diff --git a/app/assets/javascripts/editor.js b/app/assets/javascripts/editor.js index dd708305..09c23bba 100644 --- a/app/assets/javascripts/editor.js +++ b/app/assets/javascripts/editor.js @@ -92,21 +92,48 @@ $(function() { var createSubmission = function(initiator, filter, callback) { showSpinner(initiator); + + var annotations = {}; + var annotations_arr = []; + var file_ids = []; + + + $('.editor').each(function(index, element) { + var file_id = $(element).data('id'); + var editor = ace.edit(element); + //annotations[file_id] = editor.getSession().getAnnotations(); + var cleaned_annotations = editor.getSession().getAnnotations(); + for(var i = cleaned_annotations.length-1; i>=0; --i){ + cleaned_annotations[i].text = cleaned_annotations[i].text.replace(cleaned_annotations[i].username + ": ", ""); + } + annotations_arr = annotations_arr.concat(editor.getSession().getAnnotations()); + }); + var jqxhr = ajax({ data: { submission: { cause: $(initiator).data('cause') || $(initiator).prop('id'), exercise_id: $('#editor').data('exercise-id'), files_attributes: (filter || _.identity)(collectFiles()) - } + }, + source_submission_id: $('.ace_editor',$('#editor'))[0].dataset.id, + //annotations: annotations, + annotations_arr: annotations_arr }, + dataType: 'json', + method: 'POST', url: $(initiator).data('url') || $('#editor').data('submissions-url') }); jqxhr.always(hideSpinner); + jqxhr.done(createSubmissionCallback); jqxhr.done(callback); jqxhr.fail(ajaxError); }; + var createSubmissionCallback = function(data){ + var id = $('.editor').data('id'); + }; + var destroyFile = function() { createSubmission($('#destroy-file'), function(files) { return _.reject(files, function(file) { @@ -232,7 +259,10 @@ $(function() { }; var stderrOutput = ''; + // activate flowr only for half of the audience + var isFlowrEnabled = parseInt($('#editor').data('user-id'))%2 == 0; var handleStderrOutputForFlowr = function(event) { + if (!isFlowrEnabled) return var json = JSON.parse(event.data); if (json.stderr) { @@ -312,7 +342,7 @@ $(function() { session.setUseSoftTabs(true); session.setUseWrapMode(true); - var file_id = $(element).data('file-id'); + var file_id = $(element).data('id'); setAnnotations(editor, file_id); session.on('annotationRemoval', handleAnnotationRemoval); @@ -400,7 +430,8 @@ $(function() { $.each(annotations, function(index, comment){ comment.className = "code-ocean_comment"; - comment.text = comment.user_id + ": " + comment.text; + comment.text = comment.username + ": " + comment.text; + // comment.text = comment.user_id + ": " + comment.text; }); session.setAnnotations(annotations); @@ -638,7 +669,7 @@ $(function() { printOutput({ stderr: message }, true, 0); - sendError(message); + sendError(message, response.id); showTab(2); }; } @@ -713,12 +744,13 @@ $(function() { }); }; - var sendError = function(message) { + var sendError = function(message, submission_id) { showSpinner($('#render')); var jqxhr = ajax({ data: { error: { - message: message + message: message, + submission_id: submission_id } }, url: $('#editor').data('errors-url') @@ -886,7 +918,7 @@ $(function() { var requestComments = function(e) { var user_id = $('#editor').data('user-id') var exercise_id = $('#editor').data('exercise-id') - var file_id = $('.editor').data('file-id') + var file_id = $('.editor').data('id') $.ajax({ method: 'POST', diff --git a/app/controllers/comments_controller.rb b/app/controllers/comments_controller.rb index 52deb785..2ad52355 100644 --- a/app/controllers/comments_controller.rb +++ b/app/controllers/comments_controller.rb @@ -1,28 +1,60 @@ class CommentsController < ApplicationController before_action :set_comment, only: [:show, :edit, :update, :destroy_by_id] - # disable authorization check. TODO: turn this on later. - skip_after_action :verify_authorized + # to disable authorization check: comment the line below back in + # skip_after_action :verify_authorized + + def authorize! + authorize(@comment || @comments) + end + private :authorize! # GET /comments # GET /comments.json def index #@comments = Comment.all - @comments = Comment.where(file_id: params[:file_id]) + #if admin, show all comments. + #check whether user is the author of the passed file_id, if so, show all comments. otherwise, only show comments of auther and own comments + file = CodeOcean::File.find(params[:file_id]) + submission = Submission.find(file.context_id) + + is_admin = false + if current_user.respond_to? :external_id + user_id = current_user.external_id + else + user_id = current_user.id + is_admin = current_user.role == 'admin' + end + + if(is_admin || user_id == submission.user_id) + # fetch all comments for this file + @comments = Comment.where(file_id: params[:file_id]) + else + @comments = Comment.where(file_id: params[:file_id], user_id: user_id) + end + + #@comments = Comment.where(file_id: params[:file_id]) + + #add names to comments + @comments.map{|comment| comment.username = Xikolo::UserClient.get(comment.user_id.to_s)[:display_name]} + authorize! end # GET /comments/1 # GET /comments/1.json def show + authorize! end # GET /comments/new def new @comment = Comment.new + authorize! end # GET /comments/1/edit def edit + authorize! end # POST /comments @@ -39,6 +71,7 @@ class CommentsController < ApplicationController format.json { render json: @comment.errors, status: :unprocessable_entity } end end + authorize! end # PATCH/PUT /comments/1 @@ -53,6 +86,7 @@ class CommentsController < ApplicationController format.json { render json: @comment.errors, status: :unprocessable_entity } end end + authorize! end # DELETE /comments/1 @@ -73,6 +107,7 @@ class CommentsController < ApplicationController format.html { head :no_content, notice: 'Comments were successfully destroyed.' } format.json { head :no_content } end + authorize! end private diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb index e3859507..667b186d 100644 --- a/app/controllers/errors_controller.rb +++ b/app/controllers/errors_controller.rb @@ -22,7 +22,7 @@ class ErrorsController < ApplicationController end def error_params - params[:error].permit(:message).merge(execution_environment_id: @execution_environment.id) + params[:error].permit(:message, :submission_id).merge(execution_environment_id: @execution_environment.id) end private :error_params diff --git a/app/controllers/request_for_comments_controller.rb b/app/controllers/request_for_comments_controller.rb index fc0ab7b0..8c2379b4 100644 --- a/app/controllers/request_for_comments_controller.rb +++ b/app/controllers/request_for_comments_controller.rb @@ -3,21 +3,29 @@ class RequestForCommentsController < ApplicationController skip_after_action :verify_authorized + def authorize! + authorize(@request_for_comments || @request_for_comment) + end + private :authorize! # GET /request_for_comments # GET /request_for_comments.json def index - @request_for_comments = RequestForComment.all + # @request_for_comments = RequestForComment.all + @request_for_comments = RequestForComment.all.order('created_at DESC').limit(50) + authorize! end # GET /request_for_comments/1 # GET /request_for_comments/1.json def show + authorize! end # GET /request_for_comments/new def new @request_for_comment = RequestForComment.new + authorize! end # GET /request_for_comments/1/edit @@ -27,8 +35,30 @@ class RequestForCommentsController < ApplicationController # POST /request_for_comments # POST /request_for_comments.json def create + + file = CodeOcean::File.find(request_for_comment_params[:fileid]) + + # get newest version of the file. this method is only called if there is at least one submission (prevented in frontend otherwise) + # find newest submission for that exercise and user, use the file with the same filename for that. + # this is necessary because the passed params are not up to date since the data attributes are not updated upon submission creation. + + # if we stat from the template, the context type is exercise. we find the newest submission based on the context_id and the current_user.id + if(file.context_type =='Exercise') + newest_submission = Submission.where(exercise_id: file.context_id, user_id: current_user.id).order('created_at DESC').first + else + # else we start from a submission. we find it it by the given context_id and retrieve the newest submission with the info of the known submission. + submission = Submission.find(file.context_id) + newest_submission = Submission.where(exercise_id: submission.exercise_id, user_id: submission.user_id).order('created_at DESC').first + end + newest_file = CodeOcean::File.where(context_id: newest_submission.id, name: file.name).first + + #finally, correct the fileid and create the request for comment + request_for_comment_params[:fileid]=newest_file.id + @request_for_comment = RequestForComment.new(request_for_comment_params) + + respond_to do |format| if @request_for_comment.save format.json { render :show, status: :created, location: @request_for_comment } @@ -37,6 +67,7 @@ class RequestForCommentsController < ApplicationController format.json { render json: @request_for_comment.errors, status: :unprocessable_entity } end end + authorize! end # DELETE /request_for_comments/1 @@ -47,6 +78,7 @@ class RequestForCommentsController < ApplicationController format.html { redirect_to request_for_comments_url, notice: 'Request for comment was successfully destroyed.' } format.json { head :no_content } end + authorize! end private diff --git a/app/models/comment.rb b/app/models/comment.rb index 08fe8865..4cc8b0e2 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -1,6 +1,7 @@ class Comment < ActiveRecord::Base # inherit the creation module: encapsulates that this is a polymorphic user, offers some aliases and makes sure that all necessary attributes are set. include Creation + attr_accessor :username belongs_to :file, class: CodeOcean::File end diff --git a/app/policies/comment_policy.rb b/app/policies/comment_policy.rb new file mode 100644 index 00000000..091ed5e2 --- /dev/null +++ b/app/policies/comment_policy.rb @@ -0,0 +1,22 @@ +class CommentPolicy < ApplicationPolicy + def author? + @user == @record.author + end + private :author? + + def create? + everyone + end + + [:new?, :show?, :destroy?].each do |action| + define_method(action) { admin? || author? } + end + + def edit? + admin? + end + + def index? + everyone + end +end diff --git a/app/policies/request_for_comment_policy.rb b/app/policies/request_for_comment_policy.rb new file mode 100644 index 00000000..cf252338 --- /dev/null +++ b/app/policies/request_for_comment_policy.rb @@ -0,0 +1,23 @@ +class RequestForCommentPolicy < ApplicationPolicy + + + def create? + everyone + end + + def show? + everyone + end + + [:destroy?].each do |action| + define_method(action) { admin? } + end + + def edit? + admin? + end + + def index? + everyone + end +end diff --git a/app/views/comments/index.json.jbuilder b/app/views/comments/index.json.jbuilder index 84a4cee0..85172014 100644 --- a/app/views/comments/index.json.jbuilder +++ b/app/views/comments/index.json.jbuilder @@ -1,4 +1,4 @@ json.array!(@comments) do |comment| - json.extract! comment, :id, :user_id, :file_id, :row, :column, :text + json.extract! comment, :id, :user_id, :file_id, :row, :column, :text, :username json.url comment_url(comment, format: :json) end diff --git a/app/views/exercises/_editor_frame.html.slim b/app/views/exercises/_editor_frame.html.slim index 73421ff5..1db8ef76 100644 --- a/app/views/exercises/_editor_frame.html.slim +++ b/app/views/exercises/_editor_frame.html.slim @@ -12,4 +12,4 @@ = link_to(file.native_file.file.name_with_extension, file.native_file.url) - else .editor-content.hidden data-file-id=file.ancestor_id = file.content - .editor data-file-id=file.ancestor_id data-indent-size=file.file_type.indent_size data-mode=file.file_type.editor_mode data-read-only=file.read_only + .editor data-file-id=file.ancestor_id data-indent-size=file.file_type.indent_size data-mode=file.file_type.editor_mode data-read-only=file.read_only data-id=file.id diff --git a/app/views/request_for_comments/show.html.erb b/app/views/request_for_comments/show.html.erb index 2e9e7e28..2f940aef 100644 --- a/app/views/request_for_comments/show.html.erb +++ b/app/views/request_for_comments/show.html.erb @@ -29,6 +29,7 @@ var lineInput = $('#lineInput'); var commentInput = $('#commentInput'); commentitor = ace.edit(commentitor[0]); + commentitor.setReadOnly(true); $('#submitComment').click(addComment); setAnnotations(); @@ -48,7 +49,7 @@ jqrequest.done(function(response){ $.each(response, function(index, comment) { comment.className = "code-ocean_comment" - comment.text = comment.user_id + ": " + comment.text + comment.text = comment.username + ": " + comment.text }) commentitor.getSession().setAnnotations(response) diff --git a/db/migrate/20150408155923_add_submission_to_error.rb b/db/migrate/20150408155923_add_submission_to_error.rb new file mode 100644 index 00000000..d90d1679 --- /dev/null +++ b/db/migrate/20150408155923_add_submission_to_error.rb @@ -0,0 +1,5 @@ +class AddSubmissionToError < ActiveRecord::Migration + def change + add_reference :errors, :submission, index: true + end +end diff --git a/db/schema.rb b/db/schema.rb index e1aed2ef..91ed607a 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150327141740) do +ActiveRecord::Schema.define(version: 20150408155923) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -43,8 +43,11 @@ ActiveRecord::Schema.define(version: 20150327141740) do t.text "message" t.datetime "created_at" t.datetime "updated_at" + t.integer "submission_id" end + add_index "errors", ["submission_id"], name: "index_errors_on_submission_id", using: :btree + create_table "execution_environments", force: true do |t| t.string "docker_image" t.string "name" diff --git a/lib/xikolo/client.rb b/lib/xikolo/client.rb new file mode 100644 index 00000000..db48c91a --- /dev/null +++ b/lib/xikolo/client.rb @@ -0,0 +1,59 @@ +class Xikolo::Client + def self.get_user(user_id) + params = {:user_id => user_id} + response = get_request(user_profile_url(user_id), params) + if response + return JSON.parse(response) + else + return nil + end + end + + def self.user_profile_url(user_id) + return url + 'users/' + user_id + end + + def self.post_request(url, params) + begin + return RestClient.post url, params, http_header + rescue + return nil + end + end + + def self.get_request(url, params) + begin + return RestClient.get url, {:params => params}.merge(http_header) + rescue + return nil + end + end + + def self.http_header + return {:accept => accept, :authorization => token} + end + + def self.url + 'http://localhost:2000/api/' + end + + def self.accept + 'application/vnd.xikolo.v1, application/json' + end + + def self.token + 'Token token="'+Rails.application.config.xikolo[:token]+'"' + end + + private + + def authenticate_with_user + params = {:email => "admin@openhpi.de", :password => "admin"} + response = post_request(authentication_url, params) + @token = 'Token token="'+JSON.parse(response)['token']+'"' + end + + def self.authentication_url + return @url + 'authenticate' + end +end \ No newline at end of file diff --git a/lib/xikolo/user_client.rb b/lib/xikolo/user_client.rb new file mode 100644 index 00000000..44c21a73 --- /dev/null +++ b/lib/xikolo/user_client.rb @@ -0,0 +1,12 @@ +class Xikolo::UserClient + def self.get(user_id) + user = Xikolo::Client.get_user(user_id) + + # return default values if user is not found or if there is a server issue: + if user + return {display_name: user['first_name'], user_visual: user['user_visual'], language: user['language']} + else + return {display_name: "Name" + user_id, user_visual: ActionController::Base.helpers.image_path('default.png'), language: "DE"} + end + end +end \ No newline at end of file