From 8c506cd47c082bb59ef76a467d9a7780a730b863 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Thu, 18 Apr 2024 16:03:40 +0200
Subject: [PATCH] Add AuthenticationToken to
 UserMailer.exercise_anomaly_detected

---
 app/mailers/user_mailer.rb                    | 19 ++++++++++++++++++-
 .../exercise_anomaly_detected.html.slim       | 18 ++++++++----------
 config/locales/de/mailers/user_mailer.yml     |  4 ----
 config/locales/en/mailers/user_mailer.yml     |  4 ----
 4 files changed, 26 insertions(+), 19 deletions(-)

diff --git a/app/mailers/user_mailer.rb b/app/mailers/user_mailer.rb
index 6f2b665a..b988bc2e 100644
--- a/app/mailers/user_mailer.rb
+++ b/app/mailers/user_mailer.rb
@@ -54,8 +54,25 @@ class UserMailer < ApplicationMailer
   end
 
   def exercise_anomaly_detected(exercise_collection, anomalies)
+    # First, we try to find the best matching study group for the user being notified.
+    # The study group is relevant, since it determines the access rights to the exercise within the collection.
+    # The best matching study group is the one that grants access to the most exercises in the collection.
+    # This approach might look complicated, but since it is called from a Rake task and no active user session, we need it.
+    @relevant_exercises = Exercise.where(id: anomalies.keys)
+    potential_study_groups = exercise_collection.user.study_groups.where(study_group_memberships: {role: StudyGroupMembership.roles[:teacher]})
+    potential_study_groups_with_expected_access = potential_study_groups.to_h do |study_group|
+      exercises_granting_access = @relevant_exercises.count do |exercise|
+        author_study_groups = exercise.author.study_groups.where(study_group_memberships: {role: StudyGroupMembership.roles[:teacher]})
+        author_study_groups.include?(study_group)
+      end
+      [study_group, exercises_granting_access]
+    end
+    best_matching_study_group = potential_study_groups_with_expected_access.max_by {|_study_group, exercises_granting_access| exercises_granting_access }.first
+
+    # Second, all relevant values are passed to the view
     @user = exercise_collection.user
-    @receiver_displayname = exercise_collection.user.displayname
+    @receiver_displayname = @user.displayname
+    @token = AuthenticationToken.generate!(@user, best_matching_study_group).shared_secret
     @collection = exercise_collection
     @anomalies = anomalies
     mail(subject: t('mailers.user_mailer.exercise_anomaly_detected.subject'), to: exercise_collection.user.email)
diff --git a/app/views/user_mailer/exercise_anomaly_detected.html.slim b/app/views/user_mailer/exercise_anomaly_detected.html.slim
index ebb7f01d..add5d1b6 100644
--- a/app/views/user_mailer/exercise_anomaly_detected.html.slim
+++ b/app/views/user_mailer/exercise_anomaly_detected.html.slim
@@ -9,12 +9,11 @@ table(border=1)
       td = t('exercises.statistics.average_worktime', locale: :de)
       td = t('shared.actions', locale: :de)
   tbody
-    - @anomalies.each_key do |id|
-      - exercise = Exercise.find(id)
+    - @relevant_exercises.each do |exercise|
       tr
-        td = link_to_if(ExercisePolicy.new(@user, exercise).show?, exercise.title, exercise_url(exercise))
-        td = @anomalies[id]
-        td = link_to_if(ExercisePolicy.new(@user, exercise).statistics?, t('shared.statistics', locale: :de), statistics_exercise_url(exercise))
+        td = link_to_if(ExercisePolicy.new(@user, exercise).show?, exercise.title, exercise_url(exercise, token: @token))
+        td = @anomalies[exercise.id]
+        td = link_to_if(ExercisePolicy.new(@user, exercise).statistics?, t('shared.statistics', locale: :de), statistics_exercise_url(exercise, token: @token))
 
 == t('mailers.user_mailer.exercise_anomaly_detected.body2',
         receiver_displayname: @receiver_displayname,
@@ -28,11 +27,10 @@ table(border=1)
       td = t('exercises.statistics.average_worktime', locale: :en)
       td = t('shared.actions', locale: :en)
   tbody
-    - @anomalies.each_key do |id|
-      - exercise = Exercise.find(id)
+    - @relevant_exercises.each do |exercise|
       tr
-        td = link_to_if(ExercisePolicy.new(@user, exercise).show?, exercise.title, exercise_url(exercise))
-        td = @anomalies[id]
-        td = link_to_if(ExercisePolicy.new(@user, exercise).statistics?, t('shared.statistics', locale: :en), statistics_exercise_url(exercise))
+        td = link_to_if(ExercisePolicy.new(@user, exercise).show?, exercise.title, exercise_url(exercise, token: @token))
+        td = @anomalies[exercise.id]
+        td = link_to_if(ExercisePolicy.new(@user, exercise).statistics?, t('shared.statistics', locale: :en), statistics_exercise_url(exercise, token: @token))
 
 == t('mailers.user_mailer.exercise_anomaly_detected.body3')
diff --git a/config/locales/de/mailers/user_mailer.yml b/config/locales/de/mailers/user_mailer.yml
index 51c00b7e..d26e89c7 100644
--- a/config/locales/de/mailers/user_mailer.yml
+++ b/config/locales/de/mailers/user_mailer.yml
@@ -17,8 +17,6 @@ de:
           Die Aufgaben sind:
           <br>
         body2: |
-          <br>
-          Falls Sie beim Klick auf einen Link eine Fehlermeldung erhalten, dass Sie nicht berechtigt wären diese Aktion auszuführen, öffnen Sie bitte eine beliebige Programmieraufgabe aus einem Kurs heraus und klicken den Link danach noch einmal.<br>
           <br>
           Diese Mail wurde automatisch von CodeOcean verschickt.<br>
           <br>
@@ -31,8 +29,6 @@ de:
           The exercises are:
           <br>
         body3: |
-          <br>
-          If you receive an error that you are not authorized to perform this action when clicking a link, please log-in through any course exercise beforehand and click the link again. <br>
           <br>
           This mail was automatically sent by CodeOcean. <br>
         subject: Unregelmäßigkeiten in Aufgaben Ihrer Aufgabensammlung
diff --git a/config/locales/en/mailers/user_mailer.yml b/config/locales/en/mailers/user_mailer.yml
index cbdca683..13618ac7 100644
--- a/config/locales/en/mailers/user_mailer.yml
+++ b/config/locales/en/mailers/user_mailer.yml
@@ -17,8 +17,6 @@ en:
           Die Aufgaben sind:
           <br>
         body2: |
-          <br>
-          Falls Sie beim Klick auf einen Link eine Fehlermeldung erhalten, dass Sie nicht berechtigt wären diese Aktion auszuführen, öffnen Sie bitte eine beliebige Programmieraufgabe aus einem Kurs heraus und klicken den Link danach noch einmal.<br>
           <br>
           Diese Mail wurde automatisch von CodeOcean verschickt.<br>
           <br>
@@ -31,8 +29,6 @@ en:
           The exercises are:
           <br>
         body3: |
-          <br>
-          If you receive an error that you are not authorized to perform this action when clicking a link, please log-in through any course exercise beforehand and click the link again. <br>
           <br>
           This mail was automatically sent by CodeOcean. <br>
         subject: Anomalies in exercises of your exercise collection