936c11e31f
Refactor authentication token for new study-group-based authorization
2022-09-22 19:24:26 +02:00
cb1b163b30
Always create a default study group for new consumers
2022-09-22 19:24:26 +02:00
9c9f45ff77
Redefine user roles with their role in a study group
2022-09-22 19:24:26 +02:00
04ed45ea73
Migrate database and models for study-group-based authorization
2022-09-22 19:24:26 +02:00
fa6527b4ed
Refactor exercises_controller.rb to reduce code duplication
2022-09-22 19:24:26 +02:00
bf13cfc712
Delete outdated search_policy.rb
2022-09-22 19:24:26 +02:00
664110f8f1
Show all study groups per consumer
2022-09-22 19:24:26 +02:00
3869785ddd
User: Allow removing the consumer filter
2022-09-22 19:24:26 +02:00
2f622174fa
Handle undefined this.websocket when stopping code
...
Fixes CODEOCEAN-CJ
2022-09-22 19:24:26 +02:00
bbb791471b
Remove AWS study
2022-09-21 18:57:12 +02:00
03cc71ccbc
Update ExecutionEnvironment statistics and sync message
2022-09-14 12:19:59 +02:00
d02a1eae81
Validate password strength for internal users
2022-09-14 12:19:25 +02:00
f1aa004284
Use controller method for 404 responses
2022-09-14 01:01:14 +02:00
dba3aac800
Merge branch 'master' into refactor_proforma_import_export
2022-09-13 22:47:50 +02:00
5ec2c7f5bc
refactor role finding logic for convert_task_to_exercise
...
add specs
2022-09-13 22:47:12 +02:00
80419db868
[CSP] Prevent use of unsafe-inline for links
...
* Also update all <a> tags in locals
2022-09-07 21:42:07 +02:00
9e08f3a6a8
Enable Subresource Integrity
2022-09-06 11:21:37 +02:00
b0130b8fae
Remove overwrite for X-Frame-Options
...
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
5b73f4df6f
Refactor render_file method
...
* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
2022-09-06 11:21:33 +02:00
b6d8c7175b
Disallow any external resources for :render_file
2022-09-06 11:20:57 +02:00
a2bb2844b4
Add a Content Security Policy
2022-09-06 11:20:57 +02:00
0a16f589e9
Use X-Sendfile to transmit native files and handle file uploads
2022-09-06 01:21:40 +02:00
dccc60b7ca
Remove renderWebsocketOutput and use printWebsocketOutput instead
...
* The `render` command is not used much
* Originally added with commit 898074be3f
2022-09-04 23:12:46 +02:00
e5d8db2796
Return propper error for anonymous users in exercises_controller
...
* not_authorized_for_exercise was not checking for a current_user
Fixes CODEOCEAN-C4
2022-09-04 19:13:08 +02:00
1581d658ea
Simplify user search for external teachers
2022-09-04 19:03:15 +02:00
fbe80ac557
Ensure min-height for left and right sidebar in editor
2022-09-04 11:48:53 +02:00
22cd202e9d
Refactor reject_illegal_file_attributes check
...
* Improve readability of method
* Add a new check for the author of a submission
2022-09-04 11:42:36 +02:00
b67daedfc9
Remove dead code from ProxyExercise
2022-09-04 00:05:38 +02:00
49f4f0e6c5
Refactor exercise_controller and move more checks to policy
...
* We introduce a custom handler for Pundit::NotAuthorizedError
2022-09-04 00:05:13 +02:00
0de213b8c7
Pagedown: Use default sanitizer for preview
2022-09-03 22:50:30 +02:00
e00d1772ca
Disallow markup for RfC emails
2022-09-02 18:14:14 +02:00
9050f02b7a
Add additional test case for new CodeOcean::File#read method
2022-09-02 17:52:24 +02:00
b6837e9539
Refactor validity of token authentication
2022-09-02 16:56:19 +02:00
e77223e628
Refactor send_thank_you_note method and according specs
2022-09-02 16:56:19 +02:00
60dc8c3b7e
Apply line-based coloring for output
2022-09-02 16:56:18 +02:00
5ace779d0c
fix and add specs
2022-08-31 20:51:58 +02:00
ffd7a0351a
Improve display of images for code output
2022-08-25 20:13:22 +02:00
4de77ca3f5
Improve get_quantiles method for exercise
2022-08-25 18:14:23 +02:00
bdebcf319e
Allow access to user statistics for teachers
...
Fixes CODEOCEAN-BV
2022-08-25 18:14:10 +02:00
b3f9a1ec90
Allow line breaks in feedback texts
2022-08-25 00:31:32 +02:00
6dcccd324b
Show feedback without rendering Markdown
...
* We do not instruct learners how to write Markdown, this might yield to an unexpected rendering
2022-08-25 00:23:08 +02:00
35dd745a29
Use final submission for exercise feedback
...
* Also, check for required permission
2022-08-24 23:56:34 +02:00
f4d350577a
Fix exercise search for teachers
2022-08-24 23:39:42 +02:00
7da08d2990
Fix typo for working_time_query
2022-08-24 23:29:49 +02:00
309956e472
Remove NULL byte before saving strings
2022-08-24 13:06:53 +02:00
c8c3a5bf95
Fix external user statistics for tags
2022-08-24 12:16:38 +02:00
76c9dfa4e5
add more CO specific data to metadata
2022-08-24 00:19:53 +02:00
50b81df742
proforma upgrade and small fixes
2022-08-23 21:12:03 +02:00
e0c2c7b806
Hide score button if exercise has no tests
...
We check for all teacher-defined assessments (linter and unit tests) to determine whether scoring should be possible
2022-08-22 17:51:57 +02:00
3effdbe600
merge master
2022-08-20 22:20:52 +02:00
