cafe-grader-web

Commit r617:f062e467ef5c public

parent | child
Description:
switch to strong parameter for mass update (have not finished the problem controller yet)
Commit status:
[Not Reviewed]
References:
toRails40
Diff options:
Raw Diff | Patch Diff | Download Diff | Ignore whitespace | Increase context
Comments:
0 Commit comments 0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Side by Side Unified
Expand All Files Collapse All Files Wide Mode Diff
Add another comment
Browse Files

r617:f062e467ef5c - - 10 files changed: 42 inserted, 63 deleted

Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -45,67 +45,73
45 45
46 46 # POST /announcements
47 47 # POST /announcements.xml
48 48 def create
49 49 @announcement = Announcement.new(params[:announcement])
50 50
51 51 respond_to do |format|
52 52 if @announcement.save
53 53 flash[:notice] = 'Announcement was successfully created.'
54 54 format.html { redirect_to(@announcement) }
55 55 format.xml { render :xml => @announcement, :status => :created, :location => @announcement }
56 56 else
57 57 format.html { render :action => "new" }
58 58 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
59 59 end
60 60 end
61 61 end
62 62
63 63 # PUT /announcements/1
64 64 # PUT /announcements/1.xml
65 65 def update
66 66 @announcement = Announcement.find(params[:id])
67 67
68 68 respond_to do |format|
69 - if @announcement.update_attributes(params[:announcement])
69 + if @announcement.update_attributes(announcement_params)
70 70 flash[:notice] = 'Announcement was successfully updated.'
71 71 format.html { redirect_to(@announcement) }
72 72 format.js {}
73 73 format.xml { head :ok }
74 74 else
75 75 format.html { render :action => "edit" }
76 76 format.js {}
77 77 format.xml { render :xml => @announcement.errors, :status => :unprocessable_entity }
78 78 end
79 79 end
80 80 end
81 81
82 82 def toggle
83 83 @announcement = Announcement.find(params[:id])
84 84 @announcement.update_attributes( published: !@announcement.published? )
85 85 respond_to do |format|
86 86 format.js { render partial: 'toggle_button',
87 87 locals: {button_id: "#announcement_toggle_#{@announcement.id}",button_on: @announcement.published? } }
88 88 end
89 89 end
90 90
91 91 def toggle_front
92 92 @announcement = Announcement.find(params[:id])
93 93 @announcement.update_attributes( frontpage: !@announcement.frontpage? )
94 94 respond_to do |format|
95 95 format.js { render partial: 'toggle_button',
96 96 locals: {button_id: "#announcement_toggle_front_#{@announcement.id}",button_on: @announcement.frontpage? } }
97 97 end
98 98 end
99 99
100 100 # DELETE /announcements/1
101 101 # DELETE /announcements/1.xml
102 102 def destroy
103 103 @announcement = Announcement.find(params[:id])
104 104 @announcement.destroy
105 105
106 106 respond_to do |format|
107 107 format.html { redirect_to(announcements_url) }
108 108 format.xml { head :ok }
109 109 end
110 110 end
111 +
112 + private
113 +
114 + def announcement_params
115 + params.require(:announcement).permit(:author, :body, :published, :frontpage, :contest_only,:title, :note)
116 + end
111 117 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -1,30 +1,35
1 1 class ConfigurationsController < ApplicationController
2 2
3 3 before_filter :authenticate
4 4 before_filter { |controller| controller.authorization_by_roles(['admin'])}
5 5
6 6
7 7 def index
8 8 @configurations = GraderConfiguration.find(:all,
9 9 :order => '`key`')
10 10 @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
11 11 end
12 12
13 13 def reload
14 14 GraderConfiguration.reload
15 15 redirect_to :action => 'index'
16 16 end
17 17
18 18 def update
19 19 @config = GraderConfiguration.find(params[:id])
20 20 User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
21 21 respond_to do |format|
22 - if @config.update_attributes(params[:grader_configuration])
22 + if @config.update_attributes(configuration_params)
23 23 format.json { head :ok }
24 24 else
25 25 format.json { respond_with_bip(@config) }
26 26 end
27 27 end
28 28 end
29 29
30 + private
31 + def configuration_params
32 + params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
33 + end
34 +
30 35 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -45,48 +45,54
45 45
46 46 # POST /contests
47 47 # POST /contests.xml
48 48 def create
49 49 @contest = Contest.new(params[:contest])
50 50
51 51 respond_to do |format|
52 52 if @contest.save
53 53 flash[:notice] = 'Contest was successfully created.'
54 54 format.html { redirect_to(@contest) }
55 55 format.xml { render :xml => @contest, :status => :created, :location => @contest }
56 56 else
57 57 format.html { render :action => "new" }
58 58 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
59 59 end
60 60 end
61 61 end
62 62
63 63 # PUT /contests/1
64 64 # PUT /contests/1.xml
65 65 def update
66 66 @contest = Contest.find(params[:id])
67 67
68 68 respond_to do |format|
69 - if @contest.update_attributes(params[:contest])
69 + if @contest.update_attributes(contests_params)
70 70 flash[:notice] = 'Contest was successfully updated.'
71 71 format.html { redirect_to(@contest) }
72 72 format.xml { head :ok }
73 73 else
74 74 format.html { render :action => "edit" }
75 75 format.xml { render :xml => @contest.errors, :status => :unprocessable_entity }
76 76 end
77 77 end
78 78 end
79 79
80 80 # DELETE /contests/1
81 81 # DELETE /contests/1.xml
82 82 def destroy
83 83 @contest = Contest.find(params[:id])
84 84 @contest.destroy
85 85
86 86 respond_to do |format|
87 87 format.html { redirect_to(contests_url) }
88 88 format.xml { head :ok }
89 89 end
90 90 end
91 91
92 + private
93 +
94 + def contests_params
95 + params.require(:contest).permit(:title,:enabled,:name)
96 + end
97 +
92 98 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -38,25 +38,30
38 38 @site.save
39 39 redirect_to :action => 'index'
40 40 end
41 41
42 42 def logout
43 43 reset_session
44 44 redirect_to :controller => 'main', :action => 'login'
45 45 end
46 46
47 47 protected
48 48 def site_admin_authorization
49 49 if session[:site_id]==nil
50 50 redirect_to :controller => 'site', :action => 'login' and return
51 51 end
52 52 begin
53 53 @site = Site.find(session[:site_id], :include => :country)
54 54 rescue ActiveRecord::RecordNotFound
55 55 @site = nil
56 56 end
57 57 if @site==nil
58 58 redirect_to :controller => 'site', :action => 'login' and return
59 59 end
60 60 end
61 61
62 + private
63 + def site_params
64 + params.require(:site).permit()
65 + end
66 +
62 67 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -44,48 +44,54
44 44 # POST /sites.xml
45 45 def create
46 46 @site = Site.new(params[:site])
47 47 @site.clear_start_time_if_not_started
48 48
49 49 respond_to do |format|
50 50 if @site.save
51 51 flash[:notice] = 'Site was successfully created.'
52 52 format.html { redirect_to(@site) }
53 53 format.xml { render :xml => @site, :status => :created, :location => @site }
54 54 else
55 55 format.html { render :action => "new" }
56 56 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
57 57 end
58 58 end
59 59 end
60 60
61 61 # PUT /sites/1
62 62 # PUT /sites/1.xml
63 63 def update
64 64 @site = Site.find(params[:id])
65 65 @site.clear_start_time_if_not_started
66 66
67 67 respond_to do |format|
68 - if @site.update_attributes(params[:site])
68 + if @site.update_attributes(site_params)
69 69 flash[:notice] = 'Site was successfully updated.'
70 70 format.html { redirect_to(@site) }
71 71 format.xml { head :ok }
72 72 else
73 73 format.html { render :action => "edit" }
74 74 format.xml { render :xml => @site.errors, :status => :unprocessable_entity }
75 75 end
76 76 end
77 77 end
78 78
79 79 # DELETE /sites/1
80 80 # DELETE /sites/1.xml
81 81 def destroy
82 82 @site = Site.find(params[:id])
83 83 @site.destroy
84 84
85 85 respond_to do |format|
86 86 format.html { redirect_to(sites_url) }
87 87 format.xml { head :ok }
88 88 end
89 89 end
90 90
91 + private
92 +
93 + def site_params
94 + params.require(:site).permit(:name,:started,:start_time,:country_id,:password)
95 + end
96 +
91 97 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -39,99 +39,45
39 39 @source = ''
40 40 render 'edit'
41 41 end
42 42
43 43 # GET /submissions/1/edit
44 44 def edit
45 45 @submission = Submission.find(params[:id])
46 46 @source = @submission.source.to_s
47 47 @problem = @submission.problem
48 48 @lang_id = @submission.language.id
49 49 end
50 50
51 51
52 52 def get_latest_submission_status
53 53 @problem = Problem.find(params[:pid])
54 54 @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
55 55 puts User.find(params[:uid]).login
56 56 puts Problem.find(params[:pid]).name
57 57 puts 'nil' unless @submission
58 58 respond_to do |format|
59 59 format.js
60 60 end
61 61 end
62 62
63 - # # GET /submissions/new
64 - # # GET /submissions/new.json
65 - # def new
66 - # @submission = Submission.new
67 - #
68 - # respond_to do |format|
69 - # format.html # new.html.erb
70 - # format.json { render json: @submission }
71 - # end
72 - # end
73 - #
74 - #
75 - # # POST /submissions
76 - # # POST /submissions.json
77 - # def create
78 - # @submission = Submission.new(params[:submission])
79 - #
80 - # respond_to do |format|
81 - # if @submission.save
82 - # format.html { redirect_to @submission, notice: 'Submission was successfully created.' }
83 - # format.json { render json: @submission, status: :created, location: @submission }
84 - # else
85 - # format.html { render action: "new" }
86 - # format.json { render json: @submission.errors, status: :unprocessable_entity }
87 - # end
88 - # end
89 - # end
90 - #
91 - # # PUT /submissions/1
92 - # # PUT /submissions/1.json
93 - # def update
94 - # @submission = Submission.find(params[:id])
95 - #
96 - # respond_to do |format|
97 - # if @submission.update_attributes(params[:submission])
98 - # format.html { redirect_to @submission, notice: 'Submission was successfully updated.' }
99 - # format.json { head :no_content }
100 - # else
101 - # format.html { render action: "edit" }
102 - # format.json { render json: @submission.errors, status: :unprocessable_entity }
103 - # end
104 - # end
105 - # end
106 - #
107 - # # DELETE /submissions/1
108 - # # DELETE /submissions/1.json
109 - # def destroy
110 - # @submission = Submission.find(params[:id])
111 - # @submission.destroy
112 - #
113 - # respond_to do |format|
114 - # format.html { redirect_to submissions_url }
115 - # format.json { head :no_content }
116 - # end
117 - # end
118 63
119 64 protected
120 65 def submission_authorization
121 66 #admin always has privileged
122 67 if @current_user.admin?
123 68 return true
124 69 end
125 70
126 71 sub = Submission.find(params[:id])
127 72 if sub.problem.available?
128 73 puts "sub = #{sub.user.id}, current = #{@current_user.id}"
129 74 return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
130 75 end
131 76
132 77 #default to NO
133 78 unauthorized_redirect
134 79 return false
135 80 end
81 +
136 82
137 83 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -97,49 +97,49
97 97 :alias => user_alias})
98 98 end
99 99 user.activated = true
100 100 user.save
101 101
102 102 if added_random_password
103 103 note << "'#{login}' (+)"
104 104 else
105 105 note << login
106 106 end
107 107 end
108 108 end
109 109 flash[:notice] = 'User(s) ' + note.join(', ') +
110 110 ' were successfully created. ' +
111 111 '( (+) - created with random passwords.)'
112 112 redirect_to :action => 'index'
113 113 end
114 114
115 115 def edit
116 116 @user = User.find(params[:id])
117 117 end
118 118
119 119 def update
120 120 @user = User.find(params[:id])
121 - if @user.update_attributes(params[:user])
121 + if @user.update_attributes(user_params)
122 122 flash[:notice] = 'User was successfully updated.'
123 123 redirect_to :action => 'show', :id => @user
124 124 else
125 125 render :action => 'edit'
126 126 end
127 127 end
128 128
129 129 def destroy
130 130 User.find(params[:id]).destroy
131 131 redirect_to :action => 'index'
132 132 end
133 133
134 134 def user_stat
135 135 if params[:commit] == 'download csv'
136 136 @problems = Problem.all
137 137 else
138 138 @problems = Problem.find_available_problems
139 139 end
140 140 @users = User.includes(:contests, :contest_stat).where(enabled: true) #find(:all, :include => [:contests, :contest_stat]).where(enabled: true)
141 141 @scorearray = Array.new
142 142 @users.each do |u|
143 143 ustat = Array.new
144 144 ustat[0] = u
145 145 @problems.each do |p|
@@ -514,25 +514,30
514 514 csv << header
515 515 #add data
516 516 scorearray.each do |sc|
517 517 total = num_passed = 0
518 518 row = Array.new
519 519 sc.each_index do |i|
520 520 if i == 0
521 521 row << sc[i].login
522 522 row << sc[i].full_name
523 523 row << sc[i].activated
524 524 row << (sc[i].try(:contest_stat).try(:started_at).nil? ? 'no' : 'yes')
525 525 row << sc[i].contests.collect {|c| c.name}.join(', ')
526 526 else
527 527 row << sc[i][0]
528 528 total += sc[i][0]
529 529 num_passed += 1 if sc[i][1]
530 530 end
531 531 end
532 532 row << total
533 533 row << num_passed
534 534 csv << row
535 535 end
536 536 end
537 537 end
538 +
539 + private
540 + def user_params
541 + params.require(:user).permit(:login,:full_name,:hashed_password,:salt,:alias,:email,:site_id,:country_id,:activated,:enabled,:remark,:last_ip,:section)
542 + end
538 543 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -10,49 +10,49
10 10
11 11 has_many :test_requests, :order => "submitted_at DESC"
12 12
13 13 has_many :messages,
14 14 :class_name => "Message",
15 15 :foreign_key => "sender_id",
16 16 :order => 'created_at DESC'
17 17
18 18 has_many :replied_messages,
19 19 :class_name => "Message",
20 20 :foreign_key => "receiver_id",
21 21 :order => 'created_at DESC'
22 22
23 23 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
24 24
25 25 belongs_to :site
26 26 belongs_to :country
27 27
28 28 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
29 29
30 30 scope :activated_users, :conditions => {:activated => true}
31 31
32 32 validates_presence_of :login
33 33 validates_uniqueness_of :login
34 - validates_format_of :login, :with => /^[\_A-Za-z0-9]+$/
34 + validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
35 35 validates_length_of :login, :within => 3..30
36 36
37 37 validates_presence_of :full_name
38 38 validates_length_of :full_name, :minimum => 1
39 39
40 40 validates_presence_of :password, :if => :password_required?
41 41 validates_length_of :password, :within => 4..20, :if => :password_required?
42 42 validates_confirmation_of :password, :if => :password_required?
43 43
44 44 validates_format_of :email,
45 45 :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
46 46 :if => :email_validation?
47 47 validate :uniqueness_of_email_from_activated_users,
48 48 :if => :email_validation?
49 49 validate :enough_time_interval_between_same_email_registrations,
50 50 :if => :email_validation?
51 51
52 52 # these are for ytopc
53 53 # disable for now
54 54 #validates_presence_of :province
55 55
56 56 attr_accessor :password
57 57
58 58 before_save :encrypt_new_password
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -2,41 +2,41
2 2 # Settings specified here will take precedence over those in config/application.rb
3 3
4 4 # In the development environment your application's code is reloaded on
5 5 # every request. This slows down response time but is perfect for development
6 6 # since you don't have to restart the web server when you make code changes.
7 7 config.cache_classes = false
8 8
9 9 # Log error messages when you accidentally call methods on nil. //DEPRICATED
10 10 # config.whiny_nils = true // DEPRICATED
11 11
12 12 # Show full error reports and disable caching
13 13 config.consider_all_requests_local = true
14 14 config.action_controller.perform_caching = false
15 15
16 16 # Don't care if the mailer can't send
17 17 config.action_mailer.raise_delivery_errors = false
18 18
19 19 # Print deprecation notices to the Rails logger
20 20 config.active_support.deprecation = :log
21 21
22 22 # Only use best-standards-support built into browsers
23 23 config.action_dispatch.best_standards_support = :builtin
24 24
25 25 # Raise exception on mass assignment protection for Active Record models
26 - config.active_record.mass_assignment_sanitizer = :strict
26 + # config.active_record.mass_assignment_sanitizer = :strict //DEPRICATED
27 27
28 28 # Log the query plan for queries taking more than this (works // DEPRICATED
29 29 # with SQLite, MySQL, and PostgreSQL) // DEPRICATED
30 30 # config.active_record.auto_explain_threshold_in_seconds = 0.5 // DEPRICATED
31 31
32 32 # Do not compress assets
33 33 config.assets.compress = false
34 34
35 35 # Expands the lines which load the assets
36 36 config.assets.debug = true
37 37
38 38 # Prevents assets from rendering twice
39 39 config.serve_static_assets = true
40 40
41 41 config.eager_load = false
42 42 end
Show file before | Show file after | Raw diff | Download diff | Ignore whitespace Increase context Show commentsHide comments
@@ -9,31 +9,31
9 9
10 10 # Configure static asset server for tests with Cache-Control for performance
11 11 config.serve_static_assets = true
12 12 config.static_cache_control = "public, max-age=3600"
13 13
14 14 # Log error messages when you accidentally call methods on nil
15 15 config.whiny_nils = true
16 16
17 17 # Show full error reports and disable caching
18 18 config.consider_all_requests_local = true
19 19 config.action_controller.perform_caching = false
20 20
21 21 # Raise exceptions instead of rendering exception templates
22 22 config.action_dispatch.show_exceptions = false
23 23
24 24 # Disable request forgery protection in test environment
25 25 config.action_controller.allow_forgery_protection = false
26 26
27 27 # Tell Action Mailer not to deliver emails to the real world.
28 28 # The :test delivery method accumulates sent emails in the
29 29 # ActionMailer::Base.deliveries array.
30 30 config.action_mailer.delivery_method = :test
31 31
32 32 # Raise exception on mass assignment protection for Active Record models
33 - config.active_record.mass_assignment_sanitizer = :strict
33 + #config.active_record.mass_assignment_sanitizer = :strict // DEPRICATED
34 34
35 35 # Print deprecation notices to the stderr
36 36 config.active_support.deprecation = :stderr
37 37
38 38 config.eager_load = false
39 39 end
You need to be logged in to leave comments. Login now