Skip to content
Snippets Groups Projects
Commit 188e1b6a authored by iaibrys's avatar iaibrys
Browse files

Add impersonation and logging to help diagnose #271

parent 7e07ac08
Branches
1 merge request!1Feature/remove coffeescript
Pipeline #248 passed
Showing
with 59 additions and 92 deletions
......@@ -18,7 +18,7 @@ gem 'coffee-rails', '~> 4.2.2'
# gem 'therubyracer', platforms: :ruby
gem 'autoprefixer-rails'
gem 'bootstrap-sass', '~> 3.2.0'
gem 'bootstrap-sass', '~> 3.3'
# Use jquery as the JavaScript library
gem 'jquery-rails'
......@@ -87,7 +87,6 @@ gem 'mongoid-autoinc', '~> 6.0' # >5.0 required for Mongoid 5
gem 'data_uri'
# Web Stack
gem 'foreman', '~> 0.84.0'
gem 'rack-rewrite', '~> 1.5.1'
gem 'thin', '~> 1.7.2'
......
......@@ -68,8 +68,9 @@ GEM
execjs
awesome_print (1.8.0)
bindex (0.5.0)
bootstrap-sass (3.2.0.2)
sass (~> 3.2)
bootstrap-sass (3.4.1)
autoprefixer-rails (>= 5.2.1)
sassc (>= 2.0.0)
bootstrap-select-rails (1.12.4)
bson (4.4.2)
bson_ext (1.5.1)
......@@ -120,8 +121,6 @@ GEM
ffi (1.10.0)
font-awesome-rails (4.7.0.4)
railties (>= 3.2, < 6.0)
foreman (0.84.0)
thor (~> 0.19.1)
formatador (0.2.5)
git (1.5.0)
globalid (0.4.2)
......@@ -346,6 +345,9 @@ GEM
sprockets (>= 2.8, < 4.0)
sprockets-rails (>= 2.0, < 4.0)
tilt (>= 1.1, < 3)
sassc (2.0.1)
ffi (~> 1.9)
rake
sdoc (0.4.2)
json (~> 1.7, >= 1.7.7)
rdoc (~> 4.0)
......@@ -396,7 +398,7 @@ PLATFORMS
DEPENDENCIES
autoprefixer-rails
awesome_print (~> 1.6, >= 1.6.1)
bootstrap-sass (~> 3.2.0)
bootstrap-sass (~> 3.3)
bootstrap-select-rails
bson_ext
byebug
......@@ -412,7 +414,6 @@ DEPENDENCIES
fakeredis
faye-websocket (= 0.10.0)
font-awesome-rails
foreman (~> 0.84.0)
git (>= 1.2.2)
guard-rspec (~> 4.7.0)
jbuilder (~> 2.0)
......
web: bundle exec thin start -p $PORT
......@@ -66,17 +66,17 @@ var StudentQuizzes = {
modalBody.empty()
var instances = StudentQuizzes.allInstances().filter(function(q) {
return q.quiz_number === quiz_number
},
function(qi) {
return (qi.handed_in_time || qi.end_time)
var instances = StudentQuizzes.allInstances().filter(function(qi) {
return (qi.quiz_number === quiz_number) && (qi.handed_in_time || qi.end_time)
})
if (instances.length < 1) {
console.assert('expected at least one instance')
}
console.log('Showing results for Q'+quiz_number);
console.dir(instances);
var table = '<div class="table-responsive"><table class="table">'
table += '<tr><th>HID</th><th>Attempt</th><th>Submitted</th><th>Actions</th></tr>'
......
......@@ -2,7 +2,6 @@ require 'json'
class AnswersController < ApplicationController
include AuthHelper
include AnswerHelper
skip_before_action :verify_authenticity_token
......
......@@ -4,6 +4,8 @@ class ApplicationController < ActionController::Base
include MultiParameterAttributes
include AuthHelper
# Prevent CSRF attacks by raising an exception.
# For APIs, you may want to use :null_session instead.
protect_from_forgery with: :exception
......@@ -14,6 +16,26 @@ class ApplicationController < ActionController::Base
before_action :require_login, :if => proc {!Rails.env.production?}
def require_admin_for_all_quizzes!
groups = DTUAuth2::CachedAuthorizationManager.groups_by_user(current_user_id)
courses = groups.map(&:course_id).uniq
Rails.logger.error "Groups for #{current_user_id} #{groups.ai} #{courses.ai}"
courses.each do |course_id|
@effective_role = effective_role_for_course(course_id)
redirect_to '/courses' if is_student(@effective_role)
end
end
def require_admin_for_course!
@effective_role = effective_role_for_course(params[:course_id])
redirect_to '/courses' if is_student(@effective_role)
end
protected
def json_request?
......
......@@ -4,7 +4,6 @@ class DontknowController < ApplicationController
include AnswerHelper
include DontknowHelper
include AuthHelper
skip_before_action :verify_authenticity_token
......
......@@ -3,7 +3,6 @@ require 'json'
class HintsController < ApplicationController
include HintHelper
include AuthHelper
before_action { |c| c.authorize_quiz_instance_owner params[:quizinstance_id] }
......
class ImpersonateController < ApplicationController
before_action :require_admin_for_all_quizzes!
def become
user_id = params[:user_id]
logger.error "Signing in for #{user_id} ..."
log_in(DTUAuth2::CachedAuthorizationManager.user_by_id(user_id))
session[:cas_user] = user_id
redirect_to root_url
end
end
......@@ -7,8 +7,6 @@ require 'kramdown'
class NewQuizController < ApplicationController
respond_to :html
include AuthHelper
attr_accessor(
:groups,
:quiz_entry,
......
......@@ -4,8 +4,6 @@ require 'kramdown'
class QuizTemplateController < ApplicationController
include AuthHelper
attr_accessor(
:quiz_template,
:quiz_id,
......@@ -17,7 +15,7 @@ class QuizTemplateController < ApplicationController
respond_to :html, :json
before_action :check_authorization
before_action :require_admin_for_course!
helper_method :back_nav
helper_method :display_feedback
......@@ -55,13 +53,12 @@ class QuizTemplateController < ApplicationController
@view_as == "printable"
end
private
def check_authorization
def require_admin_for_course!
get_quiz
@effective_role = effective_role_for_course(@course_id)
redirect_to '/courses' if is_student(@effective_role)
end
end
......@@ -12,7 +12,6 @@ end
class QuizTemplatesController < ApplicationController
include ApplicationHelper
include AuthHelper
include QuizHelper
include CourseHelper
include ServiceHelpers
......
class ScoreController < ApplicationController
include AuthHelper
include AnswerHelper
include ScoreHelper
......
class StudentQuizzesController < ApplicationController
respond_to :json, :html
include AuthHelper
attr_reader(
:course_user_options,
:student_quizzes,
......
# frozen_string_literal: true
Rails.application.routes.draw do
get 'admin/impersonate/:user_id' => 'impersonate#become'
get 'quiz_handed_in/view'
get 'courses/:course_id/quiz_templates' => 'quiz_templates#index', :as => :quiz_templates
......@@ -72,59 +74,4 @@ Rails.application.routes.draw do
mount DtuCoreApp::Engine => '/core', :as => 'core'
get 'login' => 'dtu_core_app/sessions#new'
# The priority is based upon order of creation: first created -> highest priority.
# See how all your routes lay out with "rake routes".
# You can have the root of your site routed with "root"
# root 'welcome#index'
# Example of regular route:
# get 'products/:id' => 'catalog#view'
# Example of named route that can be invoked with purchase_url(id: product.id)
# get 'products/:id/purchase' => 'catalog#purchase', as: :purchase
# Example resource route (maps HTTP verbs to controller actions automatically):
# resources :products
# Example resource route with options:
# resources :products do
# member do
# get 'short'
# post 'toggle'
# end
#
# collection do
# get 'sold'
# end
# end
# Example resource route with sub-resources:
# resources :products do
# resources :comments, :sales
# resource :seller
# end
# Example resource route with more complex sub-resources:
# resources :products do
# resources :comments
# resources :sales do
# get 'recent', on: :collection
# end
# end
# Example resource route with concerns:
# concern :toggleable do
# post 'toggle'
# end
# resources :posts, concerns: :toggleable
# resources :photos, concerns: :toggleable
# Example resource route within a namespace:
# namespace :admin do
# # Directs /admin/products/* to Admin::ProductsController
# # (app/controllers/admin/products_controller.rb)
# resources :products
# end
end
......@@ -87,7 +87,7 @@ wait
log "STARTING RAILS WITH RAILS_ENV=$RAILS_ENV"
foreman start
bundle exec thin start -p $PORT
log "RAILS DIED!"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment