58548555a5
Shell: Add file system browser to retrieve arbitrary files
2022-10-29 18:49:18 +02:00
60078701f5
Editor: Allow file retrieval after code run
2022-10-29 18:49:18 +02:00
eefe3faa13
Re-apply default group when external user signs out
2022-10-27 17:06:04 +02:00
f45fad71dd
Add early return support for authentication
2022-10-27 16:14:18 +02:00
dd1f4b0ac8
Merge pull request #939 from openHPI/refactor_proforma_import_export
...
Refactor Proforma Import/Export
2022-10-26 17:58:48 +02:00
c75f52f2c8
Fix Rubocop offenses
2022-10-24 12:28:50 +02:00
df384ebf0d
Disallow protected upload paths for non-native files
...
Fixes CODEOCEAN-E0
2022-10-06 00:11:27 +02:00
61e3cfcac5
Handle deleted files in CodeOcean::FilesController
...
Fixes CODEOCEAN-E2
2022-10-06 00:10:52 +02:00
f7515362a1
Set Content-Type to fixed value for all download actions
2022-10-05 21:46:17 +02:00
42688ed1c9
Prefer authentication token for session if present
2022-10-05 21:34:19 +02:00
2d95a737f6
Assume failed code execution if no status was received
2022-10-04 16:08:10 +02:00
b8b7cd99bd
SubmissionsController: Allow JS to be "rendered"
...
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
2022-10-04 16:06:59 +02:00
ca13ea03c8
SubmissionsController: Send Content-Length if possible
2022-10-04 16:06:59 +02:00
c3daa51c8c
SubmissionsController: Remove outdated ActionController::Live mixin
...
The mixin was previously used for Server-Sent-Events, which were removed from CodeOcean a long time ago.
After the mixin is removed, we can also fix the cookie send mechanism (this was erroneous with the mixin).
2022-10-04 16:06:58 +02:00
f53c6cb3ee
Shell: Add toggle to execute command as root
2022-10-04 16:06:58 +02:00
3263d4f838
Respect subpath for (render_)protected_upload_path
2022-09-28 11:06:15 +02:00
f73917313d
Add reminder about path validation for protected download and render
2022-09-25 01:12:48 +02:00
eb188dcd71
Add privilegedExecution flag to database and Poseidon Strategy
2022-09-24 22:32:41 +02:00
b866221353
rename route
2022-09-24 21:08:18 +02:00
16c00ec136
Add support for signed URLs used by the render_file function
2022-09-23 21:35:22 +02:00
5881795d5f
Memorize config options instead of reading them from file over and over again
2022-09-23 21:35:22 +02:00
0e7c38657f
Allow teachers to access internal users and manage them in their study groups
2022-09-22 19:24:26 +02:00
ac3dc8d30f
Allow platform admins and internal users to switch their current study group
2022-09-22 19:24:26 +02:00
4d2fe22daf
Allow assignment of study groups for internal users
2022-09-22 19:24:26 +02:00
02c65af034
Update scope query for new teacher definition
2022-09-22 19:24:26 +02:00
936c11e31f
Refactor authentication token for new study-group-based authorization
2022-09-22 19:24:26 +02:00
9c9f45ff77
Redefine user roles with their role in a study group
2022-09-22 19:24:26 +02:00
fa6527b4ed
Refactor exercises_controller.rb to reduce code duplication
2022-09-22 19:24:26 +02:00
03cc71ccbc
Update ExecutionEnvironment statistics and sync message
2022-09-14 12:19:59 +02:00
f1aa004284
Use controller method for 404 responses
2022-09-14 01:01:14 +02:00
dba3aac800
Merge branch 'master' into refactor_proforma_import_export
2022-09-13 22:47:50 +02:00
b0130b8fae
Remove overwrite for X-Frame-Options
...
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
5b73f4df6f
Refactor render_file method
...
* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
2022-09-06 11:21:33 +02:00
b6d8c7175b
Disallow any external resources for :render_file
2022-09-06 11:20:57 +02:00
0a16f589e9
Use X-Sendfile to transmit native files and handle file uploads
2022-09-06 01:21:40 +02:00
e5d8db2796
Return propper error for anonymous users in exercises_controller
...
* not_authorized_for_exercise was not checking for a current_user
Fixes CODEOCEAN-C4
2022-09-04 19:13:08 +02:00
1581d658ea
Simplify user search for external teachers
2022-09-04 19:03:15 +02:00
22cd202e9d
Refactor reject_illegal_file_attributes check
...
* Improve readability of method
* Add a new check for the author of a submission
2022-09-04 11:42:36 +02:00
b67daedfc9
Remove dead code from ProxyExercise
2022-09-04 00:05:38 +02:00
49f4f0e6c5
Refactor exercise_controller and move more checks to policy
...
* We introduce a custom handler for Pundit::NotAuthorizedError
2022-09-04 00:05:13 +02:00
b6837e9539
Refactor validity of token authentication
2022-09-02 16:56:19 +02:00
60dc8c3b7e
Apply line-based coloring for output
2022-09-02 16:56:18 +02:00
5ace779d0c
fix and add specs
2022-08-31 20:51:58 +02:00
bdebcf319e
Allow access to user statistics for teachers
...
Fixes CODEOCEAN-BV
2022-08-25 18:14:10 +02:00
35dd745a29
Use final submission for exercise feedback
...
* Also, check for required permission
2022-08-24 23:56:34 +02:00
7da08d2990
Fix typo for working_time_query
2022-08-24 23:29:49 +02:00
c8c3a5bf95
Fix external user statistics for tags
2022-08-24 12:16:38 +02:00
50b81df742
proforma upgrade and small fixes
2022-08-23 21:12:03 +02:00
e0c2c7b806
Hide score button if exercise has no tests
...
We check for all teacher-defined assessments (linter and unit tests) to determine whether scoring should be possible
2022-08-22 17:51:57 +02:00
3effdbe600
merge master
2022-08-20 22:20:52 +02:00
