From 6b7e54e981a0f9b148fab087cf6ebd3bbf159d95 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 01:54:11 +0800 Subject: [PATCH 01/23] Create a new staff scope --- lib/cadet_web/router.ex | 29 +++++++++++++++++++++++------ 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 949805c34..0d539e8e7 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -24,6 +24,10 @@ defmodule CadetWeb.Router do plug(:assign_course) end + pipeline :ensure_admin do + plug(:ensure_role, [:admin]) + end + pipeline :ensure_staff do plug(:ensure_role, [:staff, :admin]) end @@ -119,8 +123,8 @@ defmodule CadetWeb.Router do get("/team/:assessmentid", TeamController, :index) end - # Admin pages - scope "/v2/courses/:course_id/admin", CadetWeb do + # Staff pages + scope "/v2/courses/:course_id/staff", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff]) resources("/sourcecast", AdminSourcecastController, only: [:create, :delete]) @@ -129,10 +133,6 @@ defmodule CadetWeb.Router do post("/assets/:foldername/*filename", AdminAssetsController, :upload) delete("/assets/:foldername/*filename", AdminAssetsController, :delete) - post("/assessments", AdminAssessmentsController, :create) - post("/assessments/:assessmentid", AdminAssessmentsController, :update) - delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) - get( "/assessments/:assessmentid/popularVoteLeaderboard", AdminAssessmentsController, @@ -220,6 +220,23 @@ defmodule CadetWeb.Router do post("/teams/upload", AdminTeamsController, :bulk_upload) end + # Staff pages + scope "/v2/courses/:course_id/admin", CadetWeb do + pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) + + post("/assessments", AdminAssessmentsController, :create) + post("/assessments/:assessmentid", AdminAssessmentsController, :update) + delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) + + post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) + + post( + "/grading/:assessmentid/unpublish_all_grades", + AdminGradingController, + :unpublish_all_grades + ) + end + # Other scopes may use custom stacks. # scope "/api", CadetWeb do # pipe_through :api From d28d75728df4b05408c2d95e1b29c66a38f93ffd Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 02:03:11 +0800 Subject: [PATCH 02/23] Move Admin Panel requests into admin scope --- lib/cadet_web/router.ex | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 0d539e8e7..bb339187d 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -202,17 +202,6 @@ defmodule CadetWeb.Router do delete("/stories/:storyid", AdminStoriesController, :delete) post("/stories/:storyid", AdminStoriesController, :update) - put("/config", AdminCoursesController, :update_course_config) - # TODO: Missing corresponding Swagger path entry - get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs) - put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs) - # TODO: Missing corresponding Swagger path entry - delete( - "/config/assessment_config/:assessment_config_id", - AdminCoursesController, - :delete_assessment_config - ) - get("/teams", AdminTeamsController, :index) post("/teams", AdminTeamsController, :create) delete("/teams/:teamid", AdminTeamsController, :delete) @@ -220,7 +209,7 @@ defmodule CadetWeb.Router do post("/teams/upload", AdminTeamsController, :bulk_upload) end - # Staff pages + # Admin pages scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) @@ -228,6 +217,17 @@ defmodule CadetWeb.Router do post("/assessments/:assessmentid", AdminAssessmentsController, :update) delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) + put("/config", AdminCoursesController, :update_course_config) + # TODO: Missing corresponding Swagger path entry + get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs) + put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs) + # TODO: Missing corresponding Swagger path entry + delete( + "/config/assessment_config/:assessment_config_id", + AdminCoursesController, + :delete_assessment_config + ) + post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) post( From 18dc689a4df4836fc6967bf0f74dc252964bd175 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 02:14:33 +0800 Subject: [PATCH 03/23] Change appropriate routes into admin scope --- lib/cadet_web/router.ex | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index bb339187d..c5d385a5c 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -185,7 +185,6 @@ defmodule CadetWeb.Router do # The admin route for getting total xp of a specific user get("/users/:course_reg_id/total_xp", AdminUserController, :combined_total_xp) put("/users/:course_reg_id/role", AdminUserController, :update_role) - delete("/users/:course_reg_id", AdminUserController, :delete_user) get("/users/:course_reg_id/goals", AdminGoalsController, :index_goals_with_progress) post("/users/:course_reg_id/goals/:uuid/progress", AdminGoalsController, :update_progress) @@ -235,6 +234,8 @@ defmodule CadetWeb.Router do AdminGradingController, :unpublish_all_grades ) + + delete("/users/:course_reg_id", AdminUserController, :delete_user) end # Other scopes may use custom stacks. From e77aa05059207f8b6be3efc0ad062f880f20981e Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 02:35:50 +0800 Subject: [PATCH 04/23] Find-replace galore --- .../admin_achievements_controller.ex | 6 +++--- .../admin_assessments_controller.ex | 6 +++--- .../admin_assets_controller.ex | 16 ++++++++++------ .../admin_goals_controller.ex | 12 ++++++------ .../admin_grading_controller.ex | 18 ++++++++++-------- .../admin_stories_controller.ex | 12 ++++++------ .../admin_teams_controller.ex | 8 ++++---- .../admin_controllers/admin_user_controller.ex | 10 +++++----- lib/cadet_web/controllers/team_controller.ex | 2 +- .../admin_achievements_controller_test.exs | 10 +++++----- .../admin_assessments_controller_test.exs | 2 +- .../admin_assets_controller_test.exs | 2 +- .../admin_goals_controller_test.exs | 18 +++++++++--------- .../admin_grading_controller_test.exs | 4 ++-- .../admin_sourcecast_controller_test.exs | 2 +- .../admin_stories_controller_test.exs | 14 +++++++------- .../admin_teams_controller_test.exs | 10 +++++----- .../admin_user_controller_test.exs | 16 ++++++++-------- .../controllers/teams_controller_test.exs | 4 ++-- 19 files changed, 89 insertions(+), 83 deletions(-) diff --git a/lib/cadet_web/admin_controllers/admin_achievements_controller.ex b/lib/cadet_web/admin_controllers/admin_achievements_controller.ex index c7248dae6..e2f4afecb 100644 --- a/lib/cadet_web/admin_controllers/admin_achievements_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_achievements_controller.ex @@ -61,7 +61,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :update do - put("/courses/{course_id}/admin/achievements/{uuid}") + put("/courses/{course_id}/staff/achievements/{uuid}") summary("Inserts or updates an achievement") @@ -87,7 +87,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :bulk_update do - put("/courses/{course_id}/admin/achievements") + put("/courses/{course_id}/staff/achievements") summary("Inserts or updates achievements") @@ -108,7 +108,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/admin/achievements/{uuid}") + PhoenixSwagger.Path.delete("/courses/{course_id}/staff/achievements/{uuid}") summary("Deletes an achievement") security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_assessments_controller.ex b/lib/cadet_web/admin_controllers/admin_assessments_controller.ex index d9a992267..9017fd957 100644 --- a/lib/cadet_web/admin_controllers/admin_assessments_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assessments_controller.ex @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :index do - get("/courses/{course_id}/admin/users/{courseRegId}/assessments") + get("/courses/{course_id}/staff/users/{courseRegId}/assessments") summary("Fetches assessment overviews of a user") @@ -270,7 +270,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :get_popular_leaderboard do - get("/courses/{course_id}/admin/assessments/:assessmentid/popularVoteLeaderboard") + get("/courses/{course_id}/staff/assessments/:assessmentid/popularVoteLeaderboard") summary("get the top 10 contest entries based on popularity") @@ -286,7 +286,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :get_score_leaderboard do - get("/courses/{course_id}/admin/assessments/:assessmentid/scoreLeaderboard") + get("/courses/{course_id}/staff/assessments/:assessmentid/scoreLeaderboard") summary("get the top 10 contest entries based on score") diff --git a/lib/cadet_web/admin_controllers/admin_assets_controller.ex b/lib/cadet_web/admin_controllers/admin_assets_controller.ex index 3316cfffa..e42b1cae4 100644 --- a/lib/cadet_web/admin_controllers/admin_assets_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assets_controller.ex @@ -22,7 +22,7 @@ defmodule CadetWeb.AdminAssetsController do case Assets.delete_object(Courses.assets_prefix(course_reg.course), foldername, filename) do {:error, {status, message}} -> conn |> put_status(status) |> text(message) - _ -> conn |> put_status(204) |> text('') + _ -> conn |> put_status(204) |> text(~c"") end end @@ -71,7 +71,7 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :index do - get("/courses/{course_id}/admin/assets/{folderName}") + get("/courses/{course_id}/staff/assets/{folderName}") summary("Get a list of all assets in a folder") @@ -89,14 +89,16 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/admin/assets/{folderName}/{fileName}") + PhoenixSwagger.Path.delete("/courses/{course_id}/staff/assets/{folderName}/{fileName}") summary("Delete a file from an asset folder") parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) + fileName(:path, :string, "File path in folder, which may contain subfolders", + required: true + ) end security([%{JWT: []}]) @@ -108,14 +110,16 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :upload do - post("/courses/{course_id}/admin/assets/{folderName}/{fileName}") + post("/courses/{course_id}/staff/assets/{folderName}/{fileName}") summary("Upload a file to an asset folder") parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) + fileName(:path, :string, "File path in folder, which may contain subfolders", + required: true + ) end security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_goals_controller.ex b/lib/cadet_web/admin_controllers/admin_goals_controller.ex index 628540232..622b5c752 100644 --- a/lib/cadet_web/admin_controllers/admin_goals_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_goals_controller.ex @@ -87,7 +87,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :index do - get("/admin/goals") + get("/staff/goals") summary("Gets goals") security([%{JWT: []}]) @@ -98,7 +98,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :index_goals_with_progress do - get("/admin/goals/{courseRegId}") + get("/staff/goals/{courseRegId}") summary("Gets goals and goal progress of a user") security([%{JWT: []}]) @@ -113,7 +113,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :update do - put("/admin/goals/{uuid}") + put("/staff/goals/{uuid}") summary("Inserts or updates a goal") @@ -136,7 +136,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :bulk_update do - put("/admin/goals") + put("/staff/goals") summary("Inserts or updates goals") @@ -157,7 +157,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :update_progress do - post("/admin/users/{courseRegId}/goals/{uuid}/progress") + post("/staff/users/{courseRegId}/goals/{uuid}/progress") summary("Inserts or updates own goal progress of specifed goal") security([%{JWT: []}]) @@ -180,7 +180,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/admin/goals/{uuid}") + PhoenixSwagger.Path.delete("/staff/goals/{uuid}") summary("Deletes a goal") security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_grading_controller.ex b/lib/cadet_web/admin_controllers/admin_grading_controller.ex index d95431362..f7dcf4417 100644 --- a/lib/cadet_web/admin_controllers/admin_grading_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_grading_controller.ex @@ -175,7 +175,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :index do - get("/courses/{course_id}/admin/grading") + get("/courses/{course_id}/staff/grading") summary("Get a list of all submissions with current user as the grader") @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :unsubmit do - post("/courses/{course_id}/admin/grading/{submissionId}/unsubmit") + post("/courses/{course_id}/staff/grading/{submissionId}/unsubmit") summary("Unsubmit submission. Can only be done by the Avenger of a student") security([%{JWT: []}]) @@ -213,7 +213,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :autograde_submission do - post("/courses/{course_id}/admin/grading/{submissionId}/autograde") + post("/courses/{course_id}/staff/grading/{submissionId}/autograde") summary("Force re-autograding of an entire submission") security([%{JWT: []}]) @@ -228,7 +228,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :autograde_answer do - post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}/autograde") + post("/courses/{course_id}/staff/grading/{submissionId}/{questionId}/autograde") summary("Force re-autograding of a question in a submission") security([%{JWT: []}]) @@ -244,7 +244,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :show do - get("/courses/{course_id}/admin/grading/{submissionId}") + get("/courses/{course_id}/staff/grading/{submissionId}") summary("Get information about a specific submission to be graded") @@ -263,7 +263,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :update do - post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}") + post("/courses/{course_id}/staff/grading/{submissionId}/{questionId}") summary("Update marks given to the answer of a particular question in a submission") @@ -285,7 +285,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :grading_summary do - get("/courses/{course_id}/admin/grading/summary") + get("/courses/{course_id}/staff/grading/summary") summary("Receives a summary of grading items done by this grader") @@ -330,7 +330,9 @@ defmodule CadetWeb.AdminGradingController do required: true ) - student(Schema.ref(:StudentInfo), "Student who created the submission", required: true) + student(Schema.ref(:StudentInfo), "Student who created the submission", + required: true + ) unsubmittedBy(Schema.ref(:GraderInfo)) unsubmittedAt(:string, "Last unsubmitted at", format: "date-time", required: false) diff --git a/lib/cadet_web/admin_controllers/admin_stories_controller.ex b/lib/cadet_web/admin_controllers/admin_stories_controller.ex index a6cdd46c0..6040bc1ac 100644 --- a/lib/cadet_web/admin_controllers/admin_stories_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_stories_controller.ex @@ -12,7 +12,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text('') + conn |> put_status(200) |> text(~c"") {:error, {status, message}} -> conn @@ -29,7 +29,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text('') + conn |> put_status(200) |> text(~c"") {:error, {status, message}} -> conn @@ -43,7 +43,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _nil} -> - conn |> put_status(204) |> text('') + conn |> put_status(204) |> text(~c"") {:error, {status, message}} -> conn @@ -53,7 +53,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :create do - post("/courses/{course_id}/admin/stories") + post("/courses/{course_id}/staff/stories") summary("Creates a new story") @@ -65,7 +65,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/admin/stories/{storyId}") + PhoenixSwagger.Path.delete("/courses/{course_id}/staff/stories/{storyId}") summary("Delete a story from database by id") @@ -81,7 +81,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :update do - post("/courses/{course_id}/admin/stories/{storyId}") + post("/courses/{course_id}/staff/stories/{storyId}") summary("Update details regarding a story") diff --git a/lib/cadet_web/admin_controllers/admin_teams_controller.ex b/lib/cadet_web/admin_controllers/admin_teams_controller.ex index c91974404..a8129d048 100644 --- a/lib/cadet_web/admin_controllers/admin_teams_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_teams_controller.ex @@ -98,7 +98,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :index do - get("/admin/teams") + get("/staff/teams") summary("Fetches every team in the course") @@ -110,7 +110,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :create do - post("/courses/{course_id}/admin/teams") + post("/courses/{course_id}/staff/teams") summary("Creates a new team") @@ -130,7 +130,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :update do - post("/courses/{course_id}/admin/teams/{teamId}") + post("/courses/{course_id}/staff/teams/{teamId}") summary("Updates an existing team") @@ -152,7 +152,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/admin/teams/{teamId}") + PhoenixSwagger.Path.delete("/courses/{course_id}/staff/teams/{teamId}") summary("Deletes an existing team") diff --git a/lib/cadet_web/admin_controllers/admin_user_controller.ex b/lib/cadet_web/admin_controllers/admin_user_controller.ex index 53add9133..d916725d6 100644 --- a/lib/cadet_web/admin_controllers/admin_user_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_user_controller.ex @@ -187,7 +187,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :index do - get("/courses/{course_id}/admin/users") + get("/courses/{course_id}/staff/users") summary("Returns a list of users in the course owned by the admin") @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :combined_total_xp do - get("/courses/{course_id}/admin/users/{course_reg_id}/total_xp") + get("/courses/{course_id}/staff/users/{course_reg_id}/total_xp") summary("Get the specified user's total XP from achievements and assessments") @@ -215,7 +215,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :upsert_users_and_groups do - put("/courses/{course_id}/admin/users") + put("/courses/{course_id}/staff/users") summary("Adds the list of usernames and roles to the course") security([%{JWT: []}]) @@ -236,7 +236,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :update_role do - put("/courses/{course_id}/admin/users/{course_reg_id}/role") + put("/courses/{course_id}/staff/users/{course_reg_id}/role") summary("Updates the role of the given user in the the course") security([%{JWT: []}]) @@ -265,7 +265,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :delete_user do - delete("/courses/{course_id}/admin/users/{course_reg_id}") + delete("/courses/{course_id}/staff/users/{course_reg_id}") summary("Deletes a user from a course") consumes("application/json") diff --git a/lib/cadet_web/controllers/team_controller.ex b/lib/cadet_web/controllers/team_controller.ex index 476790055..906d1aea6 100644 --- a/lib/cadet_web/controllers/team_controller.ex +++ b/lib/cadet_web/controllers/team_controller.ex @@ -57,7 +57,7 @@ defmodule CadetWeb.TeamController do end swagger_path :index do - get("/admin/teams") + get("/staff/teams") summary("Fetches team formation overview based on assessment ID") diff --git a/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs b/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs index 7bedaaaed..7c080e2aa 100644 --- a/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs @@ -14,7 +14,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do assert is_map(AdminAchievementsController.swagger_path_delete(nil)) end - describe "PUT v2/courses/:course_id/admin/achievements/:uuid" do + describe "PUT v2/courses/:course_id/staff/achievements/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -72,7 +72,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do end end - describe "PUT v2/courses/:course_id/admin/achievements" do + describe "PUT v2/courses/:course_id/staff/achievements" do setup do %{ achievements: [ @@ -124,7 +124,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do end end - describe "DELETE v2/courses/:course_id/admin/achievements/:uuid" do + describe "DELETE v2/courses/:course_id/staff/achievements/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -176,10 +176,10 @@ defmodule CadetWeb.AdminAchievementsControllerTest do defp build_path(course_id, uuid \\ nil) defp build_path(course_id, nil) do - "/v2/courses/#{course_id}/admin/achievements" + "/v2/courses/#{course_id}/staff/achievements" end defp build_path(course_id, uuid) do - "/v2/courses/#{course_id}/admin/achievements/#{uuid}" + "/v2/courses/#{course_id}/staff/achievements/#{uuid}" end end diff --git a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs index 0b0dc1483..c7745abd5 100644 --- a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs @@ -915,7 +915,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do do: "/v2/courses/#{course_id}/admin/assessments/#{assessment_id}" defp build_user_assessments_url(course_id, course_reg_id), - do: "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/assessments" + do: "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/assessments" defp build_popular_leaderboard_url(course_id, assessment_id), do: "#{build_url(course_id, assessment_id)}/popularVoteLeaderboard" diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs index d2d422361..2ae13e4e5 100644 --- a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs @@ -246,7 +246,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/assets/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/assets/" defp build_url(course_id, url), do: "#{build_url(course_id)}/#{url}" defp build_upload(path, content_type \\ "image/png") do diff --git a/test/cadet_web/admin_controllers/admin_goals_controller_test.exs b/test/cadet_web/admin_controllers/admin_goals_controller_test.exs index 80d6c7c36..9b657291a 100644 --- a/test/cadet_web/admin_controllers/admin_goals_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_goals_controller_test.exs @@ -17,7 +17,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do assert is_map(AdminGoalsController.swagger_path_update_progress(nil)) end - describe "GET v2/courses/:course_id/admin/goals" do + describe "GET v2/courses/:course_id/staff/goals" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -54,7 +54,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "GET v2/courses/:course_id/admin/users/:course_reg_id/goals" do + describe "GET v2/courses/:course_id/staff/users/:course_reg_id/goals" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course = conn.assigns.test_cr.course @@ -104,7 +104,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "PUT v2/courses/:course_id/admin/goals/:uuid" do + describe "PUT v2/courses/:course_id/staff/goals/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -143,7 +143,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "PUT v2/courses/:course_id/admin/goals" do + describe "PUT v2/courses/:course_id/staff/goals" do setup do %{ goals: [ @@ -195,7 +195,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "DELETE v2/courses/:course_id/admin/goals/:uuid" do + describe "DELETE v2/courses/:course_id/staff/goals/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -305,18 +305,18 @@ defmodule CadetWeb.AdminGoalsControllerTest do defp build_path(course_id, uuid \\ nil) defp build_path(course_id, nil) do - "/v2/courses/#{course_id}/admin/goals" + "/v2/courses/#{course_id}/staff/goals" end defp build_path(course_id, uuid) do - "/v2/courses/#{course_id}/admin/goals/#{uuid}" + "/v2/courses/#{course_id}/staff/goals/#{uuid}" end defp build_path(course_id, uuid, course_reg_id) do - "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/goals/#{uuid}/progress/" + "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/goals/#{uuid}/progress/" end defp build_user_goals_path(course_id, course_reg_id) do - "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/goals" + "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/goals" end end diff --git a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs index 11d8df0f0..777ae6ac7 100644 --- a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs @@ -1652,8 +1652,8 @@ defmodule CadetWeb.AdminGradingControllerTest do |> length() end - defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/grading/" - defp build_url_summary(course_id), do: "/v2/courses/#{course_id}/admin/grading/summary" + defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/grading/" + defp build_url_summary(course_id), do: "/v2/courses/#{course_id}/staff/grading/summary" defp build_url(course_id, submission_id), do: "#{build_url(course_id)}#{submission_id}" defp build_url(course_id, submission_id, question_id), diff --git a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs index b38657283..66bbe16bf 100644 --- a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs @@ -300,7 +300,7 @@ defmodule CadetWeb.AdminSourcecastControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/sourcecast/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/sourcecast/" defp build_url(course_id, sourcecast_id), do: "#{build_url(course_id)}#{sourcecast_id}/" defp seed_db(course_id) do diff --git a/test/cadet_web/admin_controllers/admin_stories_controller_test.exs b/test/cadet_web/admin_controllers/admin_stories_controller_test.exs index 700adb570..f3f09f4fb 100644 --- a/test/cadet_web/admin_controllers/admin_stories_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_stories_controller_test.exs @@ -35,26 +35,26 @@ defmodule CadetWeb.AdminStoriesControllerTest do end describe "unauthenticated" do - test "POST /v2/courses/{course_id}/admin/stories/", %{conn: conn} do + test "POST /v2/courses/{course_id}/staff/stories/", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id), %{}) assert response(conn, 401) =~ "Unauthorised" end - test "DELETE /v2/courses/{course_id}/admin/stories/:storyid", %{conn: conn} do + test "DELETE /v2/courses/{course_id}/staff/stories/:storyid", %{conn: conn} do course = insert(:course) conn = delete(conn, build_url(course.id, "storyid"), %{}) assert response(conn, 401) =~ "Unauthorised" end - test "POST /v2/courses/{course_id}/admin/stories/:storyid", %{conn: conn} do + test "POST /v2/courses/{course_id}/staff/stories/:storyid", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id, "storyid"), %{}) assert response(conn, 401) =~ "Unauthorised" end end - describe "DELETE /v2/courses/{course_id}/admin/stories/:storyid" do + describe "DELETE /v2/courses/{course_id}/staff/stories/:storyid" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -90,7 +90,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - describe "POST /v2/courses/{course_id}/admin/stories/" do + describe "POST /v2/courses/{course_id}/staff/stories/" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn, valid_params: params} do course_id = conn.assigns[:course_id] @@ -126,7 +126,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - describe "POST /v2/courses/{course_id}/admin/stories/:storyid" do + describe "POST /v2/courses/{course_id}/staff/stories/:storyid" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn, valid_params: params} do course_id = conn.assigns[:course_id] @@ -174,7 +174,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/stories" + defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/stories" defp build_url(course_id, story_id), do: "#{build_url(course_id)}/#{story_id}" defp stringify_camelise_keys(map) do diff --git a/test/cadet_web/admin_controllers/admin_teams_controller_test.exs b/test/cadet_web/admin_controllers/admin_teams_controller_test.exs index 32d2a517e..880ec44a8 100644 --- a/test/cadet_web/admin_controllers/admin_teams_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_teams_controller_test.exs @@ -13,7 +13,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do AdminTeamsController.swagger_path_delete(nil) end - describe "GET /admin/teams" do + describe "GET /staff/teams" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = get(conn, build_url(course.id)) @@ -42,7 +42,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "POST /admin/teams" do + describe "POST /staff/teams" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id), %{}) @@ -160,7 +160,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "PUT /admin/teams/{teamId}" do + describe "PUT /staff/teams/{teamId}" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = put(conn, build_url(course.id, 1), %{}) @@ -225,7 +225,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "DELETE /admin/teams/{teamId}" do + describe "DELETE /staff/teams/{teamId}" do test "unauthenticated", %{conn: conn} do course = insert(:course) team = insert(:team) @@ -290,7 +290,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/teams/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/teams/" defp build_url(course_id, team_id), do: "#{build_url(course_id)}#{team_id}" diff --git a/test/cadet_web/admin_controllers/admin_user_controller_test.exs b/test/cadet_web/admin_controllers/admin_user_controller_test.exs index bd134876c..331c8d799 100644 --- a/test/cadet_web/admin_controllers/admin_user_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_user_controller_test.exs @@ -18,7 +18,7 @@ defmodule CadetWeb.AdminUserControllerTest do assert is_map(AdminUserController.swagger_path_combined_total_xp(nil)) end - describe "GET /v2/courses/{course_id}/admin/users" do + describe "GET /v2/courses/{course_id}/staff/users" do @tag authenticate: :staff test "success, when staff retrieves all users", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -118,7 +118,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "PUT /v2/courses/{course_id}/admin/users" do + describe "PUT /v2/courses/{course_id}/staff/users" do @tag authenticate: :admin test "successfully namespaces and inserts users, and assign groups", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -351,7 +351,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "PUT /v2/courses/{course_id}/admin/users/{course_reg_id}/role" do + describe "PUT /v2/courses/{course_id}/staff/users/{course_reg_id}/role" do @tag authenticate: :admin test "success (student to staff), when admin is admin of the course the user is in", %{ conn: conn @@ -473,7 +473,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "DELETE /v2/courses/{course_id}/admin/users/{course_reg_id}" do + describe "DELETE /v2/courses/{course_id}/staff/users/{course_reg_id}" do @tag authenticate: :admin test "success (delete student), when admin is admin of the course the user is in", %{ conn: conn @@ -566,7 +566,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "GET /v2/courses/{course_id}/admin/users/{course_reg_id}/total_xp" do + describe "GET /v2/courses/{course_id}/staff/users/{course_reg_id}/total_xp" do @tag authenticate: :admin test "achievement, one completed goal", %{ conn: conn @@ -627,17 +627,17 @@ defmodule CadetWeb.AdminUserControllerTest do resp = conn - |> get("/v2/courses/#{course.id}/admin/users/#{test_cr.id}/total_xp") + |> get("/v2/courses/#{course.id}/staff/users/#{test_cr.id}/total_xp") |> json_response(200) assert resp["totalXp"] == 210 end end - defp build_url_users(course_id), do: "/v2/courses/#{course_id}/admin/users" + defp build_url_users(course_id), do: "/v2/courses/#{course_id}/staff/users" defp build_url_users(course_id, course_reg_id), - do: "/v2/courses/#{course_id}/admin/users/#{course_reg_id}" + do: "/v2/courses/#{course_id}/staff/users/#{course_reg_id}" defp build_url_users_role(course_id, course_reg_id), do: build_url_users(course_id, course_reg_id) <> "/role" diff --git a/test/cadet_web/controllers/teams_controller_test.exs b/test/cadet_web/controllers/teams_controller_test.exs index e67324adb..b0eb7c9b2 100644 --- a/test/cadet_web/controllers/teams_controller_test.exs +++ b/test/cadet_web/controllers/teams_controller_test.exs @@ -13,7 +13,7 @@ defmodule CadetWeb.TeamsControllerTest do TeamController.swagger_path_index(nil) end - describe "GET /v2/admin/teams" do + describe "GET /v2/staff/teams" do @tag authenticate: :student test "unauthorized with student", %{conn: conn} do course = insert(:course) @@ -94,7 +94,7 @@ defmodule CadetWeb.TeamsControllerTest do end end - defp build_url_get(course_id), do: "/v2/courses/#{course_id}/admin/teams" + defp build_url_get(course_id), do: "/v2/courses/#{course_id}/staff/teams" defp build_url_get_by_assessment(course_id, assessment_id), do: "/v2/courses/#{course_id}/team/#{assessment_id}" From 9e6711290c603d1c128850f220e40c2eea84a8e9 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 02:39:25 +0800 Subject: [PATCH 05/23] Fix linting --- lib/cadet/devices/devices.ex | 2 +- lib/cadet_web/admin_controllers/admin_courses_controller.ex | 6 +++++- lib/cadet_web/admin_views/admin_assessments_view.ex | 4 +++- lib/cadet_web/views/assessments_view.ex | 4 +++- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/cadet/devices/devices.ex b/lib/cadet/devices/devices.ex index 7862b8792..d036151d3 100644 --- a/lib/cadet/devices/devices.ex +++ b/lib/cadet/devices/devices.ex @@ -208,7 +208,7 @@ defmodule Cadet.Devices do }, 300, [], - '' + ~c"" ) # ExAws includes the session token in the signed payload and doesn't allow diff --git a/lib/cadet_web/admin_controllers/admin_courses_controller.ex b/lib/cadet_web/admin_controllers/admin_courses_controller.ex index 7220a4d80..bdda2c868 100644 --- a/lib/cadet_web/admin_controllers/admin_courses_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_courses_controller.ex @@ -143,7 +143,11 @@ defmodule CadetWeb.AdminCoursesController do title("AdminSublanguage") properties do - chapter(:integer, "Chapter number from 1 to 4", required: true, minimum: 1, maximum: 4) + chapter(:integer, "Chapter number from 1 to 4", + required: true, + minimum: 1, + maximum: 4 + ) variant(Schema.ref(:SourceVariant), "Variant name", required: true) end diff --git a/lib/cadet_web/admin_views/admin_assessments_view.ex b/lib/cadet_web/admin_views/admin_assessments_view.ex index 159c5b848..a9404e80e 100644 --- a/lib/cadet_web/admin_views/admin_assessments_view.ex +++ b/lib/cadet_web/admin_views/admin_assessments_view.ex @@ -67,7 +67,9 @@ defmodule CadetWeb.AdminAssessmentsView do end def render("leaderboard.json", %{leaderboard: leaderboard}) do - render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", as: :contestEntry) + render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", + as: :contestEntry + ) end def render("contestEntry.json", %{contestEntry: contestEntry}) do diff --git a/lib/cadet_web/views/assessments_view.ex b/lib/cadet_web/views/assessments_view.ex index 700f13019..970f2c563 100644 --- a/lib/cadet_web/views/assessments_view.ex +++ b/lib/cadet_web/views/assessments_view.ex @@ -70,7 +70,9 @@ defmodule CadetWeb.AssessmentsView do end def render("leaderboard.json", %{leaderboard: leaderboard}) do - render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", as: :contestEntry) + render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", + as: :contestEntry + ) end def render("contestEntry.json", %{contestEntry: contestEntry}) do From ed959e89325a0a6512f6862475217b37d43b9cae Mon Sep 17 00:00:00 2001 From: josh1248 Date: Mon, 9 Sep 2024 02:48:38 +0800 Subject: [PATCH 06/23] Linting does not work :( --- lib/cadet_web/admin_controllers/admin_assets_controller.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/cadet_web/admin_controllers/admin_assets_controller.ex b/lib/cadet_web/admin_controllers/admin_assets_controller.ex index e42b1cae4..a6fbaf960 100644 --- a/lib/cadet_web/admin_controllers/admin_assets_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assets_controller.ex @@ -1,8 +1,6 @@ defmodule CadetWeb.AdminAssetsController do use CadetWeb, :controller - use PhoenixSwagger - alias Cadet.Assets.Assets alias Cadet.Courses From 8241a967ae7dac8648083010d328d4ad257698e8 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 14:35:10 +0800 Subject: [PATCH 07/23] Revert "Find-replace galore" This reverts commit e77aa05059207f8b6be3efc0ad062f880f20981e. --- .../admin_achievements_controller.ex | 6 +++--- .../admin_assessments_controller.ex | 6 +++--- .../admin_assets_controller.ex | 16 ++++++---------- .../admin_goals_controller.ex | 12 ++++++------ .../admin_grading_controller.ex | 18 ++++++++---------- .../admin_stories_controller.ex | 12 ++++++------ .../admin_teams_controller.ex | 8 ++++---- .../admin_controllers/admin_user_controller.ex | 10 +++++----- lib/cadet_web/controllers/team_controller.ex | 2 +- .../admin_achievements_controller_test.exs | 10 +++++----- .../admin_assessments_controller_test.exs | 2 +- .../admin_assets_controller_test.exs | 2 +- .../admin_goals_controller_test.exs | 18 +++++++++--------- .../admin_grading_controller_test.exs | 4 ++-- .../admin_sourcecast_controller_test.exs | 2 +- .../admin_stories_controller_test.exs | 14 +++++++------- .../admin_teams_controller_test.exs | 10 +++++----- .../admin_user_controller_test.exs | 16 ++++++++-------- .../controllers/teams_controller_test.exs | 4 ++-- 19 files changed, 83 insertions(+), 89 deletions(-) diff --git a/lib/cadet_web/admin_controllers/admin_achievements_controller.ex b/lib/cadet_web/admin_controllers/admin_achievements_controller.ex index e2f4afecb..c7248dae6 100644 --- a/lib/cadet_web/admin_controllers/admin_achievements_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_achievements_controller.ex @@ -61,7 +61,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :update do - put("/courses/{course_id}/staff/achievements/{uuid}") + put("/courses/{course_id}/admin/achievements/{uuid}") summary("Inserts or updates an achievement") @@ -87,7 +87,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :bulk_update do - put("/courses/{course_id}/staff/achievements") + put("/courses/{course_id}/admin/achievements") summary("Inserts or updates achievements") @@ -108,7 +108,7 @@ defmodule CadetWeb.AdminAchievementsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/staff/achievements/{uuid}") + PhoenixSwagger.Path.delete("/courses/{course_id}/admin/achievements/{uuid}") summary("Deletes an achievement") security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_assessments_controller.ex b/lib/cadet_web/admin_controllers/admin_assessments_controller.ex index 9017fd957..d9a992267 100644 --- a/lib/cadet_web/admin_controllers/admin_assessments_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assessments_controller.ex @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :index do - get("/courses/{course_id}/staff/users/{courseRegId}/assessments") + get("/courses/{course_id}/admin/users/{courseRegId}/assessments") summary("Fetches assessment overviews of a user") @@ -270,7 +270,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :get_popular_leaderboard do - get("/courses/{course_id}/staff/assessments/:assessmentid/popularVoteLeaderboard") + get("/courses/{course_id}/admin/assessments/:assessmentid/popularVoteLeaderboard") summary("get the top 10 contest entries based on popularity") @@ -286,7 +286,7 @@ defmodule CadetWeb.AdminAssessmentsController do end swagger_path :get_score_leaderboard do - get("/courses/{course_id}/staff/assessments/:assessmentid/scoreLeaderboard") + get("/courses/{course_id}/admin/assessments/:assessmentid/scoreLeaderboard") summary("get the top 10 contest entries based on score") diff --git a/lib/cadet_web/admin_controllers/admin_assets_controller.ex b/lib/cadet_web/admin_controllers/admin_assets_controller.ex index a6fbaf960..0fc835912 100644 --- a/lib/cadet_web/admin_controllers/admin_assets_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assets_controller.ex @@ -20,7 +20,7 @@ defmodule CadetWeb.AdminAssetsController do case Assets.delete_object(Courses.assets_prefix(course_reg.course), foldername, filename) do {:error, {status, message}} -> conn |> put_status(status) |> text(message) - _ -> conn |> put_status(204) |> text(~c"") + _ -> conn |> put_status(204) |> text('') end end @@ -69,7 +69,7 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :index do - get("/courses/{course_id}/staff/assets/{folderName}") + get("/courses/{course_id}/admin/assets/{folderName}") summary("Get a list of all assets in a folder") @@ -87,16 +87,14 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/staff/assets/{folderName}/{fileName}") + PhoenixSwagger.Path.delete("/courses/{course_id}/admin/assets/{folderName}/{fileName}") summary("Delete a file from an asset folder") parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", - required: true - ) + fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) end security([%{JWT: []}]) @@ -108,16 +106,14 @@ defmodule CadetWeb.AdminAssetsController do end swagger_path :upload do - post("/courses/{course_id}/staff/assets/{folderName}/{fileName}") + post("/courses/{course_id}/admin/assets/{folderName}/{fileName}") summary("Upload a file to an asset folder") parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", - required: true - ) + fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) end security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_goals_controller.ex b/lib/cadet_web/admin_controllers/admin_goals_controller.ex index 622b5c752..628540232 100644 --- a/lib/cadet_web/admin_controllers/admin_goals_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_goals_controller.ex @@ -87,7 +87,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :index do - get("/staff/goals") + get("/admin/goals") summary("Gets goals") security([%{JWT: []}]) @@ -98,7 +98,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :index_goals_with_progress do - get("/staff/goals/{courseRegId}") + get("/admin/goals/{courseRegId}") summary("Gets goals and goal progress of a user") security([%{JWT: []}]) @@ -113,7 +113,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :update do - put("/staff/goals/{uuid}") + put("/admin/goals/{uuid}") summary("Inserts or updates a goal") @@ -136,7 +136,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :bulk_update do - put("/staff/goals") + put("/admin/goals") summary("Inserts or updates goals") @@ -157,7 +157,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :update_progress do - post("/staff/users/{courseRegId}/goals/{uuid}/progress") + post("/admin/users/{courseRegId}/goals/{uuid}/progress") summary("Inserts or updates own goal progress of specifed goal") security([%{JWT: []}]) @@ -180,7 +180,7 @@ defmodule CadetWeb.AdminGoalsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/staff/goals/{uuid}") + PhoenixSwagger.Path.delete("/admin/goals/{uuid}") summary("Deletes a goal") security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_grading_controller.ex b/lib/cadet_web/admin_controllers/admin_grading_controller.ex index f7dcf4417..d95431362 100644 --- a/lib/cadet_web/admin_controllers/admin_grading_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_grading_controller.ex @@ -175,7 +175,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :index do - get("/courses/{course_id}/staff/grading") + get("/courses/{course_id}/admin/grading") summary("Get a list of all submissions with current user as the grader") @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :unsubmit do - post("/courses/{course_id}/staff/grading/{submissionId}/unsubmit") + post("/courses/{course_id}/admin/grading/{submissionId}/unsubmit") summary("Unsubmit submission. Can only be done by the Avenger of a student") security([%{JWT: []}]) @@ -213,7 +213,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :autograde_submission do - post("/courses/{course_id}/staff/grading/{submissionId}/autograde") + post("/courses/{course_id}/admin/grading/{submissionId}/autograde") summary("Force re-autograding of an entire submission") security([%{JWT: []}]) @@ -228,7 +228,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :autograde_answer do - post("/courses/{course_id}/staff/grading/{submissionId}/{questionId}/autograde") + post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}/autograde") summary("Force re-autograding of a question in a submission") security([%{JWT: []}]) @@ -244,7 +244,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :show do - get("/courses/{course_id}/staff/grading/{submissionId}") + get("/courses/{course_id}/admin/grading/{submissionId}") summary("Get information about a specific submission to be graded") @@ -263,7 +263,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :update do - post("/courses/{course_id}/staff/grading/{submissionId}/{questionId}") + post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}") summary("Update marks given to the answer of a particular question in a submission") @@ -285,7 +285,7 @@ defmodule CadetWeb.AdminGradingController do end swagger_path :grading_summary do - get("/courses/{course_id}/staff/grading/summary") + get("/courses/{course_id}/admin/grading/summary") summary("Receives a summary of grading items done by this grader") @@ -330,9 +330,7 @@ defmodule CadetWeb.AdminGradingController do required: true ) - student(Schema.ref(:StudentInfo), "Student who created the submission", - required: true - ) + student(Schema.ref(:StudentInfo), "Student who created the submission", required: true) unsubmittedBy(Schema.ref(:GraderInfo)) unsubmittedAt(:string, "Last unsubmitted at", format: "date-time", required: false) diff --git a/lib/cadet_web/admin_controllers/admin_stories_controller.ex b/lib/cadet_web/admin_controllers/admin_stories_controller.ex index 6040bc1ac..a6cdd46c0 100644 --- a/lib/cadet_web/admin_controllers/admin_stories_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_stories_controller.ex @@ -12,7 +12,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text(~c"") + conn |> put_status(200) |> text('') {:error, {status, message}} -> conn @@ -29,7 +29,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text(~c"") + conn |> put_status(200) |> text('') {:error, {status, message}} -> conn @@ -43,7 +43,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _nil} -> - conn |> put_status(204) |> text(~c"") + conn |> put_status(204) |> text('') {:error, {status, message}} -> conn @@ -53,7 +53,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :create do - post("/courses/{course_id}/staff/stories") + post("/courses/{course_id}/admin/stories") summary("Creates a new story") @@ -65,7 +65,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/staff/stories/{storyId}") + PhoenixSwagger.Path.delete("/courses/{course_id}/admin/stories/{storyId}") summary("Delete a story from database by id") @@ -81,7 +81,7 @@ defmodule CadetWeb.AdminStoriesController do end swagger_path :update do - post("/courses/{course_id}/staff/stories/{storyId}") + post("/courses/{course_id}/admin/stories/{storyId}") summary("Update details regarding a story") diff --git a/lib/cadet_web/admin_controllers/admin_teams_controller.ex b/lib/cadet_web/admin_controllers/admin_teams_controller.ex index a8129d048..c91974404 100644 --- a/lib/cadet_web/admin_controllers/admin_teams_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_teams_controller.ex @@ -98,7 +98,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :index do - get("/staff/teams") + get("/admin/teams") summary("Fetches every team in the course") @@ -110,7 +110,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :create do - post("/courses/{course_id}/staff/teams") + post("/courses/{course_id}/admin/teams") summary("Creates a new team") @@ -130,7 +130,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :update do - post("/courses/{course_id}/staff/teams/{teamId}") + post("/courses/{course_id}/admin/teams/{teamId}") summary("Updates an existing team") @@ -152,7 +152,7 @@ defmodule CadetWeb.AdminTeamsController do end swagger_path :delete do - PhoenixSwagger.Path.delete("/courses/{course_id}/staff/teams/{teamId}") + PhoenixSwagger.Path.delete("/courses/{course_id}/admin/teams/{teamId}") summary("Deletes an existing team") diff --git a/lib/cadet_web/admin_controllers/admin_user_controller.ex b/lib/cadet_web/admin_controllers/admin_user_controller.ex index d916725d6..53add9133 100644 --- a/lib/cadet_web/admin_controllers/admin_user_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_user_controller.ex @@ -187,7 +187,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :index do - get("/courses/{course_id}/staff/users") + get("/courses/{course_id}/admin/users") summary("Returns a list of users in the course owned by the admin") @@ -198,7 +198,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :combined_total_xp do - get("/courses/{course_id}/staff/users/{course_reg_id}/total_xp") + get("/courses/{course_id}/admin/users/{course_reg_id}/total_xp") summary("Get the specified user's total XP from achievements and assessments") @@ -215,7 +215,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :upsert_users_and_groups do - put("/courses/{course_id}/staff/users") + put("/courses/{course_id}/admin/users") summary("Adds the list of usernames and roles to the course") security([%{JWT: []}]) @@ -236,7 +236,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :update_role do - put("/courses/{course_id}/staff/users/{course_reg_id}/role") + put("/courses/{course_id}/admin/users/{course_reg_id}/role") summary("Updates the role of the given user in the the course") security([%{JWT: []}]) @@ -265,7 +265,7 @@ defmodule CadetWeb.AdminUserController do end swagger_path :delete_user do - delete("/courses/{course_id}/staff/users/{course_reg_id}") + delete("/courses/{course_id}/admin/users/{course_reg_id}") summary("Deletes a user from a course") consumes("application/json") diff --git a/lib/cadet_web/controllers/team_controller.ex b/lib/cadet_web/controllers/team_controller.ex index 906d1aea6..476790055 100644 --- a/lib/cadet_web/controllers/team_controller.ex +++ b/lib/cadet_web/controllers/team_controller.ex @@ -57,7 +57,7 @@ defmodule CadetWeb.TeamController do end swagger_path :index do - get("/staff/teams") + get("/admin/teams") summary("Fetches team formation overview based on assessment ID") diff --git a/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs b/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs index 7c080e2aa..7bedaaaed 100644 --- a/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_achievements_controller_test.exs @@ -14,7 +14,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do assert is_map(AdminAchievementsController.swagger_path_delete(nil)) end - describe "PUT v2/courses/:course_id/staff/achievements/:uuid" do + describe "PUT v2/courses/:course_id/admin/achievements/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -72,7 +72,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do end end - describe "PUT v2/courses/:course_id/staff/achievements" do + describe "PUT v2/courses/:course_id/admin/achievements" do setup do %{ achievements: [ @@ -124,7 +124,7 @@ defmodule CadetWeb.AdminAchievementsControllerTest do end end - describe "DELETE v2/courses/:course_id/staff/achievements/:uuid" do + describe "DELETE v2/courses/:course_id/admin/achievements/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -176,10 +176,10 @@ defmodule CadetWeb.AdminAchievementsControllerTest do defp build_path(course_id, uuid \\ nil) defp build_path(course_id, nil) do - "/v2/courses/#{course_id}/staff/achievements" + "/v2/courses/#{course_id}/admin/achievements" end defp build_path(course_id, uuid) do - "/v2/courses/#{course_id}/staff/achievements/#{uuid}" + "/v2/courses/#{course_id}/admin/achievements/#{uuid}" end end diff --git a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs index c7745abd5..0b0dc1483 100644 --- a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs @@ -915,7 +915,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do do: "/v2/courses/#{course_id}/admin/assessments/#{assessment_id}" defp build_user_assessments_url(course_id, course_reg_id), - do: "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/assessments" + do: "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/assessments" defp build_popular_leaderboard_url(course_id, assessment_id), do: "#{build_url(course_id, assessment_id)}/popularVoteLeaderboard" diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs index 2ae13e4e5..d2d422361 100644 --- a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs @@ -246,7 +246,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/assets/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/assets/" defp build_url(course_id, url), do: "#{build_url(course_id)}/#{url}" defp build_upload(path, content_type \\ "image/png") do diff --git a/test/cadet_web/admin_controllers/admin_goals_controller_test.exs b/test/cadet_web/admin_controllers/admin_goals_controller_test.exs index 9b657291a..80d6c7c36 100644 --- a/test/cadet_web/admin_controllers/admin_goals_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_goals_controller_test.exs @@ -17,7 +17,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do assert is_map(AdminGoalsController.swagger_path_update_progress(nil)) end - describe "GET v2/courses/:course_id/staff/goals" do + describe "GET v2/courses/:course_id/admin/goals" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -54,7 +54,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "GET v2/courses/:course_id/staff/users/:course_reg_id/goals" do + describe "GET v2/courses/:course_id/admin/users/:course_reg_id/goals" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course = conn.assigns.test_cr.course @@ -104,7 +104,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "PUT v2/courses/:course_id/staff/goals/:uuid" do + describe "PUT v2/courses/:course_id/admin/goals/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -143,7 +143,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "PUT v2/courses/:course_id/staff/goals" do + describe "PUT v2/courses/:course_id/admin/goals" do setup do %{ goals: [ @@ -195,7 +195,7 @@ defmodule CadetWeb.AdminGoalsControllerTest do end end - describe "DELETE v2/courses/:course_id/staff/goals/:uuid" do + describe "DELETE v2/courses/:course_id/admin/goals/:uuid" do @tag authenticate: :staff test "succeeds for staff", %{conn: conn} do course_id = conn.assigns.course_id @@ -305,18 +305,18 @@ defmodule CadetWeb.AdminGoalsControllerTest do defp build_path(course_id, uuid \\ nil) defp build_path(course_id, nil) do - "/v2/courses/#{course_id}/staff/goals" + "/v2/courses/#{course_id}/admin/goals" end defp build_path(course_id, uuid) do - "/v2/courses/#{course_id}/staff/goals/#{uuid}" + "/v2/courses/#{course_id}/admin/goals/#{uuid}" end defp build_path(course_id, uuid, course_reg_id) do - "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/goals/#{uuid}/progress/" + "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/goals/#{uuid}/progress/" end defp build_user_goals_path(course_id, course_reg_id) do - "/v2/courses/#{course_id}/staff/users/#{course_reg_id}/goals" + "/v2/courses/#{course_id}/admin/users/#{course_reg_id}/goals" end end diff --git a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs index 777ae6ac7..11d8df0f0 100644 --- a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs @@ -1652,8 +1652,8 @@ defmodule CadetWeb.AdminGradingControllerTest do |> length() end - defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/grading/" - defp build_url_summary(course_id), do: "/v2/courses/#{course_id}/staff/grading/summary" + defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/grading/" + defp build_url_summary(course_id), do: "/v2/courses/#{course_id}/admin/grading/summary" defp build_url(course_id, submission_id), do: "#{build_url(course_id)}#{submission_id}" defp build_url(course_id, submission_id, question_id), diff --git a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs index 66bbe16bf..b38657283 100644 --- a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs @@ -300,7 +300,7 @@ defmodule CadetWeb.AdminSourcecastControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/sourcecast/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/sourcecast/" defp build_url(course_id, sourcecast_id), do: "#{build_url(course_id)}#{sourcecast_id}/" defp seed_db(course_id) do diff --git a/test/cadet_web/admin_controllers/admin_stories_controller_test.exs b/test/cadet_web/admin_controllers/admin_stories_controller_test.exs index f3f09f4fb..700adb570 100644 --- a/test/cadet_web/admin_controllers/admin_stories_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_stories_controller_test.exs @@ -35,26 +35,26 @@ defmodule CadetWeb.AdminStoriesControllerTest do end describe "unauthenticated" do - test "POST /v2/courses/{course_id}/staff/stories/", %{conn: conn} do + test "POST /v2/courses/{course_id}/admin/stories/", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id), %{}) assert response(conn, 401) =~ "Unauthorised" end - test "DELETE /v2/courses/{course_id}/staff/stories/:storyid", %{conn: conn} do + test "DELETE /v2/courses/{course_id}/admin/stories/:storyid", %{conn: conn} do course = insert(:course) conn = delete(conn, build_url(course.id, "storyid"), %{}) assert response(conn, 401) =~ "Unauthorised" end - test "POST /v2/courses/{course_id}/staff/stories/:storyid", %{conn: conn} do + test "POST /v2/courses/{course_id}/admin/stories/:storyid", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id, "storyid"), %{}) assert response(conn, 401) =~ "Unauthorised" end end - describe "DELETE /v2/courses/{course_id}/staff/stories/:storyid" do + describe "DELETE /v2/courses/{course_id}/admin/stories/:storyid" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -90,7 +90,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - describe "POST /v2/courses/{course_id}/staff/stories/" do + describe "POST /v2/courses/{course_id}/admin/stories/" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn, valid_params: params} do course_id = conn.assigns[:course_id] @@ -126,7 +126,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - describe "POST /v2/courses/{course_id}/staff/stories/:storyid" do + describe "POST /v2/courses/{course_id}/admin/stories/:storyid" do @tag authenticate: :student test "student permission, forbidden", %{conn: conn, valid_params: params} do course_id = conn.assigns[:course_id] @@ -174,7 +174,7 @@ defmodule CadetWeb.AdminStoriesControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/stories" + defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/stories" defp build_url(course_id, story_id), do: "#{build_url(course_id)}/#{story_id}" defp stringify_camelise_keys(map) do diff --git a/test/cadet_web/admin_controllers/admin_teams_controller_test.exs b/test/cadet_web/admin_controllers/admin_teams_controller_test.exs index 880ec44a8..32d2a517e 100644 --- a/test/cadet_web/admin_controllers/admin_teams_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_teams_controller_test.exs @@ -13,7 +13,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do AdminTeamsController.swagger_path_delete(nil) end - describe "GET /staff/teams" do + describe "GET /admin/teams" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = get(conn, build_url(course.id)) @@ -42,7 +42,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "POST /staff/teams" do + describe "POST /admin/teams" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = post(conn, build_url(course.id), %{}) @@ -160,7 +160,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "PUT /staff/teams/{teamId}" do + describe "PUT /admin/teams/{teamId}" do test "unauthenticated", %{conn: conn} do course = insert(:course) conn = put(conn, build_url(course.id, 1), %{}) @@ -225,7 +225,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - describe "DELETE /staff/teams/{teamId}" do + describe "DELETE /admin/teams/{teamId}" do test "unauthenticated", %{conn: conn} do course = insert(:course) team = insert(:team) @@ -290,7 +290,7 @@ defmodule CadetWeb.AdminTeamsControllerTest do end end - defp build_url(course_id), do: "/v2/courses/#{course_id}/staff/teams/" + defp build_url(course_id), do: "/v2/courses/#{course_id}/admin/teams/" defp build_url(course_id, team_id), do: "#{build_url(course_id)}#{team_id}" diff --git a/test/cadet_web/admin_controllers/admin_user_controller_test.exs b/test/cadet_web/admin_controllers/admin_user_controller_test.exs index 331c8d799..bd134876c 100644 --- a/test/cadet_web/admin_controllers/admin_user_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_user_controller_test.exs @@ -18,7 +18,7 @@ defmodule CadetWeb.AdminUserControllerTest do assert is_map(AdminUserController.swagger_path_combined_total_xp(nil)) end - describe "GET /v2/courses/{course_id}/staff/users" do + describe "GET /v2/courses/{course_id}/admin/users" do @tag authenticate: :staff test "success, when staff retrieves all users", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -118,7 +118,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "PUT /v2/courses/{course_id}/staff/users" do + describe "PUT /v2/courses/{course_id}/admin/users" do @tag authenticate: :admin test "successfully namespaces and inserts users, and assign groups", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -351,7 +351,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "PUT /v2/courses/{course_id}/staff/users/{course_reg_id}/role" do + describe "PUT /v2/courses/{course_id}/admin/users/{course_reg_id}/role" do @tag authenticate: :admin test "success (student to staff), when admin is admin of the course the user is in", %{ conn: conn @@ -473,7 +473,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "DELETE /v2/courses/{course_id}/staff/users/{course_reg_id}" do + describe "DELETE /v2/courses/{course_id}/admin/users/{course_reg_id}" do @tag authenticate: :admin test "success (delete student), when admin is admin of the course the user is in", %{ conn: conn @@ -566,7 +566,7 @@ defmodule CadetWeb.AdminUserControllerTest do end end - describe "GET /v2/courses/{course_id}/staff/users/{course_reg_id}/total_xp" do + describe "GET /v2/courses/{course_id}/admin/users/{course_reg_id}/total_xp" do @tag authenticate: :admin test "achievement, one completed goal", %{ conn: conn @@ -627,17 +627,17 @@ defmodule CadetWeb.AdminUserControllerTest do resp = conn - |> get("/v2/courses/#{course.id}/staff/users/#{test_cr.id}/total_xp") + |> get("/v2/courses/#{course.id}/admin/users/#{test_cr.id}/total_xp") |> json_response(200) assert resp["totalXp"] == 210 end end - defp build_url_users(course_id), do: "/v2/courses/#{course_id}/staff/users" + defp build_url_users(course_id), do: "/v2/courses/#{course_id}/admin/users" defp build_url_users(course_id, course_reg_id), - do: "/v2/courses/#{course_id}/staff/users/#{course_reg_id}" + do: "/v2/courses/#{course_id}/admin/users/#{course_reg_id}" defp build_url_users_role(course_id, course_reg_id), do: build_url_users(course_id, course_reg_id) <> "/role" diff --git a/test/cadet_web/controllers/teams_controller_test.exs b/test/cadet_web/controllers/teams_controller_test.exs index b0eb7c9b2..e67324adb 100644 --- a/test/cadet_web/controllers/teams_controller_test.exs +++ b/test/cadet_web/controllers/teams_controller_test.exs @@ -13,7 +13,7 @@ defmodule CadetWeb.TeamsControllerTest do TeamController.swagger_path_index(nil) end - describe "GET /v2/staff/teams" do + describe "GET /v2/admin/teams" do @tag authenticate: :student test "unauthorized with student", %{conn: conn} do course = insert(:course) @@ -94,7 +94,7 @@ defmodule CadetWeb.TeamsControllerTest do end end - defp build_url_get(course_id), do: "/v2/courses/#{course_id}/staff/teams" + defp build_url_get(course_id), do: "/v2/courses/#{course_id}/admin/teams" defp build_url_get_by_assessment(course_id, assessment_id), do: "/v2/courses/#{course_id}/team/#{assessment_id}" From 83f923205a523833fac2dafef210e9a3a73a764b Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 14:38:31 +0800 Subject: [PATCH 08/23] Revert "Change appropriate routes into admin scope" This reverts commit 18dc689a4df4836fc6967bf0f74dc252964bd175. --- lib/cadet_web/router.ex | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index c5d385a5c..bb339187d 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -185,6 +185,7 @@ defmodule CadetWeb.Router do # The admin route for getting total xp of a specific user get("/users/:course_reg_id/total_xp", AdminUserController, :combined_total_xp) put("/users/:course_reg_id/role", AdminUserController, :update_role) + delete("/users/:course_reg_id", AdminUserController, :delete_user) get("/users/:course_reg_id/goals", AdminGoalsController, :index_goals_with_progress) post("/users/:course_reg_id/goals/:uuid/progress", AdminGoalsController, :update_progress) @@ -234,8 +235,6 @@ defmodule CadetWeb.Router do AdminGradingController, :unpublish_all_grades ) - - delete("/users/:course_reg_id", AdminUserController, :delete_user) end # Other scopes may use custom stacks. From 23a7487d5c21f4d40309e19350bfc25a8bb8ed1a Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 14:41:07 +0800 Subject: [PATCH 09/23] Revert "Create a new staff scope" This reverts commit 6b7e54e981a0f9b148fab087cf6ebd3bbf159d95. --- lib/cadet_web/router.ex | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index bb339187d..339e11016 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -24,10 +24,6 @@ defmodule CadetWeb.Router do plug(:assign_course) end - pipeline :ensure_admin do - plug(:ensure_role, [:admin]) - end - pipeline :ensure_staff do plug(:ensure_role, [:staff, :admin]) end @@ -123,8 +119,8 @@ defmodule CadetWeb.Router do get("/team/:assessmentid", TeamController, :index) end - # Staff pages - scope "/v2/courses/:course_id/staff", CadetWeb do + # Admin pages + scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff]) resources("/sourcecast", AdminSourcecastController, only: [:create, :delete]) @@ -133,6 +129,10 @@ defmodule CadetWeb.Router do post("/assets/:foldername/*filename", AdminAssetsController, :upload) delete("/assets/:foldername/*filename", AdminAssetsController, :delete) + post("/assessments", AdminAssessmentsController, :create) + post("/assessments/:assessmentid", AdminAssessmentsController, :update) + delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) + get( "/assessments/:assessmentid/popularVoteLeaderboard", AdminAssessmentsController, @@ -228,13 +228,11 @@ defmodule CadetWeb.Router do :delete_assessment_config ) - post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) - - post( - "/grading/:assessmentid/unpublish_all_grades", - AdminGradingController, - :unpublish_all_grades - ) + get("/teams", AdminTeamsController, :index) + post("/teams", AdminTeamsController, :create) + delete("/teams/:teamid", AdminTeamsController, :delete) + put("/teams/:teamid", AdminTeamsController, :update) + post("/teams/upload", AdminTeamsController, :bulk_upload) end # Other scopes may use custom stacks. From b39dc5630a3d94d20e5815321591349246249e9b Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 15:25:48 +0800 Subject: [PATCH 10/23] Move dangerous routes into a new scope --- lib/cadet_web/router.ex | 47 ++++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 339e11016..0960545a8 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -28,6 +28,10 @@ defmodule CadetWeb.Router do plug(:ensure_role, [:staff, :admin]) end + pipeline :ensure_admin do + plug(:ensure_role, [:admin]) + end + scope "/", CadetWeb do get("/.well-known/jwks.json", JWKSController, :index) end @@ -119,20 +123,12 @@ defmodule CadetWeb.Router do get("/team/:assessmentid", TeamController, :index) end - # Admin pages + # Admin pages (Access: All staff) scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff]) resources("/sourcecast", AdminSourcecastController, only: [:create, :delete]) - get("/assets/:foldername", AdminAssetsController, :index) - post("/assets/:foldername/*filename", AdminAssetsController, :upload) - delete("/assets/:foldername/*filename", AdminAssetsController, :delete) - - post("/assessments", AdminAssessmentsController, :create) - post("/assessments/:assessmentid", AdminAssessmentsController, :update) - delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) - get( "/assessments/:assessmentid/popularVoteLeaderboard", AdminAssessmentsController, @@ -148,14 +144,6 @@ defmodule CadetWeb.Router do get("/grading", AdminGradingController, :index) get("/grading/summary", AdminGradingController, :grading_summary) - post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) - - post( - "/grading/:assessmentid/unpublish_all_grades", - AdminGradingController, - :unpublish_all_grades - ) - get("/grading/:submissionid", AdminGradingController, :show) post("/grading/:submissionid/unsubmit", AdminGradingController, :unsubmit) post("/grading/:submissionid/unpublish_grades", AdminGradingController, :unpublish_grades) @@ -184,8 +172,6 @@ defmodule CadetWeb.Router do # The admin route for getting total xp of a specific user get("/users/:course_reg_id/total_xp", AdminUserController, :combined_total_xp) - put("/users/:course_reg_id/role", AdminUserController, :update_role) - delete("/users/:course_reg_id", AdminUserController, :delete_user) get("/users/:course_reg_id/goals", AdminGoalsController, :index_goals_with_progress) post("/users/:course_reg_id/goals/:uuid/progress", AdminGoalsController, :update_progress) @@ -209,14 +195,29 @@ defmodule CadetWeb.Router do post("/teams/upload", AdminTeamsController, :bulk_upload) end - # Admin pages + # Admin pages (Access: Course administrators only - these routes can cause substantial damage) scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) + get("/assets/:foldername", AdminAssetsController, :index) + post("/assets/:foldername/*filename", AdminAssetsController, :upload) + delete("/assets/:foldername/*filename", AdminAssetsController, :delete) + post("/assessments", AdminAssessmentsController, :create) post("/assessments/:assessmentid", AdminAssessmentsController, :update) delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) + post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) + + post( + "/grading/:assessmentid/unpublish_all_grades", + AdminGradingController, + :unpublish_all_grades + ) + + put("/users/:course_reg_id/role", AdminUserController, :update_role) + delete("/users/:course_reg_id", AdminUserController, :delete_user) + put("/config", AdminCoursesController, :update_course_config) # TODO: Missing corresponding Swagger path entry get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs) @@ -227,12 +228,6 @@ defmodule CadetWeb.Router do AdminCoursesController, :delete_assessment_config ) - - get("/teams", AdminTeamsController, :index) - post("/teams", AdminTeamsController, :create) - delete("/teams/:teamid", AdminTeamsController, :delete) - put("/teams/:teamid", AdminTeamsController, :update) - post("/teams/upload", AdminTeamsController, :bulk_upload) end # Other scopes may use custom stacks. From dfd940a0b20855399e06fc73a412419a7bb96caf Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 15:30:37 +0800 Subject: [PATCH 11/23] Fix linting --- .../admin_controllers/admin_assets_controller.ex | 10 +++++++--- .../admin_controllers/admin_grading_controller.ex | 4 +++- .../admin_controllers/admin_stories_controller.ex | 6 +++--- 3 files changed, 13 insertions(+), 7 deletions(-) diff --git a/lib/cadet_web/admin_controllers/admin_assets_controller.ex b/lib/cadet_web/admin_controllers/admin_assets_controller.ex index 0fc835912..3c279ba5f 100644 --- a/lib/cadet_web/admin_controllers/admin_assets_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assets_controller.ex @@ -20,7 +20,7 @@ defmodule CadetWeb.AdminAssetsController do case Assets.delete_object(Courses.assets_prefix(course_reg.course), foldername, filename) do {:error, {status, message}} -> conn |> put_status(status) |> text(message) - _ -> conn |> put_status(204) |> text('') + _ -> conn |> put_status(204) |> text(~c"") end end @@ -94,7 +94,9 @@ defmodule CadetWeb.AdminAssetsController do parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) + fileName(:path, :string, "File path in folder, which may contain subfolders", + required: true + ) end security([%{JWT: []}]) @@ -113,7 +115,9 @@ defmodule CadetWeb.AdminAssetsController do parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", required: true) + fileName(:path, :string, "File path in folder, which may contain subfolders", + required: true + ) end security([%{JWT: []}]) diff --git a/lib/cadet_web/admin_controllers/admin_grading_controller.ex b/lib/cadet_web/admin_controllers/admin_grading_controller.ex index d95431362..99617405a 100644 --- a/lib/cadet_web/admin_controllers/admin_grading_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_grading_controller.ex @@ -330,7 +330,9 @@ defmodule CadetWeb.AdminGradingController do required: true ) - student(Schema.ref(:StudentInfo), "Student who created the submission", required: true) + student(Schema.ref(:StudentInfo), "Student who created the submission", + required: true + ) unsubmittedBy(Schema.ref(:GraderInfo)) unsubmittedAt(:string, "Last unsubmitted at", format: "date-time", required: false) diff --git a/lib/cadet_web/admin_controllers/admin_stories_controller.ex b/lib/cadet_web/admin_controllers/admin_stories_controller.ex index a6cdd46c0..16c08f1ad 100644 --- a/lib/cadet_web/admin_controllers/admin_stories_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_stories_controller.ex @@ -12,7 +12,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text('') + conn |> put_status(200) |> text(~c"") {:error, {status, message}} -> conn @@ -29,7 +29,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _story} -> - conn |> put_status(200) |> text('') + conn |> put_status(200) |> text(~c"") {:error, {status, message}} -> conn @@ -43,7 +43,7 @@ defmodule CadetWeb.AdminStoriesController do case result do {:ok, _nil} -> - conn |> put_status(204) |> text('') + conn |> put_status(204) |> text(~c"") {:error, {status, message}} -> conn From 622048191e3f54f6607e9048f10954480a9c4275 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 15:59:03 +0800 Subject: [PATCH 12/23] Linting works in mysterious ways --- .../admin_controllers/admin_assets_controller.ex | 10 ++++++++-- .../admin_controllers/admin_courses_controller.ex | 4 +++- .../admin_controllers/admin_grading_controller.ex | 4 +++- lib/cadet_web/admin_views/admin_assessments_view.ex | 5 ++++- 4 files changed, 18 insertions(+), 5 deletions(-) diff --git a/lib/cadet_web/admin_controllers/admin_assets_controller.ex b/lib/cadet_web/admin_controllers/admin_assets_controller.ex index 3c279ba5f..fc980e6c2 100644 --- a/lib/cadet_web/admin_controllers/admin_assets_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_assets_controller.ex @@ -94,7 +94,10 @@ defmodule CadetWeb.AdminAssetsController do parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", + fileName( + :path, + :string, + "File path in folder, which may contain subfolders", required: true ) end @@ -115,7 +118,10 @@ defmodule CadetWeb.AdminAssetsController do parameters do folderName(:path, :string, "Folder name", required: true) - fileName(:path, :string, "File path in folder, which may contain subfolders", + fileName( + :path, + :string, + "File path in folder, which may contain subfolders", required: true ) end diff --git a/lib/cadet_web/admin_controllers/admin_courses_controller.ex b/lib/cadet_web/admin_controllers/admin_courses_controller.ex index bdda2c868..268befcae 100644 --- a/lib/cadet_web/admin_controllers/admin_courses_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_courses_controller.ex @@ -143,7 +143,9 @@ defmodule CadetWeb.AdminCoursesController do title("AdminSublanguage") properties do - chapter(:integer, "Chapter number from 1 to 4", + chapter( + :integer, + "Chapter number from 1 to 4", required: true, minimum: 1, maximum: 4 diff --git a/lib/cadet_web/admin_controllers/admin_grading_controller.ex b/lib/cadet_web/admin_controllers/admin_grading_controller.ex index 99617405a..6ad2b06d5 100644 --- a/lib/cadet_web/admin_controllers/admin_grading_controller.ex +++ b/lib/cadet_web/admin_controllers/admin_grading_controller.ex @@ -330,7 +330,9 @@ defmodule CadetWeb.AdminGradingController do required: true ) - student(Schema.ref(:StudentInfo), "Student who created the submission", + student( + Schema.ref(:StudentInfo), + "Student who created the submission", required: true ) diff --git a/lib/cadet_web/admin_views/admin_assessments_view.ex b/lib/cadet_web/admin_views/admin_assessments_view.ex index a9404e80e..a95efd0c0 100644 --- a/lib/cadet_web/admin_views/admin_assessments_view.ex +++ b/lib/cadet_web/admin_views/admin_assessments_view.ex @@ -67,7 +67,10 @@ defmodule CadetWeb.AdminAssessmentsView do end def render("leaderboard.json", %{leaderboard: leaderboard}) do - render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", + render_many( + leaderboard, + CadetWeb.AdminAssessmentsView, + "contestEntry.json", as: :contestEntry ) end From 63b915d7de7c58fd01778bff7d6c9824c6d53b82 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Tue, 10 Sep 2024 16:00:45 +0800 Subject: [PATCH 13/23] One more formatting change --- lib/cadet_web/views/assessments_view.ex | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/cadet_web/views/assessments_view.ex b/lib/cadet_web/views/assessments_view.ex index 970f2c563..954415a7b 100644 --- a/lib/cadet_web/views/assessments_view.ex +++ b/lib/cadet_web/views/assessments_view.ex @@ -70,7 +70,10 @@ defmodule CadetWeb.AssessmentsView do end def render("leaderboard.json", %{leaderboard: leaderboard}) do - render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", + render_many( + leaderboard, + CadetWeb.AdminAssessmentsView, + "contestEntry.json", as: :contestEntry ) end From 4c9893bf3b4fb07ede79e8f413962a2ff2d89a67 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 6 Oct 2024 23:51:59 +0800 Subject: [PATCH 14/23] Swap order of all-staff and admin-only routes This swap prevents the all-staff route, "/grading/:submissionid/:questionid", from pattern matching and overshadowing the admin-only route "/grading/:assessmentid/publish_all_grades". Thankfully, no admin routes overshadow staff routes, so a quick fix can be done here. --- lib/cadet_web/router.ex | 83 ++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 35 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 0960545a8..9c73f21da 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -123,6 +123,54 @@ defmodule CadetWeb.Router do get("/team/:assessmentid", TeamController, :index) end + # Admin pages (Access: Course administrators only - these routes can cause substantial damage) + @doc """ + NOTE: This scope must come before the routes for all staff below. + + This is due to the all-staff route "/grading/:submissionid/:questionid", which would pattern match + and overshadow "/grading/:assessmentid/publish_all_grades". + + If an admin route will overshadow an all-staff route as well, a suggested better solution would be a + per-route permission level check. + """ + scope "/v2/courses/:course_id/admin", CadetWeb do + pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) + + get("/assets/:foldername", AdminAssetsController, :index) + post("/assets/:foldername/*filename", AdminAssetsController, :upload) + delete("/assets/:foldername/*filename", AdminAssetsController, :delete) + + post("/assessments", AdminAssessmentsController, :create) + post("/assessments/:assessmentid", AdminAssessmentsController, :update) + delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) + + post( + "/grading/:assessmentid/publish_all_grades", + AdminGradingController, + :publish_all_grades + ) + + post( + "/grading/:assessmentid/unpublish_all_grades", + AdminGradingController, + :unpublish_all_grades + ) + + put("/users/:course_reg_id/role", AdminUserController, :update_role) + delete("/users/:course_reg_id", AdminUserController, :delete_user) + + put("/config", AdminCoursesController, :update_course_config) + # TODO: Missing corresponding Swagger path entry + get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs) + put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs) + # TODO: Missing corresponding Swagger path entry + delete( + "/config/assessment_config/:assessment_config_id", + AdminCoursesController, + :delete_assessment_config + ) + end + # Admin pages (Access: All staff) scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff]) @@ -195,41 +243,6 @@ defmodule CadetWeb.Router do post("/teams/upload", AdminTeamsController, :bulk_upload) end - # Admin pages (Access: Course administrators only - these routes can cause substantial damage) - scope "/v2/courses/:course_id/admin", CadetWeb do - pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) - - get("/assets/:foldername", AdminAssetsController, :index) - post("/assets/:foldername/*filename", AdminAssetsController, :upload) - delete("/assets/:foldername/*filename", AdminAssetsController, :delete) - - post("/assessments", AdminAssessmentsController, :create) - post("/assessments/:assessmentid", AdminAssessmentsController, :update) - delete("/assessments/:assessmentid", AdminAssessmentsController, :delete) - - post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades) - - post( - "/grading/:assessmentid/unpublish_all_grades", - AdminGradingController, - :unpublish_all_grades - ) - - put("/users/:course_reg_id/role", AdminUserController, :update_role) - delete("/users/:course_reg_id", AdminUserController, :delete_user) - - put("/config", AdminCoursesController, :update_course_config) - # TODO: Missing corresponding Swagger path entry - get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs) - put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs) - # TODO: Missing corresponding Swagger path entry - delete( - "/config/assessment_config/:assessment_config_id", - AdminCoursesController, - :delete_assessment_config - ) - end - # Other scopes may use custom stacks. # scope "/api", CadetWeb do # pipe_through :api From 18808979b35752e16ef797c4f3e50ca15d62dbdb Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 20:10:10 +0800 Subject: [PATCH 15/23] Update error message for grading routes --- .../admin_controllers/admin_grading_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs index 11d8df0f0..87ac65e28 100644 --- a/test/cadet_web/admin_controllers/admin_grading_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_grading_controller_test.exs @@ -1099,7 +1099,7 @@ defmodule CadetWeb.AdminGradingControllerTest do |> sign_in(staff.user) |> post(build_url_unpublish_all(course.id, assessment_id)) - assert response(conn, 403) == "Only Admin is permitted to unpublish all grades" + assert response(conn, 403) == "Forbidden" end end @@ -1135,7 +1135,7 @@ defmodule CadetWeb.AdminGradingControllerTest do |> sign_in(staff.user) |> post(build_url_publish_all(course.id, assessment_id)) - assert response(conn, 403) == "Only Admin is permitted to publish all grades" + assert response(conn, 403) == "Forbidden" end end From 410d0308186c400f57ab0fc2b05beda552c8fdd2 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 20:16:39 +0800 Subject: [PATCH 16/23] Update error messages for users --- .../admin_controllers/admin_user_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/cadet_web/admin_controllers/admin_user_controller_test.exs b/test/cadet_web/admin_controllers/admin_user_controller_test.exs index bd134876c..7b5a15393 100644 --- a/test/cadet_web/admin_controllers/admin_user_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_user_controller_test.exs @@ -450,7 +450,7 @@ defmodule CadetWeb.AdminUserControllerTest do conn = put(conn, build_url_users_role(course_id, user_course_reg.id), params) - assert response(conn, 403) == "User is not permitted to change others' roles" + assert response(conn, 403) == "Forbidden" unchanged_course_reg = Repo.get(CourseRegistration, user_course_reg.id) assert unchanged_course_reg.role == :student end @@ -512,7 +512,7 @@ defmodule CadetWeb.AdminUserControllerTest do conn = delete(conn, build_url_users(course_id, user_course_reg.id)) - assert response(conn, 403) == "User is not permitted to delete other users" + assert response(conn, 403) == "Forbidden" assert Repo.get(CourseRegistration, user_course_reg.id) != nil end From 66b5b4cba3fe3ae3cf51956f85c720b6342bd3bf Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 20:29:43 +0800 Subject: [PATCH 17/23] Add test cases for assets for staff Create test cases to indicate that non-admin staff can only read assets, but not create, modify, or delete them. --- lib/cadet_web/router.ex | 3 +- .../admin_assets_controller_test.exs | 29 +++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 9c73f21da..81bb0e4f0 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -136,7 +136,6 @@ defmodule CadetWeb.Router do scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) - get("/assets/:foldername", AdminAssetsController, :index) post("/assets/:foldername/*filename", AdminAssetsController, :upload) delete("/assets/:foldername/*filename", AdminAssetsController, :delete) @@ -189,6 +188,8 @@ defmodule CadetWeb.Router do :get_score_leaderboard ) + get("/assets/:foldername", AdminAssetsController, :index) + get("/grading", AdminGradingController, :index) get("/grading/summary", AdminGradingController, :grading_summary) diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs index d2d422361..d5d2a7c9d 100644 --- a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs @@ -68,6 +68,35 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end + describe "read-only permission for staff" do + @tag authenticate: :staff + test "GET /assets/:foldername", %{conn: conn} do + course_id = conn.assigns.course_id + conn = get(conn, build_url(course_id, "testFolder"), %{}) + assert response(conn, 200) =~ "OK" + end + + @tag authenticate: :staff + test "DELETE /assets/:foldername/*filename", %{conn: conn} do + course_id = conn.assigns.course_id + conn = delete(conn, build_url(course_id, "testFolder/testFile.png")) + + assert response(conn, 403) =~ "Forbidden" + end + + @tag authenticate: :staff + test "POST /assets/:foldername/*filename", %{conn: conn} do + course_id = conn.assigns.course_id + + conn = + post(conn, build_url(course_id, "testFolder/testFile.png"), %{ + :upload => build_upload("test/fixtures/upload.png") + }) + + assert response(conn, 403) =~ "Forbidden" + end + end + describe "inaccessible folder name" do @tag authenticate: :staff test "index files", %{conn: conn} do From 93f8ed8f56577642c60e26646e268fca72af5759 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 21:15:46 +0800 Subject: [PATCH 18/23] Update test auth to admin for assets --- .../admin_assets_controller_test.exs | 30 +++++++++---------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs index d5d2a7c9d..a8cdca368 100644 --- a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs @@ -68,7 +68,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - describe "read-only permission for staff" do + describe "read-only permission for non-admin staff" do @tag authenticate: :staff test "GET /assets/:foldername", %{conn: conn} do course_id = conn.assigns.course_id @@ -98,14 +98,14 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "inaccessible folder name" do - @tag authenticate: :staff + @tag authenticate: :admin test "index files", %{conn: conn} do course_id = conn.assigns.course_id conn = get(conn, build_url(course_id, "wrongFolder")) assert response(conn, 400) =~ "Invalid top-level folder name" end - @tag authenticate: :staff + @tag authenticate: :admin test "delete file", %{conn: conn} do course_id = conn.assigns.course_id conn = delete(conn, build_url(course_id, "wrongFolder/randomFile")) @@ -113,7 +113,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do assert response(conn, 400) =~ "Invalid top-level folder name" end - @tag authenticate: :staff + @tag authenticate: :admin test "upload file", %{conn: conn} do course_id = conn.assigns.course_id @@ -127,7 +127,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "ok request" do - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "index file", %{conn: conn} do course_id = conn.assigns.course_id @@ -139,7 +139,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "delete file", %{conn: conn} do course_id = conn.assigns.course_id @@ -150,7 +150,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "upload file", %{conn: conn} do course_id = conn.assigns.course_id @@ -167,7 +167,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "wrong file type" do - @tag authenticate: :staff + @tag authenticate: :admin test "upload file", %{conn: conn} do course_id = conn.assigns.course_id @@ -181,7 +181,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "empty file name" do - @tag authenticate: :staff + @tag authenticate: :admin test "upload file", %{conn: conn} do course_id = conn.assigns.course_id @@ -193,7 +193,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do assert response(conn, 400) =~ "Empty file name" end - @tag authenticate: :staff + @tag authenticate: :admin test "delete file", %{conn: conn} do course_id = conn.assigns.course_id conn = delete(conn, build_url(course_id, "testFolder")) @@ -202,7 +202,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "nested filename request" do - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "delete file", %{conn: conn} do course_id = conn.assigns.course_id @@ -213,7 +213,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "upload file", %{conn: conn} do course_id = conn.assigns.course_id @@ -230,7 +230,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end describe "course with custom assets_prefix" do - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "index file", %{conn: conn} do course_id = conn.assigns.course_id @@ -244,7 +244,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "delete file", %{conn: conn} do course_id = conn.assigns.course_id @@ -257,7 +257,7 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - @tag authenticate: :staff, course_id: 117 + @tag authenticate: :admin, course_id: 117 test "upload file", %{conn: conn} do course_id = conn.assigns.course_id From b0a68439e47dcb3c96898e028d7e875791a20084 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 21:29:02 +0800 Subject: [PATCH 19/23] Update and add tests for course config routes Updates positive test auth from staff to admin, adds negative tests to ensure that non-admin staff are unable to read, update, create, or delete course configs. --- .../admin_courses_controller_test.exs | 75 +++++++++++++++---- 1 file changed, 61 insertions(+), 14 deletions(-) diff --git a/test/cadet_web/admin_controllers/admin_courses_controller_test.exs b/test/cadet_web/admin_controllers/admin_courses_controller_test.exs index cb4c1e30f..78cc915b0 100644 --- a/test/cadet_web/admin_controllers/admin_courses_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_courses_controller_test.exs @@ -81,7 +81,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do end @tag authenticate: :student - test "rejects forbidden request for non-staff users", %{conn: conn} do + test "rejects forbidden request for students", %{conn: conn} do course_id = conn.assigns[:course_id] old_course = Repo.get(Course, course_id) @@ -98,6 +98,23 @@ defmodule CadetWeb.AdminCoursesControllerTest do end @tag authenticate: :staff + test "rejects forbidden request for non-admin staff", %{conn: conn} do + course_id = conn.assigns[:course_id] + old_course = Repo.get(Course, course_id) + + conn = + put(conn, build_url_course_config(course_id), %{ + "sourceChapter" => 3, + "sourceVariant" => "concurrent" + }) + + same_course = Repo.get(Course, course_id) + + assert response(conn, 403) == "Forbidden" + assert old_course == same_course + end + + @tag authenticate: :admin test "rejects requests if user does not belong to the specified course", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -110,7 +127,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 403) == "Forbidden" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with invalid params", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -123,7 +140,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 400) == "Invalid parameter(s)" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with missing params", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -145,7 +162,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do describe "GET /v2/courses/{course_id}/admin/configs/assessment_configs" do @tag authenticate: :admin - test "succeeds", %{conn: conn} do + test "succeeds for admins", %{conn: conn} do course_id = conn.assigns[:course_id] course = Repo.get(Course, course_id) config1 = insert(:assessment_config, %{order: 1, type: "Mission1", course: course}) @@ -206,8 +223,17 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert expected == resp end + @tag authenticate: :staff + test "rejects forbidden request for non-admin staff", %{conn: conn} do + course_id = conn.assigns[:course_id] + + resp = get(conn, build_url_assessment_configs(course_id)) + + assert response(resp, 403) == "Forbidden" + end + @tag authenticate: :student - test "rejects forbidden request for non-staff users", %{conn: conn} do + test "rejects forbidden request for students", %{conn: conn} do course_id = conn.assigns[:course_id] resp = get(conn, build_url_assessment_configs(course_id)) @@ -257,8 +283,20 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert new_configs == ["Missions", "Paths"] end + @tag authenticate: :staff + test "rejects forbidden request for non-admin staff", %{conn: conn} do + course_id = conn.assigns[:course_id] + + conn = + put(conn, build_url_assessment_configs(course_id), %{ + "assessmentConfigs" => [] + }) + + assert response(conn, 403) == "Forbidden" + end + @tag authenticate: :student - test "rejects forbidden request for non-staff users", %{conn: conn} do + test "rejects forbidden request for students", %{conn: conn} do course_id = conn.assigns[:course_id] conn = @@ -269,7 +307,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 403) == "Forbidden" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects request if user is not in specified course", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -281,7 +319,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 403) == "Forbidden" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with invalid params 1", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -293,7 +331,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 400) == "missing assessmentConfig" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with invalid params 2", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -306,7 +344,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do "assessmentConfigs should be a list of assessment configuration objects" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with invalid params: more than 8", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -318,7 +356,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 400) == "Invalid parameter(s)" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects requests with missing params", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -350,8 +388,17 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert new_configs == ["Paths"] end + @tag authenticate: :staff + test "rejects forbidden request for non-admin staff", %{conn: conn} do + course_id = conn.assigns[:course_id] + + conn = delete(conn, build_url_assessment_config(course_id, 1)) + + assert response(conn, 403) == "Forbidden" + end + @tag authenticate: :student - test "rejects forbidden request for non-staff users", %{conn: conn} do + test "rejects forbidden request for students", %{conn: conn} do course_id = conn.assigns[:course_id] conn = delete(conn, build_url_assessment_config(course_id, 1)) @@ -359,7 +406,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 403) == "Forbidden" end - @tag authenticate: :staff + @tag authenticate: :admin test "rejects request if user is not in specified course", %{conn: conn} do course_id = conn.assigns[:course_id] @@ -368,7 +415,7 @@ defmodule CadetWeb.AdminCoursesControllerTest do assert response(conn, 403) == "Forbidden" end - @tag authenticate: :staff + @tag authenticate: :admin test "fails if config does not exist", %{conn: conn} do course_id = conn.assigns[:course_id] From 6d75ef9270f01fff68ddd3b09ebd35e33a742fa7 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 21:41:00 +0800 Subject: [PATCH 20/23] Update and add tests for assessment-level routes Update the modification / deletion test auth from staff to admin, and create tests to ensure that non-admin staff are not able to delete / unpublish them --- .../admin_assessments_controller_test.exs | 117 ++++++++++++++---- 1 file changed, 92 insertions(+), 25 deletions(-) diff --git a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs index 10e9c3331..cfd590925 100644 --- a/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assessments_controller_test.exs @@ -370,8 +370,34 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do end end - describe "POST /, staff only" do + describe "POST /, non-admin staff only" do @tag authenticate: :staff + test "unauthorized", %{conn: conn} do + test_cr = conn.assigns.test_cr + course = test_cr.course + config = insert(:assessment_config, %{course: course}) + + assessment = + build(:assessment, + course: course, + course_id: course.id, + config: config, + config_id: config.id, + is_published: true + ) + + questions = build_list(5, :question, assessment: nil) + + xml = XMLGenerator.generate_xml_for(assessment, questions) + force_update = "false" + body = %{assessment: xml, forceUpdate: force_update, assessmentConfigId: config.id} + conn = post(conn, build_url(course.id), body) + assert response(conn, 403) == "Forbidden" + end + end + + describe "POST /, admin only" do + @tag authenticate: :admin test "successful", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -429,7 +455,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert expected_assessment != nil end - @tag authenticate: :staff + @tag authenticate: :admin test "upload empty xml", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -487,6 +513,18 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do describe "DELETE /:assessment_id, staff only" do @tag authenticate: :staff + test "unauthorized", %{conn: conn} do + test_cr = conn.assigns.test_cr + course = test_cr.course + config = insert(:assessment_config, %{course: course}) + assessment = insert(:assessment, %{course: course, config: config}) + conn = delete(conn, build_url(course.id, assessment.id)) + assert response(conn, 403) == "Forbidden" + end + end + + describe "DELETE /:assessment_id, admin only" do + @tag authenticate: :admin test "successful", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -497,7 +535,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert is_nil(Repo.get(Assessment, assessment.id)) end - @tag authenticate: :staff + @tag authenticate: :admin test "error due to different course", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -509,19 +547,6 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert response(conn, 403) == "User not allow to delete assessments from another course" refute is_nil(Repo.get(Assessment, assessment.id)) end - - # @tag authenticate: :staff - # test "error due to different course", %{conn: conn} do - # test_cr = conn.assigns.test_cr - # course = test_cr.course - # another_course = insert(:course) - # config = insert(:assessment_config, %{course: another_course}) - # assessment = insert(:assessment, %{course: another_course, config: config}) - - # conn = delete(conn, build_url(course.id, assessment.id)) - # assert response(conn, 403) == "User not allow to delete assessments from another course" - # refute is_nil(Repo.get(Assessment, assessment.id)) - # end end describe "POST /:assessment_id, unauthenticated, publish" do @@ -544,8 +569,20 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do end end - describe "POST /:assessment_id, staff only, publish" do + describe "POST /:assessment_id, non-admin staff only, publish" do @tag authenticate: :staff + test "forbidden", %{conn: conn} do + test_cr = conn.assigns.test_cr + course = test_cr.course + config = insert(:assessment_config, %{course: course}) + assessment = insert(:assessment, %{course: course, config: config}) + conn = post(conn, build_url(course.id, assessment.id), %{isPublished: true}) + assert response(conn, 403) == "Forbidden" + end + end + + describe "POST /:assessment_id, admin only, publish" do + @tag authenticate: :admin test "successful toggle from published to unpublished", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -557,7 +594,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do refute expected end - @tag authenticate: :staff + @tag authenticate: :admin test "successful toggle from unpublished to published", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -608,8 +645,38 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do end end - describe "POST /:assessment_id, staff only" do + describe "POST /:assessment_id, non-admin staff only" do @tag authenticate: :staff + test "forbidden", %{conn: conn} do + test_cr = conn.assigns.test_cr + course = test_cr.course + config = insert(:assessment_config, %{course: course}) + assessment = insert(:assessment, %{course: course, config: config}) + + new_open_at = + Timex.now() + |> Timex.beginning_of_day() + |> Timex.shift(days: 3) + |> Timex.shift(hours: 4) + + new_open_at_string = + new_open_at + |> Timex.format!("{ISO:Extended}") + + new_close_at = Timex.shift(new_open_at, days: 7) + + new_close_at_string = + new_close_at + |> Timex.format!("{ISO:Extended}") + + new_dates = %{openAt: new_open_at_string, closeAt: new_close_at_string} + conn = post(conn, build_url(course.id, assessment.id), new_dates) + assert response(conn, 403) == "Forbidden" + end + end + + describe "POST /:assessment_id, admin only" do + @tag authenticate: :admin test "successful", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -658,7 +725,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert [assessment.open_at, assessment.close_at] == [new_open_at, new_close_at] end - @tag authenticate: :staff + @tag authenticate: :admin test "allowed to change open time of opened assessments", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -703,7 +770,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert [assessment.open_at, assessment.close_at] == [new_open_at, close_at] end - @tag authenticate: :staff + @tag authenticate: :admin test "not allowed to set close time to before open time", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -748,7 +815,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert [assessment.open_at, assessment.close_at] == [open_at, close_at] end - @tag authenticate: :staff + @tag authenticate: :admin test "successful, set close time to before current time", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -793,7 +860,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert [assessment.open_at, assessment.close_at] == [open_at, new_close_at] end - @tag authenticate: :staff + @tag authenticate: :admin test "successful, set open time to before current time", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -838,7 +905,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do assert [assessment.open_at, assessment.close_at] == [new_open_at, close_at] end - @tag authenticate: :staff + @tag authenticate: :admin test "successful, set hasTokenCounter and hasVotingFeatures to true", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course @@ -873,7 +940,7 @@ defmodule CadetWeb.AdminAssessmentsControllerTest do ] end - @tag authenticate: :staff + @tag authenticate: :admin test "successful, set hasTokenCounter and hasVotingFeatures to false", %{conn: conn} do test_cr = conn.assigns.test_cr course = test_cr.course From 831ca601dd8dd099167b591fd3bb30d2f71a2dad Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 22:11:54 +0800 Subject: [PATCH 21/23] Fix sourcecast error --- .../admin_controllers/admin_sourcecast_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs index b38657283..84000e85f 100644 --- a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs @@ -180,7 +180,7 @@ defmodule CadetWeb.AdminSourcecastControllerTest do conn = post(conn, build_url(course_id), %{"sourcecast" => %{}}) assert response(conn, 400) =~ - "audio can't be blank\nplaybackData can't be blank\ntitle can't be blank" + "title can't be blank\naudio can't be blank\nplaybackData can't be blank" end end From 79c5a5d6185e86319608df0737be9fcf4ca1fc24 Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 22:18:09 +0800 Subject: [PATCH 22/23] Revert "Fix sourcecast error" This reverts commit 831ca601dd8dd099167b591fd3bb30d2f71a2dad. --- .../admin_controllers/admin_sourcecast_controller_test.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs index 84000e85f..b38657283 100644 --- a/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_sourcecast_controller_test.exs @@ -180,7 +180,7 @@ defmodule CadetWeb.AdminSourcecastControllerTest do conn = post(conn, build_url(course_id), %{"sourcecast" => %{}}) assert response(conn, 400) =~ - "title can't be blank\naudio can't be blank\nplaybackData can't be blank" + "audio can't be blank\nplaybackData can't be blank\ntitle can't be blank" end end From 968618474cafdcdb4573426d86a30bce2997af9f Mon Sep 17 00:00:00 2001 From: josh1248 Date: Sun, 13 Oct 2024 22:28:41 +0800 Subject: [PATCH 23/23] Transfer asset routes to admin --- lib/cadet_web/router.ex | 3 +-- .../admin_controllers/admin_assets_controller_test.exs | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/cadet_web/router.ex b/lib/cadet_web/router.ex index 81bb0e4f0..9c73f21da 100644 --- a/lib/cadet_web/router.ex +++ b/lib/cadet_web/router.ex @@ -136,6 +136,7 @@ defmodule CadetWeb.Router do scope "/v2/courses/:course_id/admin", CadetWeb do pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin]) + get("/assets/:foldername", AdminAssetsController, :index) post("/assets/:foldername/*filename", AdminAssetsController, :upload) delete("/assets/:foldername/*filename", AdminAssetsController, :delete) @@ -188,8 +189,6 @@ defmodule CadetWeb.Router do :get_score_leaderboard ) - get("/assets/:foldername", AdminAssetsController, :index) - get("/grading", AdminGradingController, :index) get("/grading/summary", AdminGradingController, :grading_summary) diff --git a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs index a8cdca368..95c689cba 100644 --- a/test/cadet_web/admin_controllers/admin_assets_controller_test.exs +++ b/test/cadet_web/admin_controllers/admin_assets_controller_test.exs @@ -68,12 +68,13 @@ defmodule CadetWeb.AdminAssetsControllerTest do end end - describe "read-only permission for non-admin staff" do + describe "non-admin staff permission, forbidden" do @tag authenticate: :staff test "GET /assets/:foldername", %{conn: conn} do course_id = conn.assigns.course_id conn = get(conn, build_url(course_id, "testFolder"), %{}) - assert response(conn, 200) =~ "OK" + + assert response(conn, 403) =~ "Forbidden" end @tag authenticate: :staff