htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor various ruby files

Browse Source 
* Insights based on brakeman report
This commit is contained in:
Sebastian Serth
2022-08-18 15:06:36 +02:00
parent 1560f6b316
commit 145c4aa8d5
35 changed files with 113 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.rubocop_todo.yml
View File

@ -19,7 +19,7 @@ Metrics/ClassLength:
Max: 600
Metrics/ModuleLength:
Max: 220
Max: 225
# It's a very complicated application...
#

2
app/controllers/code_ocean/files_controller.rb
View File

@ -41,7 +41,7 @@ module CodeOcean
end
def destroy
@file = CodeOcean::File.find(params[:id])
@file = CodeOcean::File.find_by(id: params[:id])
authorize!
destroy_and_respond(object: @file, path: @file.context)
end

3
app/controllers/codeharbor_links_controller.rb
View File

@ -43,8 +43,7 @@ class CodeharborLinksController < ApplicationController
end
def set_codeharbor_link
@codeharbor_link = CodeharborLink.find(params[:id])
@codeharbor_link.user = current_user
@codeharbor_link = CodeharborLink.find_by(id: params[:id])
authorize!
end

6
app/controllers/comments_controller.rb
View File

@ -10,7 +10,7 @@ class CommentsController < ApplicationController
# GET /comments.json
def index
file = CodeOcean::File.find(params[:file_id])
file = CodeOcean::File.find_by(id: params[:file_id])
# there might be no submission yet, so dont use find
submission = Submission.find_by(id: file.context_id)
if submission
@ -38,7 +38,7 @@ class CommentsController < ApplicationController
if @comment.save
if comment_params[:request_id]
request_for_comment = RequestForComment.find(comment_params[:request_id])
request_for_comment = RequestForComment.find_by(id: comment_params[:request_id])
send_mail_to_author @comment, request_for_comment
send_mail_to_subscribers @comment, request_for_comment
end
@ -71,7 +71,7 @@ class CommentsController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_comment
@comment = Comment.find(params[:id])
@comment = Comment.find_by(id: params[:id])
end
def comment_params_for_update

4
app/controllers/community_solutions_controller.rb
View File

@ -90,11 +90,11 @@ class CommunitySolutionsController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_community_solution
@community_solution = CommunitySolution.find(params[:id])
@community_solution = CommunitySolution.find_by(id: params[:id])
end
def set_community_solution_lock
@community_solution_lock = CommunitySolutionLock.find(params[:lock_id])
@community_solution_lock = CommunitySolutionLock.find_by(id: params[:lock_id])
end
def set_exercise_and_submission

7
app/controllers/concerns/redirect_behavior.rb
View File

@ -129,12 +129,7 @@ module RedirectBehavior
lti_parameters_id: session[:lti_parameters_id]
)
lti_parameter = LtiParameter.where(external_users_id: @submission.user_id,
exercises_id: @submission.exercise_id).last
path = lti_return_path(submission_id: @submission.id,
url: consumer_return_url(build_tool_provider(consumer: @submission.user.consumer,
parameters: lti_parameter&.lti_parameters)))
path = lti_return_path(submission_id: @submission.id)
clear_lti_session_data(@submission.exercise_id, @submission.user_id)
respond_to do |format|
format.html { redirect_to(path) }

2
app/controllers/consumers_controller.rb
View File

@ -38,7 +38,7 @@ class ConsumersController < ApplicationController
end
def set_consumer
@consumer = Consumer.find(params[:id])
@consumer = Consumer.find_by(id: params[:id])
authorize!
end
private :set_consumer

2
app/controllers/error_template_attributes_controller.rb
View File

@ -86,7 +86,7 @@ class ErrorTemplateAttributesController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_error_template_attribute
@error_template_attribute = ErrorTemplateAttribute.find(params[:id])
@error_template_attribute = ErrorTemplateAttribute.find_by(id: params[:id])
end
def error_template_attribute_params

6
app/controllers/error_templates_controller.rb
View File

@ -77,7 +77,7 @@ class ErrorTemplatesController < ApplicationController
def add_attribute
authorize!
@error_template.error_template_attributes << ErrorTemplateAttribute.find(params['error_template_attribute_id'])
@error_template.error_template_attributes << ErrorTemplateAttribute.find_by(id: params[:error_template_attribute_id])
respond_to do |format|
format.html { redirect_to @error_template }
format.json { head :no_content }
@ -86,7 +86,7 @@ class ErrorTemplatesController < ApplicationController
def remove_attribute
authorize!
@error_template.error_template_attributes.delete(ErrorTemplateAttribute.find(params['error_template_attribute_id']))
@error_template.error_template_attributes.delete(ErrorTemplateAttribute.find_by(id: params[:error_template_attribute_id]))
respond_to do |format|
format.html { redirect_to @error_template }
format.json { head :no_content }
@ -97,7 +97,7 @@ class ErrorTemplatesController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_error_template
@error_template = ErrorTemplate.find(params[:id])
@error_template = ErrorTemplate.find_by(id: params[:id])
end
def error_template_params

4
app/controllers/execution_environments_controller.rb
View File

@ -141,7 +141,7 @@ class ExecutionEnvironmentsController < ApplicationController
private :set_docker_images
def set_execution_environment
@execution_environment = ExecutionEnvironment.find(params[:id])
@execution_environment = ExecutionEnvironment.find_by(id: params[:id])
authorize!
end
private :set_execution_environment
@ -158,7 +158,7 @@ class ExecutionEnvironmentsController < ApplicationController
def show
if @execution_environment.testing_framework?
@testing_framework_adapter = Kernel.const_get(@execution_environment.testing_framework)
@testing_framework_adapter = TestingFrameworkAdapter.descendants.find {|klass| klass.name == @execution_environment.testing_framework }
end
end

2
app/controllers/exercise_collections_controller.rb
View File

@ -41,7 +41,7 @@ class ExerciseCollectionsController < ApplicationController
private
def set_exercise_collection
@exercise_collection = ExerciseCollection.find(params[:id])
@exercise_collection = ExerciseCollection.find_by(id: params[:id])
authorize!
end

63
app/controllers/exercises_controller.rb
View File

@ -25,6 +25,7 @@ class ExercisesController < ApplicationController
def authorize!
authorize(@exercise || @exercises)
end
private :authorize!
def max_intervention_count_per_day
@ -39,7 +40,7 @@ class ExercisesController < ApplicationController
@exercises = Exercise.all
authorize!
@exercises = params[:exercises].values.map do |exercise_params|
exercise = Exercise.find(exercise_params.delete(:id))
exercise = Exercise.find_by(id: exercise_params.delete(:id))
exercise.update(exercise_params)
exercise
end
@ -50,7 +51,7 @@ class ExercisesController < ApplicationController
exercise = @exercise.duplicate(public: false, token: nil, user: current_user)
exercise.send(:generate_token)
if exercise.save
redirect_to(exercise, notice: t('shared.object_cloned', model: Exercise.model_name.human))
redirect_to(exercise_path(exercise), notice: t('shared.object_cloned', model: Exercise.model_name.human))
else
flash[:danger] = t('shared.message_failure')
redirect_to(@exercise)
@ -66,6 +67,7 @@ class ExercisesController < ApplicationController
end
subpaths.flatten.uniq
end
private :collect_paths
def create
@ -192,12 +194,14 @@ class ExercisesController < ApplicationController
api_key = authorization_header&.split(' ')&.second
user_by_codeharbor_token(api_key)
end
private :user_from_api_key
def user_by_codeharbor_token(api_key)
link = CodeharborLink.find_by(api_key: api_key)
link&.user
end
private :user_by_codeharbor_token
def exercise_params
@ -225,6 +229,7 @@ class ExercisesController < ApplicationController
)
end
end
private :exercise_params
def handle_file_uploads
@ -241,6 +246,7 @@ class ExercisesController < ApplicationController
end
end
end
private :handle_file_uploads
def handle_exercise_tips
@ -258,6 +264,7 @@ class ExercisesController < ApplicationController
redirect_to(edit_exercise_path(@exercise))
end
end
private :handle_exercise_tips
def update_exercise_tips(exercise_tips, parent_exercise_tip_id, rank)
@ -283,6 +290,7 @@ class ExercisesController < ApplicationController
end
result
end
private :update_exercise_tips
def implement
@ -348,6 +356,7 @@ class ExercisesController < ApplicationController
@course_token = '702cbd2a-c84c-4b37-923a-692d7d1532d0'
end
end
private :set_course_token
def set_available_tips
@ -374,13 +383,14 @@ class ExercisesController < ApplicationController
# Return an array with top-level tips
@tips = nested_tips.values.select {|tip| tip.parent_exercise_tip_id.nil? }
end
private :set_available_tips
def working_times
working_time_accumulated = @exercise.accumulated_working_time_for_only(current_user)
working_time_75_percentile = @exercise.get_quantiles([0.75]).first
render(json: {working_time_75_percentile: working_time_75_percentile,
working_time_accumulated: working_time_accumulated})
working_time_accumulated: working_time_accumulated})
end
def intervention
@ -401,8 +411,9 @@ working_time_accumulated: working_time_accumulated})
search_text = params[:search_text]
search = Search.new(user: current_user, exercise: @exercise, search: search_text)
begin search.save
render(json: {success: 'true'})
begin
search.save
render(json: {success: 'true'})
rescue StandardError
render(json: {success: 'false', error: "could not save search: #{$ERROR_INFO}"})
end
@ -424,25 +435,29 @@ working_time_accumulated: working_time_accumulated})
def set_execution_environments
@execution_environments = ExecutionEnvironment.all.order(:name)
end
private :set_execution_environments
def set_exercise_and_authorize
@exercise = Exercise.find(params[:id])
@exercise = Exercise.find_by(id: params[:id])
authorize!
end
private :set_exercise_and_authorize
def set_external_user_and_authorize
if params[:external_user_id]
@external_user = ExternalUser.find(params[:external_user_id])
@external_user = ExternalUser.find_by(id: params[:external_user_id])
authorize!
end
end
private :set_external_user_and_authorize
def set_file_types
@file_types = FileType.all.order(:name)
end
private :set_file_types
def collect_set_and_unset_exercise_tags
@ -452,9 +467,10 @@ working_time_accumulated: working_time_accumulated})
checked_tags = checked_exercise_tags.collect(&:tag).to_set
unchecked_tags = Tag.all.to_set.subtract checked_tags
@exercise_tags = checked_exercise_tags + unchecked_tags.collect do |tag|
ExerciseTag.new(exercise: @exercise, tag: tag)
end
ExerciseTag.new(exercise: @exercise, tag: tag)
end
end
private :collect_set_and_unset_exercise_tags
def show
@ -468,20 +484,24 @@ working_time_accumulated: working_time_accumulated})
def statistics
# Show general statistic page for specific exercise
user_statistics = {'InternalUser' => {}, 'ExternalUser' => {}}
additional_filter = if policy(@exercise).detailed_statistics?
''
elsif !policy(@exercise).detailed_statistics? && current_user.study_groups.count.positive?
"AND study_group_id IN (#{current_user.study_groups.pluck(:id).join(', ')}) AND cause = 'submit'"
else
# e.g. internal user without any study groups, show no submissions
'AND FALSE'
end
query = "SELECT user_id, user_type, MAX(score) AS maximum_score, COUNT(id) AS runs
FROM submissions WHERE exercise_id = #{@exercise.id} #{additional_filter}
GROUP BY user_id, user_type;"
ApplicationRecord.connection.execute(query).each do |tuple|
query = Submission.select('user_id, user_type, MAX(score) AS maximum_score, COUNT(id) AS runs')
.where(exercise_id: @exercise.id)
.group('user_id, user_type')
query = if policy(@exercise).detailed_statistics?
query
elsif !policy(@exercise).detailed_statistics? && current_user.study_groups.count.positive?
query.where(study_groups: current_user.study_groups.pluck(:id), cause: 'submit')
else
# e.g. internal user without any study groups, show no submissions
query.where('false')
end
query.each do |tuple|
user_statistics[tuple['user_type']][tuple['user_id'].to_i] = tuple
end
render locals: {
user_statistics: user_statistics,
}
@ -554,6 +574,7 @@ working_time_accumulated: working_time_accumulated})
end
end
end
private :transmit_lti_score
def update

6
app/controllers/external_users_controller.rb
View File

@ -15,7 +15,7 @@ class ExternalUsersController < ApplicationController
end
def show
@user = ExternalUser.find(params[:id])
@user = ExternalUser.find_by(id: params[:id])
authorize!
end
@ -58,7 +58,7 @@ class ExternalUsersController < ApplicationController
end
def statistics
@user = ExternalUser.find(params[:id])
@user = ExternalUser.find_by(id: params[:id])
authorize!
statistics = {}
@ -73,7 +73,7 @@ class ExternalUsersController < ApplicationController
end
def tag_statistics
@user = ExternalUser.find(params[:id])
@user = ExternalUser.find_by(id: params[:id])
authorize!
statistics = []

2
app/controllers/file_templates_controller.rb
View File

@ -87,7 +87,7 @@ class FileTemplatesController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_file_template
@file_template = FileTemplate.find(params[:id])
@file_template = FileTemplate.find_by(id: params[:id])
end
def file_template_params

2
app/controllers/file_types_controller.rb
View File

@ -51,7 +51,7 @@ class FileTypesController < ApplicationController
private :set_editor_modes
def set_file_type
@file_type = FileType.find(params[:id])
@file_type = FileType.find_by(id: params[:id])
authorize!
end
private :set_file_type

2
app/controllers/internal_users_controller.rb
View File

@ -121,7 +121,7 @@ class InternalUsersController < ApplicationController
private :set_up_password
def set_user
@user = InternalUser.find(params[:id])
@user = InternalUser.find_by(id: params[:id])
authorize!
end
private :set_user

8
app/controllers/proxy_exercises_controller.rb
View File

@ -15,7 +15,7 @@ class ProxyExercisesController < ApplicationController
user: current_user)
proxy_exercise.send(:generate_token)
if proxy_exercise.save
redirect_to(proxy_exercise, notice: t('shared.object_cloned', model: ProxyExercise.model_name.human))
redirect_to(proxy_exercise_path(proxy_exercise), notice: t('shared.object_cloned', model: ProxyExercise.model_name.human))
else
flash[:danger] = t('shared.message_failure')
redirect_to(@proxy_exercise)
@ -24,7 +24,7 @@ class ProxyExercisesController < ApplicationController
def create
myparams = proxy_exercise_params
myparams[:exercises] = Exercise.find(myparams[:exercise_ids].compact_blank)
myparams[:exercises] = Exercise.find_by(id: myparams[:exercise_ids].compact_blank)
@proxy_exercise = ProxyExercise.new(myparams)
authorize!
@ -63,7 +63,7 @@ class ProxyExercisesController < ApplicationController
end
def set_exercise_and_authorize
@proxy_exercise = ProxyExercise.find(params[:id])
@proxy_exercise = ProxyExercise.find_by(id: params[:id])
authorize!
end
private :set_exercise_and_authorize
@ -78,7 +78,7 @@ class ProxyExercisesController < ApplicationController
def update
myparams = proxy_exercise_params
myparams[:exercises] = Exercise.find(myparams[:exercise_ids].compact_blank)
myparams[:exercises] = Exercise.find_by(id: myparams[:exercise_ids].compact_blank)
update_and_respond(object: @proxy_exercise, params: myparams)
end
end

4
app/controllers/request_for_comments_controller.rb
View File

@ -58,7 +58,7 @@ class RequestForCommentsController < ApplicationController
# GET /exercises/:id/request_for_comments
def rfcs_for_exercise
exercise = Exercise.find(params[:exercise_id])
exercise = Exercise.find_by(id: params[:exercise_id])
@search = RequestForComment
.with_last_activity
.where(exercise_id: exercise.id)
@ -141,7 +141,7 @@ class RequestForCommentsController < ApplicationController
# Use callbacks to share common setup or constraints between actions.
def set_request_for_comment
@request_for_comment = RequestForComment.find(params[:id])
@request_for_comment = RequestForComment.find_by(id: params[:id])
end
def request_for_comment_params

8
app/controllers/sessions_controller.rb
View File

@ -24,7 +24,7 @@ class SessionsController < ApplicationController
store_lti_session_data(consumer: @consumer, parameters: params)
store_nonce(params[:oauth_nonce])
if params[:custom_redirect_target]
redirect_to(params[:custom_redirect_target])
redirect_to(URI.parse(params[:custom_redirect_target].to_s).path)
else
redirect_to(implement_exercise_path(@exercise),
notice: t("sessions.create_through_lti.session_#{lti_outcome_service?(@exercise.id, @current_user.id) ? 'with' : 'without'}_outcome",
@ -42,7 +42,11 @@ class SessionsController < ApplicationController
end
def destroy_through_lti
@submission = Submission.find(params[:submission_id])
@submission = Submission.find_by(id: params[:submission_id])
authorize(@submission, :show?)
lti_parameter = LtiParameter.where(external_users_id: @submission.user_id, exercises_id: @submission.exercise_id).last
@url = consumer_return_url(build_tool_provider(consumer: @submission.user.consumer, parameters: lti_parameter&.lti_parameters))
clear_lti_session_data(@submission.exercise_id, @submission.user_id)
end

4
app/controllers/study_groups_controller.rb
View File

@ -23,7 +23,7 @@ class StudyGroupsController < ApplicationController
def update
myparams = study_group_params
myparams[:external_users] =
StudyGroupMembership.find(myparams[:study_group_membership_ids].compact_blank).map(&:user)
StudyGroupMembership.find_by(id: myparams[:study_group_membership_ids].compact_blank).map(&:user)
myparams.delete(:study_group_membership_ids)
update_and_respond(object: @study_group, params: myparams)
end
@ -38,7 +38,7 @@ class StudyGroupsController < ApplicationController
private :study_group_params
def set_group
@study_group = StudyGroup.find(params[:id])
@study_group = StudyGroup.find_by(id: params[:id])
authorize!
end
private :set_group

2
app/controllers/submissions_controller.rb
View File

@ -373,7 +373,7 @@ class SubmissionsController < ApplicationController
end
def set_submission
@submission = Submission.find(params[:id])
@submission = Submission.find_by(id: params[:id])
authorize!
end

4
app/controllers/subscriptions_controller.rb
View File

@ -22,7 +22,7 @@ class SubscriptionsController < ApplicationController
# DELETE /subscriptions/1
# DELETE /subscriptions/1.json
def destroy
@subscription = Subscription.find(params[:id])
@subscription = Subscription.find_by(id: params[:id])
rescue StandardError
skip_authorization
respond_to do |format|
@ -47,7 +47,7 @@ class SubscriptionsController < ApplicationController
end
def set_subscription
@subscription = Subscription.find(params[:id])
@subscription = Subscription.find_by(id: params[:id])
authorize!
end
private :set_subscription

2
app/controllers/tags_controller.rb
View File

@ -38,7 +38,7 @@ class TagsController < ApplicationController
end
def set_tag
@tag = Tag.find(params[:id])
@tag = Tag.find_by(id: params[:id])
authorize!
end
private :set_tag

2
app/controllers/tips_controller.rb
View File

@ -44,7 +44,7 @@ class TipsController < ApplicationController
end
def set_tip
@tip = Tip.find(params[:id])
@tip = Tip.find_by(id: params[:id])
authorize!
end
private :set_tip

6
app/controllers/user_exercise_feedbacks_controller.rb
View File

@ -25,7 +25,7 @@ class UserExerciseFeedbacksController < ApplicationController
def create
Sentry.set_extras(params: uef_params)
@exercise = Exercise.find(uef_params[:exercise_id])
@exercise = Exercise.find_by(id: uef_params[:exercise_id])
rfc = RequestForComment.unsolved.where(exercise_id: @exercise.id, user_id: current_user.id).first
submission = begin
current_user.submissions.where(exercise_id: @exercise.id).order('created_at DESC').first
@ -67,7 +67,7 @@ class UserExerciseFeedbacksController < ApplicationController
else
params[:user_exercise_feedback][:exercise_id]
end
@exercise = Exercise.find(exercise_id)
@exercise = Exercise.find_by(id: exercise_id)
@uef = UserExerciseFeedback.find_or_initialize_by(user: current_user, exercise: @exercise)
authorize!
end
@ -105,7 +105,7 @@ class UserExerciseFeedbacksController < ApplicationController
end
def set_user_exercise_feedback
@uef = UserExerciseFeedback.find(params[:id])
@uef = UserExerciseFeedback.find_by(id: params[:id])
@exercise = @uef.exercise
end

6
app/helpers/statistics_helper.rb
View File

@ -2,7 +2,7 @@
module StatisticsHelper
WORKING_TIME_DELTA_IN_SECONDS = 5.minutes
WORKING_TIME_DELTA_IN_SQL_INTERVAL = "'0:05:00'" # yes, a string with quotes
WORKING_TIME_DELTA_IN_SQL_INTERVAL = ActiveRecord::Base.sanitize_sql("'0:05:00'") # yes, a string with quotes
def statistics_data
[
@ -174,6 +174,8 @@ module StatisticsHelper
end
def ranged_rfc_data(interval = 'year', from = DateTime.new(0), to = DateTime.now)
interval = ActiveRecord::Base.sanitize_sql(interval)
[
{
key: 'rfcs',
@ -209,6 +211,8 @@ module StatisticsHelper
end
def ranged_user_data(interval = 'year', from = DateTime.new(0), to = DateTime.now)
interval = ActiveRecord::Base.sanitize_sql(interval)
[
{
key: 'active',

12
app/models/exercise.rb
View File

@ -103,7 +103,7 @@ class Exercise < ApplicationRecord
(created_at - lag(created_at) over (PARTITION BY user_id, exercise_id
ORDER BY created_at)) AS working_time
FROM submissions
WHERE exercise_id=#{id}) AS foo) AS bar
WHERE exercise_id=#{self.class.sanitize_sql(id)}) AS foo) AS bar
GROUP BY user_id, user_type
"
end
@ -118,7 +118,7 @@ class Exercise < ApplicationRecord
(created_at - lag(created_at) over (PARTITION BY submissions.user_type, submissions.user_id, exercise_id
ORDER BY created_at)) AS working_time
FROM submissions
WHERE exercise_id = #{exercise_id} AND study_group_id = #{study_group_id} #{additional_filter}),
WHERE exercise_id = #{self.class.sanitize_sql(exercise_id)} AND study_group_id = #{self.class.sanitize_sql(study_group_id)} #{self.class.sanitize_sql(additional_filter)}),
working_time_with_deltas_ignored AS (
SELECT user_id,
user_type,
@ -251,7 +251,7 @@ class Exercise < ApplicationRecord
end
def get_quantiles(quantiles)
quantiles_str = "[#{quantiles.join(',')}]"
quantiles_str = self.class.sanitize_sql("[#{quantiles.join(',')}]")
result = ActiveRecord::Base.transaction do
self.class.connection.execute("
SET LOCAL intervalstyle = 'iso_8601';
@ -263,7 +263,7 @@ class Exercise < ApplicationRecord
Max(score) AS max_score,
(created_at - Lag(created_at) OVER (partition BY user_id, exercise_id ORDER BY created_at)) AS working_time
FROM submissions
WHERE exercise_id = #{id}
WHERE exercise_id = #{self.class.sanitize_sql(id)}
AND user_type = 'ExternalUser'
GROUP BY user_id,
id,
@ -273,7 +273,7 @@ class Exercise < ApplicationRecord
Sum(weight) AS max_points
FROM files
WHERE context_type = 'Exercise'
AND context_id = #{id}
AND context_id = #{self.class.sanitize_sql(id)}
AND role IN ('teacher_defined_test', 'teacher_defined_linter')
GROUP BY context_id),
-- filter for rows containing max points
@ -387,7 +387,7 @@ class Exercise < ApplicationRecord
self.class.connection.execute("
SELECT avg(working_time) as average_time
FROM
(#{user_working_time_query}) AS baz;
(#{self.class.sanitize_sql(user_working_time_query)}) AS baz;
").first['average_time']
end
end

25
app/models/request_for_comment.rb
View File

@ -22,27 +22,6 @@ class RequestForComment < ApplicationRecord
# after_save :trigger_rfc_action_cable
# not used right now, finds the last submission for the respective user and exercise.
# might be helpful to check whether the exercise has been solved in the meantime.
def last_submission
Submission.find_by_sql(" select * from submissions
where exercise_id = #{exercise_id} AND
user_id = #{user_id}
order by created_at desc
limit 1").first
end
# not used any longer, since we directly saved the submission_id now.
# Was used before that to determine the submission belonging to the request_for_comment.
def last_submission_before_creation
Submission.find_by_sql(" select * from submissions
where exercise_id = #{exercise_id} AND
user_id = #{user_id} AND
'#{created_at.localtime}' > created_at
order by created_at desc
limit 1").first
end
def comments_count
submission.files.sum {|file| file.comments.size }
end
@ -89,7 +68,7 @@ class RequestForComment < ApplicationRecord
end
def last_per_user(count = 5)
from("(#{row_number_user_sql}) as request_for_comments")
from(row_number_user_sql, :request_for_comments)
.where('row_number <= ?', count)
.group('request_for_comments.id, request_for_comments.user_id, request_for_comments.user_type, ' \
'request_for_comments.exercise_id, request_for_comments.file_id, request_for_comments.question, ' \
@ -101,7 +80,7 @@ class RequestForComment < ApplicationRecord
private
def row_number_user_sql
select('id, user_id, user_type, exercise_id, file_id, question, created_at, updated_at, solved, full_score_reached, submission_id, row_number() OVER (PARTITION BY user_id, user_type ORDER BY created_at DESC) as row_number').to_sql
select('id, user_id, user_type, exercise_id, file_id, question, created_at, updated_at, solved, full_score_reached, submission_id, row_number() OVER (PARTITION BY user_id, user_type ORDER BY created_at DESC) as row_number')
end
end
end

3
app/views/application/_breadcrumbs_and_title.html.slim
View File

@ -1,4 +1,5 @@
- if model = Kernel.const_get(controller_path.classify) rescue nil
- model = controller_path.classify.constantize rescue nil
- if model
- object = model.find_by(id: params[:id])
- if model.try(:nested_resource?)
- root_element = model.model_name.human(count: 2)

2
app/views/application/_locale_selector.html.slim
View File

@ -4,4 +4,4 @@ li.nav-item.dropdown
span.caret
ul.dropdown-menu.p-0.mt-1 role='menu'
- I18n.available_locales.sort_by { |locale| t("locales.#{locale}") }.each do |locale|
li = link_to(t("locales.#{locale}"), url_for(params.permit!.merge(locale: locale)), 'data-turbolinks' => "false", class: 'dropdown-item')
li = link_to(t("locales.#{locale}"), url_for(request.query_parameters.merge(locale: locale)), 'data-turbolinks' => "false", class: 'dropdown-item')

8
app/views/sessions/destroy_through_lti.html.slim
View File

@ -1,9 +1,11 @@
h1 = t('.headline')
- consumer = @submission.user.consumer
p
== t(".success_#{params[:outcome] ? 'with' : 'without'}_outcome", consumer: @consumer)
==< t(".finished_#{@consumer ? 'with' : 'without'}_consumer", consumer: @consumer, url: params[:url])
==< t(".do_not_use_backbutton", consumer: @consumer)
= t(".success_#{consumer ? 'with' : 'without'}_outcome", consumer: consumer)
==< t(".finished_#{consumer ? 'with' : 'without'}_consumer", consumer: h(consumer.name), url: @url)
=< t(".do_not_use_backbutton")
h2 = t('shared.statistics')

2
config/environments/production.rb
View File

@ -49,7 +49,7 @@ Rails.application.configure do
# config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
config.force_ssl = true
# Include generic and useful information about system operation, but avoid logging too much
# information to avoid inadvertent exposure of personally identifiable information (PII).

2
config/environments/staging.rb
View File

@ -60,7 +60,7 @@ Rails.application.configure do
# config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx
# Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
# config.force_ssl = true
config.force_ssl = true
# Set to :debug to see everything in the log.
config.log_level = :info

2
lib/assessor.rb
View File

@ -23,7 +23,7 @@ class Assessor
def initialize(options = {})
if options[:execution_environment].testing_framework?
@testing_framework_adapter = Kernel.const_get(options[:execution_environment].testing_framework).new
@testing_framework_adapter = options[:execution_environment].testing_framework.constantize.new
else
raise Error.new('No testing framework adapter set!')
end

3
spec/controllers/sessions_controller_spec.rb
View File

@ -201,13 +201,14 @@ describe SessionsController do
end
describe 'GET #destroy_through_lti' do
let(:perform_request) { proc { get :destroy_through_lti, params: {consumer_id: consumer.id, submission_id: submission.id} } }
let(:perform_request) { proc { get :destroy_through_lti, params: {submission_id: submission.id} } }
let(:submission) { create(:submission, exercise: create(:dummy)) }
before do
# Todo replace session with lti_parameter
# Todo create LtiParameter Object
# session[:lti_parameters] = {}
allow(controller).to receive(:current_user).and_return(submission.user)
perform_request.call
end