065f93f79c
Return empty programming language if no ACE mode is set
2022-10-06 00:25:22 +02:00
9e1f2da02e
Fallback to default height if editor offset cannot be determined
...
Fixes CODEOCEAN-B6, Fixes CODEOCEAN-E1, Fixes CODEOCEAN-BZ
2022-10-06 00:24:23 +02:00
df384ebf0d
Disallow protected upload paths for non-native files
...
Fixes CODEOCEAN-E0
2022-10-06 00:11:27 +02:00
61e3cfcac5
Handle deleted files in CodeOcean::FilesController
...
Fixes CODEOCEAN-E2
2022-10-06 00:10:52 +02:00
97ee38082c
Handle deleted exercise in FilePolicy
...
Fixes CODEOCEAN-DZ
2022-10-06 00:10:25 +02:00
f7515362a1
Set Content-Type to fixed value for all download actions
2022-10-05 21:46:17 +02:00
42688ed1c9
Prefer authentication token for session if present
2022-10-05 21:34:19 +02:00
4f5f71840a
Change order of tests to execute linter checks first
2022-10-05 19:38:38 +02:00
2d95a737f6
Assume failed code execution if no status was received
2022-10-04 16:08:10 +02:00
42a7bf9983
Remove outdated enums for testrun_message
...
These enums are not present in the database.
2022-10-04 16:07:00 +02:00
b8b7cd99bd
SubmissionsController: Allow JS to be "rendered"
...
We skip verifying the authenticity token for the action, to prevent raising a `ActionController::InvalidCrossOriginRequest` exception.
2022-10-04 16:06:59 +02:00
ca13ea03c8
SubmissionsController: Send Content-Length if possible
2022-10-04 16:06:59 +02:00
c3daa51c8c
SubmissionsController: Remove outdated ActionController::Live mixin
...
The mixin was previously used for Server-Sent-Events, which were removed from CodeOcean a long time ago.
After the mixin is removed, we can also fix the cookie send mechanism (this was erroneous with the mixin).
2022-10-04 16:06:58 +02:00
f53c6cb3ee
Shell: Add toggle to execute command as root
2022-10-04 16:06:58 +02:00
f22e3b56f1
AuthenticatedUrlHelper: Rescue URI::InvalidURIError
...
This error should usually nto happen, but we catch it just to be safe.
2022-10-04 16:06:28 +02:00
53db7e80d0
AuthenticatedUrlHelper: Fix extraction of parameters
...
* Previously, all parameters were removed
2022-10-04 16:06:28 +02:00
3263d4f838
Respect subpath for (render_)protected_upload_path
2022-09-28 11:06:15 +02:00
0b374491ac
Link to protected_upload_path in file render
2022-09-28 11:06:15 +02:00
4b00eb1e8c
Allow internal users to switch their current study group
2022-09-26 16:30:54 +02:00
f73917313d
Add reminder about path validation for protected download and render
2022-09-25 01:12:48 +02:00
eb188dcd71
Add privilegedExecution flag to database and Poseidon Strategy
2022-09-24 22:32:41 +02:00
b4ab807ef0
Open Render in new Tab with timeout (to resolve issue with Safari)
2022-09-23 21:35:23 +02:00
150df3d219
Open linked resources in a new browsing context
2022-09-23 21:35:22 +02:00
16c00ec136
Add support for signed URLs used by the render_file function
2022-09-23 21:35:22 +02:00
5881795d5f
Memorize config options instead of reading them from file over and over again
2022-09-23 21:35:22 +02:00
0e7c38657f
Allow teachers to access internal users and manage them in their study groups
2022-09-22 19:24:26 +02:00
ac3dc8d30f
Allow platform admins and internal users to switch their current study group
2022-09-22 19:24:26 +02:00
2e3480a068
Display study_groups in the show view of internal and external users
2022-09-22 19:24:26 +02:00
4d2fe22daf
Allow assignment of study groups for internal users
2022-09-22 19:24:26 +02:00
998a12e6bc
Adjust filter for platform_admin user search and update views
2022-09-22 19:24:26 +02:00
02c65af034
Update scope query for new teacher definition
2022-09-22 19:24:26 +02:00
964048927a
Updated teacher_in_study_group? method to check for common teacher role
2022-09-22 19:24:26 +02:00
936c11e31f
Refactor authentication token for new study-group-based authorization
2022-09-22 19:24:26 +02:00
cb1b163b30
Always create a default study group for new consumers
2022-09-22 19:24:26 +02:00
9c9f45ff77
Redefine user roles with their role in a study group
2022-09-22 19:24:26 +02:00
04ed45ea73
Migrate database and models for study-group-based authorization
2022-09-22 19:24:26 +02:00
fa6527b4ed
Refactor exercises_controller.rb to reduce code duplication
2022-09-22 19:24:26 +02:00
bf13cfc712
Delete outdated search_policy.rb
2022-09-22 19:24:26 +02:00
664110f8f1
Show all study groups per consumer
2022-09-22 19:24:26 +02:00
3869785ddd
User: Allow removing the consumer filter
2022-09-22 19:24:26 +02:00
2f622174fa
Handle undefined this.websocket when stopping code
...
Fixes CODEOCEAN-CJ
2022-09-22 19:24:26 +02:00
bbb791471b
Remove AWS study
2022-09-21 18:57:12 +02:00
03cc71ccbc
Update ExecutionEnvironment statistics and sync message
2022-09-14 12:19:59 +02:00
d02a1eae81
Validate password strength for internal users
2022-09-14 12:19:25 +02:00
f1aa004284
Use controller method for 404 responses
2022-09-14 01:01:14 +02:00
80419db868
[CSP] Prevent use of unsafe-inline for links
...
* Also update all <a> tags in locals
2022-09-07 21:42:07 +02:00
9e08f3a6a8
Enable Subresource Integrity
2022-09-06 11:21:37 +02:00
b0130b8fae
Remove overwrite for X-Frame-Options
...
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
5b73f4df6f
Refactor render_file method
...
* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
2022-09-06 11:21:33 +02:00
b6d8c7175b
Disallow any external resources for :render_file
2022-09-06 11:20:57 +02:00
