summary][:max] = [@histogram[:data].max,1].max
132 132 @summary[:attempt] = problem.count
133 133 problem.each_value { |v| @summary[:solve] += 1 if v == 1 }
134 134 end
135 135
136 136 def toggle_activate
137 137 @user = User.find(params[:id])
138 138 @user.update_attributes( activated: !@user.activated? )
139 139 respond_to do |format|
140 140 format.js { render partial: 'toggle_button',
141 141 locals: {button_id: "#toggle_activate_user_#{@user.id}",button_on: @user.activated? } }
142 142 end
143 143 end
144 144
145 145 def toggle_enable
146 146 @user = User.find(params[:id])
147 147 @user.update_attributes( enabled: !@user.enabled? )
148 148 respond_to do |format|
149 149 format.js { render partial: 'toggle_button',
150 150 locals: {button_id: "#toggle_enable_user_#{@user.id}",button_on: @user.enabled? } }
151 151 end
152 152 end
153 153
154 154 protected
155 155
156 156 def verify_online_registration
157 157 if !GraderConfiguration['system.online_registration']
158 158 redirect_to :controller => 'main', :action => 'login'
159 159 end
160 160 end
161 161
162 162 def send_confirmation_email(user)
163 163 contest_name = GraderConfiguration['contest.name']
164 164 activation_url = url_for(:action => 'confirm',
165 165 :login => user.login,
166 166 :activation => user.activation_key)
167 167 home_url = url_for(:controller => 'main', :action => 'index')
168 168 mail_subject = "[#{contest_name}] Confirmation"
169 169 mail_body = t('registration.email_body', {
170 170 :full_name => user.full_name,
171 171 :contest_name => contest_name,
172 172 :login => user.login,
173 173 :password => user.password,
174 174 :activation_url => activation_url,
175 175 :admin_email => GraderConfiguration['system.admin_email']
176 176 })
177 177
178 178 logger.info mail_body
179 179
180 180 send_mail(user.email, mail_subject, mail_body)
181 181 end
182 182
183 183 def send_new_password_email(user)
184 184 contest_name = GraderConfiguration['contest.name']
185 185 mail_subject = "[#{contest_name}] Password recovery"
186 186 mail_body = t('registration.password_retrieval.email_body', {
187 187 :full_name => user.full_name,
188 188 :contest_name => contest_name,
189 189 :login => user.login,
190 190 :password => user.password,
191 191 :admin_email => GraderConfiguration['system.admin_email']
192 192 })
193 193
194 194 logger.info mail_body
195 195
196 196 send_mail(user.email, mail_subject, mail_body)
197 197 end
198 198
199 199 # allow viewing of regular user profile only when options allow so
200 200 # only admins can view admins profile
201 201 def profile_authorization
202 202 #if view admins' profile, allow only admin
203 203 return false unless(params[:id])
204 204 user = User.find(params[:id])
205 205 return false unless user
206 206 return admin_authorization if user.admin?
207 207 return true if GraderConfiguration["right.user_view_submission"]
208 208
209 209 #finally, we allow only admin
210 210 admin_authorization
211 211 end
212 -
212 +
213 + private
214 + def user_params
215 + params.require(:user).permit(:login, :full_name, :email)
216 + end
213 217
214 218 end
You need to be logged in to leave comments. Login now