cafe-grader-web Commit - r617:f062e467ef5c

cafe-grader-web

Commit `r617:f062e467ef5c` public

parent | child

Description:

switch to strong parameter for mass update (have not finished the problem controller yet)

Commit status:

[Not Reviewed]

References:

toRails40

Diff options:

| | | |

Comments:

0 Commit comments 0 Inline Comments

Unresolved TODOs:

There are no unresolved TODOs

Add another comment

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

app/controllers/announcements_controller.rb ¶ +7 -1

                 def show
                   @announcement = Announcement.find(params[:id])
                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @announcement }
                   end
                 end
                 # GET /announcements/new
                 # GET /announcements/new.xml
                 def new
                   @announcement = Announcement.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @announcement }
                   end
                 end
                 # GET /announcements/1/edit
                 def edit
                   @announcement = Announcement.find(params[:id])
                 end
                 # POST /announcements
                 # POST /announcements.xml
                 def create
                   @announcement = Announcement.new(params[:announcement])
                   respond_to do |format|
                     if @announcement.save
                       flash[:notice] = 'Announcement was successfully created.'
                       format.html { redirect_to(@announcement) }
                       format.xml  { render :xml => @announcement, :status => :created, :location => @announcement }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @announcement.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /announcements/1
                 # PUT /announcements/1.xml
                 def update
                   @announcement = Announcement.find(params[:id])
                   respond_to do |format|
-            -       if @announcement.update_attributes(params[:announcement])
+            +       if @announcement.update_attributes(announcement_params)
                       flash[:notice] = 'Announcement was successfully updated.'
                       format.html { redirect_to(@announcement) }
                       format.js   {}
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.js   {}
                       format.xml  { render :xml => @announcement.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 def toggle
                   @announcement = Announcement.find(params[:id])
                   @announcement.update_attributes( published:  !@announcement.published? )
                   respond_to do |format|
                     format.js { render partial: 'toggle_button',
                                 locals: {button_id: "#announcement_toggle_#{@announcement.id}",button_on: @announcement.published? } }
                   end
                 end
                 def toggle_front
                   @announcement = Announcement.find(params[:id])
                   @announcement.update_attributes( frontpage:  !@announcement.frontpage? )
                   respond_to do |format|
                     format.js { render partial: 'toggle_button',
                                 locals: {button_id: "#announcement_toggle_front_#{@announcement.id}",button_on: @announcement.frontpage? } }
                   end
                 end
                 # DELETE /announcements/1
                 # DELETE /announcements/1.xml
                 def destroy
                   @announcement = Announcement.find(params[:id])
                   @announcement.destroy
                   respond_to do |format|
                     format.html { redirect_to(announcements_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +
+            +   private
+            +
+            +     def announcement_params
+            +       params.require(:announcement).permit(:author, :body, :published, :frontpage, :contest_only,:title, :note)
+            +     end
               end

app/controllers/configurations_controller.rb ¶ +6 -1

               class ConfigurationsController < ApplicationController
                 before_filter :authenticate
                 before_filter { |controller| controller.authorization_by_roles(['admin'])}
                 def index
                   @configurations = GraderConfiguration.find(:all,
                                                        :order => '`key`')
                   @group = GraderConfiguration.pluck("grader_configurations.key").map{ |x| x[0...(x.index('.'))] }.uniq.sort
                 end
                 def reload
                   GraderConfiguration.reload
                   redirect_to :action => 'index'
                 end
                 def update
                   @config = GraderConfiguration.find(params[:id])
                   User.clear_last_login if @config.key == GraderConfiguration::MULTIPLE_IP_LOGIN_KEY and @config.value == 'true' and params[:grader_configuration][:value] == 'false'
                   respond_to do |format|
-            -       if @config.update_attributes(params[:grader_configuration])
+            +       if @config.update_attributes(configuration_params)
                       format.json { head :ok }
                     else
                       format.json { respond_with_bip(@config) }
                     end
                   end
                 end
+            + private
+            +   def configuration_params
+            +     params.require(:grader_configuration).permit(:key,:value_type,:value,:description)
+            +   end
+            +
               end

app/controllers/contests_controller.rb ¶ +7 -1

                 def show
                   @contest = Contest.find(params[:id])
                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @contest }
                   end
                 end
                 # GET /contests/new
                 # GET /contests/new.xml
                 def new
                   @contest = Contest.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @contest }
                   end
                 end
                 # GET /contests/1/edit
                 def edit
                   @contest = Contest.find(params[:id])
                 end
                 # POST /contests
                 # POST /contests.xml
                 def create
                   @contest = Contest.new(params[:contest])
                   respond_to do |format|
                     if @contest.save
                       flash[:notice] = 'Contest was successfully created.'
                       format.html { redirect_to(@contest) }
                       format.xml  { render :xml => @contest, :status => :created, :location => @contest }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @contest.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /contests/1
                 # PUT /contests/1.xml
                 def update
                   @contest = Contest.find(params[:id])
                   respond_to do |format|
-            -       if @contest.update_attributes(params[:contest])
+            +       if @contest.update_attributes(contests_params)
                       flash[:notice] = 'Contest was successfully updated.'
                       format.html { redirect_to(@contest) }
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.xml  { render :xml => @contest.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # DELETE /contests/1
                 # DELETE /contests/1.xml
                 def destroy
                   @contest = Contest.find(params[:id])
                   @contest.destroy
                   respond_to do |format|
                     format.html { redirect_to(contests_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +   private
+            +
+            +     def contests_params
+            +       params.require(:contest).permit(:title,:enabled,:name)
+            +     end
+            +
               end

app/controllers/site_controller.rb ¶ +5

                   @site_select = []
                   @countries.each do |country|
                     country.sites.each do |site|
                       @site_select << ["#{site.name}, #{country.name}", site.id]
                     end
                   end
                   @default_site = Site.first if !GraderConfiguration['contest.multisites']
                   render :action => 'login', :layout => 'empty'
                 end
                 def index
                   if @site.started
                     render :action => 'started', :layout => 'empty'
                   else
                     render :action => 'prompt', :layout => 'empty'
                   end
                 end
                 def start
                   @site.started = true
                   @site.start_time = Time.new.gmtime
                   @site.save
                   redirect_to :action => 'index'
                 end
                 def logout
                   reset_session
                   redirect_to :controller => 'main', :action => 'login'
                 end
                 protected
                 def site_admin_authorization
                   if session[:site_id]==nil
                     redirect_to :controller => 'site', :action => 'login' and return
                   end
                   begin
                     @site = Site.find(session[:site_id], :include => :country)
                   rescue ActiveRecord::RecordNotFound
                     @site = nil
                   end
                   if @site==nil
                     redirect_to :controller => 'site', :action => 'login' and return
                   end
                 end
+            +   private
+            +     def site_params
+            +       params.require(:site).permit()
+            +     end
+            +
               end

app/controllers/sites_controller.rb ¶ +7 -1

                   respond_to do |format|
                     format.html # show.html.erb
                     format.xml  { render :xml => @site }
                   end
                 end
                 # GET /sites/new
                 # GET /sites/new.xml
                 def new
                   @site = Site.new
                   respond_to do |format|
                     format.html # new.html.erb
                     format.xml  { render :xml => @site }
                   end
                 end
                 # GET /sites/1/edit
                 def edit
                   @site = Site.find(params[:id])
                 end
                 # POST /sites
                 # POST /sites.xml
                 def create
                   @site = Site.new(params[:site])
                   @site.clear_start_time_if_not_started
                   respond_to do |format|
                     if @site.save
                       flash[:notice] = 'Site was successfully created.'
                       format.html { redirect_to(@site) }
                       format.xml  { render :xml => @site, :status => :created, :location => @site }
                     else
                       format.html { render :action => "new" }
                       format.xml  { render :xml => @site.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # PUT /sites/1
                 # PUT /sites/1.xml
                 def update
                   @site = Site.find(params[:id])
                   @site.clear_start_time_if_not_started
                   respond_to do |format|
-            -       if @site.update_attributes(params[:site])
+            +       if @site.update_attributes(site_params)
                       flash[:notice] = 'Site was successfully updated.'
                       format.html { redirect_to(@site) }
                       format.xml  { head :ok }
                     else
                       format.html { render :action => "edit" }
                       format.xml  { render :xml => @site.errors, :status => :unprocessable_entity }
                     end
                   end
                 end
                 # DELETE /sites/1
                 # DELETE /sites/1.xml
                 def destroy
                   @site = Site.find(params[:id])
                   @site.destroy
                   respond_to do |format|
                     format.html { redirect_to(sites_url) }
                     format.xml  { head :ok }
                   end
                 end
+            +   private
+            +
+            +     def site_params
+            +       params.require(:site).permit(:name,:started,:start_time,:country_id,:password)
+            +     end
+            +
               end

app/controllers/submissions_controller.rb ¶ +1 -55

                   else
                     @problem = Problem.find_by_id(params[:problem_id])
                     if (@problem == nil) or (not @problem.available)
                       redirect_to main_list_path
                       flash[:notice] = 'Error: submissions for that problem are not viewable.'
                       return
                     end
                     @submissions = Submission.find_all_by_user_problem(@user.id, @problem.id)
                   end
                 end
                 # GET /submissions/1
                 # GET /submissions/1.json
                 def show
                   @submission = Submission.find(params[:id])
                   #log the viewing
                   user = User.find(session[:user_id])
                   SubmissionViewLog.create(user_id: session[:user_id],submission_id: @submission.id) unless user.admin?
                 end
                 #on-site new submission on specific problem
                 def direct_edit_problem
                   @problem = Problem.find(params[:problem_id])
                   @source = ''
                   render 'edit'
                 end
                 # GET /submissions/1/edit
                 def edit
                   @submission = Submission.find(params[:id])
                   @source = @submission.source.to_s
                   @problem = @submission.problem
                   @lang_id = @submission.language.id
                 end
                 def get_latest_submission_status
                   @problem = Problem.find(params[:pid])
                   @submission = Submission.find_last_by_user_and_problem(params[:uid],params[:pid])
                   puts User.find(params[:uid]).login
                   puts Problem.find(params[:pid]).name
                   puts 'nil' unless @submission
                   respond_to do |format|
                     format.js
                   end
                 end
-            - #  # GET /submissions/new
-            - #  # GET /submissions/new.json
-            - #  def new
-            - #    @submission = Submission.new
-            - #
-            - #    respond_to do |format|
-            - #      format.html # new.html.erb
-            - #      format.json { render json: @submission }
-            - #    end
-            - #  end
-            - #
-            - #
-            - #  # POST /submissions
-            - #  # POST /submissions.json
-            - #  def create
-            - #    @submission = Submission.new(params[:submission])
-            - #
-            - #    respond_to do |format|
-            - #      if @submission.save
-            - #        format.html { redirect_to @submission, notice: 'Submission was successfully created.' }
-            - #        format.json { render json: @submission, status: :created, location: @submission }
-            - #      else
-            - #        format.html { render action: "new" }
-            - #        format.json { render json: @submission.errors, status: :unprocessable_entity }
-            - #      end
-            - #    end
-            - #  end
-            - #
-            - #  # PUT /submissions/1
-            - #  # PUT /submissions/1.json
-            - #  def update
-            - #    @submission = Submission.find(params[:id])
-            - #
-            - #    respond_to do |format|
-            - #      if @submission.update_attributes(params[:submission])
-            - #        format.html { redirect_to @submission, notice: 'Submission was successfully updated.' }
-            - #        format.json { head :no_content }
-            - #      else
-            - #        format.html { render action: "edit" }
-            - #        format.json { render json: @submission.errors, status: :unprocessable_entity }
-            - #      end
-            - #    end
-            - #  end
-            - #
-            - #  # DELETE /submissions/1
-            - #  # DELETE /submissions/1.json
-            - #  def destroy
-            - #    @submission = Submission.find(params[:id])
-            - #    @submission.destroy
-            - #
-            - #    respond_to do |format|
-            - #      format.html { redirect_to submissions_url }
-            - #      format.json { head :no_content }
-            - #    end
-            - #  end
               protected
                 def submission_authorization
                   #admin always has privileged
                   if @current_user.admin?
                     return true
                   end
                   sub = Submission.find(params[:id])
                   if sub.problem.available?
                     puts "sub = #{sub.user.id}, current = #{@current_user.id}"
                     return true if GraderConfiguration["right.user_view_submission"] or sub.user == @current_user
                   end
                   #default to NO
                   unauthorized_redirect
                   return false
                 end
+            +
               end

app/controllers/user_admin_controller.rb ¶ +6 -1

                     items = line.chomp.split(',')
                     if items.length>=2
                       login = items[0]
                       full_name = items[1]
                       added_random_password = false
                       if items.length>=3
                         password = items[2].chomp(" ")
                         user_alias = (items.length>=4) ? items[3] : login
                       else
                         password = random_password
                         user_alias = (items.length>=4) ? items[3] : login
                         added_random_password = true
                       end
                       user = User.find_by_login(login)
                       if (user)
                         user.full_name = full_name
                         user.password = password
                       else
                         user = User.new({:login => login,
                                           :full_name => full_name,
                                           :password => password,
                                           :password_confirmation => password,
                                           :alias => user_alias})
                       end
                       user.activated = true
                       user.save
                       if added_random_password
                         note << "'#{login}' (+)"
                       else
                         note << login
                       end
                     end
                   end
                   flash[:notice] = 'User(s) ' + note.join(', ') +
                     ' were successfully created.  ' +
                     '( (+) - created with random passwords.)'
                   redirect_to :action => 'index'
                 end
                 def edit
                   @user = User.find(params[:id])
                 end
                 def update
                   @user = User.find(params[:id])
-            -     if @user.update_attributes(params[:user])
+            +     if @user.update_attributes(user_params)
                     flash[:notice] = 'User was successfully updated.'
                     redirect_to :action => 'show', :id => @user
                   else
                     render :action => 'edit'
                   end
                 end
                 def destroy
                   User.find(params[:id]).destroy
                   redirect_to :action => 'index'
                 end
                 def user_stat
                   if params[:commit] == 'download csv'
                     @problems = Problem.all
                   else
                     @problems = Problem.find_available_problems
                   end
                   @users = User.includes(:contests, :contest_stat).where(enabled: true) #find(:all, :include => [:contests, :contest_stat]).where(enabled: true)
                   @scorearray = Array.new
                   @users.each do |u|
                     ustat = Array.new
                     ustat[0] = u
                     @problems.each do |p|
                       sub = Submission.find_last_by_user_and_problem(u.id,p.id)
                       if (sub!=nil) and (sub.points!=nil) and p and p.full_score
                         ustat << [(sub.points.to_f*100/p.full_score).round, (sub.points>=p.full_score)]
                       else
                         ustat << [0,false]
                       end
                     end
                     @scorearray << ustat
                   end
                   if params[:commit] == 'download csv' then
                     csv = gen_csv_from_scorearray(@scorearray,@problems)
                     send_data csv, filename: 'last_score.csv'
                   else
                     render template: 'user_admin/user_stat'
                   end
                 end
                 def user_stat_max
                   if params[:commit] == 'download csv'
                     @problems = Problem.all
                   else
                     @problems = Problem.find_available_problems
                   end
                   @users = User.find(:all, :include => [:contests, :contest_stat])
                   logger.info mail_body
                   send_mail(user.email, mail_subject, mail_body)
                 end
                 def find_contest_and_user_from_contest_id(id)
                   if id!='none'
                     @contest = Contest.find(id)
                   else
                     @contest = nil
                   end
                   if @contest
                     @users = @contest.users
                   else
                     @users = User.find_users_with_no_contest
                   end
                   return [@contest, @users]
                 end
                 def gen_csv_from_scorearray(scorearray,problem)
                   CSV.generate do |csv|
                     #add header
                     header = ['User','Name', 'Activated?', 'Logged in', 'Contest']
                     problem.each { |p| header << p.name }
                     header += ['Total','Passed']
                     csv << header
                     #add data
                     scorearray.each do |sc|
                       total = num_passed = 0
                       row = Array.new
                       sc.each_index do |i|
                         if i == 0
                           row << sc[i].login
                           row << sc[i].full_name
                           row << sc[i].activated
                           row << (sc[i].try(:contest_stat).try(:started_at).nil? ? 'no' : 'yes')
                           row << sc[i].contests.collect {|c| c.name}.join(', ')
                         else
                           row << sc[i][0]
                           total += sc[i][0]
                           num_passed += 1 if sc[i][1]
                         end
                       end
                       row << total
                       row << num_passed
                       csv << row
                     end
                   end
                 end
+            +
+            +   private
+            +     def user_params
+            +       params.require(:user).permit(:login,:full_name,:hashed_password,:salt,:alias,:email,:site_id,:country_id,:activated,:enabled,:remark,:last_ip,:section)
+            +     end
               end

app/models/user.rb ¶ +1 -1

               require 'digest/sha1'
               require 'net/pop'
               require 'net/https'
               require 'net/http'
               require 'json'
               class User < ActiveRecord::Base
                 has_and_belongs_to_many :roles
                 has_many :test_requests, :order => "submitted_at DESC"
                 has_many :messages,
                          :class_name => "Message",
                          :foreign_key => "sender_id",
                          :order => 'created_at DESC'
                 has_many :replied_messages,
                          :class_name => "Message",
                          :foreign_key => "receiver_id",
                          :order => 'created_at DESC'
                 has_one :contest_stat, :class_name => "UserContestStat", :dependent => :destroy
                 belongs_to :site
                 belongs_to :country
                 has_and_belongs_to_many :contests, :uniq => true, :order => 'name'
                 scope :activated_users, :conditions => {:activated => true}
                 validates_presence_of :login
                 validates_uniqueness_of :login
-            -   validates_format_of :login, :with => /^[\_A-Za-z0-9]+$/
+            +   validates_format_of :login, :with => /\A[\_A-Za-z0-9]+\z/
                 validates_length_of :login, :within => 3..30
                 validates_presence_of :full_name
                 validates_length_of :full_name, :minimum => 1
                 validates_presence_of :password, :if => :password_required?
                 validates_length_of :password, :within => 4..20, :if => :password_required?
                 validates_confirmation_of :password, :if => :password_required?
                 validates_format_of :email,
                                     :with => /\A([^@\s]+)@((?:[-a-z0-9]+\.)+[a-z]{2,})\Z/i,
                                     :if => :email_validation?
                 validate :uniqueness_of_email_from_activated_users,
                          :if => :email_validation?
                 validate :enough_time_interval_between_same_email_registrations,
                          :if => :email_validation?
                 # these are for ytopc
                 # disable for now
                 #validates_presence_of :province
                 attr_accessor :password
                 before_save :encrypt_new_password
                 before_save :assign_default_site
                 before_save :assign_default_contest
                 # this is for will_paginate
                 cattr_reader :per_page
                 @@per_page = 50
                 def self.authenticate(login, password)
                   user = find_by_login(login)
                   if user
                     return user if user.authenticated?(password)
                     if user.authenticated_by_cucas?(password) or user.authenticated_by_pop3?(password)
                       user.password = password
                       user.save
                       return user
                     end
                   end
                 end
                 def authenticated?(password)
                   if self.activated
                     hashed_password == User.encrypt(password,self.salt)
                   else
                     false

config/environments/development.rb ¶ +1 -1

               CafeGrader::Application.configure do
                 # Settings specified here will take precedence over those in config/application.rb
                 # In the development environment your application's code is reloaded on
                 # every request. This slows down response time but is perfect for development
                 # since you don't have to restart the web server when you make code changes.
                 config.cache_classes = false
                 # Log error messages when you accidentally call methods on nil.  //DEPRICATED
                 # config.whiny_nils = true // DEPRICATED
                 # Show full error reports and disable caching
                 config.consider_all_requests_local       = true
                 config.action_controller.perform_caching = false
                 # Don't care if the mailer can't send
                 config.action_mailer.raise_delivery_errors = false
                 # Print deprecation notices to the Rails logger
                 config.active_support.deprecation = :log
                 # Only use best-standards-support built into browsers
                 config.action_dispatch.best_standards_support = :builtin
                 # Raise exception on mass assignment protection for Active Record models
-            -   config.active_record.mass_assignment_sanitizer = :strict
+            +   # config.active_record.mass_assignment_sanitizer = :strict //DEPRICATED
                 # Log the query plan for queries taking more than this (works // DEPRICATED
                 # with SQLite, MySQL, and PostgreSQL) // DEPRICATED
                 # config.active_record.auto_explain_threshold_in_seconds = 0.5 // DEPRICATED
                 # Do not compress assets
                 config.assets.compress = false
                 # Expands the lines which load the assets
                 config.assets.debug = true
                 # Prevents assets from rendering twice
                 config.serve_static_assets = true
                 config.eager_load = false
               end

config/environments/test.rb ¶ +1 -1

               CafeGrader::Application.configure do
                 # Settings specified here will take precedence over those in config/application.rb
                 # The test environment is used exclusively to run your application's
                 # test suite. You never need to work with it otherwise. Remember that
                 # your test database is "scratch space" for the test suite and is wiped
                 # and recreated between test runs. Don't rely on the data there!
                 config.cache_classes = true
                 # Configure static asset server for tests with Cache-Control for performance
                 config.serve_static_assets = true
                 config.static_cache_control = "public, max-age=3600"
                 # Log error messages when you accidentally call methods on nil
                 config.whiny_nils = true
                 # Show full error reports and disable caching
                 config.consider_all_requests_local       = true
                 config.action_controller.perform_caching = false
                 # Raise exceptions instead of rendering exception templates
                 config.action_dispatch.show_exceptions = false
                 # Disable request forgery protection in test environment
                 config.action_controller.allow_forgery_protection    = false
                 # Tell Action Mailer not to deliver emails to the real world.
                 # The :test delivery method accumulates sent emails in the
                 # ActionMailer::Base.deliveries array.
                 config.action_mailer.delivery_method = :test
                 # Raise exception on mass assignment protection for Active Record models
-            -   config.active_record.mass_assignment_sanitizer = :strict
+            +   #config.active_record.mass_assignment_sanitizer = :strict // DEPRICATED
                 # Print deprecation notices to the stderr
                 config.active_support.deprecation = :stderr
                 config.eager_load = false
               end

Write
Preview

You need to be logged in to leave comments. Login now

	Site-wide shortcuts
/	Use quick search box
g h	Goto home page
g g	Goto my private gists page
g G	Goto my public gists page
n r	New repository page
n g	New gist page

	Repositories
g s	Goto summary page
g c	Goto changelog page
g f	Goto files page
g F	Goto files page with file search activated
g p	Goto pull requests page
g o	Goto repository settings
g O	Goto repository permissions settings

Sign in to your account

Author

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

Sign in to your account

Commit r617:f062e467ef5c public

Author

r617:f062e467ef5c - Mon, 28 Nov 2016 10:31:29 - 10 files changed: 42 inserted, 63 deleted

Commit `r617:f062e467ef5c` public