cafe-grader-web

Commit r617:f062e467ef5c public

parent | child
Description:
switch to strong parameter for mass update (have not finished the problem controller yet)
Commit status:
[Not Reviewed]
References:
toRails40
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r617:f062e467ef5c - - 10 files changed: 42 inserted, 63 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -57,25 +57,25
57 format.html { render :action => "new" }
57 format.html { render :action => "new" }
58 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
58 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
59 end
59 end
60 end
60 end
61 end
61 end
62
62
63 # PUT /announcements/1
63 # PUT /announcements/1
64 # PUT /announcements/1.xml
64 # PUT /announcements/1.xml
65 def update
65 def update
66 @announcement = Announcement.find(params[:id])
66 @announcement = Announcement.find(params[:id])
67
67
68 respond_to do |format|
68 respond_to do |format|
69 - if @announcement.update_attributes(params[:announcement])
69 + if @announcement.update_attributes(announcement_params)
70 flash[:notice] = 'Announcement was successfully updated.'
70 flash[:notice] = 'Announcement was successfully updated.'
71 format.html { redirect_to(@announcement) }
71 format.html { redirect_to(@announcement) }
72 format.js {}
72 format.js {}
73 format.xml { head :ok }
73 format.xml { head :ok }
74 else
74 else
75 format.html { render :action => "edit" }
75 format.html { render :action => "edit" }
76 format.js {}
76 format.js {}
77 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
77 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
78 end
78 end
79 end
79 end
80 end
80 end
81
81
@@ -99,13 +99,19
99
99
100 # DELETE /announcements/1
100 # DELETE /announcements/1
101 # DELETE /announcements/1.xml
101 # DELETE /announcements/1.xml
102 def destroy
102 def destroy
103 @announcement = Announcement.find(params[:id])
103 @announcement = Announcement.find(params[:id])
104 @announcement.destroy
104 @announcement.destroy
105
105
106 respond_to do |format|
106 respond_to do |format|
107 format.html { redirect_to(announcements_url) }
107 format.html { redirect_to(announcements_url) }
108 format.xml { head :ok }
108 format.xml { head :ok }
109 end
109 end
110 end
110 end
111 +
112 + private
113 +
114 + def announcement_params
115 + params.require(:announcement).permit(:author, :body, :published, :frontpage, :contest_only,:title, :note)
116 + end
111 end
117 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -10,21 +10,26
10 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
10 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
11 end
11 end
12
12
13 def reload
13 def reload
14 GraderConfiguration.reload
14 GraderConfiguration.reload
15 redirect_to :action => 'index'
15 redirect_to :action => 'index'
16 end
16 end
17
17
18 def update
18 def update
19 @config = GraderConfiguration.find(params[:id])
19 @config = GraderConfiguration.find(params[:id])
20 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
20 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
21 respond_to do |format|
21 respond_to do |format|
22 - if @config.update_attributes(params[:grader_configuration])
22 + if @config.update_attributes(configuration_params)
23 format.json { head :ok }
23 format.json { head :ok }
24 else
24 else
25 format.json { respond_with_bip(@config) }
25 format.json { respond_with_bip(@config) }
26 end
26 end
27 end
27 end
28 end
28 end
29
29
30 + private
31 + def configuration_params
32 + params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
33 + end
34 +
30 end
35 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -57,36 +57,42
57 format.html { render :action => "new" }
57 format.html { render :action => "new" }
58 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
58 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
59 end
59 end
60 end
60 end
61 end
61 end
62
62
63 # PUT /contests/1
63 # PUT /contests/1
64 # PUT /contests/1.xml
64 # PUT /contests/1.xml
65 def update
65 def update
66 @contest = Contest.find(params[:id])
66 @contest = Contest.find(params[:id])
67
67
68 respond_to do |format|
68 respond_to do |format|
69 - if @contest.update_attributes(params[:contest])
69 + if @contest.update_attributes(contests_params)
70 flash[:notice] = 'Contest was successfully updated.'
70 flash[:notice] = 'Contest was successfully updated.'
71 format.html { redirect_to(@contest) }
71 format.html { redirect_to(@contest) }
72 format.xml { head :ok }
72 format.xml { head :ok }
73 else
73 else
74 format.html { render :action => "edit" }
74 format.html { render :action => "edit" }
75 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
75 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
76 end
76 end
77 end
77 end
78 end
78 end
79
79
80 # DELETE /contests/1
80 # DELETE /contests/1
81 # DELETE /contests/1.xml
81 # DELETE /contests/1.xml
82 def destroy
82 def destroy
83 @contest = Contest.find(params[:id])
83 @contest = Contest.find(params[:id])
84 @contest.destroy
84 @contest.destroy
85
85
86 respond_to do |format|
86 respond_to do |format|
87 format.html { redirect_to(contests_url) }
87 format.html { redirect_to(contests_url) }
88 format.xml { head :ok }
88 format.xml { head :ok }
89 end
89 end
90 end
90 end
91
91
92 + private
93 +
94 + def contests_params
95 + params.require(:contest).permit(:title,:enabled,:name)
96 + end
97 +
92 end
98 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -50,13 +50,18
50 redirect_to :controller => 'site', :action => 'login' and return
50 redirect_to :controller => 'site', :action => 'login' and return
51 end
51 end
52 begin
52 begin
53 @site = Site.find(session[:site_id], :include => :country)
53 @site = Site.find(session[:site_id], :include => :country)
54 rescue ActiveRecord::RecordNotFound
54 rescue ActiveRecord::RecordNotFound
55 @site = nil
55 @site = nil
56 end
56 end
57 if @site==nil
57 if @site==nil
58 redirect_to :controller => 'site', :action => 'login' and return
58 redirect_to :controller => 'site', :action => 'login' and return
59 end
59 end
60 end
60 end
61
61
62 + private
63 + def site_params
64 + params.require(:site).permit()
65 + end
66 +
62 end
67 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -56,36 +56,42
56 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
56 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
57 end
57 end
58 end
58 end
59 end
59 end
60
60
61 # PUT /sites/1
61 # PUT /sites/1
62 # PUT /sites/1.xml
62 # PUT /sites/1.xml
63 def update
63 def update
64 @site = Site.find(params[:id])
64 @site = Site.find(params[:id])
65 @site.clear_start_time_if_not_started
65 @site.clear_start_time_if_not_started
66
66
67 respond_to do |format|
67 respond_to do |format|
68 - if @site.update_attributes(params[:site])
68 + if @site.update_attributes(site_params)
69 flash[:notice] = 'Site was successfully updated.'
69 flash[:notice] = 'Site was successfully updated.'
70 format.html { redirect_to(@site) }
70 format.html { redirect_to(@site) }
71 format.xml { head :ok }
71 format.xml { head :ok }
72 else
72 else
73 format.html { render :action => "edit" }
73 format.html { render :action => "edit" }
74 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
74 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
75 end
75 end
76 end
76 end
77 end
77 end
78
78
79 # DELETE /sites/1
79 # DELETE /sites/1
80 # DELETE /sites/1.xml
80 # DELETE /sites/1.xml
81 def destroy
81 def destroy
82 @site = Site.find(params[:id])
82 @site = Site.find(params[:id])
83 @site.destroy
83 @site.destroy
84
84
85 respond_to do |format|
85 respond_to do |format|
86 format.html { redirect_to(sites_url) }
86 format.html { redirect_to(sites_url) }
87 format.xml { head :ok }
87 format.xml { head :ok }
88 end
88 end
89 end
89 end
90
90
91 + private
92 +
93 + def site_params
94 + params.require(:site).permit(:name,:started,:start_time,:country_id,:password)
95 + end
96 +
91 end
97 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -51,87 +51,33
51
51
52 def get_latest_submission_status
52 def get_latest_submission_status
53 @problem = Problem.find(params[:pid])
53 @problem = Problem.find(params[:pid])
54 @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
54 @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
55 puts User.find(params[:uid]).login
55 puts User.find(params[:uid]).login
56 puts Problem.find(params[:pid]).name
56 puts Problem.find(params[:pid]).name
57 puts 'nil' unless @submission
57 puts 'nil' unless @submission
58 respond_to do |format|
58 respond_to do |format|
59 format.js
59 format.js
60 end
60 end
61 end
61 end
62
62
63 - # # GET /submissions/new
64 - # # GET /submissions/new.json
65 - # def new
66 - # @submission = Submission.new
67 - #
68 - # respond_to do |format|
69 - # format.html # new.html.erb
70 - # format.json { render json: @submission }
71 - # end
72 - # end
73 - #
74 - #
75 - # # POST /submissions
76 - # # POST /submissions.json
77 - # def create
78 - # @submission = Submission.new(params[:submission])
79 - #
80 - # respond_to do |format|
81 - # if @submission.save
82 - # format.html { redirect_to @submission, notice: 'Submission was successfully created.' }
83 - # format.json { render json: @submission, status: :created, location: @submission }
84 - # else
85 - # format.html { render action: "new" }
86 - # format.json { render json: @submission.errors, status: :unprocessable_entity }
87 - # end
88 - # end
89 - # end
90 - #
91 - # # PUT /submissions/1
92 - # # PUT /submissions/1.json
93 - # def update
94 - # @submission = Submission.find(params[:id])
95 - #
96 - # respond_to do |format|
97 - # if @submission.update_attributes(params[:submission])
98 - # format.html { redirect_to @submission, notice: 'Submission was successfully updated.' }
99 - # format.json { head :no_content }
100 - # else
101 - # format.html { render action: "edit" }
102 - # format.json { render json: @submission.errors, status: :unprocessable_entity }
103 - # end
104 - # end
105 - # end
106 - #
107 - # # DELETE /submissions/1
108 - # # DELETE /submissions/1.json
109 - # def destroy
110 - # @submission = Submission.find(params[:id])
111 - # @submission.destroy
112 - #
113 - # respond_to do |format|
114 - # format.html { redirect_to submissions_url }
115 - # format.json { head :no_content }
116 - # end
117 - # end
118
63
119 protected
64 protected
120 def submission_authorization
65 def submission_authorization
121 #admin always has privileged
66 #admin always has privileged
122 if @current_user.admin?
67 if @current_user.admin?
123 return true
68 return true
124 end
69 end
125
70
126 sub = Submission.find(params[:id])
71 sub = Submission.find(params[:id])
127 if sub.problem.available?
72 if sub.problem.available?
128 puts "sub = #{sub.user.id}, current = #{@current_user.id}"
73 puts "sub = #{sub.user.id}, current = #{@current_user.id}"
129 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
74 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
130 end
75 end
131
76
132 #default to NO
77 #default to NO
133 unauthorized_redirect
78 unauthorized_redirect
134 return false
79 return false
135 end
80 end
81 +
136
82
137 end
83 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -109,25 +109,25
109 flash[:notice] = 'User(s) ' + note.join(', ') +
109 flash[:notice] = 'User(s) ' + note.join(', ') +
110 ' were successfully created. ' +
110 ' were successfully created. ' +
111 '( (+) - created with random passwords.)'
111 '( (+) - created with random passwords.)'
112 redirect_to :action => 'index'
112 redirect_to :action => 'index'
113 end
113 end
114
114
115 def edit
115 def edit
116 @user = User.find(params[:id])
116 @user = User.find(params[:id])
117 end
117 end
118
118
119 def update
119 def update
120 @user = User.find(params[:id])
120 @user = User.find(params[:id])
121 - if @user.update_attributes(params[:user])
121 + if @user.update_attributes(user_params)
122 flash[:notice] = 'User was successfully updated.'
122 flash[:notice] = 'User was successfully updated.'
123 redirect_to :action => 'show', :id => @user
123 redirect_to :action => 'show', :id => @user
124 else
124 else
125 render :action => 'edit'
125 render :action => 'edit'
126 end
126 end
127 end
127 end
128
128
129 def destroy
129 def destroy
130 User.find(params[:id]).destroy
130 User.find(params[:id]).destroy
131 redirect_to :action => 'index'
131 redirect_to :action => 'index'
132 end
132 end
133
133
@@ -526,13 +526,18
526 else
526 else
527 row << sc[i][0]
527 row << sc[i][0]
528 total += sc[i][0]
528 total += sc[i][0]
529 num_passed += 1 if sc[i][1]
529 num_passed += 1 if sc[i][1]
530 end
530 end
531 end
531 end
532 row << total
532 row << total
533 row << num_passed
533 row << num_passed
534 csv << row
534 csv << row
535 end
535 end
536 end
536 end
537 end
537 end
538 +
539 + private
540 + def user_params
541 + params.require(:user).permit(:login,:full_name,:hashed_password,:salt,:alias,:email,:site_id,:country_id,:activated,:enabled,:remark,:last_ip,:section)
542 + end
538 end
543 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -22,25 +22,25
22
22
23 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
23 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
24
24
25 belongs_to :site
25 belongs_to :site
26 belongs_to :country
26 belongs_to :country
27
27
28 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
28 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
29
29
30 scope :activated_users, :conditions => {:activated => true}
30 scope :activated_users, :conditions => {:activated => true}
31
31
32 validates_presence_of :login
32 validates_presence_of :login
33 validates_uniqueness_of :login
33 validates_uniqueness_of :login
34 - validates_format_of :login, :with => /^[\_A-Za-z0-9]+$/
34 + validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
35 validates_length_of :login, :within => 3..30
35 validates_length_of :login, :within => 3..30
36
36
37 validates_presence_of :full_name
37 validates_presence_of :full_name
38 validates_length_of :full_name, :minimum => 1
38 validates_length_of :full_name, :minimum => 1
39
39
40 validates_presence_of :password, :if => :password_required?
40 validates_presence_of :password, :if => :password_required?
41 validates_length_of :password, :within => 4..20, :if => :password_required?
41 validates_length_of :password, :within => 4..20, :if => :password_required?
42 validates_confirmation_of :password, :if => :password_required?
42 validates_confirmation_of :password, :if => :password_required?
43
43
44 validates_format_of :email,
44 validates_format_of :email,
45 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
45 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
46 :if => :email_validation?
46 :if => :email_validation?
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -14,25 +14,25
14 config.action_controller.perform_caching = false
14 config.action_controller.perform_caching = false
15
15
16 # Don't care if the mailer can't send
16 # Don't care if the mailer can't send
17 config.action_mailer.raise_delivery_errors = false
17 config.action_mailer.raise_delivery_errors = false
18
18
19 # Print deprecation notices to the Rails logger
19 # Print deprecation notices to the Rails logger
20 config.active_support.deprecation = :log
20 config.active_support.deprecation = :log
21
21
22 # Only use best-standards-support built into browsers
22 # Only use best-standards-support built into browsers
23 config.action_dispatch.best_standards_support = :builtin
23 config.action_dispatch.best_standards_support = :builtin
24
24
25 # Raise exception on mass assignment protection for Active Record models
25 # Raise exception on mass assignment protection for Active Record models
26 - config.active_record.mass_assignment_sanitizer = :strict
26 + # config.active_record.mass_assignment_sanitizer = :strict //DEPRICATED
27
27
28 # Log the query plan for queries taking more than this (works // DEPRICATED
28 # Log the query plan for queries taking more than this (works // DEPRICATED
29 # with SQLite, MySQL, and PostgreSQL) // DEPRICATED
29 # with SQLite, MySQL, and PostgreSQL) // DEPRICATED
30 # config.active_record.auto_explain_threshold_in_seconds = 0.5 // DEPRICATED
30 # config.active_record.auto_explain_threshold_in_seconds = 0.5 // DEPRICATED
31
31
32 # Do not compress assets
32 # Do not compress assets
33 config.assets.compress = false
33 config.assets.compress = false
34
34
35 # Expands the lines which load the assets
35 # Expands the lines which load the assets
36 config.assets.debug = true
36 config.assets.debug = true
37
37
38 # Prevents assets from rendering twice
38 # Prevents assets from rendering twice
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -21,19 +21,19
21 # Raise exceptions instead of rendering exception templates
21 # Raise exceptions instead of rendering exception templates
22 config.action_dispatch.show_exceptions = false
22 config.action_dispatch.show_exceptions = false
23
23
24 # Disable request forgery protection in test environment
24 # Disable request forgery protection in test environment
25 config.action_controller.allow_forgery_protection = false
25 config.action_controller.allow_forgery_protection = false
26
26
27 # Tell Action Mailer not to deliver emails to the real world.
27 # Tell Action Mailer not to deliver emails to the real world.
28 # The :test delivery method accumulates sent emails in the
28 # The :test delivery method accumulates sent emails in the
29 # ActionMailer::Base.deliveries array.
29 # ActionMailer::Base.deliveries array.
30 config.action_mailer.delivery_method = :test
30 config.action_mailer.delivery_method = :test
31
31
32 # Raise exception on mass assignment protection for Active Record models
32 # Raise exception on mass assignment protection for Active Record models
33 - config.active_record.mass_assignment_sanitizer = :strict
33 + #config.active_record.mass_assignment_sanitizer = :strict // DEPRICATED
34
34
35 # Print deprecation notices to the stderr
35 # Print deprecation notices to the stderr
36 config.active_support.deprecation = :stderr
36 config.active_support.deprecation = :stderr
37
37
38 config.eager_load = false
38 config.eager_load = false
39 end
39 end
You need to be logged in to leave comments. Login now