diff --git a/app/assets/javascripts/editor/editor.js.erb b/app/assets/javascripts/editor/editor.js.erb index 3ac57856..7de058d5 100644 --- a/app/assets/javascripts/editor/editor.js.erb +++ b/app/assets/javascripts/editor/editor.js.erb @@ -377,7 +377,7 @@ var CodeOceanEditor = { initializeWorkspaceButtons: function () { - $('#submit').on('click', this.submitCode.bind(this)); + $('#submit').one('click', this.submitCode.bind(this)); $('#assess').on('click', this.scoreCode.bind(this)); $('#dropdown-render, #render').on('click', this.renderCode.bind(this)); $('#dropdown-run, #run').on('click', this.runCode.bind(this)); diff --git a/app/assets/javascripts/error_templates.js b/app/assets/javascripts/error_templates.js index 74978157..3cb7dcaf 100644 --- a/app/assets/javascripts/error_templates.js +++ b/app/assets/javascripts/error_templates.js @@ -1,7 +1,7 @@ $(document).on('turbolinks:load', function() { if ($.isController('error_templates')) { $('#add-attribute').find('button').on('click', function () { - $.ajax(location + '/attribute.json', { + $.ajax('//' + location.host + location.pathname + '/attribute.json', { method: 'POST', data: { _method: 'PUT', diff --git a/app/assets/javascripts/external_users.js b/app/assets/javascripts/external_users.js index 058fdfa0..402c5473 100644 --- a/app/assets/javascripts/external_users.js +++ b/app/assets/javascripts/external_users.js @@ -17,7 +17,7 @@ $(document).on('turbolinks:load', function() { '; }; - var jqxhr = $.ajax(window.location.href + '/tag_statistics', { + var jqxhr = $.ajax('//' + location.host + location.pathname + '/tag_statistics', { dataType: 'json', method: 'GET' }); diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 24775794..e2023421 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -13,7 +13,7 @@ class ApplicationController < ActionController::Base def current_user ::NewRelic::Agent.add_custom_attributes(external_user_id: session[:external_user_id], session_user_id: session[:user_id]) - @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) || login_from_session || login_from_other_sources + @current_user ||= ExternalUser.find_by(id: session[:external_user_id]) || login_from_session || login_from_other_sources || nil end def require_user! diff --git a/app/controllers/concerns/submission_scoring.rb b/app/controllers/concerns/submission_scoring.rb index 6c258a5a..9bf9cda3 100644 --- a/app/controllers/concerns/submission_scoring.rb +++ b/app/controllers/concerns/submission_scoring.rb @@ -88,7 +88,7 @@ module SubmissionScoring # Return all test results except for those of a linter if not allowed show_linter = Python20CourseWeek.show_linter? submission.exercise, submission.user_id outputs&.reject do |output| - next if show_linter + next if show_linter || output.blank? output[:file_role] == 'teacher_defined_linter' end diff --git a/app/controllers/request_for_comments_controller.rb b/app/controllers/request_for_comments_controller.rb index 196fcf01..9b55c9e3 100644 --- a/app/controllers/request_for_comments_controller.rb +++ b/app/controllers/request_for_comments_controller.rb @@ -2,7 +2,7 @@ class RequestForCommentsController < ApplicationController include SubmissionScoring before_action :set_request_for_comment, only: [:show, :edit, :update, :destroy, :mark_as_solved, :set_thank_you_note] - skip_after_action :verify_authorized + before_action :require_user! def authorize! authorize(@request_for_comments || @request_for_comment) @@ -26,11 +26,12 @@ class RequestForCommentsController < ApplicationController def get_my_comment_requests @search = RequestForComment .with_last_activity - .where(user_id: current_user.id) + .where(user_id: current_user&.id) .ransack(params[:q]) @request_for_comments = @search.result .order('created_at DESC') .paginate(page: params[:page]) + authorize! render 'index' end @@ -44,6 +45,7 @@ class RequestForCommentsController < ApplicationController @request_for_comments = @search.result .order('last_comment DESC') .paginate(page: params[:page]) + authorize! render 'index' end @@ -83,10 +85,6 @@ class RequestForCommentsController < ApplicationController authorize! end - # GET /request_for_comments/1/edit - def edit - end - # POST /request_for_comments.json def create # Consider all requests as JSON @@ -111,17 +109,6 @@ class RequestForCommentsController < ApplicationController authorize! end - # DELETE /request_for_comments/1 - # DELETE /request_for_comments/1.json - def destroy - @request_for_comment.destroy - respond_to do |format| - format.html { redirect_to request_for_comments_url, notice: 'Request for comment was successfully destroyed.' } - format.json { head :no_content } - end - authorize! - end - private # Use callbacks to share common setup or constraints between actions. def set_request_for_comment diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 059c1888..145c3fd8 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -30,7 +30,7 @@ class SessionsController < ApplicationController end def destroy - if current_user.external_user? + if current_user&.external_user? clear_lti_session_data else logout diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index d1f9361b..7035de30 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -8,8 +8,8 @@ class SubmissionsController < ApplicationController before_action :set_submission, only: [:download, :download_file, :render_file, :run, :score, :extract_errors, :show, :statistics, :stop, :test] before_action :set_docker_client, only: [:run, :test] - before_action :set_files, only: [:download, :download_file, :render_file, :show] - before_action :set_file, only: [:download_file, :render_file] + before_action :set_files, only: [:download, :download_file, :render_file, :show, :run] + before_action :set_file, only: [:download_file, :render_file, :run] before_action :set_mime_type, only: [:download_file, :render_file] skip_before_action :verify_authenticity_token, only: [:download_file, :render_file] diff --git a/app/controllers/user_exercise_feedbacks_controller.rb b/app/controllers/user_exercise_feedbacks_controller.rb index 1d8293c5..9330f604 100644 --- a/app/controllers/user_exercise_feedbacks_controller.rb +++ b/app/controllers/user_exercise_feedbacks_controller.rb @@ -20,6 +20,8 @@ class UserExerciseFeedbacksController < ApplicationController end def create + Raven.extra_context(params: uef_params) + @exercise = Exercise.find(uef_params[:exercise_id]) rfc = RequestForComment.unsolved.where(exercise_id: @exercise.id, user_id: current_user.id).first submission = current_user.submissions.where(exercise_id: @exercise.id).order('created_at DESC').first rescue nil diff --git a/app/models/proxy_exercise.rb b/app/models/proxy_exercise.rb index bb17b30a..96c143b7 100644 --- a/app/models/proxy_exercise.rb +++ b/app/models/proxy_exercise.rb @@ -171,6 +171,8 @@ class ProxyExercise < ApplicationRecord if points_ratio == 0.0 Rails.logger.debug("scoring user #{user.id} for exercise #{ex.id}: points_ratio=#{points_ratio} score: 0" ) return 0.0 + elsif points_ratio > 1.0 + points_ratio = 1.0 # The score of the exercise was adjusted and is now lower than it was end points_ratio_index = ((scoring_matrix.size - 1) * points_ratio).to_i working_time_user = ex.accumulated_working_time_for_only(user) diff --git a/app/views/request_for_comments/show.html.slim b/app/views/request_for_comments/show.html.slim index d5cca4a3..6a9db128 100644 --- a/app/views/request_for_comments/show.html.slim +++ b/app/views/request_for_comments/show.html.slim @@ -55,7 +55,7 @@ - assess_runs = testruns.select {|run| run.cause == 'assess' } - unless @current_user.admin? - - assess_runs = assess_runs.select {|run| run.file.teacher_defined_test? } + - assess_runs = assess_runs.select {|run| run.file&.teacher_defined_test? || true } - if assess_runs.size > 0 h5.mt-4= t('request_for_comments.test_results') .testrun-assess-results @@ -109,7 +109,7 @@ javascript: $.ajax({ dataType: 'json', method: 'GET', - url: location + '/mark_as_solved' + url: '//' + location.host + location.pathname + '/mark_as_solved' }).done(function(response){ if(response.solved){ solvedButton.removeClass('btn-primary'); @@ -127,7 +127,7 @@ javascript: $.ajax({ dataType: 'json', method: 'POST', - url: location + '/set_thank_you_note', + url: '//' + location.host + location.pathname + '/set_thank_you_note', data: { note: value } diff --git a/app/views/submissions/index.html.slim b/app/views/submissions/index.html.slim index cff0eef5..3b922b82 100644 --- a/app/views/submissions/index.html.slim +++ b/app/views/submissions/index.html.slim @@ -22,12 +22,12 @@ h1 = Submission.model_name.human(count: 2) tbody - @submissions.each do |submission| tr - td = link_to_if(policy(submission.exercise).show?, submission.exercise, submission.exercise) + td = link_to_if(submission.exercise && policy(submission.exercise).show?, submission.exercise, submission.exercise) td = link_to_if(policy(submission.user).show?, submission.user, submission.user) td = t("submissions.causes.#{submission.cause}") td = submission.score td = l(submission.created_at, format: :short) - td = link_to(t('shared.show'), submission) if policy(submission).show? + td = link_to(t('shared.show'), submission) if policy(submission).show? && submission.exercise td = link_to(t('shared.statistics'), statistics_submission_path(submission)) if policy(submission).statistics? = render('shared/pagination', collection: @submissions) diff --git a/config/initializers/raven.rb b/config/initializers/raven.rb index f4323bfd..9beeb87a 100644 --- a/config/initializers/raven.rb +++ b/config/initializers/raven.rb @@ -8,6 +8,8 @@ Rails.application.tap do |app| Raven.configure do |config| config.sanitize_fields = app.config.filter_parameters.map(&:to_s) + config.processors -= [Raven::Processor::PostData] # Do this to send POST data + config.async = lambda do |event| pool.post { ::Raven.send_event(event) } end diff --git a/config/routes.rb b/config/routes.rb index 9c9584d8..df1a8b5b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -14,7 +14,7 @@ Rails.application.routes.draw do end end resources :codeharbor_links, only: %i[new create edit update destroy] - resources :request_for_comments do + resources :request_for_comments, except: %i[edit destroy] do member do get :mark_as_solved, defaults: { format: :json } post :set_thank_you_note, defaults: { format: :json }