Skip to content

Sudo Autocomplete #1533

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jun 8, 2022
Merged

Sudo Autocomplete #1533

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
0fe7b28
Initial commit
damianhxy May 19, 2022
1528cd6
Fix comment text
damianhxy May 19, 2022
3319e72
Update form style
damianhxy May 19, 2022
935a72c
Use id instead of email
damianhxy May 19, 2022
24e0d1e
Merge branch 'master' into sudo-autocomplete
damianhxy Jun 6, 2022
686f817
Integrate changes from #1532
damianhxy Jun 6, 2022
af2f4a3
Stylistic changes
damianhxy Jun 6, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 13 additions & 8 deletions app/controllers/course_user_data_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -190,20 +190,25 @@ def sudo
redirect_to([@cud.course]) && return
end

return unless request.post?

sudo_user = User.where(email: params[:sudo_email]).first
unless sudo_user
flash[:error] = "User #{params[:sudo_email]} does not exist"
redirect_to(action: :sudo) && return
@users = {}
@usersEncoded = {}
@course.course_user_data.each do |cud|
# Prevent XSS inside autocomplete
@users[CGI.escapeHTML cud.full_name_with_email] = cud.id
# Why base64? See issue 931
@usersEncoded[Base64.urlsafe_encode64(cud.full_name_with_email.strip).strip] = cud.id
end

sudo_cud = @course.course_user_data.where(user_id: sudo_user.id).first
return unless request.post?

sudo_cud = @course.course_user_data.where(id: params[:sudo_id]).first
unless sudo_cud
flash[:error] = "User #{params[:sudo_email]} does not exist in the course"
flash[:error] = "User does not exist in the course"
redirect_to(action: :sudo) && return
end

sudo_user = User.where(id: sudo_cud.user_id).first

unless @cud.can_sudo_to?(sudo_cud)
flash[:error] = "You do not have the privileges to act as " \
"#{sudo_cud.display_name}"
Expand Down
47 changes: 44 additions & 3 deletions app/views/course_user_data/sudo.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,51 @@
<% content_for :javascripts do %>

<script type="application/javascript">
jQuery(function() {
/* match user name/email with cud_email */
/* escape_javascript prevents issues with backslashes in names, etc. */
userData = {
<% @usersEncoded.each do |k,v| %>
"<%= j k %>": "<%= v %>",
<% end %>
};

/* user autocomplete */
$studentAutocompleteField = $('#student_autocomplete');
$hiddenCUDField = $('#sudo_id');
$studentAutocompleteField.autocomplete({
data: {
<% @users.each do |k,v| %>
"<%= j k %>": null,
<% end %>
}
});

/* track changes in student autocomplete field */
$studentAutocompleteField.on('change', function () {
// urlsafe_encode64 uses '-' instead of '+' and '_' instead of '/'
// so we have to replace the corresponding characters
encoded = window.btoa($studentAutocompleteField.val())
encoded = encoded.replace("+", "-")
encoded = encoded.replace("/", "_")
$hiddenCUDField.val(userData[encoded]);
});
});
</script>
<% end %>

<h2>Act as User</h2>

<p>You can use sudo to examine how Autolab appears to other users. You can also change your permission levels to see what your course assistants or students generically see.</p>

<p>
<div>
<%= form_tag do %>
Act as user (email): <%= email_field_tag :sudo_email %>
Act as user (email):
<div class="input-field">
<input type="text" size="3" id="student_autocomplete" class="autocomplete" autocomplete="off"/>
<label for="student_autocomplete">Start typing student name or email</label>
</div>
<%= hidden_field_tag(:sudo_id) %>
<%= submit_tag "Sudo", {:value=>"Sudo", :class=> "btn primary"} %>
<% end %>
</p>
</div>
2 changes: 1 addition & 1 deletion app/views/submissions/new.html.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@
<div class="input-field">
<input type="text" size="3" id="student_autocomplete" class="autocomplete" autocomplete="off"/>
<label for="student_autocomplete">Start typing student name or email</label>
</div><br>
</div>
<%= f.hidden_field(:course_user_datum_id)%>

<% else %>
Expand Down