From 41a61a850750d6b4c114e0a6d5fd4750a0c21340 Mon Sep 17 00:00:00 2001
From: Tom Staubitz <thomas.staubitz@hpi.uni-potsdam.de>
Date: Sat, 31 Dec 2016 17:21:46 +0100
Subject: [PATCH] Fixed the destroy session logic. 1. an exercise_id is
 provided ==> only the LtiParameter object for the current user, consumer, and
 exercise is deleted. 2. no exercise_id is provided ==> external user and
 consumer are removed from the session, all LtiParameter objects for this user
 and consumer are deleted.

This enables users to have several tabs with exercises open and submitting the results to the tool consumer.
When an exercise has been submitted, the user cannot use the back button to get back to CodeOcean and work on the submitted or any other exercise.
For now a warning has been added to the info text to tell users not to do this. (As the LtiParameters have been deleted, the points can no more be submitted to the consumer.)
@TODO disable/redirect back button?
---
 app/controllers/concerns/lti.rb                  | 11 ++++++-----
 app/controllers/sessions_controller.rb           |  1 -
 app/views/sessions/destroy_through_lti.html.slim |  1 +
 config/locales/de.yml                            |  1 +
 config/locales/en.yml                            |  1 +
 5 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/app/controllers/concerns/lti.rb b/app/controllers/concerns/lti.rb
index 702327d1..0d8a86cc 100644
--- a/app/controllers/concerns/lti.rb
+++ b/app/controllers/concerns/lti.rb
@@ -15,19 +15,20 @@ module Lti
   end
   private :build_tool_provider
 
+  # exercise_id.nil? ==> the user has logged out. All session data is to be destroyed
+  # exercise_id.exists? ==> the user has submitted the results of an exercise to the consumer.
+  # Only the lti_parameters are deleted.
   def clear_lti_session_data(exercise_id = nil)
     #Todo replace session with lti_parameter /done
-    #TODO decide if we need to remove all LtiParameters for user/consumer
     if (exercise_id.nil?)
       LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: session[:external_user_external_id])
-    else #TODO: probably it does not make sense to keep the LtiParameters if the session is deleted
+      session.delete(:consumer_id)
+      session.delete(:external_user_id)
+    else
       LtiParameter.destroy_all(consumers_id: session[:consumer_id],
                                external_user_id: session[:external_user_external_id],
                                exercises_id: exercise_id)
     end
-    session.delete(:consumer_id)
-    session.delete(:external_user_id)
-    #session.delete(:lti_parameters)
   end
   private :clear_lti_session_data
 
diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 9a9a7029..e99d0ad8 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -38,7 +38,6 @@ class SessionsController < ApplicationController
   def destroy_through_lti
     @consumer = Consumer.find_by(id: params[:consumer_id])
     @submission = Submission.find(params[:submission_id])
-    #TODO decide if we need to remove all LtiParameters for user/consumer
     clear_lti_session_data(@submission.exercise_id)
   end
 
diff --git a/app/views/sessions/destroy_through_lti.html.slim b/app/views/sessions/destroy_through_lti.html.slim
index 8f1e89a8..3e55e0fc 100644
--- a/app/views/sessions/destroy_through_lti.html.slim
+++ b/app/views/sessions/destroy_through_lti.html.slim
@@ -3,6 +3,7 @@ h1 = t('.headline')
 p
   == t(".success_#{params[:outcome] ? 'with' : 'without'}_outcome", consumer: @consumer)
   ==< t(".finished_#{@consumer ? 'with' : 'without'}_consumer", consumer: @consumer, url: params[:url])
+  ==< t(".do_not_use_backbutton", consumer: @consumer)
 
 h2 = t('shared.statistics')
 
diff --git a/config/locales/de.yml b/config/locales/de.yml
index 0695eda6..55fea63f 100644
--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@@ -386,6 +386,7 @@ de:
       score: Ihre Punktzahl
       success_with_outcome: 'Ihr Code wurde erfolgreich bewertet. Ihre Bewertung wurde an %{consumer} übermittelt.'
       success_without_outcome: Ihr Code wurde erfolgreich bewertet.
+      do_not_use_backbutton: Benutzen Sie nicht den "Zurück" Button des Browsers, um zu CodeOcean zurück zu kehren. Übungen müssen immer aus dem %{consumer} Kontext gestartet werden.
     new:
       forgot_password: Passwort vergessen?
       headline: Anmelden
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 34ebd266..598faa33 100644
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -407,6 +407,7 @@ en:
       score: Your Score
       success_with_outcome: 'Your code has been successfully assessed. Your grade has been transmitted to %{consumer}.'
       success_without_outcome: Your code has been successfully assessed.
+      do_not_use_backbutton: Never use the browser's "Back" button to get back to CodeOcean. Always start an exercise from within %{consumer}.
     new:
       forgot_password: Forgot password?
       headline: Sign In