bugfixes, policies, errors now have a link to the submissions

2015-04-10 20:23:38 +02:00
parent 4fe60d5f94
commit 172ca91329
14 changed files with 241 additions and 16 deletions
--- a/app/assets/javascripts/editor.js
+++ b/app/assets/javascripts/editor.js
@ -92,21 +92,48 @@ $(function() {

  var createSubmission = function(initiator, filter, callback) {
    showSpinner(initiator);
+
+      var annotations = {};
+      var annotations_arr = [];
+      var file_ids = [];
+
+
+      $('.editor').each(function(index, element) {
+          var file_id =  $(element).data('id');
+          var editor = ace.edit(element);
+          //annotations[file_id] = editor.getSession().getAnnotations();
+          var cleaned_annotations = editor.getSession().getAnnotations();
+          for(var i = cleaned_annotations.length-1; i>=0; --i){
+              cleaned_annotations[i].text = cleaned_annotations[i].text.replace(cleaned_annotations[i].username + ": ", "");
+          }
+          annotations_arr = annotations_arr.concat(editor.getSession().getAnnotations());
+      });
+
    var jqxhr = ajax({
      data: {
        submission: {
          cause: $(initiator).data('cause') || $(initiator).prop('id'),
          exercise_id: $('#editor').data('exercise-id'),
          files_attributes: (filter || _.identity)(collectFiles())
-        }
+        },
+        source_submission_id: $('.ace_editor',$('#editor'))[0].dataset.id,
+        //annotations: annotations,
+        annotations_arr: annotations_arr
      },
+      dataType: 'json',
+      method: 'POST',
      url: $(initiator).data('url') || $('#editor').data('submissions-url')
    });
    jqxhr.always(hideSpinner);
+    jqxhr.done(createSubmissionCallback);
    jqxhr.done(callback);
    jqxhr.fail(ajaxError);
  };

+    var createSubmissionCallback = function(data){
+      var id =  $('.editor').data('id');
+    };
+
  var destroyFile = function() {
    createSubmission($('#destroy-file'), function(files) {
      return _.reject(files, function(file) {
@ -232,7 +259,10 @@ $(function() {
  };

  var stderrOutput = '';
+  // activate flowr only for half of the audience
+  var isFlowrEnabled = parseInt($('#editor').data('user-id'))%2 == 0;
  var handleStderrOutputForFlowr = function(event) {
+  if (!isFlowrEnabled) return
    var json = JSON.parse(event.data);

    if (json.stderr) {
@ -312,7 +342,7 @@ $(function() {
      session.setUseSoftTabs(true);
      session.setUseWrapMode(true);

-      var file_id =  $(element).data('file-id');
+      var file_id =  $(element).data('id');
      setAnnotations(editor, file_id);

      session.on('annotationRemoval', handleAnnotationRemoval);
@ -400,7 +430,8 @@ $(function() {

      $.each(annotations, function(index, comment){
          comment.className = "code-ocean_comment";
-          comment.text = comment.user_id + ": " + comment.text;
+          comment.text = comment.username + ": " + comment.text;
+        //  comment.text = comment.user_id + ": " + comment.text;
      });

      session.setAnnotations(annotations);
@ -638,7 +669,7 @@ $(function() {
            printOutput({
              stderr: message
            }, true, 0);
-            sendError(message);
+            sendError(message, response.id);
            showTab(2);
          };
        }
@ -713,12 +744,13 @@ $(function() {
    });
  };

-  var sendError = function(message) {
+  var sendError = function(message, submission_id) {
    showSpinner($('#render'));
    var jqxhr = ajax({
      data: {
        error: {
-          message: message
+          message: message,
+          submission_id: submission_id
        }
      },
      url: $('#editor').data('errors-url')
@ -886,7 +918,7 @@ $(function() {
  var requestComments = function(e) {
    var user_id = $('#editor').data('user-id')
    var exercise_id = $('#editor').data('exercise-id')
-    var file_id = $('.editor').data('file-id')
+    var file_id = $('.editor').data('id')

    $.ajax({
      method: 'POST',
--- a/app/controllers/comments_controller.rb
+++ b/app/controllers/comments_controller.rb
@ -1,28 +1,60 @@
 class CommentsController < ApplicationController
  before_action :set_comment, only: [:show, :edit, :update, :destroy_by_id]

-  # disable authorization check. TODO: turn this on later.
-  skip_after_action :verify_authorized
+  # to disable authorization check: comment the line below back in
+ # skip_after_action :verify_authorized
+
+  def authorize!
+    authorize(@comment || @comments)
+  end
+  private :authorize!

  # GET /comments
  # GET /comments.json
  def index
    #@comments = Comment.all
-    @comments = Comment.where(file_id: params[:file_id])
+    #if admin, show all comments.
+    #check whether user is the author of the passed file_id, if so, show all comments. otherwise, only show comments of auther and own comments
+    file = CodeOcean::File.find(params[:file_id])
+    submission = Submission.find(file.context_id)
+
+    is_admin = false
+    if current_user.respond_to? :external_id
+      user_id = current_user.external_id
+    else
+      user_id = current_user.id
+      is_admin = current_user.role == 'admin'
+    end
+
+    if(is_admin ||  user_id == submission.user_id)
+      # fetch all comments for this file
+      @comments = Comment.where(file_id: params[:file_id])
+    else
+      @comments = Comment.where(file_id: params[:file_id], user_id: user_id)
+    end
+
+    #@comments = Comment.where(file_id: params[:file_id])
+
+    #add names to comments
+    @comments.map{|comment| comment.username = Xikolo::UserClient.get(comment.user_id.to_s)[:display_name]}
+    authorize!
  end

  # GET /comments/1
  # GET /comments/1.json
  def show
+    authorize!
  end

  # GET /comments/new
  def new
    @comment = Comment.new
+    authorize!
  end

  # GET /comments/1/edit
  def edit
+    authorize!
  end

  # POST /comments
@ -39,6 +71,7 @@ class CommentsController < ApplicationController
        format.json { render json: @comment.errors, status: :unprocessable_entity }
      end
    end
+    authorize!
  end

  # PATCH/PUT /comments/1
@ -53,6 +86,7 @@ class CommentsController < ApplicationController
        format.json { render json: @comment.errors, status: :unprocessable_entity }
      end
    end
+    authorize!
  end

  # DELETE /comments/1
@ -73,6 +107,7 @@ class CommentsController < ApplicationController
      format.html { head :no_content, notice: 'Comments were successfully destroyed.' }
      format.json { head :no_content }
    end
+    authorize!
  end

  private
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@ -22,7 +22,7 @@ class ErrorsController < ApplicationController
  end

  def error_params
-    params[:error].permit(:message).merge(execution_environment_id: @execution_environment.id)
+    params[:error].permit(:message, :submission_id).merge(execution_environment_id: @execution_environment.id)
  end
  private :error_params

--- a/app/controllers/request_for_comments_controller.rb
+++ b/app/controllers/request_for_comments_controller.rb
@ -3,21 +3,29 @@ class RequestForCommentsController < ApplicationController

  skip_after_action :verify_authorized

+  def authorize!
+    authorize(@request_for_comments || @request_for_comment)
+  end
+  private :authorize!

  # GET /request_for_comments
  # GET /request_for_comments.json
  def index
-    @request_for_comments = RequestForComment.all
+    # @request_for_comments = RequestForComment.all
+    @request_for_comments = RequestForComment.all.order('created_at DESC').limit(50)
+    authorize!
  end

  # GET /request_for_comments/1
  # GET /request_for_comments/1.json
  def show
+    authorize!
  end

  # GET /request_for_comments/new
  def new
    @request_for_comment = RequestForComment.new
+    authorize!
  end

  # GET /request_for_comments/1/edit
@ -27,8 +35,30 @@ class RequestForCommentsController < ApplicationController
  # POST /request_for_comments
  # POST /request_for_comments.json
  def create
+
+    file = CodeOcean::File.find(request_for_comment_params[:fileid])
+
+    # get newest version of the file. this method is only called if there is at least one submission (prevented in frontend otherwise)
+    # find newest submission for that exercise and user, use the file with the same filename for that.
+    # this is necessary because the passed params are not up to date since the data attributes are not updated upon submission creation.
+
+    # if we stat from the template, the context type is exercise. we find the newest submission based on the context_id and the current_user.id
+      if(file.context_type =='Exercise')
+        newest_submission = Submission.where(exercise_id: file.context_id, user_id: current_user.id).order('created_at DESC').first
+      else
+        # else we start from a submission. we find it it by the given context_id and retrieve the newest submission with the info of the known submission.
+        submission = Submission.find(file.context_id)
+        newest_submission = Submission.where(exercise_id: submission.exercise_id, user_id: submission.user_id).order('created_at DESC').first
+      end
+      newest_file = CodeOcean::File.where(context_id: newest_submission.id, name: file.name).first
+
+    #finally, correct the fileid and create the request for comment
+    request_for_comment_params[:fileid]=newest_file.id
+
    @request_for_comment = RequestForComment.new(request_for_comment_params)

+
+
    respond_to do |format|
      if @request_for_comment.save
        format.json { render :show, status: :created, location: @request_for_comment }
@ -37,6 +67,7 @@ class RequestForCommentsController < ApplicationController
        format.json { render json: @request_for_comment.errors, status: :unprocessable_entity }
      end
    end
+    authorize!
  end

  # DELETE /request_for_comments/1
@ -47,6 +78,7 @@ class RequestForCommentsController < ApplicationController
      format.html { redirect_to request_for_comments_url, notice: 'Request for comment was successfully destroyed.' }
      format.json { head :no_content }
    end
+    authorize!
  end

  private
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@ -1,6 +1,7 @@
 class Comment < ActiveRecord::Base
  # inherit the creation module: encapsulates that this is a polymorphic user, offers some aliases and makes sure that all necessary attributes are set.
  include Creation
+  attr_accessor :username

  belongs_to :file, class: CodeOcean::File
 end
--- a/app/policies/comment_policy.rb
+++ b/app/policies/comment_policy.rb
@ -0,0 +1,22 @@
+class CommentPolicy < ApplicationPolicy
+  def author?
+    @user == @record.author
+  end
+  private :author?
+
+  def create?
+    everyone
+  end
+
+  [:new?, :show?, :destroy?].each do |action|
+    define_method(action) { admin? || author? }
+  end
+
+  def edit?
+    admin?
+  end
+
+  def index?
+    everyone
+  end
+end
--- a/app/policies/request_for_comment_policy.rb
+++ b/app/policies/request_for_comment_policy.rb
@ -0,0 +1,23 @@
+class RequestForCommentPolicy < ApplicationPolicy
+
+
+  def create?
+    everyone
+  end
+
+  def show?
+    everyone
+  end
+
+  [:destroy?].each do |action|
+    define_method(action) { admin? }
+  end
+
+  def edit?
+    admin?
+  end
+
+  def index?
+    everyone
+  end
+end
--- a/app/views/comments/index.json.jbuilder
+++ b/app/views/comments/index.json.jbuilder
@ -1,4 +1,4 @@
 json.array!(@comments) do |comment|
-  json.extract! comment, :id, :user_id, :file_id, :row, :column, :text
+  json.extract! comment, :id, :user_id, :file_id, :row, :column, :text, :username
  json.url comment_url(comment, format: :json)
 end
--- a/app/views/exercises/_editor_frame.html.slim
+++ b/app/views/exercises/_editor_frame.html.slim
@ -12,4 +12,4 @@
        = link_to(file.native_file.file.name_with_extension, file.native_file.url)
  - else
    .editor-content.hidden data-file-id=file.ancestor_id = file.content
-    .editor data-file-id=file.ancestor_id data-indent-size=file.file_type.indent_size data-mode=file.file_type.editor_mode data-read-only=file.read_only
+    .editor data-file-id=file.ancestor_id data-indent-size=file.file_type.indent_size data-mode=file.file_type.editor_mode data-read-only=file.read_only data-id=file.id
--- a/app/views/request_for_comments/show.html.erb
+++ b/app/views/request_for_comments/show.html.erb
@ -29,6 +29,7 @@
    var lineInput = $('#lineInput');
    var commentInput = $('#commentInput');
    commentitor = ace.edit(commentitor[0]);
+    commentitor.setReadOnly(true);

    $('#submitComment').click(addComment);
    setAnnotations();
@ -48,7 +49,7 @@
      jqrequest.done(function(response){
        $.each(response, function(index, comment) {
          comment.className = "code-ocean_comment"
-          comment.text = comment.user_id + ": " + comment.text
+          comment.text = comment.username + ": " + comment.text
        })

        commentitor.getSession().setAnnotations(response)
--- a/db/migrate/20150408155923_add_submission_to_error.rb
+++ b/db/migrate/20150408155923_add_submission_to_error.rb
@ -0,0 +1,5 @@
+class AddSubmissionToError < ActiveRecord::Migration
+  def change
+    add_reference :errors, :submission, index: true
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20150327141740) do
+ActiveRecord::Schema.define(version: 20150408155923) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@ -43,8 +43,11 @@ ActiveRecord::Schema.define(version: 20150327141740) do
    t.text     "message"
    t.datetime "created_at"
    t.datetime "updated_at"
+    t.integer  "submission_id"
  end

+  add_index "errors", ["submission_id"], name: "index_errors_on_submission_id", using: :btree
+
  create_table "execution_environments", force: true do |t|
    t.string   "docker_image"
    t.string   "name"
--- a/lib/xikolo/client.rb
+++ b/lib/xikolo/client.rb
@ -0,0 +1,59 @@
+class Xikolo::Client
+  def self.get_user(user_id)
+    params = {:user_id => user_id}
+    response = get_request(user_profile_url(user_id), params)
+    if response
+      return JSON.parse(response)
+    else
+      return nil
+    end
+  end
+
+  def self.user_profile_url(user_id)
+    return url + 'users/' + user_id
+  end
+
+  def self.post_request(url, params)
+    begin
+      return RestClient.post url, params, http_header
+    rescue
+      return nil
+    end
+  end
+
+  def self.get_request(url, params)
+    begin
+      return RestClient.get url, {:params => params}.merge(http_header)
+    rescue
+      return nil
+    end
+  end
+
+  def self.http_header
+    return {:accept => accept, :authorization => token}
+  end
+
+  def self.url
+    'http://localhost:2000/api/'
+  end
+
+  def self.accept
+    'application/vnd.xikolo.v1, application/json'
+  end
+
+  def self.token
+    'Token token="'+Rails.application.config.xikolo[:token]+'"'
+  end
+
+  private
+
+  def authenticate_with_user
+    params = {:email => "admin@openhpi.de", :password => "admin"}
+    response = post_request(authentication_url, params)
+    @token = 'Token token="'+JSON.parse(response)['token']+'"'
+  end
+
+  def self.authentication_url
+    return @url + 'authenticate'
+  end
+end
--- a/lib/xikolo/user_client.rb
+++ b/lib/xikolo/user_client.rb
@ -0,0 +1,12 @@
+class Xikolo::UserClient
+  def self.get(user_id)
+    user = Xikolo::Client.get_user(user_id)
+
+    # return default values if user is not found or if there is a server issue:
+    if user
+      return {display_name: user['first_name'], user_visual: user['user_visual'], language: user['language']}
+    else
+      return {display_name: "Name" + user_id, user_visual: ActionController::Base.helpers.image_path('default.png'), language: "DE"}
+    end
+  end
+end