Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Transfer groundControl (and admin panel) from staff to admin route #1180

Open
wants to merge 27 commits into
base: master
Choose a base branch
from
+290 −95
Open

Transfer groundControl (and admin panel) from staff to admin route #1180

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
6b7e54e
Create a new staff scope
josh1248 Sep 8, 2024
d28d757
Move Admin Panel requests into admin scope
josh1248 Sep 8, 2024
18dc689
Change appropriate routes into admin scope
josh1248 Sep 8, 2024
e77aa05
Find-replace galore
josh1248 Sep 8, 2024
9e67112
Fix linting
josh1248 Sep 8, 2024
bb28b7e
Merge branch 'master' into No-GC-For-Staff
josh1248 Sep 8, 2024
ed959e8
Linting does not work :(
josh1248 Sep 8, 2024
8241a96
Revert "Find-replace galore"
josh1248 Sep 10, 2024
83f9232
Revert "Change appropriate routes into admin scope"
josh1248 Sep 10, 2024
23a7487
Revert "Create a new staff scope"
josh1248 Sep 10, 2024
b39dc56
Move dangerous routes into a new scope
josh1248 Sep 10, 2024
dfd940a
Fix linting
josh1248 Sep 10, 2024
6220481
Linting works in mysterious ways
josh1248 Sep 10, 2024
63b915d
One more formatting change
josh1248 Sep 10, 2024
a217204
Merge branch 'source-academy:master' into No-GC-For-Staff
josh1248 Sep 29, 2024
2afa68c
Merge branch 'source-academy:master' into No-GC-For-Staff
josh1248 Oct 6, 2024
4c9893b
Swap order of all-staff and admin-only routes
josh1248 Oct 6, 2024
1880897
Update error message for grading routes
josh1248 Oct 13, 2024
410d030
Update error messages for users
josh1248 Oct 13, 2024
66b5b4c
Add test cases for assets for staff
josh1248 Oct 13, 2024
93f8ed8
Update test auth to admin for assets
josh1248 Oct 13, 2024
b0a6843
Update and add tests for course config routes
josh1248 Oct 13, 2024
6d75ef9
Update and add tests for assessment-level routes
josh1248 Oct 13, 2024
831ca60
Fix sourcecast error
josh1248 Oct 13, 2024
79c5a5d
Revert "Fix sourcecast error"
josh1248 Oct 13, 2024
9686184
Transfer asset routes to admin
josh1248 Oct 13, 2024
8f7bec5
Merge branch 'master' into No-GC-For-Staff
josh1248 Oct 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion lib/cadet/devices/devices.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -208,7 +208,7 @@ defmodule Cadet.Devices do
},
300,
[],
''
~c""
)

# ExAws includes the session token in the signed payload and doesn't allow
Expand Down
18 changes: 13 additions & 5 deletions lib/cadet_web/admin_controllers/admin_assets_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,6 @@
defmodule CadetWeb.AdminAssetsController do
use CadetWeb, :controller

use PhoenixSwagger

alias Cadet.Assets.Assets
alias Cadet.Courses

Expand All @@ -22,7 +20,7 @@ defmodule CadetWeb.AdminAssetsController do

case Assets.delete_object(Courses.assets_prefix(course_reg.course), foldername, filename) do
{:error, {status, message}} -> conn |> put_status(status) |> text(message)
_ -> conn |> put_status(204) |> text('')
_ -> conn |> put_status(204) |> text(~c"")
end
end

Expand Down Expand Up @@ -96,7 +94,12 @@ defmodule CadetWeb.AdminAssetsController do
parameters do
folderName(:path, :string, "Folder name", required: true)

fileName(:path, :string, "File path in folder, which may contain subfolders", required: true)
fileName(
:path,
:string,
"File path in folder, which may contain subfolders",
required: true
)
end

security([%{JWT: []}])
Expand All @@ -115,7 +118,12 @@ defmodule CadetWeb.AdminAssetsController do
parameters do
folderName(:path, :string, "Folder name", required: true)

fileName(:path, :string, "File path in folder, which may contain subfolders", required: true)
fileName(
:path,
:string,
"File path in folder, which may contain subfolders",
required: true
)
end

security([%{JWT: []}])
Expand Down
8 changes: 7 additions & 1 deletion lib/cadet_web/admin_controllers/admin_courses_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -143,7 +143,13 @@ defmodule CadetWeb.AdminCoursesController do
title("AdminSublanguage")

properties do
chapter(:integer, "Chapter number from 1 to 4", required: true, minimum: 1, maximum: 4)
chapter(
:integer,
"Chapter number from 1 to 4",
required: true,
minimum: 1,
maximum: 4
)

variant(Schema.ref(:SourceVariant), "Variant name", required: true)
end
Expand Down
6 changes: 5 additions & 1 deletion lib/cadet_web/admin_controllers/admin_grading_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,11 @@ defmodule CadetWeb.AdminGradingController do
required: true
)

student(Schema.ref(:StudentInfo), "Student who created the submission", required: true)
student(
Schema.ref(:StudentInfo),
"Student who created the submission",
required: true
)

unsubmittedBy(Schema.ref(:GraderInfo))
unsubmittedAt(:string, "Last unsubmitted at", format: "date-time", required: false)
Expand Down
6 changes: 3 additions & 3 deletions lib/cadet_web/admin_controllers/admin_stories_controller.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ defmodule CadetWeb.AdminStoriesController do

case result do
{:ok, _story} ->
conn |> put_status(200) |> text('')
conn |> put_status(200) |> text(~c"")

{:error, {status, message}} ->
conn
Expand All @@ -29,7 +29,7 @@ defmodule CadetWeb.AdminStoriesController do

case result do
{:ok, _story} ->
conn |> put_status(200) |> text('')
conn |> put_status(200) |> text(~c"")

{:error, {status, message}} ->
conn
Expand All @@ -43,7 +43,7 @@ defmodule CadetWeb.AdminStoriesController do

case result do
{:ok, _nil} ->
conn |> put_status(204) |> text('')
conn |> put_status(204) |> text(~c"")

{:error, {status, message}} ->
conn
Expand Down
7 changes: 6 additions & 1 deletion lib/cadet_web/admin_views/admin_assessments_view.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,12 @@ defmodule CadetWeb.AdminAssessmentsView do
end

def render("leaderboard.json", %{leaderboard: leaderboard}) do
render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", as: :contestEntry)
render_many(
leaderboard,
CadetWeb.AdminAssessmentsView,
"contestEntry.json",
as: :contestEntry
)
end

def render("contestEntry.json", %{contestEntry: contestEntry}) do
Expand Down
73 changes: 48 additions & 25 deletions lib/cadet_web/router.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@ defmodule CadetWeb.Router do
plug(:ensure_role, [:staff, :admin])
end

pipeline :ensure_admin do
plug(:ensure_role, [:admin])
end

scope "/", CadetWeb do
get("/.well-known/jwks.json", JWKSController, :index)
end
Expand Down Expand Up @@ -119,11 +123,18 @@ defmodule CadetWeb.Router do
get("/team/:assessmentid", TeamController, :index)
end

# Admin pages
scope "/v2/courses/:course_id/admin", CadetWeb do
pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff])
# Admin pages (Access: Course administrators only - these routes can cause substantial damage)
@doc """
NOTE: This scope must come before the routes for all staff below.

resources("/sourcecast", AdminSourcecastController, only: [:create, :delete])
This is due to the all-staff route "/grading/:submissionid/:questionid", which would pattern match
and overshadow "/grading/:assessmentid/publish_all_grades".

If an admin route will overshadow an all-staff route as well, a suggested better solution would be a
per-route permission level check.
"""
scope "/v2/courses/:course_id/admin", CadetWeb do
pipe_through([:api, :auth, :ensure_auth, :course, :ensure_admin])

get("/assets/:foldername", AdminAssetsController, :index)
post("/assets/:foldername/*filename", AdminAssetsController, :upload)
Expand All @@ -133,6 +144,39 @@ defmodule CadetWeb.Router do
post("/assessments/:assessmentid", AdminAssessmentsController, :update)
delete("/assessments/:assessmentid", AdminAssessmentsController, :delete)

post(
"/grading/:assessmentid/publish_all_grades",
AdminGradingController,
:publish_all_grades
)

post(
"/grading/:assessmentid/unpublish_all_grades",
AdminGradingController,
:unpublish_all_grades
)

put("/users/:course_reg_id/role", AdminUserController, :update_role)
delete("/users/:course_reg_id", AdminUserController, :delete_user)

put("/config", AdminCoursesController, :update_course_config)
# TODO: Missing corresponding Swagger path entry
get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs)
put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs)
# TODO: Missing corresponding Swagger path entry
delete(
"/config/assessment_config/:assessment_config_id",
AdminCoursesController,
:delete_assessment_config
)
end

# Admin pages (Access: All staff)
scope "/v2/courses/:course_id/admin", CadetWeb do
pipe_through([:api, :auth, :ensure_auth, :course, :ensure_staff])

resources("/sourcecast", AdminSourcecastController, only: [:create, :delete])

get(
"/assessments/:assessmentid/popularVoteLeaderboard",
AdminAssessmentsController,
Expand All @@ -148,14 +192,6 @@ defmodule CadetWeb.Router do
get("/grading", AdminGradingController, :index)
get("/grading/summary", AdminGradingController, :grading_summary)

post("/grading/:assessmentid/publish_all_grades", AdminGradingController, :publish_all_grades)

post(
"/grading/:assessmentid/unpublish_all_grades",
AdminGradingController,
:unpublish_all_grades
)

get("/grading/:submissionid", AdminGradingController, :show)
post("/grading/:submissionid/unsubmit", AdminGradingController, :unsubmit)
post("/grading/:submissionid/unpublish_grades", AdminGradingController, :unpublish_grades)
Expand Down Expand Up @@ -184,8 +220,6 @@ defmodule CadetWeb.Router do

# The admin route for getting total xp of a specific user
get("/users/:course_reg_id/total_xp", AdminUserController, :combined_total_xp)
put("/users/:course_reg_id/role", AdminUserController, :update_role)
delete("/users/:course_reg_id", AdminUserController, :delete_user)
get("/users/:course_reg_id/goals", AdminGoalsController, :index_goals_with_progress)
post("/users/:course_reg_id/goals/:uuid/progress", AdminGoalsController, :update_progress)

Expand All @@ -202,17 +236,6 @@ defmodule CadetWeb.Router do
delete("/stories/:storyid", AdminStoriesController, :delete)
post("/stories/:storyid", AdminStoriesController, :update)

put("/config", AdminCoursesController, :update_course_config)
# TODO: Missing corresponding Swagger path entry
get("/config/assessment_configs", AdminCoursesController, :get_assessment_configs)
put("/config/assessment_configs", AdminCoursesController, :update_assessment_configs)
# TODO: Missing corresponding Swagger path entry
delete(
"/config/assessment_config/:assessment_config_id",
AdminCoursesController,
:delete_assessment_config
)

get("/teams", AdminTeamsController, :index)
post("/teams", AdminTeamsController, :create)
delete("/teams/:teamid", AdminTeamsController, :delete)
Expand Down
7 changes: 6 additions & 1 deletion lib/cadet_web/views/assessments_view.ex
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,12 @@ defmodule CadetWeb.AssessmentsView do
end

def render("leaderboard.json", %{leaderboard: leaderboard}) do
render_many(leaderboard, CadetWeb.AdminAssessmentsView, "contestEntry.json", as: :contestEntry)
render_many(
leaderboard,
CadetWeb.AdminAssessmentsView,
"contestEntry.json",
as: :contestEntry
)
end

def render("contestEntry.json", %{contestEntry: contestEntry}) do
Expand Down
Loading
Loading