Commit Graph

1991 Commits

Author SHA1 Message Date
b0130b8fae Remove overwrite for X-Frame-Options
* With current third-party-cookies being blocked by modern
browsers, CodeOcean won't work in an iFrame anyway.
2022-09-06 11:21:37 +02:00
5b73f4df6f Refactor render_file method
* We simplify the send_data call,
* ensure to set the correct header, and
* prevent our custom MIME type detection
2022-09-06 11:21:33 +02:00
b6d8c7175b Disallow any external resources for :render_file 2022-09-06 11:20:57 +02:00
a2bb2844b4 Add a Content Security Policy 2022-09-06 11:20:57 +02:00
0a16f589e9 Use X-Sendfile to transmit native files and handle file uploads 2022-09-06 01:21:40 +02:00
dccc60b7ca Remove renderWebsocketOutput and use printWebsocketOutput instead
* The `render` command is not used much
* Originally added with commit 898074be3f
* The `#render` anchor (see findOrCreateRenderElement) was the "Render" button above the editor, nothing was rendered at all if executing code and otherwise it would be included _within_ the button.
2022-09-04 23:12:46 +02:00
e5d8db2796 Return propper error for anonymous users in exercises_controller
* not_authorized_for_exercise was not checking for a current_user

Fixes CODEOCEAN-C4
2022-09-04 19:13:08 +02:00
1581d658ea Simplify user search for external teachers 2022-09-04 19:03:15 +02:00
fbe80ac557 Ensure min-height for left and right sidebar in editor 2022-09-04 11:48:53 +02:00
22cd202e9d Refactor reject_illegal_file_attributes check
* Improve readability of method
* Add a new check for the author of a submission
2022-09-04 11:42:36 +02:00
b67daedfc9 Remove dead code from ProxyExercise 2022-09-04 00:05:38 +02:00
49f4f0e6c5 Refactor exercise_controller and move more checks to policy
* We introduce a custom handler for Pundit::NotAuthorizedError
2022-09-04 00:05:13 +02:00
0de213b8c7 Pagedown: Use default sanitizer for preview 2022-09-03 22:50:30 +02:00
e00d1772ca Disallow markup for RfC emails 2022-09-02 18:14:14 +02:00
9050f02b7a Add additional test case for new CodeOcean::File#read method 2022-09-02 17:52:24 +02:00
b6837e9539 Refactor validity of token authentication 2022-09-02 16:56:19 +02:00
e77223e628 Refactor send_thank_you_note method and according specs 2022-09-02 16:56:19 +02:00
60dc8c3b7e Apply line-based coloring for output 2022-09-02 16:56:18 +02:00
ffd7a0351a Improve display of images for code output 2022-08-25 20:13:22 +02:00
4de77ca3f5 Improve get_quantiles method for exercise 2022-08-25 18:14:23 +02:00
bdebcf319e Allow access to user statistics for teachers
Fixes CODEOCEAN-BV
2022-08-25 18:14:10 +02:00
b3f9a1ec90 Allow line breaks in feedback texts 2022-08-25 00:31:32 +02:00
6dcccd324b Show feedback without rendering Markdown
* We do not instruct learners how to write Markdown, this might yield to an unexpected rendering
2022-08-25 00:23:08 +02:00
35dd745a29 Use final submission for exercise feedback
* Also, check for required permission
2022-08-24 23:56:34 +02:00
f4d350577a Fix exercise search for teachers 2022-08-24 23:39:42 +02:00
7da08d2990 Fix typo for working_time_query 2022-08-24 23:29:49 +02:00
309956e472 Remove NULL byte before saving strings 2022-08-24 13:06:53 +02:00
c8c3a5bf95 Fix external user statistics for tags 2022-08-24 12:16:38 +02:00
e0c2c7b806 Hide score button if exercise has no tests
We check for all teacher-defined assessments (linter and unit tests) to determine whether scoring should be possible
2022-08-22 17:51:57 +02:00
6208d8b7ea Fix study_group index page 2022-08-20 10:46:33 +02:00
32413058d6 Add consumer ID to ransack filter 2022-08-20 10:41:02 +02:00
166aa3cc6f Remove Ransack from Exercise edit for tags
* Also improve Ransack usage of attributes and associations
2022-08-20 01:33:00 +02:00
83feb67dd5 Update find method for study group in RfC index 2022-08-20 00:58:12 +02:00
c228850ae8 Update find method 2022-08-20 00:37:48 +02:00
6927b57170 Update Study Group Dashboard and Statistics 2022-08-20 00:05:02 +02:00
d762f976a8 Add new CodeOcean::File#read method
* With a new method, we can simplify our code to handle differences between file.content and file.native_file.read
2022-08-19 22:42:55 +02:00
a9aab612b6 Extract updating the user role from params 2022-08-18 21:44:26 +02:00
acc07ffa5d Disallow leading / in zip archives 2022-08-18 16:45:15 +02:00
3248bd74d1 Fix authorization for communitySolutionsIndex 2022-08-18 16:28:10 +02:00
145c4aa8d5 Refactor various ruby files
* Insights based on brakeman report
2022-08-18 15:25:04 +02:00
cb0f30768f Change HTTP links to HTTPS 2022-08-17 01:29:27 +02:00
01f6b0d16e Reduce skip_before_action usage 2022-08-17 00:54:20 +02:00
0e96bc79c4 Conditionally show file tree 2022-08-16 23:27:39 +02:00
73b3b8a159 Hide border for disabled (unstyled) button
btn-default is a non-bootstrap class
2022-08-16 18:28:57 +02:00
b9357bb9c7 Fix warning message for sync_to_runner_management 2022-08-16 18:18:24 +02:00
0b68f1309d Fix FontAwesome class after FA v6 upgrade 2022-08-15 23:25:24 +02:00
7d0c3aef4f Show current submission for exercise statistics 2022-08-15 23:24:15 +02:00
a56b61d4bc Migrate sorttable to NPM package 2022-08-13 00:38:53 +02:00
3ffff77fd1 Fix comment for bootstrap in application.js 2022-08-13 00:38:07 +02:00
6dd64b2a74 Remove outdated URL polyfill 2022-08-13 00:37:21 +02:00