htwkmooc/codeocean
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #243 from openHPI/add_roles_via_LTI

Browse Source 
Add roles via LTI
This commit is contained in:
rteusner
2018-12-19 13:50:32 +01:00
committed by GitHub
parent ebd8b56ebf d95cf1cffb
commit c906b3240a
90 changed files with 243 additions and 590 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/controllers/application_controller.rb
View File

@ -33,6 +33,7 @@ class ApplicationController < ActionController::Base
private :set_locale
def welcome
# Show root page
end
def allow_iframe_requests

33
app/controllers/comments_controller.rb
View File

@ -9,7 +9,6 @@ class CommentsController < ApplicationController
end
private :authorize!
# GET /comments
# GET /comments.json
def index
file = CodeOcean::File.find(params[:file_id])
@ -29,24 +28,11 @@ class CommentsController < ApplicationController
authorize!
end
# GET /comments/1
# GET /comments/1.json
def show
authorize!
end
# GET /comments/new
def new
@comment = Comment.new
authorize!
end
# GET /comments/1/edit
def edit
authorize!
end
# POST /comments
# POST /comments.json
def create
@comment = Comment.new(comment_params_without_request_id)
@ -59,40 +45,31 @@ class CommentsController < ApplicationController
send_mail_to_subscribers @comment, request_for_comment
end
format.html { redirect_to @comment, notice: 'Comment was successfully created.' }
format.json { render :show, status: :created, location: @comment }
render :show, status: :created, location: @comment
else
format.html { render :new }
format.json { render json: @comment.errors, status: :unprocessable_entity }
render json: @comment.errors, status: :unprocessable_entity
end
end
authorize!
end
# PATCH/PUT /comments/1
# PATCH/PUT /comments/1.json
def update
respond_to do |format|
if @comment.update(comment_params_without_request_id)
format.html { head :no_content, notice: 'Comment was successfully updated.' }
format.json { render :show, status: :ok, location: @comment }
render :show, status: :ok, location: @comment
else
format.html { render :edit }
format.json { render json: @comment.errors, status: :unprocessable_entity }
render json: @comment.errors, status: :unprocessable_entity
end
end
authorize!
end
# DELETE /comments/1
# DELETE /comments/1.json
def destroy
authorize!
@comment.destroy
respond_to do |format|
format.html { head :no_content, notice: 'Comment was successfully destroyed.' }
format.json { head :no_content }
end
head :no_content
end
private

22
app/controllers/concerns/lti.rb
View File

@ -53,6 +53,22 @@ module Lti
end
private :external_user_name
def external_user_role(provider)
result = 'learner'
provider.roles.each do |role|
case role.downcase!
when 'administrator'
# We don't want anyone to get admin privileges through LTI
result = 'teacher' if result == 'learner'
when 'instructor'
result = 'teacher' if result == 'learner'
else # 'learner'
next
end
end unless provider.roles.blank?
result
end
def mooc_course
# All Xikolo platforms set the custom_course to the course code
params[:custom_course]
@ -135,7 +151,11 @@ module Lti
def set_current_user
@current_user = ExternalUser.find_or_create_by(consumer_id: @consumer.id, external_id: @provider.user_id)
@current_user.update(email: external_user_email(@provider), name: external_user_name(@provider))
external_role = external_user_role(@provider)
internal_role = @current_user.role
internal_role != 'admin' ? desired_role = external_role : desired_role = internal_role
# Update user with new information but change the role only if he is no admin user
@current_user.update(email: external_user_email(@provider), name: external_user_name(@provider), role: desired_role)
end
private :set_current_user

15
app/controllers/exercises_controller.rb
View File

@ -7,8 +7,8 @@ class ExercisesController < ApplicationController
before_action :handle_file_uploads, only: [:create, :update]
before_action :set_execution_environments, only: [:create, :edit, :new, :update]
before_action :set_exercise, only: MEMBER_ACTIONS + [:clone, :implement, :working_times, :intervention, :search, :run, :statistics, :submit, :reload, :feedback]
before_action :set_external_user, only: [:statistics]
before_action :set_exercise_and_authorize, only: MEMBER_ACTIONS + [:clone, :implement, :working_times, :intervention, :search, :run, :statistics, :submit, :reload, :feedback]
before_action :set_external_user_and_authorize, only: [:statistics]
before_action :set_file_types, only: [:create, :edit, :new, :update]
before_action :set_course_token, only: [:implement]
@ -299,19 +299,19 @@ class ExercisesController < ApplicationController
end
private :set_execution_environments
def set_exercise
def set_exercise_and_authorize
@exercise = Exercise.find(params[:id])
authorize!
end
private :set_exercise
private :set_exercise_and_authorize
def set_external_user
def set_external_user_and_authorize
if params[:external_user_id]
@external_user = ExternalUser.find(params[:external_user_id])
authorize!
end
end
private :set_exercise
private :set_external_user_and_authorize
def set_file_types
@file_types = FileType.all.order(:name)
@ -329,10 +329,11 @@ class ExercisesController < ApplicationController
private :collect_set_and_unset_exercise_tags
def show
# Show exercise details for teachers and admins
end
#we might want to think about auth here
def reload
# Returns JSON with original file content
end
def statistics

55
app/controllers/interventions_controller.rb
View File

@ -1,55 +0,0 @@
class InterventionsController < ApplicationController
include CommonBehavior
before_action :set_intervention, only: MEMBER_ACTIONS
def authorize!
authorize(@intervention || @interventions)
end
private :authorize!
def create
#@intervention = Intervention.new(intervention_params)
#authorize!
#create_and_respond(object: @intervention)
end
def destroy
destroy_and_respond(object: @intervention)
end
def edit
end
def intervention_params
params[:intervention].permit(:name) if params[:intervention].present?
end
private :intervention_params
def index
@interventions = Intervention.all.paginate(page: params[:page])
authorize!
end
def new
#@intervention = Intervention.new
#authorize!
end
def set_intervention
@intervention = Intervention.find(params[:id])
authorize!
end
private :set_intervention
def show
end
def update
update_and_respond(object: @intervention, params: intervention_params)
end
def to_s
name
end
end

6
app/controllers/proxy_exercises_controller.rb
View File

@ -1,7 +1,7 @@
class ProxyExercisesController < ApplicationController
include CommonBehavior
before_action :set_exercise, only: MEMBER_ACTIONS + [:clone, :reload]
before_action :set_exercise_and_authorize, only: MEMBER_ACTIONS + [:clone, :reload]
def authorize!
authorize(@proxy_exercise || @proxy_exercises)
@ -56,11 +56,11 @@ class ProxyExercisesController < ApplicationController
authorize!
end
def set_exercise
def set_exercise_and_authorize
@proxy_exercise = ProxyExercise.find(params[:id])
authorize!
end
private :set_exercise
private :set_exercise_and_authorize
def show
@search = @proxy_exercise.exercises.search

10
app/controllers/user_exercise_feedbacks_controller.rb
View File

@ -19,16 +19,6 @@ class UserExerciseFeedbacksController < ApplicationController
[4,t('user_exercise_feedback.estimated_time_more_30')]]
end
def index
@search = UserExerciseFeedback.all.search params[:q]
@uefs = @search.result.includes(:execution_environment).order(:id).paginate(page: params[:page])
authorize!
end
def show
authorize!
end
def create
@exercise = Exercise.find(uef_params[:exercise_id])
rfc = RequestForComment.unsolved.where(exercise_id: @exercise.id, user_id: current_user.id).first

1
app/mailers/user_mailer.rb
View File

@ -45,6 +45,7 @@ class UserMailer < ActionMailer::Base
end
def exercise_anomaly_detected(exercise_collection, anomalies)
@user = exercise_collection.user
@receiver_displayname = exercise_collection.user.displayname
@collection = exercise_collection
@anomalies = anomalies

2
app/policies/admin_or_author_policy.rb
View File

@ -1,6 +1,6 @@
class AdminOrAuthorPolicy < ApplicationPolicy
[:create?, :index?, :new?].each do |action|
define_method(action) { @user.internal_user? }
define_method(action) { admin? || teacher? }
end
[:destroy?, :edit?, :show?, :update?].each do |action|

16
app/policies/application_policy.rb
View File

@ -9,22 +9,28 @@ class ApplicationPolicy
end
private :teacher?
def author?
@user == @record.author
end
private :author?
def everyone
# As the ApplicationController forces to have any authorization, `everyone` here means `every user logged in`
true
end
private :everyone
def no_one
false
end
private :no_one
def initialize(user, record)
@user = user
@record = record
require_user!
end
def no_one
false
end
private :no_one
def require_user!
fail Pundit::NotAuthorizedError unless @user
end

8
app/policies/code_ocean/file_policy.rb
View File

@ -4,6 +4,14 @@ module CodeOcean
@user == @record.context.author
end
def show?
if @record.context.is_a?(Exercise)
admin? || author? || !@record.hidden
else
admin? || author?
end
end
def create?
if @record.context.is_a?(Exercise)
admin? || author?

5
app/policies/comment_policy.rb
View File

@ -1,9 +1,4 @@
class CommentPolicy < ApplicationPolicy
def author?
@user == @record.author
end
private :author?
def create?
everyone
end

4
app/policies/consumer_policy.rb
View File

@ -1,5 +1,3 @@
class ConsumerPolicy < AdminOnlyPolicy
def show?
super || @user.consumer == @record
end
end

9
app/policies/execution_environment_policy.rb
View File

@ -1,14 +1,9 @@
class ExecutionEnvironmentPolicy < AdminOnlyPolicy
def author?
@user == @record.author
end
private :author?
[:execute_command?, :shell?, :statistics?].each do |action|
[:execute_command?, :shell?, :statistics?, :show?].each do |action|
define_method(action) { admin? || author? }
end
[:create?, :index?, :new?].each do |action|
[:index?].each do |action|
define_method(action) { admin? || teacher? }
end
end

9
app/policies/exercise_policy.rb
View File

@ -1,15 +1,10 @@
class ExercisePolicy < AdminOrAuthorPolicy
def author?
@user == @record.author
end
private :author?
def batch_update?
admin?
end
def show?
@user.internal_user?
admin? || teacher?
end
[:clone?, :destroy?, :edit?, :statistics?, :update?, :feedback?].each do |action|
@ -24,7 +19,7 @@ class ExercisePolicy < AdminOrAuthorPolicy
def resolve
if @user.admin?
@scope.all
elsif @user.internal_user?
elsif @user.teacher?
@scope.where('user_id = ? OR public = TRUE', @user.id)
else
@scope.none

4
app/policies/file_template_policy.rb
View File

@ -1,9 +1,5 @@
class FileTemplatePolicy < AdminOnlyPolicy
def show?
everyone
end
def by_file_type?
everyone
end

8
app/policies/file_type_policy.rb
View File

@ -1,11 +1,3 @@
class FileTypePolicy < AdminOnlyPolicy
def author?
@user == @record.author
end
private :author?
[:create?, :index?, :new?].each do |action|
define_method(action) { admin? || teacher? }
end
end

34
app/policies/intervention_policy.rb
View File

@ -1,34 +0,0 @@
class InterventionPolicy < AdminOrAuthorPolicy
def author?
@user == @record.author
end
private :author?
def batch_update?
admin?
end
def show?
@user.internal_user?
end
[:clone?, :destroy?, :edit?, :update?].each do |action|
define_method(action) { admin? || author?}
end
[:reload?].each do |action|
define_method(action) { everyone }
end
class Scope < Scope
def resolve
if @user.admin?
@scope.all
elsif @user.internal_user?
@scope.where('user_id = ? OR public = TRUE', @user.id)
else
@scope.none
end
end
end
end

9
app/policies/proxy_exercise_policy.rb
View File

@ -1,15 +1,10 @@
class ProxyExercisePolicy < AdminOrAuthorPolicy
def author?
@user == @record.author
end
private :author?
def batch_update?
admin?
end
def show?
@user.internal_user?
admin? || teacher?
end
[:clone?, :destroy?, :edit?, :update?].each do |action|
@ -24,7 +19,7 @@ class ProxyExercisePolicy < AdminOrAuthorPolicy
def resolve
if @user.admin?
@scope.all
elsif @user.internal_user?
elsif @user.teacher?
@scope.where('user_id = ? OR public = TRUE', @user.id)
else
@scope.none

9
app/policies/request_for_comment_policy.rb
View File

@ -1,9 +1,4 @@
class RequestForCommentPolicy < ApplicationPolicy
def author?
@user == @record.author
end
private :author?
def create?
everyone
end
@ -16,8 +11,8 @@ class RequestForCommentPolicy < ApplicationPolicy
everyone
end
[:destroy?].each do |action|
define_method(action) { admin? }
def destroy?
admin?
end
def mark_as_solved?

9
app/policies/search_policy.rb
View File

@ -1,15 +1,10 @@
class SearchPolicy < AdminOrAuthorPolicy
def author?
@user == @record.author
end
private :author?
def batch_update?
admin?
end
def show?
@user.internal_user?
admin? || teacher?
end
[:clone?, :destroy?, :edit?, :update?].each do |action|
@ -24,7 +19,7 @@ class SearchPolicy < AdminOrAuthorPolicy
def resolve
if @user.admin?
@scope.all
elsif @user.internal_user?
elsif @user.teacher?
@scope.where('user_id = ? OR public = TRUE', @user.id)
else
@scope.none

16
app/policies/submission_policy.rb
View File

@ -1,9 +1,4 @@
class SubmissionPolicy < ApplicationPolicy
def author?
@user == @record.author
end
private :author?
def create?
everyone
end
@ -16,4 +11,15 @@ class SubmissionPolicy < ApplicationPolicy
def index?
admin?
end
def everyone_in_study_group
users_in_same_study_group = @record.study_groups.users
users_in_same_study_group.include? @user
end
private :everyone_in_study_group
def teacher_in_study_group
teacher? && everyone_in_study_group
end
private :teacher_in_study_group
end

4
app/policies/subscription_policy.rb
View File

@ -7,10 +7,6 @@ class SubscriptionPolicy < ApplicationPolicy
author? || admin?
end
def show_error?
everyone
end
def author?
@user == @record.user
end

27
app/policies/tag_policy.rb
View File

@ -1,34 +1,13 @@
class TagPolicy < AdminOrAuthorPolicy
def author?
@user == @record.author
end
private :author?
def batch_update?
admin?
end
def show?
@user.internal_user?
end
[:clone?, :destroy?, :edit?, :update?].each do |action|
define_method(action) { admin? || author?}
end
[:reload?].each do |action|
define_method(action) { everyone }
end
class TagPolicy < AdminOnlyPolicy
class Scope < Scope
def resolve
if @user.admin?
if @user.admin? || @user.teacher?
@scope.all
elsif @user.internal_user?
@scope.where('user_id = ? OR public = TRUE', @user.id)
else
@scope.none
end
end
end
end

2
app/views/admin/dashboard/show.html.slim
View File

@ -30,7 +30,7 @@ h2 Docker
tbody
- ExecutionEnvironment.order(:name).each do |execution_environment|
tr data-id=execution_environment.id
td.name = link_to(execution_environment, execution_environment)
td.name = link_to_if(policy(execution_environment).show?, execution_environment, execution_environment)
td.pool-size
td.quantity = progress_bar(0)
h3 = t('.history')

6
app/views/application/_breadcrumbs.html.slim
View File

@ -1,4 +1,4 @@
- if current_user.try(:internal_user?)
- if current_user.try(:admin?) or current_user.try(:teacher?)
.container
ul.breadcrumb
- if model = Kernel.const_get(controller_path.classify) rescue nil
@ -8,9 +8,9 @@
- if object
li.breadcrumb-item = object
- else
li.breadcrumb-item = link_to(model.model_name.human(count: 2), send(:"#{model.model_name.collection}_path"))
li.breadcrumb-item = link_to_if(policy(model).show?, model.model_name.human(count: 2), send(:"#{model.model_name.collection}_path"))
- if object
li.breadcrumb-item = link_to(object, send(:"#{model.model_name.singular}_path", object))
li.breadcrumb-item = link_to_if(policy(object).show?, object, send(:"#{model.model_name.singular}_path", object))
li.breadcrumb-item.active
- if I18n.translation_present?("shared.#{params[:action]}")
= t("shared.#{params[:action]}")

6
app/views/application/_navigation.html.slim
View File

@ -1,4 +1,4 @@
- if current_user.try(:internal_user?)
- if current_user.try(:admin?) or current_user.try(:teacher?)
ul.nav.navbar-nav
li.nav-item.dropdown
a.nav-link.dropdown-toggle.mx-3 data-toggle='dropdown' href='#'
@ -6,8 +6,8 @@
span.caret
ul.dropdown-menu.p-0.mt-1 role='menu'
- if current_user.admin?
li = link_to(t('breadcrumbs.dashboard.show'), admin_dashboard_path, class: 'dropdown-item', 'data-turbolinks' => "false")
li = link_to(t('breadcrumbs.statistics.show'), statistics_path, class: 'dropdown-item')
li = link_to(t('breadcrumbs.dashboard.show'), admin_dashboard_path, class: 'dropdown-item', 'data-turbolinks' => "false") if policy([:admin, :dashboard]).show?
li = link_to(t('breadcrumbs.statistics.show'), statistics_path, class: 'dropdown-item') if policy(:statistics).show?
li.dropdown-divider role='separator'
= render('navigation_submenu', title: t('activerecord.models.exercise.other'),
models: [Exercise, ExerciseCollection, ProxyExercise, Tag, Submission], link: exercises_path, cached: true)

1
app/views/application/_navigation_submenu.html.slim
View File

@ -1,3 +1,4 @@
- if models.any? { |model| policy(model).index? }
li.dropdown-submenu
- link = link.nil? ? "#" : link
a.dropdown-item.dropdown-toggle href=link data-toggle="dropdown" = title

8
app/views/application/_session.html.slim
View File

@ -5,10 +5,10 @@
= current_user
span.caret
ul.dropdown-menu.p-0.mt-1 role='menu'
- if current_user.internal_user?
li = link_to(t('consumers.show.link'), current_user.consumer, class: 'dropdown-item') if current_user.consumer
li = link_to(t('internal_users.show.link'), current_user, class: 'dropdown-item')
li = link_to(t('request_for_comments.index.all'), request_for_comments_path, class: 'dropdown-item')
- if current_user.try(:admin?) or current_user.try(:teacher?)
li = link_to(t('consumers.show.link'), current_user.consumer, class: 'dropdown-item') if current_user.consumer and policy(current_user.consumer).show?
li = link_to(t('internal_users.show.link'), current_user, class: 'dropdown-item') if policy(current_user).show?
li = link_to(t('request_for_comments.index.all'), request_for_comments_path, class: 'dropdown-item') if policy(:request_for_comment).index?
li = link_to(t('request_for_comments.index.get_my_rfc_activity'), my_rfc_activity_path, class: 'dropdown-item')
li = link_to(t('request_for_comments.index.get_my_comment_requests'), my_request_for_comments_path, class: 'dropdown-item')
- if current_user.internal_user?

6
app/views/application/welcome.html.slim
View File

@ -1,8 +1,8 @@
h1 = t('.title', application_name: application_name)
- if current_user.try(:external_user?)
p = t('.text_signed_in_as_external_user', application_name: application_name)
- elsif current_user.try(:internal_user?)
- if current_user.try(:admin?) or current_user.try(:teacher?)
p = t('.text_signed_in_as_internal_user', user_name: current_user.displayname)
- elsif current_user.try(:external_user?)
p = t('.text_signed_in_as_external_user', application_name: application_name)
- else
p == t('.text_signed_out', application_name: application_name, sign_in_path: sign_in_path)

8
app/views/code_harbor_links/index.html.slim
View File

@ -9,10 +9,10 @@ h1 = CodeHarborLink.model_name.human(count: 2)
tbody
- @code_harbor_links.each do |code_harbor_link|
tr
td = link_to(code_harbor_link.oauth2token, code_harbor_link)
td = link_to(t('shared.show'), code_harbor_link)
td = link_to(t('shared.edit'), edit_code_harbor_link_path(code_harbor_link))
td = link_to(t('shared.destroy'), code_harbor_link, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to_if(policy(code_harbor_link).show?, code_harbor_link.oauth2token, code_harbor_link)
td = link_to(t('shared.show'), code_harbor_link) if policy(code_harbor_link).show?
td = link_to(t('shared.edit'), edit_code_harbor_link_path(code_harbor_link)) if policy(code_harbor_link).edit?
td = link_to(t('shared.destroy'), code_harbor_link, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(code_harbor_link).destroy?
= render('shared/pagination', collection: @code_harbor_links)
p = render('shared/new_button', model: CodeHarborLink)

2
app/views/code_harbor_links/show.html.slim
View File

@ -1,6 +1,6 @@
h1
= @code_harbor_link
= render('shared/edit_button', object: @code_harbor_link) if policy(@code_harbor_link).edit?
= render('shared/edit_button', object: @code_harbor_link)
- %w[oauth2token].each do |attribute|
= row(label: "code_harbor_link.#{attribute}") do

33
app/views/comments/_form.html.slim
View File

@ -1,33 +0,0 @@
= form_for(@comment) do |f|
- if @comment.errors.any?
#error_explanation
h2
= pluralize(@comment.errors.count, "error")
| prohibited this comment from being saved:
ul
- @comment.errors.full_messages.each do |message|
li= message
.field
= f.label :user_id
br/
= f.text_field :user_id
.field
= f.label :file_id
br/
= f.text_field :file_id
.field
= f.label :row
br/
= f.number_field :row
.field
= f.label :column
br/
= f.number_field :column
.field
= f.label :text
br/
= f.text_field :text
.actions
= f.submit

7
app/views/comments/edit.html.slim
View File

@ -1,7 +0,0 @@
h1 Editing comment
= render 'form'
= link_to 'Show', @comment
| |
= link_to 'Back', comments_path

24
app/views/comments/index.html.slim
View File

@ -1,24 +0,0 @@
h1 Listing comments
table
thead
tr
th User
th File
th Row
th Column
th Text
th colspan="3"
tbody
- @comments.each do |comment|
tr
td= comment.user
td= comment.file
td= comment.row
td= comment.column
td= comment.text
td= link_to 'Show', comment
td= link_to 'Edit', edit_comment_path(comment)
td= link_to 'Destroy', comment, method: :delete, data: confirm: 'Are you sure?'
br/
= link_to 'New Comment', new_comment_path

5
app/views/comments/new.html.slim
View File

@ -1,5 +0,0 @@
h1 New comment
= render 'form'
= link_to 'Back', comments_path

25
app/views/comments/show.html.slim
View File

@ -1,25 +0,0 @@
p#notice= notice
p
strong User:
= @comment.user
p
strong File:
= @comment.file
p
strong Row:
= @comment.row
p
strong Column:
= @comment.column
p
strong Text:
= @comment.text
= link_to 'Edit', edit_comment_path(@comment)
| |
= link_to 'Back', comments_path

8
app/views/consumers/index.html.slim
View File

@ -9,10 +9,10 @@ h1 = Consumer.model_name.human(count: 2)
tbody
- @consumers.each do |consumer|
tr
td = link_to(consumer.name, consumer)
td = link_to(t('shared.show'), consumer)
td = link_to(t('shared.edit'), edit_consumer_path(consumer))
td = link_to(t('shared.destroy'), consumer, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to_if(policy(consumer).show?, consumer.name, consumer)
td = link_to(t('shared.show'), consumer) if policy(consumer).show?
td = link_to(t('shared.edit'), edit_consumer_path(consumer)) if policy(consumer).edit?
td = link_to(t('shared.destroy'), consumer, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(consumer).destroy?
= render('shared/pagination', collection: @consumers)
p = render('shared/new_button', model: Consumer)

2
app/views/consumers/show.html.slim
View File

@ -1,6 +1,6 @@
h1
= @consumer
= render('shared/edit_button', object: @consumer) if policy(@consumer).edit?
= render('shared/edit_button', object: @consumer)
= row(label: 'consumer.name', value: @consumer.name)
- %w[oauth_key oauth_secret].each do |attribute|

10
app/views/error_template_attributes/index.html.slim
View File

@ -8,7 +8,7 @@ h1 = ErrorTemplateAttribute.model_name.human(count: 2)
th = t('activerecord.attributes.error_template_attribute.key')
th = t('activerecord.attributes.error_template_attribute.description')
th = t('activerecord.attributes.error_template_attribute.regex')
th colspan=5 = t('shared.actions')
th colspan=3 = t('shared.actions')
tbody
- @error_template_attributes.each do |error_template_attribute|
tr
@ -17,13 +17,13 @@ h1 = ErrorTemplateAttribute.model_name.human(count: 2)
span class="fa fa-star" aria-hidden="true"
- else
span class="fa fa-star-o" aria-hidden="true"
td = link_to(error_template_attribute.key, error_template_attribute)
td = link_to_if(policy(error_template_attribute).show?, error_template_attribute.key, error_template_attribute)
td = error_template_attribute.description
td
code = error_template_attribute.regex
td = link_to(t('shared.show'), error_template_attribute)
td = link_to(t('shared.edit'), edit_error_template_attribute_path(error_template_attribute))
td = link_to(t('shared.destroy'), error_template_attribute, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), error_template_attribute) if policy(error_template_attribute).show?
td = link_to(t('shared.edit'), edit_error_template_attribute_path(error_template_attribute)) if policy(error_template_attribute).edit?
td = link_to(t('shared.destroy'), error_template_attribute, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(error_template_attribute).destroy?
= render('shared/pagination', collection: @error_template_attributes)
p = render('shared/new_button', model: ErrorTemplateAttribute)

8
app/views/error_templates/index.html.slim
View File

@ -11,12 +11,12 @@ h1 = ErrorTemplate.model_name.human(count: 2)
tbody
- @error_templates.each do |error_template|
tr
td = link_to(error_template.name, error_template)
td = link_to_if(policy(error_template).show?, error_template.name, error_template)
td = error_template.description
td = link_to(error_template.execution_environment)
td = link_to(t('shared.show'), error_template)
td = link_to(t('shared.edit'), edit_error_template_path(error_template))
td = link_to(t('shared.destroy'), error_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), error_template) if policy(error_template).show?
td = link_to(t('shared.edit'), edit_error_template_path(error_template)) if policy(error_template).edit?
td = link_to(t('shared.destroy'), error_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(error_template).destroy?
= render('shared/pagination', collection: @error_templates)
p = render('shared/new_button', model: ErrorTemplate)

9
app/views/error_templates/show.html.slim
View File

@ -3,7 +3,7 @@ h1
= render('shared/edit_button', object: @error_template)
= row(label: 'error_template.name', value: @error_template.name)
= row(label: 'exercise.execution_environment', value: link_to(@error_template.execution_environment))
= row(label: 'exercise.execution_environment', value: link_to_if(policy(@error_template.execution_environment).show?, @error_template.execution_environment))
= row(label: "error_template.signature") do
code = @error_template.signature
- [:description, :hint].each do |attribute|
@ -29,12 +29,13 @@ h2.mt-4
span class="fa fa-star" aria-hidden="true"
- else
span class="fa fa-star-o" aria-hidden="true"
td = link_to(attribute.key, attribute)
td = link_to_if(policy(attribute).show?, attribute.key, attribute)
td = attribute.description
td
code = attribute.regex
td = link_to(t('shared.show'), attribute)
td = link_to(t('shared.destroy'), attribute_error_template_url(:error_template_attribute_id => attribute.id), :method => :delete)
td = link_to(t('shared.show'), attribute) if policy(attribute).show?
td = link_to(t('shared.edit'), edit_error_template_attribute_path(attribute)) if policy(attribute).edit?
td = link_to(t('shared.destroy'), attribute_error_template_url(:error_template_attribute_id => attribute.id), :method => :delete) if policy(attribute).destroy?
#add-attribute
= collection_select({}, :error_template_attribute_id,

14
app/views/execution_environments/index.html.slim
View File

@ -14,17 +14,17 @@ h1 = ExecutionEnvironment.model_name.human(count: 2)
tbody
- @execution_environments.each do |execution_environment|
tr
td = link_to(execution_environment.name, execution_environment)
td = link_to(execution_environment.author, execution_environment.author)
td = link_to_if(policy(execution_environment).show?, execution_environment.name, execution_environment)
td = link_to_if(policy(execution_environment.author).show?, execution_environment.author, execution_environment.author)
td = execution_environment.pool_size
td = execution_environment.memory_limit
td = symbol_for(execution_environment.network_enabled)
td = execution_environment.permitted_execution_time
td = link_to(t('shared.show'), execution_environment)
td = link_to(t('shared.edit'), edit_execution_environment_path(execution_environment))
td = link_to(t('shared.destroy'), execution_environment, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('.shell'), shell_execution_environment_path(execution_environment))
td = link_to(t('shared.statistics'), statistics_execution_environment_path(execution_environment))
td = link_to(t('shared.show'), execution_environment) if policy(execution_environment).show?
td = link_to(t('shared.edit'), edit_execution_environment_path(execution_environment)) if policy(execution_environment).edit?
td = link_to(t('shared.destroy'), execution_environment, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(execution_environment).destroy?
td = link_to(t('.shell'), shell_execution_environment_path(execution_environment)) if policy(execution_environment).shell?
td = link_to(t('shared.statistics'), statistics_execution_environment_path(execution_environment)) if policy(execution_environment).statistics?
= render('shared/pagination', collection: @execution_environments)
p = render('shared/new_button', model: ExecutionEnvironment)

2
app/views/execution_environments/show.html.slim
View File

@ -3,7 +3,7 @@ h1
= render('shared/edit_button', object: @execution_environment)
= row(label: 'execution_environment.name', value: @execution_environment.name)
= row(label: 'execution_environment.user', value: link_to(@execution_environment.author, @execution_environment.author))
= row(label: 'execution_environment.user', value: link_to_if(policy(@execution_environment.author).show?, @execution_environment.author, @execution_environment.author))
= row(label: 'execution_environment.file_type', value: @execution_environment.file_type.present? ? link_to(@execution_environment.file_type, @execution_environment.file_type) : nil)
- [:docker_image, :exposed_ports, :memory_limit, :network_enabled, :permitted_execution_time, :pool_size].each do |attribute|
= row(label: "execution_environment.#{attribute}", value: @execution_environment.send(attribute))

2
app/views/execution_environments/statistics.html.slim
View File

@ -14,7 +14,7 @@ h1 = @execution_environment
- if wts then average_time = wts["average_time"] else 0
- if wts then stddev_time = wts["stddev_time"] else 0
tr
td = link_to exercise.title, controller: "exercises", action: "statistics", id: exercise.id, 'data-turbolinks' => "false"
td = link_to_if policy(exercise).statistics?, exercise.title, controller: "exercises", action: "statistics", id: exercise.id, 'data-turbolinks' => "false"
td = us["users"]
td = us["average_score"].to_f.round(4)
td = us["maximum_score"].to_f.round(2)

10
app/views/exercise_collections/index.html.slim
View File

@ -13,13 +13,13 @@ h1 = ExerciseCollection.model_name.human(count: 2)
- @exercise_collections.each do |collection|
tr
td = collection.id
td = link_to(collection.name, collection)
td = link_to_if(policy(collection).show?, collection.name, collection)
td = collection.updated_at
td = collection.exercises.size
td = link_to(t('shared.show'), collection)
td = link_to(t('shared.edit'), edit_exercise_collection_path(collection))
td = link_to(t('shared.statistics'), statistics_exercise_collection_path(collection))
td = link_to(t('shared.destroy'), collection, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), collection) if policy(collection).show?
td = link_to(t('shared.edit'), edit_exercise_collection_path(collection)) if policy(collection).edit?
td = link_to(t('shared.statistics'), statistics_exercise_collection_path(collection)) if policy(collection).statistics?
td = link_to(t('shared.destroy'), collection, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(collection).destroy?
= render('shared/pagination', collection: @exercise_collections)
p = render('shared/new_button', model: ExerciseCollection)

6
app/views/exercise_collections/show.html.slim
View File

@ -3,7 +3,7 @@ h1
= render('shared/edit_button', object: @exercise_collection)
= row(label: 'exercise_collections.name', value: @exercise_collection.name)
= row(label: 'exercise_collections.user', value: link_to(@exercise_collection.user.displayname, @exercise_collection.user)) unless @exercise_collection.user.nil?
= row(label: 'exercise_collections.user', value: link_to_if(policy(@exercise_collection.user).show?, @exercise_collection.user.displayname, @exercise_collection.user)) unless @exercise_collection.user.nil?
= row(label: 'exercise_collections.use_anomaly_detection', value: @exercise_collection.use_anomaly_detection)
= row(label: 'exercise_collections.updated_at', value: @exercise_collection.updated_at)
@ -22,7 +22,7 @@ h4.mt-4 = t('activerecord.attributes.exercise_collections.exercises')
- exercise = exercise_collection_item.exercise
tr
td = exercise_collection_item.position
td = link_to(exercise.title, exercise)
td = link_to_if(policy(exercise).show?, exercise.title, exercise)
td = link_to_if(exercise.execution_environment && policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
td = link_to_if(exercise.user && policy(exercise.user).show?, exercise.user.displayname, exercise.user)
td = link_to(t('shared.statistics'), statistics_exercise_path(exercise), 'data-turbolinks' => "false")
td = link_to(t('shared.statistics'), statistics_exercise_path(exercise), 'data-turbolinks' => "false") if policy(exercise).statistics?

2
app/views/exercises/feedback.html.slim
View File

@ -1,4 +1,4 @@
h1 = link_to(@exercise, exercise_path(@exercise))
h1 = link_to_if(policy(@exercise).show?, @exercise, exercise_path(@exercise))
.feedback-page
.header = t('activerecord.attributes.exercise.description')

2
app/views/exercises/index.html.slim
View File

@ -27,7 +27,7 @@ h1 = Exercise.model_name.human(count: 2)
tbody
- @exercises.each do |exercise|
tr data-id=exercise.id
td.p-1.pt-2 = link_to(exercise.title, exercise, 'data-turbolinks' => "false") if policy(exercise).show?
td.p-1.pt-2 = link_to_if(policy(exercise).show?, exercise.title, exercise, 'data-turbolinks' => "false")
td.p-1.pt-2 = link_to_if(exercise.execution_environment && policy(exercise.execution_environment).show?, exercise.execution_environment, exercise.execution_environment)
td.p-1.pt-2 = exercise.files.teacher_defined_tests.count
td.p-1.pt-2 = exercise.maximum_score

1
app/views/exercises/show.html.slim
View File

@ -7,7 +7,6 @@
h1
= @exercise
- if policy(@exercise).edit?
= render('shared/edit_button', object: @exercise)
= row(label: 'exercise.title', value: @exercise.title)

2
app/views/exercises/statistics.html.slim
View File

@ -49,7 +49,7 @@ h1 = @exercise
- if user_statistics[user.id] then us = user_statistics[user.id] else us = {"maximum_score" => nil, "runs" => nil}
- label = "#{user.displayname}"
tr
td = link_to_if symbol==:external_users, label, {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
td = link_to_if symbol==:external_users && policy(user).statistics?, label, {controller: "exercises", action: "statistics", external_user_id: user.id, id: @exercise.id}
td = us['maximum_score'] or 0
td = us['runs']
td = @exercise.average_working_time_for(user.id) or 0

6
app/views/external_users/index.html.slim
View File

@ -10,8 +10,8 @@ h1 = ExternalUser.model_name.human(count: 2)
tbody
- @users.each do |user|
tr
td = user.displayname
td = link_to(user.consumer, user.consumer)
td = link_to(t('shared.show'), user)
td = link_to_if(policy(user).show?, user.displayname)
td = link_to_if(policy(user.consumer).show?, user.consumer, user.consumer)
td = link_to(t('shared.show'), user) if policy(user).show?
= render('shared/pagination', collection: @users)

3
app/views/external_users/show.html.slim
View File

@ -3,8 +3,9 @@ h1 = @user.displayname
= row(label: 'external_user.name', value: @user.name)
//= row(label: 'external_user.email', value: @user.email)
= row(label: 'external_user.consumer', value: link_to(@user.consumer, @user.consumer))
= row(label: 'external_user.role', value: t("users.roles.#{@user.role}"))
h4.mt-4 = link_to(t('.exercise_statistics'), statistics_external_user_path(@user))
h4.mt-4 = link_to(t('.exercise_statistics'), statistics_external_user_path(@user)) if policy(@user).statistics?
h4.mt-4 = t('.tag_statistics')
#loading

2
app/views/external_users/statistics.html.slim
View File

@ -13,7 +13,7 @@ h1 = t('.title')
- if statistics[exercise.id]
- stats = statistics[exercise.id]
tr
td = link_to exercise, controller: "exercises", action: "statistics", external_user_id: @user.id, id: exercise.id
td = link_to_if policy(exercise).show?, exercise, controller: "exercises", action: "statistics", external_user_id: @user.id, id: exercise.id
td = stats["maximum_score"] or 0
td = stats["runs"] or 0
td = stats["working_time"] or 0

10
app/views/file_templates/index.html.slim
View File

@ -10,11 +10,11 @@ h1 = FileTemplate.model_name.human(count: 2)
tbody
- @file_templates.each do |file_template|
tr
td = link_to(file_template.name, file_template)
td = link_to(file_template.file_type, file_type_path(file_template.file_type))
td = link_to(t('shared.show'), file_template)
td = link_to(t('shared.edit'), edit_file_template_path(file_template))
td = link_to(t('shared.destroy'), file_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to_if(policy(file_template).show?, file_template.name, file_template)
td = link_to_if(policy(file_template.file_type).show?, file_template.file_type, file_type_path(file_template.file_type))
td = link_to(t('shared.show'), file_template) if policy(file_template).show?
td = link_to(t('shared.edit'), edit_file_template_path(file_template)) if policy(file_template).edit?
td = link_to(t('shared.destroy'), file_template, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(file_template).destroy?
= render('shared/pagination', collection: @file_templates)
p = render('shared/new_button', model: FileTemplate)

2
app/views/file_templates/show.html.slim
View File

@ -3,5 +3,5 @@ h1
= render('shared/edit_button', object: @file_template)
= row(label: 'file_template.name', value: @file_template.name)
= row(label: 'file_template.file_type', value: link_to(@file_template.file_type, file_type_path(@file_template.file_type)))
= row(label: 'file_template.file_type', value: link_to_if(policy(@file_template.file_type).show?, @file_template.file_type, file_type_path(@file_template.file_type)))
= row(label: 'file_template.content', value: @file_template.content)

10
app/views/file_types/index.html.slim
View File

@ -11,12 +11,12 @@ h1 = FileType.model_name.human(count: 2)
tbody
- @file_types.each do |file_type|
tr
td = link_to(file_type.name, file_type)
td = link_to(file_type.author, file_type.author)
td = link_to_if(policy(file_type).show?, file_type.name, file_type)
td = link_to_if(policy(file_type.author).show?, file_type.author, file_type.author)
td = file_type.file_extension
td = link_to(t('shared.show'), file_type)
td = link_to(t('shared.edit'), edit_file_type_path(file_type))
td = link_to(t('shared.destroy'), file_type, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), file_type) if policy(file_type).show?
td = link_to(t('shared.edit'), edit_file_type_path(file_type)) if policy(file_type).edit?
td = link_to(t('shared.destroy'), file_type, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(file_type).destroy?
= render('shared/pagination', collection: @file_types)
p = render('shared/new_button', model: FileType)

2
app/views/file_types/show.html.slim
View File

@ -3,6 +3,6 @@ h1
= render('shared/edit_button', object: @file_type)
= row(label: 'file_type.name', value: @file_type.name)
= row(label: 'file_type.user', value: link_to(@file_type.author, @file_type.author))
= row(label: 'file_type.user', value: link_to_if(policy(@file_type.author).show?, @file_type.author, @file_type.author))
- [:editor_mode, :file_extension, :indent_size, :binary, :executable, :renderable].each do |attribute|
= row(label: "file_type.#{attribute}", value: @file_type.send(attribute))

12
app/views/internal_users/index.html.slim
View File

@ -22,14 +22,12 @@ h1 = InternalUser.model_name.human(count: 2)
tbody
- @users.each do |user|
tr
td = user.name
td = user.consumer ? link_to(user.consumer, user.consumer) : empty
td = link_to_if(policy(user).show?, user.name)
td = user.consumer ? link_to_if(policy(user.consumer).show?, user.consumer, user.consumer) : empty
td = t("users.roles.#{user.role}")
td = link_to(t('shared.show'), user)
td = link_to(t('shared.edit'), edit_internal_user_path(user))
td
- if policy(user).destroy?
= link_to(t('shared.destroy'), user, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
td = link_to(t('shared.show'), user) if policy(user).show?
td = link_to(t('shared.edit'), edit_internal_user_path(user)) if policy(user).edit?
td = link_to(t('shared.destroy'), user, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if policy(user).destroy?
= render('shared/pagination', collection: @users)
p = render('shared/new_button', model: InternalUser)

3
app/views/internal_users/show.html.slim
View File

@ -1,10 +1,9 @@
h1
= @user
- if policy(@user).edit?
= render('shared/edit_button', object: @user)
= row(label: 'internal_user.email', value: @user.email)
= row(label: 'internal_user.name', value: @user.name)
= row(label: 'internal_user.consumer', value: @user.consumer ? link_to(@user.consumer, @user.consumer) : nil)
= row(label: 'internal_user.consumer', value: @user.consumer ? link_to_if(policy(@user.consumer).show?, @user.consumer, @user.consumer) : nil)
= row(label: 'internal_user.role', value: t("users.roles.#{@user.role}"))
= row(label: 'internal_user.activated', value: @user.activated?)

6
app/views/interventions/_form.html.slim
View File

@ -1,6 +0,0 @@
= form_for(@intervention) do |f|
= render('shared/form_errors', object: @intervention)
.form-group
= f.label(:name)
= f.text_field(:name, class: 'form-control', required: true)
.actions = render('shared/submit_button', f: f, object: @intervention)

14
app/views/interventions/index.html.slim
View File

@ -1,14 +0,0 @@
h1 = Intervention.model_name.human(count: 2)
.table-responsive
table.table
thead
tr
th = t('activerecord.attributes.intervention.name')
tbody
- @interventions.each do |intervention|
tr
td = intervention.name
td = link_to(t('shared.show'), intervention)
= render('shared/pagination', collection: @interventions)

4
app/views/interventions/show.html.slim
View File

@ -1,4 +0,0 @@
h1
= @intervention.name
= row(label: 'intervention.name', value: @intervention.name)

2
app/views/layouts/application.html.slim
View File

@ -29,7 +29,7 @@ html lang='en'
= render('session')
div data-controller=controller_name
= render('flash')
= render('breadcrumbs') if current_user.try(:internal_user?) && !@embed_options[:hide_navbar]
= render('breadcrumbs') if (current_user.try(:admin?) or current_user.try(:teacher?)) && !@embed_options[:hide_navbar]
- if (controller_name == "exercises" && action_name == "implement")
.container-fluid
= yield

2
app/views/proxy_exercises/_form.html.slim
View File

@ -22,7 +22,7 @@
= collection_check_boxes :proxy_exercise, :exercise_ids, @exercises, :id, :title do |b|
tr
td = b.check_box
td = link_to(b.object, b.object)
td = link_to_if(policy(b.object).show?, b.object, b.object)
td = l(b.object.created_at, format: :short)
.actions = render('shared/submit_button', f: f, object: @proxy_exercise)

4
app/views/proxy_exercises/index.html.slim
View File

@ -13,11 +13,11 @@ h1 = ProxyExercise.model_name.human(count: 2)
th.p-1 = t('activerecord.attributes.exercise.token')
th.p-1 = t('activerecord.attributes.exercise.public')
th.p-1 = t('activerecord.attributes.proxy_exercise.files_count')
th.p-1 colspan=6 = t('shared.actions')
th.p-1 colspan=2 = t('shared.actions')
tbody
- @proxy_exercises.each do |proxy_exercise|
tr data-id=proxy_exercise.id
td.p-1.pt-2 = link_to(proxy_exercise.title,proxy_exercise)
td.p-1.pt-2 = link_to_if(policy(proxy_exercise).show?, proxy_exercise.title, proxy_exercise)
td.p-1.pt-2
code
= proxy_exercise.token

3
app/views/proxy_exercises/show.html.slim
View File

@ -7,7 +7,6 @@
h1
= @proxy_exercise.title
- if policy(@proxy_exercise).edit?
= render('shared/edit_button', object: @proxy_exercise)
= row(label: 'exercise.title', value: @proxy_exercise.title)
@ -27,5 +26,5 @@ h2.mt-4 Exercises
th = sort_link(@search, :created_at, t('shared.created_at'))
- @proxy_exercise.exercises.each do |exercise|
tr
td = link_to(exercise.title, exercise)
td = link_to_if(policy(exercise).show?, exercise.title, exercise)
td = l(exercise.created_at, format: :short)

8
app/views/request_for_comments/_admin_menu.html.slim
View File

@ -1,8 +1,8 @@
hr
h5.mt-4 Admin Menu
ul.text
li = link_to "User's current status of this exercise", statistics_external_user_exercise_path(id: @request_for_comment.exercise_id, external_user_id: @request_for_comment.user_id)
li = link_to "All exercises of this user", statistics_external_user_path(id: @request_for_comment.user_id)
li = link_to "User's current status of this exercise", statistics_external_user_exercise_path(id: @request_for_comment.exercise_id, external_user_id: @request_for_comment.user_id) if policy(@request_for_comment.exercise).statistics?
li = link_to "All exercises of this user", statistics_external_user_path(id: @request_for_comment.user_id) if policy(@request_for_comment.user).statistics?
ul.text
li = link_to "Implement the exercise yourself", implement_exercise_path(id: @request_for_comment.exercise_id)
li = link_to "Show the exercise", exercise_path(id: @request_for_comment.exercise_id)
li = link_to "Implement the exercise yourself", implement_exercise_path(id: @request_for_comment.exercise_id) if policy(@request_for_comment.exercise).implement?
li = link_to "Show the exercise", exercise_path(id: @request_for_comment.exercise_id) if policy(@request_for_comment.exercise).show?

28
app/views/request_for_comments/_form.html.slim
View File

@ -1,28 +0,0 @@
= form_for(@request_for_comment) do |f|
- if @request_for_comment.errors.any?
#error_explanation
h2
= pluralize(@request_for_comment.errors.count, "error")
| prohibited this request_for_comment from being saved:
ul
- @request_for_comment.errors.full_messages.each do |message|
li= message
.field
= f.label :user_id
br/
= f.number_field :user_id
.field
= f.label :exercise_id
br/
= f.number_field :exercise_id
.field
= f.label :file_id
br/
= f.number_field :file_id
.field
= f.label :user_type
br/
= f.text_field :user_type
.actions
= f.submit

4
app/views/request_for_comments/index.html.slim
View File

@ -32,8 +32,8 @@ h1 = RequestForComment.model_name.human(count: 2)
span class="fa fa-check" style="color:darkgrey" aria-hidden="true"
- else
td = ''
td = link_to(request_for_comment.exercise.title, request_for_comment)
- if request_for_comment.has_attribute?(:question) && request_for_comment.question
td = link_to_if(policy(request_for_comment.exercise).show?, request_for_comment.exercise.title, request_for_comment)
- if request_for_comment.has_attribute?(:question) && request_for_comment.question.present?
td = truncate(request_for_comment.question, length: 200)
- else
td = '-'

6
app/views/request_for_comments/show.html.slim
View File

@ -2,12 +2,12 @@
h4#exercise_caption.list-group-item-heading data-comment-exercise-url=create_comment_exercise_request_for_comment_path data-exercise-id="#{@request_for_comment.exercise.id}" data-rfc-id="#{@request_for_comment.id}"
- if @request_for_comment.solved?
span.fa.fa-check aria-hidden="true"
= link_to(@request_for_comment.exercise.title, [:implement, @request_for_comment.exercise])
= link_to_if(policy(@request_for_comment.exercise).show?, @request_for_comment.exercise.title, [:implement, @request_for_comment.exercise])
p.list-group-item-text
- user = @request_for_comment.user
- submission = @request_for_comment.submission
- testruns = Testrun.where(:submission_id => @request_for_comment.submission)
= user.displayname
= link_to_if(policy(user).show?, user.displayname, user)
| | #{@request_for_comment.created_at.localtime}
.rfc
.description
@ -22,7 +22,7 @@
= t('activerecord.attributes.request_for_comments.question')
.text
- question = @request_for_comment.question
= question.nil? or question.empty? ? t('request_for_comments.no_question') : question
= question.blank? ? t('request_for_comments.no_question') : question
- if policy(@request_for_comment).mark_as_solved? and not @request_for_comment.solved?
= render('mark_as_solved')

1
app/views/shared/_edit_button.html.slim
View File

@ -1,3 +1,4 @@
- if policy(object).edit?
// default value for fetch will always be evaluated even if it is not returned
- link_target = local_assigns.fetch(:path, false) || send(:"edit_#{object.class.name.underscore}_path", object)
= link_to(t('shared.edit'), link_target, class: 'btn btn-secondary float-right')

2
app/views/shared/_file.html.slim
View File

@ -7,4 +7,4 @@
- if file.teacher_defined_test?
= row(label: 'file.feedback_message', value: render_markdown(file.feedback_message), class: 'm-0')
= row(label: 'file.weight', value: file.weight)
= row(label: 'file.content', value: file.native_file? ? link_to(file.native_file.file.filename, file.native_file.url) : code_tag(file.content))
= row(label: 'file.content', value: file.native_file? ? link_to_if(policy(file).show?, file.native_file.file.filename, file.native_file.url) : code_tag(file.content))

8
app/views/submissions/index.html.slim
View File

@ -21,12 +21,12 @@ h1 = Submission.model_name.human(count: 2)
tbody
- @submissions.each do |submission|
tr
td = link_to(submission.exercise, submission.exercise)
td = link_to(submission.user, submission.user)
td = link_to_if(policy(submission.exercise).show?, submission.exercise, submission.exercise)
td = link_to_if(policy(submission.user).show?, submission.user, submission.user)
td = t("submissions.causes.#{submission.cause}")
td = submission.score
td = l(submission.created_at, format: :short)
td = link_to(t('shared.show'), submission)
td = link_to(t('shared.statistics'), statistics_submission_path(submission))
td = link_to(t('shared.show'), submission) if policy(submission).show?
td = link_to(t('shared.statistics'), statistics_submission_path(submission)) if policy(submission).statistics?
= render('shared/pagination', collection: @submissions)

4
app/views/submissions/show.html.slim
View File

@ -7,8 +7,8 @@
h1 = @submission
= row(label: 'submission.exercise', value: link_to(@submission.exercise, @submission.exercise))
= row(label: 'submission.user', value: link_to(@submission.user, @submission.user))
= row(label: 'submission.exercise', value: link_to_if(policy(@submission.exercise).show?, @submission.exercise, @submission.exercise))
= row(label: 'submission.user', value: link_to_if(policy(@submission.user).show?, @submission.user, @submission.user))
= row(label: 'submission.cause', value: t("submissions.causes.#{@submission.cause}"))
= row(label: 'submission.score', value: @submission.score)

2
app/views/submissions/statistics.html.slim
View File

@ -23,4 +23,4 @@ h2.mt-4 = t('.history')
td = l(submission.created_at, format: :short)
td = submission.score
td = progress_bar(submission.percentage)
td = link_to(t('shared.show'), submission)
td = link_to(t('shared.show'), submission) if policy(submission).show?

8
app/views/tags/index.html.slim
View File

@ -9,10 +9,10 @@ h1 = Tag.model_name.human(count: 2)
tbody
- @tags.each do |tag|
tr
td = tag.name
td = link_to(t('shared.show'), tag)
td = link_to(t('shared.edit'), edit_tag_path(tag))
td = link_to(t('shared.destroy'), tag, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if tag.can_be_destroyed?
td = link_to_if(policy(tag).show?, tag.name, tag)
td = link_to(t('shared.show'), tag) if policy(tag).show?
td = link_to(t('shared.edit'), edit_tag_path(tag)) if policy(tag).edit?
td = link_to(t('shared.destroy'), tag, data: {confirm: t('shared.confirm_destroy')}, method: :delete) if tag.can_be_destroyed? && policy(tag).destroy?
= render('shared/pagination', collection: @tags)
p = render('shared/new_button', model: Tag, path: new_tag_path)

27
app/views/user_exercise_feedbacks/index.html.slim
View File

@ -1,27 +0,0 @@
h1 = UserExerciseFeedback.model_name.human(count: 2)
= render(layout: 'shared/form_filters') do |f|
.form-group
= f.label(:execution_environment_id_eq, t('activerecord.attributes.exercise.execution_environment'), class: 'sr-only')
= f.collection_select(:execution_environment_id_eq, ExecutionEnvironment.with_exercises, :id, :name, class: 'form-control', prompt: t('activerecord.attributes.exercise.execution_environment'))
.form-group
= f.label(:exercise_title_cont, t('activerecord.attributes.request_for_comments.exercise'), class: 'sr-only')
= f.search_field(:exercise_title_cont, class: 'form-control', placeholder: t('activerecord.attributes.request_for_comments.exercise'))
.table-responsive
table.table
thead
tr
th colspan=2 = t('activerecord.attributes.user_exercise_feedback.user')
th = t('activerecord.attributes.user_exercise_feedback.exercise')
th colspan=2 = t('shared.actions')
tbody
- @uefs.each do |uef|
tr
td = uef.user.id
td = uef.user.displayname
td = link_to(uef.exercise.title, uef.exercise)
td = link_to(t('shared.show'), uef)
td = link_to(t('shared.destroy'), uef, data: {confirm: t('shared.confirm_destroy')}, method: :delete)
= render('shared/pagination', collection: @uefs)

7
app/views/user_exercise_feedbacks/show.html.slim
View File

@ -1,7 +0,0 @@
h2 = @uef
= row(label: 'activerecord.attributes.user_exercise_feedback.exercise', value: link_to(@uef.exercise.title, @uef.exercise))
= row(label: 'user_exercise_feedback.user', value: @uef.user)
= row(label: 'activerecord.attributes.user_exercise_feedback.feedback_text', value: @uef.feedback_text)
= row(label: 'user_exercise_feedback.difficulty', value: @uef.difficulty)
= row(label: 'user_exercise_feedback.working_time', value: @uef.user_estimated_worktime)

8
app/views/user_mailer/exercise_anomaly_detected.html.slim
View File

@ -12,9 +12,9 @@ table(border=1)
- @anomalies.keys.each do | id |
- exercise = Exercise.find(id)
tr
td = link_to(exercise.title, exercise_path(exercise))
td = link_to_if(policy(@user, exercise).show?, exercise.title, exercise_path(exercise))
td = @anomalies[id]
td = link_to(t('shared.statistics', locale: :de), statistics_exercise_path(exercise))
td = link_to_if(policy(@user, exercise).statistics?, t('shared.statistics', locale: :de), statistics_exercise_path(exercise))
== t('mailers.user_mailer.exercise_anomaly_detected.body2',
@ -31,8 +31,8 @@ table(border=1)
- @anomalies.keys.each do | id |
- exercise = Exercise.find(id)
tr
td = link_to(exercise.title, exercise_path(exercise))
td = link_to_if(policy(@user, exercise).show?, exercise.title, exercise_path(exercise))
td = @anomalies[id]
td = link_to(t('shared.statistics', locale: :en), statistics_exercise_path(exercise))
td = link_to_if(policy(@user, exercise).statistics?, t('shared.statistics', locale: :en), statistics_exercise_path(exercise))
== t('mailers.user_mailer.exercise_anomaly_detected.body3')

8
app/views/user_mailer/got_new_comment.slim
View File

@ -1 +1,7 @@
== t('mailers.user_mailer.got_new_comment.body', receiver_displayname: @receiver_displayname, link_to_comment: link_to(@rfc_link, @rfc_link), commenting_user_displayname: @commenting_user_displayname, comment_text: @comment_text, link_my_comments: link_to(t('request_for_comments.index.get_my_comment_requests'), my_request_for_comments_url), link_all_comments: link_to(t('request_for_comments.index.all'), request_for_comments_url) )
== t('mailers.user_mailer.got_new_comment.body',
receiver_displayname: @receiver_displayname,
link_to_comment: link_to(@rfc_link, @rfc_link),
commenting_user_displayname: @commenting_user_displayname,
comment_text: @comment_text,
link_my_comments: link_to(t('request_for_comments.index.get_my_comment_requests'), my_request_for_comments_url),
link_all_comments: link_to(t('request_for_comments.index.all'), request_for_comments_url) )

6
app/views/user_mailer/send_thank_you_note.slim
View File

@ -1 +1,5 @@
== t('mailers.user_mailer.send_thank_you_note.body', receiver_displayname: @receiver_displayname, link_to_comment: link_to(@rfc_link, @rfc_link), author: @author.displayname, thank_you_note: @thank_you_note )
== t('mailers.user_mailer.send_thank_you_note.body',
receiver_displayname: @receiver_displayname,
link_to_comment: link_to(@rfc_link, @rfc_link),
author: @author.displayname,
thank_you_note: @thank_you_note )

1
config/locales/de.yml
View File

@ -47,6 +47,7 @@ de:
consumer: Konsument
email: E-Mail
name: Name
role: Rolle
file:
content: Inhalt
feedback_message: Feedback-Nachricht

1
config/locales/en.yml
View File

@ -47,6 +47,7 @@ en:
consumer: Consumer
email: Email
name: Name
role: Role
file:
content: Content
feedback_message: Feedback Message

32
config/routes.rb
View File

@ -16,12 +16,12 @@ Rails.application.routes.draw do
resources :code_harbor_links
resources :request_for_comments do
member do
get :mark_as_solved
post :create_comment_exercise
post :set_thank_you_note
get :mark_as_solved, defaults: { format: :json }
post :create_comment_exercise, defaults: { format: :json }
post :set_thank_you_note, defaults: { format: :json }
end
end
resources :comments
resources :comments, defaults: { format: :json }
get '/my_request_for_comments', as: 'my_request_for_comments', to: 'request_for_comments#get_my_comment_requests'
get '/my_rfc_activity', as: 'my_rfc_activity', to: 'request_for_comments#get_rfcs_with_my_comments'
@ -96,32 +96,12 @@ Rails.application.routes.draw do
member do
post :clone
get :reload
post :submit
end
end
resources :tags do
member do
post :clone
get :reload
post :submit
end
end
resources :tags
resources :user_exercise_feedbacks do
member do
get :reload
post :submit
end
end
resources :interventions do
member do
post :clone
get :reload
post :submit
end
end
resources :user_exercise_feedbacks, except: [:show, :index]
resources :external_users, only: [:index, :show], concerns: :statistics do
resources :exercises, concerns: :statistics

5
db/migrate/20181116143743_add_role_to_external_users.rb Normal file
View File

@ -0,0 +1,5 @@
class AddRoleToExternalUsers < ActiveRecord::Migration[5.2]
def change
add_column :external_users, :role, :string, default: 'learner', null: false
end
end

1
db/schema.rb
View File

@ -169,6 +169,7 @@ ActiveRecord::Schema.define(version: 2018_11_29_093207) do
t.string "name", limit: 255
t.datetime "created_at"
t.datetime "updated_at"
t.string "role", default: "learner", null: false
end
create_table "file_templates", force: :cascade do |t|

4
spec/features/authorization_spec.rb
View File

@ -23,11 +23,11 @@ describe 'Authorization' do
let(:user) { FactoryBot.create(:teacher) }
before(:each) { allow_any_instance_of(ApplicationController).to receive(:current_user).and_return(user) }
[Consumer, InternalUser].each do |model|
[Consumer, InternalUser, ExecutionEnvironment, FileType].each do |model|
expect_forbidden_path(:"new_#{model.model_name.singular}_path")
end
[ExecutionEnvironment, Exercise, FileType].each do |model|
[Exercise].each do |model|
expect_permitted_path(:"new_#{model.model_name.singular}_path")
end
end

6
spec/policies/execution_environment_policy_spec.rb
View File

@ -5,7 +5,7 @@ describe ExecutionEnvironmentPolicy do
let(:execution_environment) { FactoryBot.build(:ruby) }
[:create?, :index?, :new?].each do |action|
[:index?].each do |action|
permissions(action) do
it 'grants access to admins' do
expect(subject).to permit(FactoryBot.build(:admin), execution_environment)
@ -21,7 +21,7 @@ describe ExecutionEnvironmentPolicy do
end
end
[:execute_command?, :shell?, :statistics?].each do |action|
[:execute_command?, :shell?, :statistics?, :show?].each do |action|
permissions(action) do
it 'grants access to admins' do
expect(subject).to permit(FactoryBot.build(:admin), execution_environment)
@ -39,7 +39,7 @@ describe ExecutionEnvironmentPolicy do
end
end
[:destroy?, :edit?, :show?, :update?].each do |action|
[:destroy?, :edit?, :update?, :new?, :create?].each do |action|
permissions(action) do
it 'grants access to admins' do
expect(subject).to permit(FactoryBot.build(:admin), execution_environment)

18
spec/policies/file_type_policy_spec.rb
View File

@ -5,23 +5,7 @@ describe FileTypePolicy do
let(:file_type) { FactoryBot.build(:dot_rb) }
[:create?, :index?, :new?].each do |action|
permissions(action) do
it 'grants access to admins' do
expect(subject).to permit(FactoryBot.build(:admin), file_type)
end
it 'grants access to teachers' do
expect(subject).to permit(FactoryBot.build(:teacher), file_type)
end
it 'does not grant access to external users' do
expect(subject).not_to permit(FactoryBot.build(:external_user), file_type)
end
end
end
[:destroy?, :edit?, :show?, :update?].each do |action|
[:destroy?, :edit?, :update?, :new?, :create?, :index?, :show?].each do |action|
permissions(action) do
it 'grants access to admins' do
expect(subject).to permit(FactoryBot.build(:admin), file_type)