From 3f674d3687c2eba76790bd3894a86ff3651889ae Mon Sep 17 00:00:00 2001 From: Sebastian Serth Date: Tue, 22 Aug 2023 15:45:28 +0200 Subject: [PATCH] Prevent accessing another exercise during a programming group session --- app/controllers/exercises_controller.rb | 17 +++++++++++++++++ app/controllers/sessions_controller.rb | 1 + config/locales/de.yml | 1 + config/locales/en.yml | 1 + 4 files changed, 20 insertions(+) diff --git a/app/controllers/exercises_controller.rb b/app/controllers/exercises_controller.rb index da423418..9833a86b 100644 --- a/app/controllers/exercises_controller.rb +++ b/app/controllers/exercises_controller.rb @@ -298,6 +298,23 @@ class ExercisesController < ApplicationController private :update_exercise_tips def implement + if session[:pg_id] && current_contributor.exercise != @exercise + # we are acting on behalf of a programming group + if current_user.admin? + session.delete(:pg_id) + @current_contributor = current_user + else + return redirect_back( + fallback_location: implement_exercise_path(current_contributor.exercise), + alert: t('exercises.implement.existing_programming_group', exercise: current_contributor.exercise.title) + ) + end + elsif session[:pg_id].blank? && (pg = current_user.programming_groups.find_by(exercise: @exercise)) && pg.submissions.where(study_group_id: current_user.current_study_group_id).any? + # we are just acting on behalf of a single user who has already worked on this exercise as part of a programming group **in the context of the current study group** + session[:pg_id] = pg.id + @current_contributor = pg + end + user_solved_exercise = @exercise.solved_by?(current_contributor) count_interventions_today = UserExerciseIntervention.where(user: current_user).where('created_at >= ?', Time.zone.now.beginning_of_day).count diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 4faf1663..d7a30519 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -17,6 +17,7 @@ class SessionsController < ApplicationController end def create_through_lti + session.delete(:pg_id) # Remove any previous pg_id from the session store_lti_session_data(params) store_nonce(params[:oauth_nonce]) if params[:custom_redirect_target] diff --git a/config/locales/de.yml b/config/locales/de.yml index b885050b..ae8fd768 100644 --- a/config/locales/de.yml +++ b/config/locales/de.yml @@ -465,6 +465,7 @@ de: default_test_feedback: Sehr gut. Alle Tests waren erfolgreich. default_linter_feedback: Sehr gut. Der Linter hat nichts mehr zu beanstanden. error_messages: Fehlermeldungen + existing_programming_group: Sie arbeiten gerade an der Übung mit dem Titel '%{exercise}' als Teil einer Programmiergruppe. Bitte schließen Sie Ihre Arbeit dort ab, indem Sie Ihren Code bewerten und abgeben, bevor Sie mit der Bearbeitung dieser Übung beginnen. messages: Meldungen feedback: Feedback test_file: 'Test-Datei %{number} (%{filename})' diff --git a/config/locales/en.yml b/config/locales/en.yml index 87f289e2..612de4f0 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -465,6 +465,7 @@ en: default_test_feedback: Well done. All tests have been passed. default_linter_feedback: Well done. The linter is completly satisfied. error_messages: Error Messages + existing_programming_group: You are currently working on the exercise entitled '%{exercise}' as part of a programming group. Please finish your work there by scoring and submitting your code before you start implementing this exercise. messages: Messages feedback: Feedback test_file: 'Test File %{number} (%{filename})'