Fixed the destroy session logic.

1. an exercise_id is provided ==> only the LtiParameter object for the current user, consumer, and exercise is deleted. 2. no exercise_id is provided ==> external user and consumer are removed from the session, all LtiParameter objects for this user and consumer are deleted. This enables users to have several tabs with exercises open and submitting the results to the tool consumer. When an exercise has been submitted, the user cannot use the back button to get back to CodeOcean and work on the submitted or any other exercise. For now a warning has been added to the info text to tell users not to do this. (As the LtiParameters have been deleted, the points can no more be submitted to the consumer.) @TODO disable/redirect back button?
2016-12-31 17:21:46 +01:00
parent edb813ab14
commit 41a61a8507
5 changed files with 9 additions and 6 deletions
--- a/app/controllers/concerns/lti.rb
+++ b/app/controllers/concerns/lti.rb
@ -15,19 +15,20 @@ module Lti
  end
  private :build_tool_provider

+  # exercise_id.nil? ==> the user has logged out. All session data is to be destroyed
+  # exercise_id.exists? ==> the user has submitted the results of an exercise to the consumer.
+  # Only the lti_parameters are deleted.
  def clear_lti_session_data(exercise_id = nil)
    #Todo replace session with lti_parameter /done
-    #TODO decide if we need to remove all LtiParameters for user/consumer
    if (exercise_id.nil?)
      LtiParameter.destroy_all(consumers_id: session[:consumer_id], external_user_id: session[:external_user_external_id])
-    else #TODO: probably it does not make sense to keep the LtiParameters if the session is deleted
+      session.delete(:consumer_id)
+      session.delete(:external_user_id)
+    else
      LtiParameter.destroy_all(consumers_id: session[:consumer_id],
                               external_user_id: session[:external_user_external_id],
                               exercises_id: exercise_id)
    end
-    session.delete(:consumer_id)
-    session.delete(:external_user_id)
-    #session.delete(:lti_parameters)
  end
  private :clear_lti_session_data

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -38,7 +38,6 @@ class SessionsController < ApplicationController
  def destroy_through_lti
    @consumer = Consumer.find_by(id: params[:consumer_id])
    @submission = Submission.find(params[:submission_id])
-    #TODO decide if we need to remove all LtiParameters for user/consumer
    clear_lti_session_data(@submission.exercise_id)
  end

--- a/app/views/sessions/destroy_through_lti.html.slim
+++ b/app/views/sessions/destroy_through_lti.html.slim
@ -3,6 +3,7 @@ h1 = t('.headline')
 p
  == t(".success_#{params[:outcome] ? 'with' : 'without'}_outcome", consumer: @consumer)
  ==< t(".finished_#{@consumer ? 'with' : 'without'}_consumer", consumer: @consumer, url: params[:url])
+  ==< t(".do_not_use_backbutton", consumer: @consumer)

 h2 = t('shared.statistics')

--- a/config/locales/de.yml
+++ b/config/locales/de.yml
@ -386,6 +386,7 @@ de:
      score: Ihre Punktzahl
      success_with_outcome: 'Ihr Code wurde erfolgreich bewertet. Ihre Bewertung wurde an %{consumer} übermittelt.'
      success_without_outcome: Ihr Code wurde erfolgreich bewertet.
+      do_not_use_backbutton: Benutzen Sie nicht den "Zurück" Button des Browsers, um zu CodeOcean zurück zu kehren. Übungen müssen immer aus dem %{consumer} Kontext gestartet werden.
    new:
      forgot_password: Passwort vergessen?
      headline: Anmelden
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@ -407,6 +407,7 @@ en:
      score: Your Score
      success_with_outcome: 'Your code has been successfully assessed. Your grade has been transmitted to %{consumer}.'
      success_without_outcome: Your code has been successfully assessed.
+      do_not_use_backbutton: Never use the browser's "Back" button to get back to CodeOcean. Always start an exercise from within %{consumer}.
    new:
      forgot_password: Forgot password?
      headline: Sign In