cafe-grader-web Commit - r617:f062e467ef5c

cafe-grader-web

Commit `r617:f062e467ef5c` public

parent | child

Description:

switch to strong parameter for mass update (have not finished the problem controller yet)

Commit status:

[Not Reviewed]

References:

toRails40

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

app/controllers/announcements_controller.rb ¶ +7 -1

               class AnnouncementsController < ApplicationController
                 before_filter :admin_authorization
                 in_place_edit_for :announcement, :published
                 # GET /announcements
                 # GET /announcements.xml
                 def index
                   @announcements = Announcement.find(:all,
                                                      :order => "created_at DESC")
                   respond_to do |format|
                     format.html # index.html.erb
                     format.xml  { render :xml => @announcements }
                   end
                 end
                 # GET /announcements/1
                 # GET /announcements/1.xml
                 def show
                   @announcement = Announcement.find(params[:id])
                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @announcement }
                   end
                 end
                 # GET /announcements/new
                 # GET /announcements/new.xml
                 def new
                   @announcement = Announcement.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @announcement }
                   end
                 end
                 # GET /announcements/1/edit
                 def edit
                   @announcement = Announcement.find(params[:id])
                 end
                 # POST /announcements
                 # POST /announcements.xml
                 def create
                   @announcement = Announcement.new(params[:announcement])
                   respond_to do |format|
                     if @announcement.save
                       flash[:notice] = 'Announcement was successfully created.'
                       format.html { redirect_to(@announcement) }
                       format.xml  { render :xml => @announcement, :status => :created, :location => @announcement }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @announcement.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /announcements/1
                 # PUT /announcements/1.xml
                 def update
                   @announcement = Announcement.find(params[:id])
                   respond_to do |format|
-            -       if @announcement.update_attributes(params[:announcement])
+            +       if @announcement.update_attributes(announcement_params)
                       flash[:notice] = 'Announcement was successfully updated.'
                       format.html { redirect_to(@announcement) }
                       format.js   {}
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.js   {}
                       format.xml  { render :xml => @announcement.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 def toggle
                   @announcement = Announcement.find(params[:id])
                   @announcement.update_attributes( published:  !@announcement.published? )
                   respond_to do |format|
                     format.js { render partial: 'toggle_button',
                                 locals: {button_id: "#announcement_toggle_#{@announcement.id}",button_on: @announcement.published? } }
                   end
                 end
                 def toggle_front
                   @announcement = Announcement.find(params[:id])
                   @announcement.update_attributes( frontpage:  !@announcement.frontpage? )
                   respond_to do |format|
                     format.js { render partial: 'toggle_button',
                                 locals: {button_id: "#announcement_toggle_front_#{@announcement.id}",button_on: @announcement.frontpage? } }
                   end
                 end
                 # DELETE /announcements/1
                 # DELETE /announcements/1.xml
                 def destroy
                   @announcement = Announcement.find(params[:id])
                   @announcement.destroy
                   respond_to do |format|
                     format.html { redirect_to(announcements_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +
+            +   private
+            +
+            +     def announcement_params
+            +       params.require(:announcement).permit(:author, :body, :published, :frontpage, :contest_only,:title, :note)
                   end
+            + end

app/controllers/configurations_controller.rb ¶ +6 -1

               class ConfigurationsController < ApplicationController
                 before_filter :authenticate
                 before_filter { |controller| controller.authorization_by_roles(['admin'])}
                 def index
                   @configurations = GraderConfiguration.find(:all,
                                                        :order => '`key`')
                   @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
                 end
                 def reload
                   GraderConfiguration.reload
                   redirect_to :action => 'index'
                 end
                 def update
                   @config = GraderConfiguration.find(params[:id])
                   User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
                   respond_to do |format|
-            -       if @config.update_attributes(params[:grader_configuration])
+            +       if @config.update_attributes(configuration_params)
                       format.json { head :ok }
                     else
                       format.json { respond_with_bip(@config) }
                     end
                   end
                 end
+            + private
+            +   def configuration_params
+            +     params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
                 end
+            +
+            + end

app/controllers/contests_controller.rb ¶ +7 -1

               class ContestsController < ApplicationController
                 before_filter :admin_authorization
                 in_place_edit_for :contest, :title
                 in_place_edit_for :contest, :enabled
                 # GET /contests
                 # GET /contests.xml
                 def index
                   @contests = Contest.all
                   respond_to do |format|
                     format.html # index.html.erb
                     format.xml  { render :xml => @contests }
                   end
                 end
                 # GET /contests/1
                 # GET /contests/1.xml
                 def show
                   @contest = Contest.find(params[:id])
                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @contest }
                   end
                 end
                 # GET /contests/new
                 # GET /contests/new.xml
                 def new
                   @contest = Contest.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @contest }
                   end
                 end
                 # GET /contests/1/edit
                 def edit
                   @contest = Contest.find(params[:id])
                 end
                 # POST /contests
                 # POST /contests.xml
                 def create
                   @contest = Contest.new(params[:contest])
                   respond_to do |format|
                     if @contest.save
                       flash[:notice] = 'Contest was successfully created.'
                       format.html { redirect_to(@contest) }
                       format.xml  { render :xml => @contest, :status => :created, :location => @contest }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @contest.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /contests/1
                 # PUT /contests/1.xml
                 def update
                   @contest = Contest.find(params[:id])
                   respond_to do |format|
-            -       if @contest.update_attributes(params[:contest])
+            +       if @contest.update_attributes(contests_params)
                       flash[:notice] = 'Contest was successfully updated.'
                       format.html { redirect_to(@contest) }
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.xml  { render :xml => @contest.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # DELETE /contests/1
                 # DELETE /contests/1.xml
                 def destroy
                   @contest = Contest.find(params[:id])
                   @contest.destroy
                   respond_to do |format|
                     format.html { redirect_to(contests_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +   private
+            +
+            +     def contests_params
+            +       params.require(:contest).permit(:title,:enabled,:name)
                   end
+            +
+            + end

app/controllers/site_controller.rb ¶ +5

               class SiteController < ApplicationController
                 before_filter :site_admin_authorization, :except => 'login'
                 def login
                   # Site administrator login
                   @countries = Country.find(:all, :include => :sites)
                   @country_select = @countries.collect { |c| [c.name, c.id] }
                   @country_select_with_all = [['Any',0]]
                   @countries.each do |country|
                     @country_select_with_all << [country.name, country.id]
                   end
                   @site_select = []
                   @countries.each do |country|
                     country.sites.each do |site|
                       @site_select << ["#{site.name}, #{country.name}", site.id]
                     end
                   end
                   @default_site = Site.first if !GraderConfiguration['contest.multisites']
                   render :action => 'login', :layout => 'empty'
                 end
                 def index
                   if @site.started
                     render :action => 'started', :layout => 'empty'
                   else
                     render :action => 'prompt', :layout => 'empty'
                   end
                 end
                 def start
                   @site.started = true
                   @site.start_time = Time.new.gmtime
                   @site.save
                   redirect_to :action => 'index'
                 end
                 def logout
                   reset_session
                   redirect_to :controller => 'main', :action => 'login'
                 end
                 protected
                 def site_admin_authorization
                   if session[:site_id]==nil
                     redirect_to :controller => 'site', :action => 'login' and return
                   end
                   begin
                     @site = Site.find(session[:site_id], :include => :country)
                   rescue ActiveRecord::RecordNotFound
                     @site = nil
                   end
                   if @site==nil
                     redirect_to :controller => 'site', :action => 'login' and return
                   end
                 end
+            +   private
+            +     def site_params
+            +       params.require(:site).permit()
                   end
+            +
+            + end

app/controllers/sites_controller.rb ¶ +7 -1

               class SitesController < ApplicationController
                 before_filter :admin_authorization
                 # GET /sites
                 # GET /sites.xml
                 def index
                   @sites = Site.find(:all, :order => 'country_id')
                   respond_to do |format|
                     format.html # index.html.erb
                     format.xml  { render :xml => @sites }
                   end
                 end
                 # GET /sites/1
                 # GET /sites/1.xml
                 def show
                   @site = Site.find(params[:id])
                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @site }
                   end
                 end
                 # GET /sites/new
                 # GET /sites/new.xml
                 def new
                   @site = Site.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @site }
                   end
                 end
                 # GET /sites/1/edit
                 def edit
                   @site = Site.find(params[:id])
                 end
                 # POST /sites
                 # POST /sites.xml
                 def create
                   @site = Site.new(params[:site])
                   @site.clear_start_time_if_not_started
                   respond_to do |format|
                     if @site.save
                       flash[:notice] = 'Site was successfully created.'
                       format.html { redirect_to(@site) }
                       format.xml  { render :xml => @site, :status => :created, :location => @site }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @site.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /sites/1
                 # PUT /sites/1.xml
                 def update
                   @site = Site.find(params[:id])
                   @site.clear_start_time_if_not_started
                   respond_to do |format|
-            -       if @site.update_attributes(params[:site])
+            +       if @site.update_attributes(site_params)
                       flash[:notice] = 'Site was successfully updated.'
                       format.html { redirect_to(@site) }
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.xml  { render :xml => @site.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # DELETE /sites/1
                 # DELETE /sites/1.xml
                 def destroy
                   @site = Site.find(params[:id])
                   @site.destroy
                   respond_to do |format|
                     format.html { redirect_to(sites_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +   private
+            +
+            +     def site_params
+            +       params.require(:site).permit(:name,:started,:start_time,:country_id,:password)
                   end
+            +
+            + end

app/controllers/submissions_controller.rb ¶ +1 -55

               class SubmissionsController < ApplicationController
                 before_filter :authenticate
                 before_filter :submission_authorization, only: [:show, :direct_edit_submission]
                 # GET /submissions
                 # GET /submissions.json
                 # Show problem selection and user's submission of that problem
                 def index
                   @user = @current_user
                   @problems = @user.available_problems
                   if params[:problem_id]==nil
                     @problem = nil
                     @submissions = nil
                   else
                     @problem = Problem.find_by_id(params[:problem_id])
                     if (@problem == nil) or (not @problem.available)
                       redirect_to main_list_path
                       flash[:notice] = 'Error: submissions for that problem are not viewable.'
                       return
                     end
                     @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id)
                   end
                 end
                 # GET /submissions/1
                 # GET /submissions/1.json
                 def show
                   @submission = Submission.find(params[:id])
                   #log the viewing
                   user = User.find(session[:user_id])
                   SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
                 end
                 #on-site new submission on specific problem
                 def direct_edit_problem
                   @problem = Problem.find(params[:problem_id])
                   @source = ''
                   render 'edit'
                 end
                 # GET /submissions/1/edit
                 def edit
                   @submission = Submission.find(params[:id])
                   @source = @submission.source.to_s
                   @problem = @submission.problem
                   @lang_id = @submission.language.id
                 end
                 def get_latest_submission_status
                   @problem = Problem.find(params[:pid])
                   @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
                   puts User.find(params[:uid]).login
                   puts Problem.find(params[:pid]).name
                   puts 'nil' unless @submission
                   respond_to do |format|
                     format.js
                   end
                 end
-            - #  # GET /submissions/new
-            - #  # GET /submissions/new.json
-            - #  def new
-            - #    @submission = Submission.new
-            - #
-            - #    respond_to do |format|
-            - #      format.html # new.html.erb
-            - #      format.json { render json: @submission }
-            - #    end
-            - #  end
-            - #
-            - #
-            - #  # POST /submissions
-            - #  # POST /submissions.json
-            - #  def create
-            - #    @submission = Submission.new(params[:submission])
-            - #
-            - #    respond_to do |format|
-            - #      if @submission.save
-            - #        format.html { redirect_to @submission, notice: 'Submission was successfully created.' }
-            - #        format.json { render json: @submission, status: :created, location: @submission }
-            - #      else
-            - #        format.html { render action: "new" }
-            - #        format.json { render json: @submission.errors, status: :unprocessable_entity }
-            - #      end
-            - #    end
-            - #  end
-            - #
-            - #  # PUT /submissions/1
-            - #  # PUT /submissions/1.json
-            - #  def update
-            - #    @submission = Submission.find(params[:id])
-            - #
-            - #    respond_to do |format|
-            - #      if @submission.update_attributes(params[:submission])
-            - #        format.html { redirect_to @submission, notice: 'Submission was successfully updated.' }
-            - #        format.json { head :no_content }
-            - #      else
-            - #        format.html { render action: "edit" }
-            - #        format.json { render json: @submission.errors, status: :unprocessable_entity }
-            - #      end
-            - #    end
-            - #  end
-            - #
-            - #  # DELETE /submissions/1
-            - #  # DELETE /submissions/1.json
-            - #  def destroy
-            - #    @submission = Submission.find(params[:id])
-            - #    @submission.destroy
-            - #
-            - #    respond_to do |format|
-            - #      format.html { redirect_to submissions_url }
-            - #      format.json { head :no_content }
-            - #    end
-            - #  end
               protected
                 def submission_authorization
                   #admin always has privileged
                   if @current_user.admin?
                     return true
                   end
                   sub = Submission.find(params[:id])
                   if sub.problem.available?
                     puts "sub = #{sub.user.id}, current = #{@current_user.id}"
                     return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
                   end
                   #default to NO
                   unauthorized_redirect
                   return false
                 end
+            +
               end

app/controllers/user_admin_controller.rb ¶ +6 -1

               require 'csv'
               class UserAdminController < ApplicationController
                 include MailHelperMethods
                 before_filter :admin_authorization
                 # GETs should be safe (see http://www.w3.org/2001/tag/doc/whenToUseGet.html)
                 verify :method => :post, :only => [
                                                     :create, :create_from_list,
                                                     :update,
                                                     :manage_contest,
                                                     :bulk_mail
                                                   ],
                        :redirect_to => { :action => :list }
                 def index
                   @user_count = User.count
                   if params[:page] == 'all'
                     @users = User.all
                     @paginated = false
                   else
                     @users = User.paginate :page => params[:page]
                     @paginated = true
                   end
                   @hidden_columns = ['hashed_password', 'salt', 'created_at', 'updated_at']
                   @contests = Contest.enabled
                 end
                 def active
                   sessions = ActiveRecord::SessionStore::Session.find(:all, :conditions => ["updated_at >= ?", 60.minutes.ago])
                   @users = []
                   sessions.each do |session|
                     if session.data[:user_id]
                       @users << User.find(session.data[:user_id])
                     end
                   end
                 end
                 def show
                   @user = User.find(params[:id])
                 end
                 def new
                   @user = User.new
                 end
                 def create
                   @user = User.new(params[:user])
                   @user.activated = true
                   if @user.save
                     flash[:notice] = 'User was successfully created.'
                     redirect_to :action => 'index'
                   else
                     render :action => 'new'
                   end
                 end
                 def clear_last_ip
                   @user = User.find(params[:id])
                   @user.last_ip = nil
                   @user.save
                   redirect_to action: 'index', page: params[:page]
                 end
                 def create_from_list
                   lines = params[:user_list]
                   note = []
                   lines.split("\n").each do |line|
                     items = line.chomp.split(',')
                     if items.length>=2
                       login = items[0]
                       full_name = items[1]
                       added_random_password = false
                       if items.length>=3
                         password = items[2].chomp(" ")
                         user_alias = (items.length>=4) ? items[3] : login
                       else
                         password = random_password
                         user_alias = (items.length>=4) ? items[3] : login
                         added_random_password = true
                       end
                       user = User.find_by_login(login)
                       if (user)
                         user.full_name = full_name
                         user.password = password
                       else
                         user = User.new({:login => login,
                                           :full_name => full_name,
                                           :password => password,
                                           :password_confirmation => password,
                                           :alias => user_alias})
                       end
                       user.activated = true
                       user.save
                       if added_random_password
                         note << "'#{login}' (+)"
                       else
                         note << login
                       end
                     end
                   end
                   flash[:notice] = 'User(s) ' + note.join(', ') +
                     ' were successfully created.  ' +
                     '( (+) - created with random passwords.)'
                   redirect_to :action => 'index'
                 end
                 def edit
                   @user = User.find(params[:id])
                 end
                 def update
                   @user = User.find(params[:id])
-            -     if @user.update_attributes(params[:user])
+            +     if @user.update_attributes(user_params)
                     flash[:notice] = 'User was successfully updated.'
                     redirect_to :action => 'show', :id => @user
                   else
                     render :action => 'edit'
                   end
                 end
                 def destroy
                   User.find(params[:id]).destroy
                   redirect_to :action => 'index'
                 end
                 def user_stat
                   if params[:commit] == 'download csv'
                     @problems = Problem.all
                   else
                     @problems = Problem.find_available_problems
                   end
                   @users = User.includes(:contests, :contest_stat).where(enabled: true) #find(:all, :include => [:contests, :contest_stat]).where(enabled: true)
                   @scorearray = Array.new
                   @users.each do |u|
                     ustat = Array.new
                     ustat[0] = u
                     @problems.each do |p|
                       sub = Submission.find_last_by_user_and_problem(u.id,p.id)
                       if (sub!=nil) and (sub.points!=nil) and p and p.full_score
                         ustat << [(sub.points.to_f*100/p.full_score).round, (sub.points>=p.full_score)]
                       else
                         ustat << [0,false]
                       end
                     end
                     @scorearray << ustat
                   end
                   if params[:commit] == 'download csv' then
                     csv = gen_csv_from_scorearray(@scorearray,@problems)
                     send_data csv, filename: 'last_score.csv'
                   else
                     render template: 'user_admin/user_stat'
                   end
                 end
                 def user_stat_max
                   if params[:commit] == 'download csv'
                     @problems = Problem.all
                   else
                     @problems = Problem.find_available_problems
                   end
                   @users = User.find(:all, :include => [:contests, :contest_stat])
                   @scorearray = Array.new
                   #set up range from param
                   since_id = params.fetch(:since_id, 0).to_i
                   until_id = params.fetch(:until_id, 0).to_i
                   @users.each do |u|
                     ustat = Array.new
                     ustat[0] = u
                     @problems.each do |p|
                       max_points = 0
                       Submission.find_in_range_by_user_and_problem(u.id,p.id,since_id,until_id).each do |sub|
                         max_points = sub.points if sub and sub.points and (sub.points > max_points)
                       end
                       ustat << [(max_points.to_f*100/p.full_score).round, (max_points>=p.full_score)]
                     end
                     @scorearray << ustat
                   end
                   if params[:commit] == 'download csv' then
                     csv = gen_csv_from_scorearray(@scorearray,@problems)
                     send_data csv, filename: 'max_score.csv'
                   else
                     render template: 'user_admin/user_stat'
                   end
                 end
                 def import
                   if params[:file]==''
                     flash[:notice] = 'Error importing no file'
                     redirect_to :action => 'index' and return
                   end
                   import_from_file(params[:file])
                 end
                 def random_all_passwords
                   users = User.find(:all)
                   @prefix = params[:prefix] || ''
                   @non_admin_users = User.find_non_admin_with_prefix(@prefix)
                   @changed = false
                   if request.request_method == 'POST'
                     @non_admin_users.each do |user|
                       password = random_password
                       user.password = password
                       user.password_confirmation = password
                       user.save
                     end
                     @changed = true
                   end
                 end
                 # contest management
                 def contests
                   @contest, @users = find_contest_and_user_from_contest_id(params[:id])
                   @contests = Contest.enabled
                 end
                 def assign_from_list
                   contest_id = params[:users_contest_id]
                   org_contest, users = find_contest_and_user_from_contest_id(contest_id)
                   contest = Contest.find(params[:new_contest][:id])
                   if !contest
                     flash[:notice] = 'Error: no contest'
                     redirect_to :action => 'contests', :id =>contest_id
                   end
                   note = []
                   users.each do |u|
                     u.contests = [contest]
                     note << u.login
                   end
                   flash[:notice] = 'User(s) ' + note.join(', ') +
                     " were successfully reassigned to #{contest.title}."
                   redirect_to :action => 'contests', :id =>contest.id
                 end
                 def add_to_contest
                   user = User.find(params[:id])
                   contest = Contest.find(params[:contest_id])
                   if user and contest
                     user.contests << contest
                   end
                   redirect_to :action => 'index'
                 end
                 def remove_from_contest
                   user = User.find(params[:id])
                   contest = Contest.find(params[:contest_id])
                   if user and contest
                     user.contests.delete(contest)
                   end
                   redirect_to :action => 'index'
                 end
                 def contest_management
                 end
                 def manage_contest
                   contest = Contest.find(params[:contest][:id])
                   if !contest
                     flash[:notice] = 'You did not choose the contest.'
                     redirect_to :action => 'contest_management' and return
                   end
                   operation = params[:operation]
                   if not ['add','remove','assign'].include? operation
                     flash[:notice] = 'You did not choose the operation to perform.'
                     redirect_to :action => 'contest_management' and return
                   end
                   lines = params[:login_list]
                   if !lines or lines.blank?
                     flash[:notice] = 'You entered an empty list.'
                     redirect_to :action => 'contest_management' and return
                   end
                   note = []
                   users = []
                   lines.split("\n").each do |line|
                     user = User.find_by_login(line.chomp)
                     if user
                       if operation=='add'
                         if ! user.contests.include? contest
                           user.contests << contest
                         end
                       elsif operation=='remove'
                         user.contests.delete(contest)
                       else
                         user.contests = [contest]
                       end
                       if params[:reset_timer]
                         user.contest_stat.forced_logout = true
                         user.contest_stat.reset_timer_and_save
                       end
                       if params[:notification_emails]
                         send_contest_update_notification_email(user, contest)
                       end
                       note << user.login
                       users << user
                     end
                   end
                     flash[:notice] = 'Unknown user'
                     redirect_to :action => 'admin' and return
                   elsif user.login == 'root'
                     flash[:notice] = 'You cannot revoke admisnistrator permission from root.'
                     redirect_to :action => 'admin' and return
                   end
                   admin_role = Role.find_by_name('admin')
                   user.roles.delete(admin_role)
                   flash[:notice] = 'User permission revoked'
                   redirect_to :action => 'admin'
                 end
                 # mass mailing
                 def mass_mailing
                 end
                 def bulk_mail
                   lines = params[:login_list]
                   if !lines or lines.blank?
                     flash[:notice] = 'You entered an empty list.'
                     redirect_to :action => 'mass_mailing' and return
                   end
                   mail_subject = params[:subject]
                   if !mail_subject or mail_subject.blank?
                     flash[:notice] = 'You entered an empty mail subject.'
                     redirect_to :action => 'mass_mailing' and return
                   end
                   mail_body = params[:email_body]
                   if !mail_body or mail_body.blank?
                     flash[:notice] = 'You entered an empty mail body.'
                     redirect_to :action => 'mass_mailing' and return
                   end
                   note = []
                   users = []
                   lines.split("\n").each do |line|
                     user = User.find_by_login(line.chomp)
                     if user
                       send_mail(user.email, mail_subject, mail_body)
                       note << user.login
                     end
                   end
                   flash[:notice] = 'User(s) ' + note.join(', ') +
                     ' were successfully modified.  '
                   redirect_to :action => 'mass_mailing'
                 end
                 protected
                 def random_password(length=5)
                   chars = 'abcdefghijkmnopqrstuvwxyz23456789'
                   newpass = ""
                   length.times { newpass << chars[rand(chars.size-1)] }
                   return newpass
                 end
                 def import_from_file(f)
                   data_hash = YAML.load(f)
                   @import_log = ""
                   country_data = data_hash[:countries]
                   site_data = data_hash[:sites]
                   user_data = data_hash[:users]
                   # import country
                   countries = {}
                   country_data.each_pair do |id,country|
                     c = Country.find_by_name(country[:name])
                     if c!=nil
                       countries[id] = c
                       @import_log << "Found #{country[:name]}\n"
                     else
                       countries[id] = Country.new(:name => country[:name])
                       countries[id].save
                       @import_log << "Created #{country[:name]}\n"
                     end
                   end
                   # import sites
                   sites = {}
                   site_data.each_pair do |id,site|
                     s = Site.find_by_name(site[:name])
                     if s!=nil
                       @import_log << "Found #{site[:name]}\n"
                     else
                       s = Site.new(:name => site[:name])
                       @import_log << "Created #{site[:name]}\n"
                     end
                     s.password = site[:password]
                     s.country = countries[site[:country_id]]
                     s.save
                     sites[id] = s
                   end
                   # import users
                   user_data.each_pair do |id,user|
                     u = User.find_by_login(user[:login])
                     if u!=nil
                       @import_log << "Found #{user[:login]}\n"
                     else
                       u = User.new(:login => user[:login])
                       @import_log << "Created #{user[:login]}\n"
                     end
                     u.full_name = user[:name]
                     u.password = user[:password]
                     u.country = countries[user[:country_id]]
                     u.site = sites[user[:site_id]]
                     u.activated = true
                     u.email = "empty-#{u.login}@none.com"
                     if not u.save
                       @import_log << "Errors\n"
                       u.errors.each { |attr,msg|  @import_log << "#{attr} - #{msg}\n" }
                     end
                   end
                 end
                 def logout_users(users)
                   users.each do |user|
                     contest_stat = user.contest_stat(true)
                     if contest_stat and !contest_stat.forced_logout
                       contest_stat.forced_logout = true
                       contest_stat.save
                     end
                   end
                 end
                 def send_contest_update_notification_email(user, contest)
                   contest_title_name = GraderConfiguration['contest.name']
                   contest_name = contest.name
                   mail_subject = t('contest.notification.email_subject', {
                                      :contest_title_name => contest_title_name,
                                      :contest_name => contest_name })
                   mail_body = t('contest.notification.email_body', {
                                   :full_name => user.full_name,
                                   :contest_title_name => contest_title_name,
                                   :contest_name => contest.name,
                                 })
                   logger.info mail_body
                   send_mail(user.email, mail_subject, mail_body)
                 end
                 def find_contest_and_user_from_contest_id(id)
                   if id!='none'
                     @contest = Contest.find(id)
                   else
                     @contest = nil
                   end
                   if @contest
                     @users = @contest.users
                   else
                     @users = User.find_users_with_no_contest
                   end
                   return [@contest, @users]
                 end
                 def gen_csv_from_scorearray(scorearray,problem)
                   CSV.generate do |csv|
                     #add header
                     header = ['User','Name', 'Activated?', 'Logged in', 'Contest']
                     problem.each { |p| header << p.name }
                     header += ['Total','Passed']
                     csv << header
                     #add data
                     scorearray.each do |sc|
                       total = num_passed = 0
                       row = Array.new
                       sc.each_index do |i|
                         if i == 0
                           row << sc[i].login
                           row << sc[i].full_name
                           row << sc[i].activated
                           row << (sc[i].try(:contest_stat).try(:started_at).nil? ? 'no' : 'yes')
                           row << sc[i].contests.collect {|c| c.name}.join(', ')
                         else
                           row << sc[i][0]
                           total += sc[i][0]
                           num_passed += 1 if sc[i][1]
                         end
                       end
                       row << total
                       row << num_passed
                       csv << row
                     end
                   end
                 end
+            +
+            +   private
+            +     def user_params
+            +       params.require(:user).permit(:login,:full_name,:hashed_password,:salt,:alias,:email,:site_id,:country_id,:activated,:enabled,:remark,:last_ip,:section)
                   end
+            + end

app/models/user.rb ¶ +1 -1

               require 'digest/sha1'
               require 'net/pop'
               require 'net/https'
               require 'net/http'
               require 'json'
               class User < ActiveRecord::Base
                 has_and_belongs_to_many :roles
                 has_many :test_requests, :order => "submitted_at DESC"
                 has_many :messages,
                          :class_name => "Message",
                          :foreign_key => "sender_id",
                          :order => 'created_at DESC'
                 has_many :replied_messages,
                          :class_name => "Message",
                          :foreign_key => "receiver_id",
                          :order => 'created_at DESC'
                 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
                 belongs_to :site
                 belongs_to :country
                 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
                 scope :activated_users, :conditions => {:activated => true}
                 validates_presence_of :login
                 validates_uniqueness_of :login
-            -   validates_format_of :login, :with => /^[\_A-Za-z0-9]+$/
+            +   validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
                 validates_length_of :login, :within => 3..30
                 validates_presence_of :full_name
                 validates_length_of :full_name, :minimum => 1
                 validates_presence_of :password, :if => :password_required?
                 validates_length_of :password, :within => 4..20, :if => :password_required?
                 validates_confirmation_of :password, :if => :password_required?
                 validates_format_of :email,
                                     :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
                                     :if => :email_validation?
                 validate :uniqueness_of_email_from_activated_users,
                          :if => :email_validation?
                 validate :enough_time_interval_between_same_email_registrations,
                          :if => :email_validation?
                 # these are for ytopc
                 # disable for now
                 #validates_presence_of :province
                 attr_accessor :password
                 before_save :encrypt_new_password
                 before_save :assign_default_site
                 before_save :assign_default_contest
                 # this is for will_paginate
                 cattr_reader :per_page
                 @@per_page = 50
                 def self.authenticate(login, password)
                   user = find_by_login(login)
                   if user
                     return user if user.authenticated?(password)
                     if user.authenticated_by_cucas?(password) or user.authenticated_by_pop3?(password)
                       user.password = password
                       user.save
                       return user
                     end
                   end
                 end
                 def authenticated?(password)
                   if self.activated
                     hashed_password == User.encrypt(password,self.salt)
                   else
                     false
                   end
                 end
                 def authenticated_by_pop3?(password)
                   Net::POP3.enable_ssl
                   pop = Net::POP3.new('pops.it.chula.ac.th')
                   authen = true
                   begin
                     pop.start(login, password)
                     pop.finish
                     return true
                   rescue
                     return false
                   end
                 end
                 def authenticated_by_cucas?(password)
                   url = URI.parse('https://www.cas.chula.ac.th/cas/api/?q=studentAuthenticate')
                   appid = '41508763e340d5858c00f8c1a0f5a2bb'
                   appsecret ='d9cbb5863091dbe186fded85722a1e31'
                   post_args = {
                     'appid' => appid,
                     'appsecret' => appsecret,
                     'username' => login,
                     'password' => password
                   }
                   #simple call
                   begin
                     http = Net::HTTP.new('www.cas.chula.ac.th', 443)
                     http.use_ssl = true
                     http.verify_mode = OpenSSL::SSL::VERIFY_NONE
                     result = [ ]
                     http.start do |http|
                       req = Net::HTTP::Post.new('/cas/api/?q=studentAuthenticate')
                       param = "appid=#{appid}&appsecret=#{appsecret}&username=#{login}&password=#{password}"
                       resp = http.request(req,param)
                       result = JSON.parse resp.body
                     end
                     return true if result["type"] == "beanStudent"
                   rescue => e
                     return false
                   end
                   return false
                 end
                 def admin?
                   self.roles.detect {|r| r.name == 'admin' }
                 end
                 def email_for_editing
                   if self.email==nil
                     "(unknown)"
                   elsif self.email==''
                     "(blank)"
                   else
                     self.email
                   end
                 end
                 def email_for_editing=(e)
                   self.email=e
                 end
                 def alias_for_editing
                   if self.alias==nil
                     "(unknown)"
                   elsif self.alias==''
                     "(blank)"
                   else
                     self.alias
                   end
                 end
                 def alias_for_editing=(e)
                   self.alias=e
                 end
                 def activation_key
                   if self.hashed_password==nil
                     encrypt_new_password
                   end
                   Digest::SHA1.hexdigest(self.hashed_password)[0..7]
                 end
                 def verify_activation_key(key)
                   key == activation_key
                 end
                 def self.random_password(length=5)
                   chars = 'abcdefghjkmnopqrstuvwxyz'
                   password = ''
                   length.times { password << chars[rand(chars.length - 1)] }
                   password
                 end
                 def self.find_non_admin_with_prefix(prefix='')
                   users = User.find(:all)
                   return users.find_all { |u| !(u.admin?) and u.login.index(prefix)==0 }
                 end
                 # Contest information
                 def self.find_users_with_no_contest()
                   users = User.find(:all)
                   return users.find_all { |u| u.contests.length == 0 }
                 end
                 def contest_time_left
                   if GraderConfiguration.contest_mode?
                     return nil if site==nil
                     return site.time_left
                   elsif GraderConfiguration.indv_contest_mode?
                     time_limit = GraderConfiguration.contest_time_limit
                     if time_limit == nil
                       return nil
                     end
                     if contest_stat==nil or contest_stat.started_at==nil
                       return (Time.now.gmtime + time_limit) - Time.now.gmtime
                     else
                       finish_time = contest_stat.started_at + time_limit
                       current_time = Time.now.gmtime
                       if current_time > finish_time
                         return 0
                       else
                         return finish_time - current_time
                       end
                     end
                   else
                     return nil
                   end
                 end
                 def contest_finished?
                   if GraderConfiguration.contest_mode?
                     return false if site==nil
                     return site.finished?
                   elsif GraderConfiguration.indv_contest_mode?
                     return false if self.contest_stat(true)==nil
                     return contest_time_left == 0
                   else
                     return false
                   end

config/environments/development.rb ¶ +1 -1

               CafeGrader::Application.configure do
                 # Settings specified here will take precedence over those in config/application.rb
                 # In the development environment your application's code is reloaded on
                 # every request. This slows down response time but is perfect for development
                 # since you don't have to restart the web server when you make code changes.
                 config.cache_classes = false
                 # Log error messages when you accidentally call methods on nil.  //DEPRICATED
                 # config.whiny_nils = true // DEPRICATED
                 # Show full error reports and disable caching
                 config.consider_all_requests_local       = true
                 config.action_controller.perform_caching = false
                 # Don't care if the mailer can't send
                 config.action_mailer.raise_delivery_errors = false
                 # Print deprecation notices to the Rails logger
                 config.active_support.deprecation = :log
                 # Only use best-standards-support built into browsers
                 config.action_dispatch.best_standards_support = :builtin
                 # Raise exception on mass assignment protection for Active Record models
-            -   config.active_record.mass_assignment_sanitizer = :strict
+            +   # config.active_record.mass_assignment_sanitizer = :strict //DEPRICATED
                 # Log the query plan for queries taking more than this (works // DEPRICATED
                 # with SQLite, MySQL, and PostgreSQL) // DEPRICATED
                 # config.active_record.auto_explain_threshold_in_seconds = 0.5 // DEPRICATED
                 # Do not compress assets
                 config.assets.compress = false
                 # Expands the lines which load the assets
                 config.assets.debug = true
                 # Prevents assets from rendering twice
                 config.serve_static_assets = true
                 config.eager_load = false
               end

config/environments/test.rb ¶ +1 -1

               CafeGrader::Application.configure do
                 # Settings specified here will take precedence over those in config/application.rb
                 # The test environment is used exclusively to run your application's
                 # test suite. You never need to work with it otherwise. Remember that
                 # your test database is "scratch space" for the test suite and is wiped
                 # and recreated between test runs. Don't rely on the data there!
                 config.cache_classes = true
                 # Configure static asset server for tests with Cache-Control for performance
                 config.serve_static_assets = true
                 config.static_cache_control = "public, max-age=3600"
                 # Log error messages when you accidentally call methods on nil
                 config.whiny_nils = true
                 # Show full error reports and disable caching
                 config.consider_all_requests_local       = true
                 config.action_controller.perform_caching = false
                 # Raise exceptions instead of rendering exception templates
                 config.action_dispatch.show_exceptions = false
                 # Disable request forgery protection in test environment
                 config.action_controller.allow_forgery_protection    = false
                 # Tell Action Mailer not to deliver emails to the real world.
                 # The :test delivery method accumulates sent emails in the
                 # ActionMailer::Base.deliveries array.
                 config.action_mailer.delivery_method = :test
                 # Raise exception on mass assignment protection for Active Record models
-            -   config.active_record.mass_assignment_sanitizer = :strict
+            +   #config.active_record.mass_assignment_sanitizer = :strict // DEPRICATED
                 # Print deprecation notices to the stderr
                 config.active_support.deprecation = :stderr
                 config.eager_load = false
               end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

Sign in to your account

Commit r617:f062e467ef5c public

Author

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

Commit `r617:f062e467ef5c` public