From 2f5c6cafb2122a76522116877c1f4dc3dfacbba1 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Fri, 14 Jun 2024 13:19:23 +0200 Subject: [PATCH 01/19] create column to store series id --- app/models/submission.rb | 2 ++ db/schema.rb | 13 ++++++++++++- test/factories/submissions.rb | 1 + test/models/submission_test.rb | 1 + 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/app/models/submission.rb b/app/models/submission.rb index f41c91f50a..74cf4a1c19 100644 --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -14,6 +14,7 @@ # fs_key :string(24) # number :integer # annotated :boolean default(FALSE), not null +# series_id :integer # class Submission < ApplicationRecord @@ -32,6 +33,7 @@ class Submission < ApplicationRecord belongs_to :exercise, optional: false belongs_to :user, optional: false belongs_to :course, optional: true + belongs_to :series, optional: true has_one :judge, through: :exercise has_one :notification, as: :notifiable, dependent: :destroy has_many :annotations, dependent: :destroy diff --git a/db/schema.rb b/db/schema.rb index 56ec0e3916..75348c3314 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2024_03_07_124219) do +ActiveRecord::Schema[7.1].define(version: 2024_06_14_111643) do create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false @@ -487,6 +487,15 @@ t.index ["series_id"], name: "index_series_memberships_on_series_id" end + create_table "series_users", charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| + t.integer "user_id" + t.integer "series_id" + t.datetime "created_at", null: false + t.datetime "updated_at", null: false + t.index ["series_id"], name: "index_series_users_on_series_id" + t.index ["user_id", "series_id"], name: "index_series_users_on_user_id_and_series_id", unique: true + end + create_table "submissions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t| t.integer "exercise_id" t.integer "user_id" @@ -499,6 +508,7 @@ t.string "fs_key", limit: 24 t.integer "number" t.boolean "annotated", default: false, null: false + t.integer "series_id" t.index ["accepted"], name: "index_submissions_on_accepted" t.index ["course_id"], name: "index_submissions_on_course_id" t.index ["exercise_id", "status", "course_id"], name: "ex_st_co_idx" @@ -506,6 +516,7 @@ t.index ["exercise_id", "user_id", "status", "created_at"], name: "ex_us_st_cr_index" t.index ["exercise_id"], name: "index_submissions_on_exercise_id" t.index ["fs_key"], name: "index_submissions_on_fs_key", unique: true + t.index ["series_id"], name: "index_submissions_on_series_id" t.index ["status"], name: "index_submissions_on_status" t.index ["user_id"], name: "index_submissions_on_user_id" end diff --git a/test/factories/submissions.rb b/test/factories/submissions.rb index f3a9dc1b71..3fc8ff92f1 100644 --- a/test/factories/submissions.rb +++ b/test/factories/submissions.rb @@ -14,6 +14,7 @@ # fs_key :string(24) # number :integer # annotated :boolean default(FALSE), not null +# series_id :integer # FactoryBot.define do diff --git a/test/models/submission_test.rb b/test/models/submission_test.rb index bfa9008e8d..266f26c409 100644 --- a/test/models/submission_test.rb +++ b/test/models/submission_test.rb @@ -14,6 +14,7 @@ # fs_key :string(24) # number :integer # annotated :boolean default(FALSE), not null +# series_id :integer # require 'test_helper' From e3c6aa7c5dd9aad4176741152550ed755485fb0e Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Fri, 14 Jun 2024 13:19:35 +0200 Subject: [PATCH 02/19] create column to store series id --- db/migrate/20240614111643_add_series_id_to_submissions.rb | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 db/migrate/20240614111643_add_series_id_to_submissions.rb diff --git a/db/migrate/20240614111643_add_series_id_to_submissions.rb b/db/migrate/20240614111643_add_series_id_to_submissions.rb new file mode 100644 index 0000000000..f3efb7fc66 --- /dev/null +++ b/db/migrate/20240614111643_add_series_id_to_submissions.rb @@ -0,0 +1,6 @@ +class AddSeriesIdToSubmissions < ActiveRecord::Migration[7.1] + def change + add_column :submissions, :series_id, :integer + add_index :submissions, :series_id + end +end From 3279246860092fdaa391e7347c9cc64ea7d3abf3 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Fri, 14 Jun 2024 14:38:16 +0200 Subject: [PATCH 03/19] Log submission id upon submitting --- app/controllers/submissions_controller.rb | 5 +++++ app/policies/submission_policy.rb | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 1ee113dfbe..9a76f9df37 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -108,8 +108,13 @@ def create para[:user_id] = current_user.id para[:code].gsub!(/\r\n?/, "\n") para[:evaluate] = true # immediately evaluate after create + # check if user is member of course course = Course.find(para[:course_id]) if para[:course_id].present? para.delete(:course_id) if para[:course_id].present? && course.subscribed_members.exclude?(current_user) + # check if series is part of course + series = Series.find(para[:series_id]) if para[:series_id].present? && para[:course_id].present? + para.delete(:series_id) if para[:series_id].present? && course.series.exclude?(series) + submission = Submission.new(para) can_submit = true if submission.exercise.present? diff --git a/app/policies/submission_policy.rb b/app/policies/submission_policy.rb index 65e5e39d06..444cac8d21 100644 --- a/app/policies/submission_policy.rb +++ b/app/policies/submission_policy.rb @@ -44,7 +44,7 @@ def media? end def permitted_attributes - %i[code exercise_id course_id] + %i[code exercise_id course_id series_id] end private From b4083d01a1bc4cbb7567f705e3f04372f8e028fa Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Fri, 14 Jun 2024 15:00:10 +0200 Subject: [PATCH 04/19] actually save series id --- app/assets/javascripts/exercise.ts | 3 ++- app/views/activities/show.html.erb | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/app/assets/javascripts/exercise.ts b/app/assets/javascripts/exercise.ts index 0c750c9907..cf68207499 100644 --- a/app/assets/javascripts/exercise.ts +++ b/app/assets/javascripts/exercise.ts @@ -139,7 +139,7 @@ function initExerciseDescription(): void { initCodeFragments(); } -async function initExerciseShow(exerciseId: number, programmingLanguage: string, loggedIn: boolean, editorShown: boolean, courseId: number, _deadline: string, baseSubmissionsUrl: string, boilerplate: string): Promise { +async function initExerciseShow(exerciseId: number, programmingLanguage: string, loggedIn: boolean, editorShown: boolean, courseId: number, _deadline: string, baseSubmissionsUrl: string, boilerplate: string, seriesId: number): Promise { let editor: EditorView; let lastSubmission: string; let lastTimeout: number; @@ -228,6 +228,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, code: code, exercise_id: exerciseId, course_id: courseId, + series_id: seriesId, }, }), "headers": { diff --git a/app/views/activities/show.html.erb b/app/views/activities/show.html.erb index 27faf4d7ba..ebbf643c69 100644 --- a/app/views/activities/show.html.erb +++ b/app/views/activities/show.html.erb @@ -218,6 +218,7 @@ end %> <%= raw "\"#{@series&.deadline&.httpdate}\"" || "null" %>, "<%= submissions_url %>", `<%= escape_javascript (@activity.exercise? && @activity.boilerplate)|| "" %>`, + <%= @series&.id || "null" %>, ); }); From 117f73c532affefedce65179ce8f09296f17f2cf Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Fri, 14 Jun 2024 15:51:46 +0200 Subject: [PATCH 05/19] Actually use submission series --- app/controllers/submissions_controller.rb | 5 ++++- app/models/submission.rb | 11 ----------- 2 files changed, 4 insertions(+), 12 deletions(-) diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 9a76f9df37..3e65927fb3 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -95,8 +95,11 @@ def edit format.html do if @submission.course.nil? redirect_to activity_url(@submission.exercise, anchor: 'submission-card', edit_submission: @submission) - else + elsif @submission.series.nil? + Rails.logger.debug 'Redirecting to course_activity_url===========================================================' redirect_to course_activity_url(@submission.course, @submission.exercise, anchor: 'submission-card', edit_submission: @submission) + else + redirect_to course_series_activity_url(@submission.course, @submission.series, @submission.exercise, anchor: 'submission-card', edit_submission: @submission) end end end diff --git a/app/models/submission.rb b/app/models/submission.rb index 74cf4a1c19..a1e8120aed 100644 --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -147,17 +147,6 @@ def result=(result) File.binwrite(File.join(fs_path, RESULT_FILENAME), ActiveSupport::Gzip.compress(result.force_encoding('UTF-8'))) end - def series - return nil if course.nil? - - series = course.series - # we want to avoid accidentally linking a hidden series to a student - series = series.visible - # There could actually be multiple series with the same exercise and the same course - # But for now we just return the first one, as there is only one in most cases - series.joins(:series_memberships).find_by(series_memberships: { activity: exercise }) - end - def clean_messages(messages, levels) messages.select { |m| !m.is_a?(Hash) || !m.key?(:permission) || levels.include?(m[:permission]) } end From 01d65995fd1fa5ef84853dd3dd2cf4e0f959e51d Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 17 Jun 2024 11:26:15 +0200 Subject: [PATCH 06/19] Specifically test series accessibility --- app/controllers/activities_controller.rb | 8 +- app/controllers/submissions_controller.rb | 2 +- app/models/activity.rb | 11 ++- app/models/activity_read_state.rb | 2 +- app/models/series.rb | 20 +++++ .../activities/_activities_table.html.erb | 2 +- .../_series_activities_table.html.erb | 2 +- app/views/pages/_user_card.html.erb | 2 +- test/models/activity_read_state_test.rb | 2 +- test/models/exercise_test.rb | 81 +++++++++++++------ 10 files changed, 95 insertions(+), 37 deletions(-) diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb index c55b68f742..45c2b8564e 100644 --- a/app/controllers/activities_controller.rb +++ b/app/controllers/activities_controller.rb @@ -7,7 +7,7 @@ class ActivitiesController < ApplicationController before_action :set_activity, only: %i[show description edit update media info] before_action :set_course, only: %i[show edit update media info] - before_action :set_series, only: %i[show edit update info] + before_action :set_series, only: %i[show edit update media info] before_action :ensure_trailing_slash, only: :show before_action :set_lti_message, only: %i[show] before_action :set_lti_provider, only: %i[show] @@ -110,10 +110,10 @@ def show # Double check if activity still exists within this course (And throw a 404 when it does not) @course&.activities&.find(@activity.id) if current_user&.course_admin?(@course) + # We still need to check access because an unauthenticated user should be able to see public activities - raise Pundit::NotAuthorizedError, 'Not allowed' unless @activity.accessible?(current_user, @course) + raise Pundit::NotAuthorizedError, 'Not allowed' unless @activity.accessible?(current_user, course: @course, series: @series) - @series = Series.find_by(id: params[:series_id]) # Double check if activity still exists within this series, redirect to course activity if it does not redirect_to helpers.activity_scoped_path(activity: @activity, course: @course) if @series&.activities&.exclude?(@activity) @@ -199,7 +199,7 @@ def update def media if params.key?(:token) raise Pundit::NotAuthorizedError, 'Not allowed' unless @activity.access_token == params[:token] - elsif !@activity.accessible?(current_user, @course) + elsif !@activity.accessible?(current_user, course: @course, series: @series) raise Pundit::NotAuthorizedError, 'Not allowed' end diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 3e65927fb3..2eea16c217 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -122,7 +122,7 @@ def create can_submit = true if submission.exercise.present? can_submit &&= Pundit.policy!(current_user, submission.exercise).submit? - can_submit &&= submission.exercise.accessible?(current_user, course) + can_submit &&= submission.exercise.accessible?(current_user, course: course, series: series) end if can_submit && submission.save render json: { status: 'ok', id: submission.id, exercise_id: submission.exercise_id, course_id: submission.course_id, url: submission_url(submission, format: :json) } diff --git a/app/models/activity.rb b/app/models/activity.rb index 53f51ba712..e1b1c10021 100644 --- a/app/models/activity.rb +++ b/app/models/activity.rb @@ -313,8 +313,12 @@ def usable_by?(course) access_public? || course.usable_repositories.pluck(:id).include?(repository.id) end - def accessible?(user, course) - if course.present? + def accessible?(user, course: nil, series: nil) + if series.present? + course = series.course + return false unless series.accessible_to?(user) && series.activities.pluck(:id).include?(id) + elsif course.present? + # no series specified, so check if the activity is accessible in any series if user&.course_admin? course return false unless course.activities.pluck(:id).include? id elsif user&.member_of? course @@ -322,6 +326,9 @@ def accessible?(user, course) else return false unless course.visible_activities.pluck(:id).include? id end + end + + if course.present? return true if user&.zeus? return false unless access_public? || repository.allowed_courses.pluck(:id).include?(course&.id) diff --git a/app/models/activity_read_state.rb b/app/models/activity_read_state.rb index caa2ae8279..fe1016e5a4 100644 --- a/app/models/activity_read_state.rb +++ b/app/models/activity_read_state.rb @@ -65,6 +65,6 @@ def invalidate_caches end def activity_accessible_for_user? - errors.add(:activity, 'not accessible') unless activity.accessible?(user, course) + errors.add(:activity, 'not accessible') unless activity.accessible?(user, course: course) end end diff --git a/app/models/series.rb b/app/models/series.rb index 8f13885d7d..653cf6509f 100644 --- a/app/models/series.rb +++ b/app/models/series.rb @@ -206,4 +206,24 @@ def invalidate_caches(user) invalidate_started?(user: user) invalidate_wrong?(user: user) end + + def visible_to?(user) + return true if user&.course_admin? course + + return true if open? + + return false if hidden? + + return false if closed? + + return false if timed? && visibility_start > Time.zone.now + + true + end + + def accessible_to?(user) + return true if visible_to?(user) + + user&.member_of?(course) && hidden? + end end diff --git a/app/views/activities/_activities_table.html.erb b/app/views/activities/_activities_table.html.erb index e171667bf2..11f59272f3 100644 --- a/app/views/activities/_activities_table.html.erb +++ b/app/views/activities/_activities_table.html.erb @@ -39,7 +39,7 @@ <% if user_signed_in? %> <%= render partial: 'activities/user_status_icon', locals: {activity: activity, series: local_assigns[:series], user: user} %> <% end %> - <% if activity.accessible?(current_user, @course) %> + <% if activity.accessible?(current_user, course: @course, series: local_assigns[:series]) %> <%= link_to activity.name, get_activity_path.call(activity) %> <% elsif activity.access_public? %> <%= link_to activity.name, activity_path(activity) %> diff --git a/app/views/activities/_series_activities_table.html.erb b/app/views/activities/_series_activities_table.html.erb index e3fdefba89..3a0e98afba 100644 --- a/app/views/activities/_series_activities_table.html.erb +++ b/app/views/activities/_series_activities_table.html.erb @@ -51,7 +51,7 @@ <%= "#{index + 1}." if local_assigns[:series]&.activity_numbers_enabled? %> - <% if activity.accessible?(current_user, @course) %> + <% if activity.accessible?(current_user, course: @course, series: local_assigns[:series]) %> <%= link_to activity.name, get_activity_path.call(activity), class: ('blur' if (local_assigns[:series].hidden? || local_assigns[:series].closed?) && Current.demo_mode) %> <% else %> <%= activity.name %> diff --git a/app/views/pages/_user_card.html.erb b/app/views/pages/_user_card.html.erb index 361b65d424..6fa5e88641 100644 --- a/app/views/pages/_user_card.html.erb +++ b/app/views/pages/_user_card.html.erb @@ -71,7 +71,7 @@ <% end %> <% end %> <%= submission_status_icon(submission) %> - <% if exercise.accessible?(current_user, submission.course) %> + <% if exercise.accessible?(current_user, course: submission.course, series: submission.series) %> <%= link_to exercise.name, activity_scoped_path(course: submission.course, activity: exercise), class: "course-link #{'blur' if Current.demo_mode }", title: exercise.name %> <% else %> ><%= exercise.name %> diff --git a/test/models/activity_read_state_test.rb b/test/models/activity_read_state_test.rb index c81a8d69cc..ded8259842 100644 --- a/test/models/activity_read_state_test.rb +++ b/test/models/activity_read_state_test.rb @@ -55,7 +55,7 @@ class ActivityReadStateTest < ActiveSupport::TestCase series.update(visibility: :closed) - assert_not content_page.accessible?(user, series.course) + assert_not content_page.accessible?(user, course: series.course) assert_predicate read_state, :valid? assert read_state.update(updated_at: Time.current) end diff --git a/test/models/exercise_test.rb b/test/models/exercise_test.rb index c262d3be84..0ad668d269 100644 --- a/test/models/exercise_test.rb +++ b/test/models/exercise_test.rb @@ -60,106 +60,137 @@ class ExerciseTest < ActiveSupport::TestCase course = create :course, users: [@user] User.any_instance.stubs(:course_admin?).returns(true) - assert_not @exercise.accessible?(@user, course) + assert_not @exercise.accessible?(@user, course: course) end test 'accessible? should return false if user is not course admin of course and exercise is not in course' do course = create :course, users: [@user] - assert_not @exercise.accessible?(@user, course) + assert_not @exercise.accessible?(@user, course: course) end test 'accessible? should return false if user is not course admin of course and series is not visible course' do course = create :course, users: [@user] - create :series, course: course, visibility: 'closed', exercises: [@exercise] + series = create :series, course: course, visibility: 'closed', exercises: [@exercise] - assert_not @exercise.accessible?(@user, course) + assert_not @exercise.accessible?(@user, course: course) + assert_not @exercise.accessible?(@user, course: course, series: series) + assert_not @exercise.accessible?(@user, series: series) end test 'accessible? should return true if user is course admin of course, repository admin and exercise is in course' do course = create :course, users: [@user] User.any_instance.stubs(:course_admin?).returns(true) User.any_instance.stubs(:repository_admin?).returns(true) - create :series, course: course, exercises: [@exercise] + series = create :series, course: course, exercises: [@exercise] - assert @exercise.accessible?(@user, course) + assert @exercise.accessible?(@user, course: course) + assert @exercise.accessible?(@user, course: course, series: series) + assert @exercise.accessible?(@user, series: series) end test 'accessible? should return true if user is repository admin and series is visible' do User.any_instance.stubs(:repository_admin?).returns(true) - create :series, course: @course, exercises: [@exercise] + series = create :series, course: @course, exercises: [@exercise] - assert @exercise.accessible?(@user, @course) + assert @exercise.accessible?(@user, course: @course) + assert @exercise.accessible?(@user, course: @course, series: series) + assert @exercise.accessible?(@user, series: series) end test 'accessible? should return false if not allowed to use exercise' do exercise = create :exercise, access: 'private' - create :series, course: @course, exercises: [exercise] + series = create :series, course: @course, exercises: [exercise] - assert_not exercise.accessible?(@user, @course) + assert_not exercise.accessible?(@user, course: @course) + assert_not exercise.accessible?(@user, course: @course, series: series) + assert_not @exercise.accessible?(@user, series: series) end test 'accessible? should return true if repository allows access to course' do exercise = create :exercise, access: :private - create :series, course: @course, exercises: [exercise] + series = create :series, course: @course, exercises: [exercise] exercise.repository.allowed_courses << @course - assert exercise.accessible?(@user, @course) + assert exercise.accessible?(@user, course: @course) + assert exercise.accessible?(@user, course: @course, series: series) + assert exercise.accessible?(@user, series: series) end test 'accessible? should return false if user is not a member of the course' do course = create :course, registration: 'closed' - create :series, course: course, exercises: [@exercise] + series = create :series, course: course, exercises: [@exercise] - assert_not @exercise.accessible?(@user, course) + assert_not @exercise.accessible?(@user, course: course) + assert_not @exercise.accessible?(@user, course: course, series: series) + assert_not @exercise.accessible?(@user, series: series) end test 'accessible? should return true if user is a member of the course' do course = create :course, users: [@user] - create :series, course: course, exercises: [@exercise] + series = create :series, course: course, exercises: [@exercise] - assert @exercise.accessible?(@user, course) + assert @exercise.accessible?(@user, course: course) + assert @exercise.accessible?(@user, course: course, series: series) + assert @exercise.accessible?(@user, series: series) end test 'accessible? should return true if user repository admin of repository' do exercise = create :exercise, access: 'private' User.any_instance.stubs(:repository_admin?).returns(true) - assert exercise.accessible?(@user, nil) + assert exercise.accessible?(@user) end test 'accessible? should return true if exercise is public' do - assert @exercise.accessible?(@user, nil) + assert @exercise.accessible?(@user) end test 'accessible? should return false if exercise is private' do exercise = build :exercise, access: 'private' - assert_not exercise.accessible?(@user, nil) + assert_not exercise.accessible?(@user) end test 'exercise should be accessible if private and included in unmoderated open course' do exercise = create :exercise, access: 'private' course = create :course, moderated: false, registration: :open_for_all exercise.repository.allowed_courses << course - create :series, course: course, exercises: [exercise] + series = create :series, course: course, exercises: [exercise] - assert exercise.accessible?(@user, course) + assert exercise.accessible?(@user, course: course) + assert exercise.accessible?(@user, course: course, series: series) + assert exercise.accessible?(@user, series: series) end test 'exercise should not be accessible if private and included in a moderated but open course' do exercise = create :exercise, access: 'private' course = create :course, moderated: true, registration: :open_for_all exercise.repository.allowed_courses << course - create :series, course: course, exercises: [exercise] + series = create :series, course: course, exercises: [exercise] - assert_not exercise.accessible?(@user, course) + assert_not exercise.accessible?(@user, course: course) + assert_not exercise.accessible?(@user, course: course, series: series) + assert_not exercise.accessible?(@user, series: series) end test 'exercise should not be accessible if included via hidden series and user is not a member' do - create :series, course: @course, exercises: [@exercise], visibility: :hidden + series = create :series, course: @course, exercises: [@exercise], visibility: :hidden - assert_not @exercise.accessible?(@user, @course) + assert_not @exercise.accessible?(@user, course: @course) + assert_not @exercise.accessible?(@user, course: @course, series: series) + assert_not @exercise.accessible?(@user, series: series) + end + + test 'exercise should only be accessible in series if included in series' do + series = create :series, course: @course, exercises: [] + second_series = create :series, course: @course, exercises: [@exercise] + + assert @exercise.accessible?(@user, course: @course) + assert_not @exercise.accessible?(@user, course: @course, series: series) + assert_not @exercise.accessible?(@user, series: series) + assert @exercise.accessible?(@user, course: @course, series: second_series) + assert @exercise.accessible?(@user, series: second_series) end test 'convert_visibility_to_access should convert "visible" to "public"' do From 06139d6d59d19c6beded91a0e5ce9fc7e537477a Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 17 Jun 2024 14:00:59 +0200 Subject: [PATCH 07/19] Fix tests --- app/models/activity.rb | 2 + app/models/user.rb | 6 +- app/policies/series_policy.rb | 4 ++ .../controllers/activities_controller_test.rb | 2 +- test/models/submission_test.rb | 28 +-------- test/models/user_test.rb | 59 ++++++++++++++----- 6 files changed, 55 insertions(+), 46 deletions(-) diff --git a/app/models/activity.rb b/app/models/activity.rb index e1b1c10021..31c4bc382e 100644 --- a/app/models/activity.rb +++ b/app/models/activity.rb @@ -315,6 +315,8 @@ def usable_by?(course) def accessible?(user, course: nil, series: nil) if series.present? + return false if course.present? && course != series.course + course = series.course return false unless series.accessible_to?(user) && series.activities.pluck(:id).include?(id) elsif course.present? diff --git a/app/models/user.rb b/app/models/user.rb index bc3fc08e4f..208f6ee54a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -479,7 +479,7 @@ def jump_back_in # Don't give information about the exercise if the submission was within a course, but not within a visible series # This is to prevent students from seeing exercises that are not made public explicitly - if latest_submission.course.present? && (latest_submission.series.nil? || !latest_submission.series.open?) + if latest_submission.course.present? && !latest_submission.series&.visible_to?(self) # Don't show complete courses return [] if latest_submission.course.incomplete_series(self).blank? @@ -504,7 +504,7 @@ def jump_back_in } end - if latest_submission.series.present? && (latest_submission.series.open? || course_admin?(latest_submission.course)) + if latest_submission.series.present? && latest_submission.series.visible_to?(self) next_activity = latest_submission.series.next_activity(latest_submission.exercise) if next_activity.present? # start working on the next exercise, if that one was not accepted @@ -531,7 +531,7 @@ def jump_back_in end next_series = latest_submission.series.next - if next_series.present? && (next_series.open? || course_admin?(latest_submission.course)) && !next_series.completed?(user: self) + if next_series.present? && next_series.visible_to?(self) && !next_series.completed?(user: self) # start working on the next series result << { submission: nil, diff --git a/app/policies/series_policy.rb b/app/policies/series_policy.rb index 0aa8689c17..6068d0d6a9 100644 --- a/app/policies/series_policy.rb +++ b/app/policies/series_policy.rb @@ -135,6 +135,10 @@ def valid_token?(token) record.access_token == token end + def media? + show? + end + private def course_member? diff --git a/test/controllers/activities_controller_test.rb b/test/controllers/activities_controller_test.rb index da467bd029..490f8fe61a 100644 --- a/test/controllers/activities_controller_test.rb +++ b/test/controllers/activities_controller_test.rb @@ -838,7 +838,7 @@ def create_exercises_return_valid get course_series_activity_url(right_course, wrong_series, right_exercise) - assert_redirected_to course_activity_url(right_course, right_exercise) + assert_redirected_to root_url end test 'should not show activity if series not in course' do diff --git a/test/models/submission_test.rb b/test/models/submission_test.rb index 266f26c409..ca15907bb2 100644 --- a/test/models/submission_test.rb +++ b/test/models/submission_test.rb @@ -406,7 +406,7 @@ class SubmissionTest < ActiveSupport::TestCase series = course.series.second exercise = create :exercise series.exercises << exercise - submission = create :submission, exercise: exercise, course: course + submission = create :submission, exercise: exercise, course: course, series: series assert_equal series, submission.series end @@ -429,32 +429,6 @@ class SubmissionTest < ActiveSupport::TestCase assert_nil submission.series end - test 'if multiple series have the same exercise in the course, series should return any of them' do - course = create :course, series_count: 4 - exercise = create :exercise - course.series.first.exercises << exercise - course.series.second.exercises << exercise - submission = create :submission, exercise: exercise, course: course - - assert_includes [course.series.first, course.series.second], submission.series - end - - test 'if a series is hidden, it should not be returned as the series for this submission' do - course = create :course, series_count: 4 - exercise = create :exercise - course.series.first.exercises << exercise - course.series.second.exercises << exercise - submission = create :submission, exercise: exercise, course: course - - course.series.first.update!(visibility: :hidden) - - assert_equal course.series.second, submission.series - - course.series.second.update!(visibility: :hidden) - - assert_nil submission.series - end - test 'Annotations should be counted once an evaluation is released' do submission = create :submission, status: :correct, course: courses(:course1) diff --git a/test/models/user_test.rb b/test/models/user_test.rb index b940f77a77..6c047ae0b2 100644 --- a/test/models/user_test.rb +++ b/test/models/user_test.rb @@ -866,7 +866,7 @@ def setup series = course.series.first series.exercises << create(:exercise) series.exercises << create(:exercise) - submission = create :wrong_submission, user: user, course: course, exercise: course.series.first.exercises.first + submission = create :wrong_submission, user: user, course: course, exercise: course.series.first.exercises.first, series: course.series.first assert_equal submission, user.jump_back_in.first[:submission] assert_equal submission.exercise, user.jump_back_in.first[:activity] @@ -908,7 +908,7 @@ def setup series.exercises << a1 series.exercises << a2 course.series.second.exercises << create(:exercise) - create :correct_submission, user: user, course: course, exercise: a1 + create :correct_submission, user: user, course: course, exercise: a1, series: series assert_nil user.jump_back_in.first[:submission] assert_equal a2, user.jump_back_in.first[:activity] @@ -939,7 +939,7 @@ def setup series1.exercises << a1 series1.exercises << a2 series2.exercises << create(:exercise) - create :correct_submission, user: user, course: course, exercise: a2 + create :correct_submission, user: user, course: course, exercise: a2, series: series1 assert_nil user.jump_back_in.first[:submission] assert_nil user.jump_back_in.first[:activity] @@ -1002,38 +1002,67 @@ def setup course = create :course, series_count: 2, exercises_per_series: 1 series = course.series.first - create :correct_submission, user: user, course: course, exercise: series.exercises.first + create :wrong_submission, user: user, course: course, exercise: series.exercises.first, series: series + + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] + assert_equal 3, user.jump_back_in.count course.series.second.update(visibility: :hidden) - assert_empty user.jump_back_in + assert_equal 2, user.jump_back_in.count + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_nil user.jump_back_in.second[:series] course.series.second.update(visibility: :closed) - assert_empty user.jump_back_in + assert_equal 2, user.jump_back_in.count + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_nil user.jump_back_in.second[:series] + + course.series.first.update(visibility: :hidden) + + # no vissible series in course + assert_equal 0, user.jump_back_in.count course.series.second.update(visibility: :open) - assert_equal course.series.second, user.jump_back_in.first[:series] + # the series of the submission is hidden. thus only refer the course + assert_equal 1, user.jump_back_in.count + assert_nil user.jump_back_in.first[:submission] + assert_nil user.jump_back_in.first[:activity] + assert_nil user.jump_back_in.first[:series] + assert_equal course, user.jump_back_in.first[:course] + course.series.first.update(visibility: :open) CourseMembership.create user: user, course: course, status: :course_admin # Refetch user to fix cached course_admin? method user = User.find(user.id) assert user.course_admin?(course) + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] course.series.second.update(visibility: :hidden) - assert_equal course.series.second, user.jump_back_in.first[:series] + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] course.series.second.update(visibility: :closed) - assert_equal course.series.second, user.jump_back_in.first[:series] + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] + + course.series.first.update(visibility: :hidden) + + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] course.series.second.update(visibility: :open) - assert_equal course.series.second, user.jump_back_in.first[:series] + assert_equal course.series.first, user.jump_back_in.first[:series] + assert_equal course.series.second, user.jump_back_in.second[:series] end test 'jump back in should only return activities the user has access to' do @@ -1042,7 +1071,7 @@ def setup course = create :course, series_count: 2, exercises_per_series: 1 series = course.series.first a1 = series.exercises.first - s = create :wrong_submission, user: user, course: course, exercise: a1 + s = create :wrong_submission, user: user, course: course, exercise: a1, series: series assert_equal 3, user.jump_back_in.count assert_equal s, user.jump_back_in.first[:submission] @@ -1074,13 +1103,13 @@ def setup series.update(visibility: :hidden) - assert_equal 1, user.jump_back_in.count - assert_nil user.jump_back_in.first[:activity] + assert_equal 3, user.jump_back_in.count + assert_equal a1, user.jump_back_in.first[:activity] series.update(visibility: :closed) - assert_equal 1, user.jump_back_in.count - assert_nil user.jump_back_in.first[:activity] + assert_equal 3, user.jump_back_in.count + assert_equal a1, user.jump_back_in.first[:activity] series.update(visibility: :open) From d8d29d42d13d9c995a013a970b50d745a521bb3f Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 17 Jun 2024 16:22:05 +0200 Subject: [PATCH 08/19] Also save seriesid for content pages --- .../activity_read_states_controller.rb | 4 ++++ app/models/activity_read_state.rb | 4 +++- app/policies/activity_read_state_policy.rb | 2 +- db/schema.rb | 4 +++- .../activity_read_states_controller_test.rb | 22 +++++++++++++++++++ test/models/activity_read_state_test.rb | 1 + 6 files changed, 34 insertions(+), 3 deletions(-) diff --git a/app/controllers/activity_read_states_controller.rb b/app/controllers/activity_read_states_controller.rb index 3bf67cb25d..89c5d15eac 100644 --- a/app/controllers/activity_read_states_controller.rb +++ b/app/controllers/activity_read_states_controller.rb @@ -45,8 +45,12 @@ def create authorize ActivityReadState args = permitted_attributes(ActivityReadState) args[:user_id] = current_user.id + # check if user is member of course course = Course.find(args[:course_id]) if args[:course_id].present? args.delete(:course_id) if args[:course_id].present? && course.subscribed_members.exclude?(current_user) + # check if series is part of course + series = Series.find(args[:series_id]) if args[:series_id].present? && args[:course_id].present? + args.delete(:series_id) if args[:series_id].present? && course.series.exclude?(series) read_state = ActivityReadState.new args can_read = Pundit.policy!(current_user, read_state.activity).read? if can_read && read_state.save diff --git a/app/models/activity_read_state.rb b/app/models/activity_read_state.rb index fe1016e5a4..fd8b2a10b7 100644 --- a/app/models/activity_read_state.rb +++ b/app/models/activity_read_state.rb @@ -8,10 +8,12 @@ # user_id :integer not null # created_at :datetime not null # updated_at :datetime not null +# series_id :integer # class ActivityReadState < ApplicationRecord belongs_to :activity belongs_to :course, optional: true + belongs_to :series, optional: true belongs_to :user validates :activity, uniqueness: { scope: %i[user course] } @@ -65,6 +67,6 @@ def invalidate_caches end def activity_accessible_for_user? - errors.add(:activity, 'not accessible') unless activity.accessible?(user, course: course) + errors.add(:activity, 'not accessible') unless activity.accessible?(user, course: course, series: series) end end diff --git a/app/policies/activity_read_state_policy.rb b/app/policies/activity_read_state_policy.rb index 9cf615c2b5..3f53d9ed29 100644 --- a/app/policies/activity_read_state_policy.rb +++ b/app/policies/activity_read_state_policy.rb @@ -20,6 +20,6 @@ def create? end def permitted_attributes - %i[activity_id course_id] + %i[activity_id course_id series_id] end end diff --git a/db/schema.rb b/db/schema.rb index 75348c3314..3ae6a13045 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -10,7 +10,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema[7.1].define(version: 2024_06_14_111643) do +ActiveRecord::Schema[7.1].define(version: 2024_06_17_141422) do create_table "active_storage_attachments", charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t| t.string "name", null: false t.string "record_type", null: false @@ -82,8 +82,10 @@ t.integer "user_id", null: false t.datetime "created_at", null: false t.datetime "updated_at", null: false + t.integer "series_id" t.index ["activity_id", "course_id", "user_id"], name: "activity_read_states_unique", unique: true t.index ["course_id"], name: "fk_rails_f674cacc14" + t.index ["series_id"], name: "index_activity_read_states_on_series_id" t.index ["user_id"], name: "fk_rails_96d00253e9" end diff --git a/test/controllers/activity_read_states_controller_test.rb b/test/controllers/activity_read_states_controller_test.rb index 21defab52f..f1ade1306d 100644 --- a/test/controllers/activity_read_states_controller_test.rb +++ b/test/controllers/activity_read_states_controller_test.rb @@ -122,6 +122,28 @@ def setup assert_predicate ActivityReadState.where(user: @user, activity: cp, course: course), :any? end + test 'should mark content_page as read within series' do + course = create :course, series_count: 1, content_pages_per_series: 1, subscribed_members: [@user] + series = course.series.first + cp = series.content_pages.first + post activity_activity_read_states_url(cp, format: :js), params: { activity_read_state: { activity_id: cp.id, course_id: course.id, series_id: series.id } } + + assert_response :success + + assert_predicate ActivityReadState.where(user: @user, activity: cp, course: course, series: series), :any? + end + + test 'Should not mark content_page as read in other series' do + course = create :course, series_count: 2, content_pages_per_series: 1, subscribed_members: [@user] + series = course.series.first + cp = course.series.second.content_pages.first + post activity_activity_read_states_url(cp, format: :js), params: { activity_read_state: { activity_id: cp.id, course_id: course.id, series_id: series.id } } + + assert_response :unprocessable_entity + + assert_not_predicate ActivityReadState.where(user: @user, activity: cp, course: course, series: series), :any? + end + test 'should mark content_page as read as json' do cp = create :content_page post activity_activity_read_states_url(cp, format: :json), params: { activity_read_state: { activity_id: cp.id } } diff --git a/test/models/activity_read_state_test.rb b/test/models/activity_read_state_test.rb index ded8259842..3470ad7399 100644 --- a/test/models/activity_read_state_test.rb +++ b/test/models/activity_read_state_test.rb @@ -8,6 +8,7 @@ # user_id :integer not null # created_at :datetime not null # updated_at :datetime not null +# series_id :integer # require 'test_helper' From 86bc22a152bc626a716754e2c1c6e589befaed7a Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 17 Jun 2024 17:04:46 +0200 Subject: [PATCH 09/19] Remove logging statement --- app/controllers/submissions_controller.rb | 1 - app/models/submission.rb | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/app/controllers/submissions_controller.rb b/app/controllers/submissions_controller.rb index 2eea16c217..327d8636fe 100644 --- a/app/controllers/submissions_controller.rb +++ b/app/controllers/submissions_controller.rb @@ -96,7 +96,6 @@ def edit if @submission.course.nil? redirect_to activity_url(@submission.exercise, anchor: 'submission-card', edit_submission: @submission) elsif @submission.series.nil? - Rails.logger.debug 'Redirecting to course_activity_url===========================================================' redirect_to course_activity_url(@submission.course, @submission.exercise, anchor: 'submission-card', edit_submission: @submission) else redirect_to course_series_activity_url(@submission.course, @submission.series, @submission.exercise, anchor: 'submission-card', edit_submission: @submission) diff --git a/app/models/submission.rb b/app/models/submission.rb index a1e8120aed..3e77227bd1 100644 --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -59,6 +59,7 @@ class Submission < ApplicationRecord scope :before_deadline, ->(deadline) { where(submissions: { created_at: ...deadline }) } scope :in_time_range, ->(start_date, end_date) { where(created_at: start_date.to_datetime..end_date.to_datetime) } scope :in_course, ->(course) { where course_id: course&.id } + scope :in_series, ->(series) { where series_id: series&.id } scope :in_series, ->(series) { where(course_id: series.course.id).where(exercise: series.exercises) } scope :of_judge, ->(judge) { where(exercise_id: Exercise.where(judge_id: judge.id)) } scope :from_students, ->(course) { where(user: course.enrolled_members) } From ee81465bd9c0ab4edcf2990a10cd982f0eed527b Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 17 Jun 2024 17:08:50 +0200 Subject: [PATCH 10/19] Add migration --- .../20240617141422_add_series_id_to_activity_read_state.rb | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 db/migrate/20240617141422_add_series_id_to_activity_read_state.rb diff --git a/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb b/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb new file mode 100644 index 0000000000..cf5ab77712 --- /dev/null +++ b/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb @@ -0,0 +1,6 @@ +class AddSeriesIdToActivityReadState < ActiveRecord::Migration[7.1] + def change + add_column :activity_read_states, :series_id, :integer + add_index :activity_read_states, :series_id + end +end From e3076ee2979c0fdf01f6462525a8fb29f21f85b4 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Wed, 26 Jun 2024 10:23:04 +0200 Subject: [PATCH 11/19] Remove indexes --- .../20240614111643_add_series_id_to_submissions.rb | 1 - ...0617141422_add_series_id_to_activity_read_state.rb | 1 - db/schema.rb | 11 ----------- 3 files changed, 13 deletions(-) diff --git a/db/migrate/20240614111643_add_series_id_to_submissions.rb b/db/migrate/20240614111643_add_series_id_to_submissions.rb index f3efb7fc66..455058b08d 100644 --- a/db/migrate/20240614111643_add_series_id_to_submissions.rb +++ b/db/migrate/20240614111643_add_series_id_to_submissions.rb @@ -1,6 +1,5 @@ class AddSeriesIdToSubmissions < ActiveRecord::Migration[7.1] def change add_column :submissions, :series_id, :integer - add_index :submissions, :series_id end end diff --git a/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb b/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb index cf5ab77712..debd34b200 100644 --- a/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb +++ b/db/migrate/20240617141422_add_series_id_to_activity_read_state.rb @@ -1,6 +1,5 @@ class AddSeriesIdToActivityReadState < ActiveRecord::Migration[7.1] def change add_column :activity_read_states, :series_id, :integer - add_index :activity_read_states, :series_id end end diff --git a/db/schema.rb b/db/schema.rb index 3ae6a13045..fb4d3b5f6f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -85,7 +85,6 @@ t.integer "series_id" t.index ["activity_id", "course_id", "user_id"], name: "activity_read_states_unique", unique: true t.index ["course_id"], name: "fk_rails_f674cacc14" - t.index ["series_id"], name: "index_activity_read_states_on_series_id" t.index ["user_id"], name: "fk_rails_96d00253e9" end @@ -489,15 +488,6 @@ t.index ["series_id"], name: "index_series_memberships_on_series_id" end - create_table "series_users", charset: "utf8mb4", collation: "utf8mb4_general_ci", force: :cascade do |t| - t.integer "user_id" - t.integer "series_id" - t.datetime "created_at", null: false - t.datetime "updated_at", null: false - t.index ["series_id"], name: "index_series_users_on_series_id" - t.index ["user_id", "series_id"], name: "index_series_users_on_user_id_and_series_id", unique: true - end - create_table "submissions", id: :integer, charset: "utf8mb4", collation: "utf8mb4_unicode_ci", force: :cascade do |t| t.integer "exercise_id" t.integer "user_id" @@ -518,7 +508,6 @@ t.index ["exercise_id", "user_id", "status", "created_at"], name: "ex_us_st_cr_index" t.index ["exercise_id"], name: "index_submissions_on_exercise_id" t.index ["fs_key"], name: "index_submissions_on_fs_key", unique: true - t.index ["series_id"], name: "index_submissions_on_series_id" t.index ["status"], name: "index_submissions_on_status" t.index ["user_id"], name: "index_submissions_on_user_id" end From 9c7369d42ada92ebeaf6b16687ee3c2970345b7e Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Wed, 26 Jun 2024 10:29:35 +0200 Subject: [PATCH 12/19] Remove new in series scope --- app/models/submission.rb | 1 - 1 file changed, 1 deletion(-) diff --git a/app/models/submission.rb b/app/models/submission.rb index 3e77227bd1..a1e8120aed 100644 --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -59,7 +59,6 @@ class Submission < ApplicationRecord scope :before_deadline, ->(deadline) { where(submissions: { created_at: ...deadline }) } scope :in_time_range, ->(start_date, end_date) { where(created_at: start_date.to_datetime..end_date.to_datetime) } scope :in_course, ->(course) { where course_id: course&.id } - scope :in_series, ->(series) { where series_id: series&.id } scope :in_series, ->(series) { where(course_id: series.course.id).where(exercise: series.exercises) } scope :of_judge, ->(judge) { where(exercise_id: Exercise.where(judge_id: judge.id)) } scope :from_students, ->(course) { where(user: course.enrolled_members) } From 47ccd62a0add56090a6e1ecff2b8b9ccf0c2cb6d Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Wed, 26 Jun 2024 10:35:19 +0200 Subject: [PATCH 13/19] Put early validations together --- app/models/activity.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/activity.rb b/app/models/activity.rb index 31c4bc382e..dd9736d917 100644 --- a/app/models/activity.rb +++ b/app/models/activity.rb @@ -316,9 +316,9 @@ def usable_by?(course) def accessible?(user, course: nil, series: nil) if series.present? return false if course.present? && course != series.course + return false unless series.accessible_to?(user) && series.activities.pluck(:id).include?(id) course = series.course - return false unless series.accessible_to?(user) && series.activities.pluck(:id).include?(id) elsif course.present? # no series specified, so check if the activity is accessible in any series if user&.course_admin? course From 86d5214c6c3bc221c1bd5d9484f43fffe0b45e44 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Wed, 26 Jun 2024 10:50:41 +0200 Subject: [PATCH 14/19] Add comments --- app/models/activity.rb | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/app/models/activity.rb b/app/models/activity.rb index dd9736d917..7c9ed803ed 100644 --- a/app/models/activity.rb +++ b/app/models/activity.rb @@ -314,10 +314,13 @@ def usable_by?(course) end def accessible?(user, course: nil, series: nil) + # first validate the course/series accessibility for the user + # and make sure the activity is present in the course/series if series.present? return false if course.present? && course != series.course return false unless series.accessible_to?(user) && series.activities.pluck(:id).include?(id) + # if course was not present, set to series.course course = series.course elsif course.present? # no series specified, so check if the activity is accessible in any series @@ -330,20 +333,31 @@ def accessible?(user, course: nil, series: nil) end end + # we are now sure that the activity is present within the course or series + # and the user has access to the course and series + + # now validate the activity specific access if course.present? return true if user&.zeus? + # repositories must give courses access to private activities return false unless access_public? || repository.allowed_courses.pluck(:id).include?(course&.id) + # course admins can access all other activities return true if user&.course_admin? course + # only course admins can access private activities return false if draft? + # course members can access al other activities return true if user&.member_of?(course) + # non-members can only access public activities of moderated courses return false if course.moderated && access_private? + # non-members can access all activities of courses to which they can freely subscribe course.open_for_user?(user) else return true if user&.repository_admin? repository return false if draft? + # non draft public activities are always accessible access_public? end end From 74ef724abac93f38fa39681843ebca32022e65c5 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Mon, 1 Jul 2024 13:55:55 +0200 Subject: [PATCH 15/19] Use object to pass arguments --- app/assets/javascripts/exercise.ts | 40 +++++++++++++++++++----------- app/views/activities/show.html.erb | 27 ++++++++++++-------- 2 files changed, 41 insertions(+), 26 deletions(-) diff --git a/app/assets/javascripts/exercise.ts b/app/assets/javascripts/exercise.ts index cf68207499..a5ff82c5ca 100644 --- a/app/assets/javascripts/exercise.ts +++ b/app/assets/javascripts/exercise.ts @@ -139,26 +139,36 @@ function initExerciseDescription(): void { initCodeFragments(); } -async function initExerciseShow(exerciseId: number, programmingLanguage: string, loggedIn: boolean, editorShown: boolean, courseId: number, _deadline: string, baseSubmissionsUrl: string, boilerplate: string, seriesId: number): Promise { +async function initExerciseShow(options: { + exerciseId: number, + programmingLanguage: string, + loggedIn: boolean, + editorShown: boolean, + courseId: number, + deadline: string, + baseSubmissionsUrl: string, + boilerplate: string, + seriesId: number +}): Promise { let editor: EditorView; let lastSubmission: string; let lastTimeout: number; async function init(): Promise { - if (editorShown) { + if (options.editorShown) { const editorReady = initEditor(); initDeadlineTimeout(); enableSubmissionTableLinks(); - if (loggedIn) { + if (options.loggedIn) { swapActionButtons(); } await editorReady; - initRestoreBoilerplateButton(boilerplate); + initRestoreBoilerplateButton(options.boilerplate); } // submit source code if button is clicked on editor panel document.getElementById("editor-process-btn")?.addEventListener("click", () => { - if (!loggedIn) return; + if (!options.loggedIn) return; // test submitted source code const source = editor.state.doc.toString(); disableSubmitButton(); @@ -193,7 +203,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, } async function initEditor(): Promise { - editor = await configureEditor(document.getElementById("editor-text"), programmingLanguage, enableSubmitButton); + editor = await configureEditor(document.getElementById("editor-text"), options.programmingLanguage, enableSubmitButton); editor.focus(); // Make editor available globally window.dodona.editor = editor; @@ -226,9 +236,9 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, "body": JSON.stringify({ submission: { code: code, - exercise_id: exerciseId, - course_id: courseId, - series_id: seriesId, + exercise_id: options.exerciseId, + course_id: options.courseId, + series_id: options.seriesId, }, }), "headers": { @@ -276,7 +286,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, return; } event.preventDefault(); - loadFeedback(baseSubmissionsUrl + element.dataset.submission_id, element.dataset.submission_id); + loadFeedback(options.baseSubmissionsUrl + element.dataset.submission_id, element.dataset.submission_id); }); }); } @@ -308,7 +318,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, (submissionRow.querySelector(".load-submission") as HTMLButtonElement).click(); } else if (document.getElementById("activity-feedback-link").classList.contains("active") && document.getElementById("activity-feedback-link").dataset.submission_id === lastSubmission) { - loadFeedback(baseSubmissionsUrl + lastSubmission, lastSubmission); + loadFeedback(options.baseSubmissionsUrl + lastSubmission, lastSubmission); } showFABStatus(status); setTimeout(enableSubmitButton, 100); @@ -319,7 +329,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, } function enableSubmitButton(): void { - if (!loggedIn) { + if (!options.loggedIn) { return; } @@ -330,7 +340,7 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, } function disableSubmitButton(): void { - if (!loggedIn) { + if (!options.loggedIn) { return; } @@ -429,12 +439,12 @@ async function initExerciseShow(exerciseId: number, programmingLanguage: string, } function initDeadlineTimeout(): void { - if (!_deadline) { + if (!options.deadline) { return; } const deadlineWarningElement = document.getElementById("deadline-warning"); const deadlineInfoElement = document.getElementById("deadline-info"); - const deadline = new Date(_deadline); + const deadline = new Date(options.deadline); const infoDeadline = new Date(deadline.getTime() - (5 * 60 * 1000)); function showDeadlineAlerts(): void { diff --git a/app/views/activities/show.html.erb b/app/views/activities/show.html.erb index ebbf643c69..ffd5adead9 100644 --- a/app/views/activities/show.html.erb +++ b/app/views/activities/show.html.erb @@ -209,16 +209,21 @@ end %> <% end %> From 91d0a3bb125c4556585ada62c508e41ca2519742 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Tue, 2 Jul 2024 14:36:58 +0200 Subject: [PATCH 16/19] Reuse code --- app/models/course.rb | 4 ++++ app/policies/course_policy.rb | 4 +--- app/policies/series_policy.rb | 12 +++--------- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/app/models/course.rb b/app/models/course.rb index 42061e2122..f6be23a577 100644 --- a/app/models/course.rb +++ b/app/models/course.rb @@ -303,6 +303,10 @@ def open_for_user?(user) open_for_all? || (open_for_institution? && institution == user&.institution) || (open_for_institutional_users? && user&.institutional?) end + def visible_for_user?(user) + visible_for_all? || (visible_for_institution? && institution == user&.institution) || user&.member_of?(self) + end + def invalidate_subscribed_members_count_cache Rails.cache.delete(format(SUBSCRIBED_MEMBERS_COUNT_CACHE_STRING, id: id)) end diff --git a/app/policies/course_policy.rb b/app/policies/course_policy.rb index 1dab3e2993..04e4d5ec13 100644 --- a/app/policies/course_policy.rb +++ b/app/policies/course_policy.rb @@ -37,9 +37,7 @@ def info? def copy? create? && ( user&.zeus? || - record.visible_for_all? || - (record.visible_for_institution? && record.institution == user&.institution) || - record.subscribed_members.include?(user) + record.visible_for_user?(user) ) end diff --git a/app/policies/series_policy.rb b/app/policies/series_policy.rb index 6068d0d6a9..88251a7008 100644 --- a/app/policies/series_policy.rb +++ b/app/policies/series_policy.rb @@ -19,15 +19,9 @@ def index? end def show? - return true if course_admin? - return false if record.closed? - return false if record.hidden? && user.nil? - return false if record.timed? && record.visibility_start > Time.zone.now - - course = record.course - course.visible_for_all? || - (course.visible_for_institution? && course.institution == user&.institution) || - user&.member_of?(course) + return false unless record.accessible_to?(user) + + record.course.visible_for_user?(user) end def info? From 37f9faf3c3efa26baa0557323e76260d11c0a8ec Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Tue, 2 Jul 2024 14:38:56 +0200 Subject: [PATCH 17/19] Add series to json api --- app/views/submissions/_submission_basic.json.jbuilder | 1 + 1 file changed, 1 insertion(+) diff --git a/app/views/submissions/_submission_basic.json.jbuilder b/app/views/submissions/_submission_basic.json.jbuilder index a652c7b752..6ac1d14884 100644 --- a/app/views/submissions/_submission_basic.json.jbuilder +++ b/app/views/submissions/_submission_basic.json.jbuilder @@ -8,3 +8,4 @@ end json.has_annotations submission.annotated? json.exercise activity_scoped_url(activity: submission.exercise, course: submission.course, options: { format: :json }) json.course course_url(submission.course, format: :json) if submission.course +json.series series_url(submission.series, format: :json) if submission.series From 399771f157ac86f3362d79a66a0d6886ec614d42 Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Tue, 2 Jul 2024 15:13:05 +0200 Subject: [PATCH 18/19] Fix tests --- test/controllers/activities_controller_test.rb | 1 + test/controllers/series_controller_test.rb | 3 +++ 2 files changed, 4 insertions(+) diff --git a/test/controllers/activities_controller_test.rb b/test/controllers/activities_controller_test.rb index 490f8fe61a..b508ef2507 100644 --- a/test/controllers/activities_controller_test.rb +++ b/test/controllers/activities_controller_test.rb @@ -1012,6 +1012,7 @@ class ExerciseDescriptionTest < ActionDispatch::IntegrationTest test 'activities for hidden series should only be shown with token' do course = courses(:course1) + course.subscribed_members << users(:student) exercise = exercises(:python_exercise) other_exercise = create :exercise series = create :series, course: course, exercises: [exercise, other_exercise], visibility: :hidden diff --git a/test/controllers/series_controller_test.rb b/test/controllers/series_controller_test.rb index 6651d1666e..cda6c826cc 100644 --- a/test/controllers/series_controller_test.rb +++ b/test/controllers/series_controller_test.rb @@ -297,6 +297,7 @@ def assert_show_and_overview(authorized, token: nil) test 'student should see hidden series with token' do sign_in @student + @series.course.subscribed_members << @student @series.update(visibility: :hidden) assert_show_and_overview true, token: @series.access_token @@ -304,6 +305,7 @@ def assert_show_and_overview(authorized, token: nil) test 'student should not see hidden series with wrong token' do sign_in @student + @series.course.subscribed_members << @student @series.update(visibility: :hidden) assert_show_and_overview false, token: 'hunter2' @@ -311,6 +313,7 @@ def assert_show_and_overview(authorized, token: nil) test 'student should not see closed series with token' do sign_in @student + @series.course.subscribed_members << @student @series.update(visibility: :closed) assert_show_and_overview false, token: @series.access_token From da177a8134c669b092c996bce8206f490a2b4a5d Mon Sep 17 00:00:00 2001 From: jorg-vr Date: Tue, 2 Jul 2024 15:16:14 +0200 Subject: [PATCH 19/19] add test --- test/controllers/series_controller_test.rb | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/controllers/series_controller_test.rb b/test/controllers/series_controller_test.rb index cda6c826cc..6f11a70944 100644 --- a/test/controllers/series_controller_test.rb +++ b/test/controllers/series_controller_test.rb @@ -303,6 +303,13 @@ def assert_show_and_overview(authorized, token: nil) assert_show_and_overview true, token: @series.access_token end + test 'student that is not member of course should not see hidden series with token' do + sign_in @student + @series.update(visibility: :hidden) + + assert_show_and_overview false, token: @series.access_token + end + test 'student should not see hidden series with wrong token' do sign_in @student @series.course.subscribed_members << @student