From 73307f84a4a64dafc0ab4a0b26f76ee78cc63b62 Mon Sep 17 00:00:00 2001 From: "jorg.vr" Date: Tue, 10 Dec 2024 15:40:26 +0100 Subject: [PATCH 1/3] Don't allow admins to submit to invalid exercises --- app/policies/activity_policy.rb | 1 + .../submissions_controller_test.rb | 20 +++++++++++++++++++ test/system/activities_test.rb | 7 +++++++ 3 files changed, 28 insertions(+) diff --git a/app/policies/activity_policy.rb b/app/policies/activity_policy.rb index ea813b34a5..fd8e23f50d 100644 --- a/app/policies/activity_policy.rb +++ b/app/policies/activity_policy.rb @@ -58,6 +58,7 @@ def media? def submit? return false if record.removed? return false if user.blank? + return false if record.not_valid? return true if user.admin? return true if record.ok? diff --git a/test/controllers/submissions_controller_test.rb b/test/controllers/submissions_controller_test.rb index a362ac2e5b..e7a5e44905 100644 --- a/test/controllers/submissions_controller_test.rb +++ b/test/controllers/submissions_controller_test.rb @@ -486,4 +486,24 @@ def expected_score_string(*args) assert_response :ok end + + test 'should not be able to submit to invalid exercise' do + attrs = generate_attr_hash + exercise = Exercise.find(attrs[:exercise_id]) + exercise.update!(status: :not_valid) + + sign_in create(:staff) + create_request(attr_hash: attrs) + + assert_response :unprocessable_entity + end + + test 'should not be able to submit to valid exercise' do + attrs = generate_attr_hash + + sign_in create(:staff) + create_request(attr_hash: attrs) + + assert_response :success + end end diff --git a/test/system/activities_test.rb b/test/system/activities_test.rb index 54733b2f18..b16a99fd28 100644 --- a/test/system/activities_test.rb +++ b/test/system/activities_test.rb @@ -68,4 +68,11 @@ class ActivitiesTest < ApplicationSystemTestCase assert_text '`\\n\n\\0`' end + + test 'should not be able to submit to invalid exercise' do + @instance.update!(status: :not_valid) + visit exercise_path(id: @instance.id) + + assert_no_selector '#editor-process-btn' + end end From 1fdce3090c72cf977174cecfc98738994b85e2ec Mon Sep 17 00:00:00 2001 From: "jorg.vr" Date: Tue, 10 Dec 2024 15:48:19 +0100 Subject: [PATCH 2/3] Fix to much copied --- test/controllers/submissions_controller_test.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/controllers/submissions_controller_test.rb b/test/controllers/submissions_controller_test.rb index e7a5e44905..b83f15d985 100644 --- a/test/controllers/submissions_controller_test.rb +++ b/test/controllers/submissions_controller_test.rb @@ -498,7 +498,7 @@ def expected_score_string(*args) assert_response :unprocessable_entity end - test 'should not be able to submit to valid exercise' do + test 'should be able to submit to valid exercise' do attrs = generate_attr_hash sign_in create(:staff) From d3738988b9992954220a32e02a8b51a3800b6974 Mon Sep 17 00:00:00 2001 From: "jorg.vr" Date: Tue, 17 Dec 2024 16:44:27 +0100 Subject: [PATCH 3/3] Fix tests --- test/system/activities_test.rb | 4 ++-- test/system/scratchpad_test.rb | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/test/system/activities_test.rb b/test/system/activities_test.rb index b16a99fd28..57a3db94df 100644 --- a/test/system/activities_test.rb +++ b/test/system/activities_test.rb @@ -70,8 +70,8 @@ class ActivitiesTest < ApplicationSystemTestCase end test 'should not be able to submit to invalid exercise' do - @instance.update!(status: :not_valid) - visit exercise_path(id: @instance.id) + exercise = create :exercise, status: :not_valid + visit exercise_path(id: exercise.id) assert_no_selector '#editor-process-btn' end diff --git a/test/system/scratchpad_test.rb b/test/system/scratchpad_test.rb index 4a75271dc4..9aec077e13 100644 --- a/test/system/scratchpad_test.rb +++ b/test/system/scratchpad_test.rb @@ -17,12 +17,6 @@ class ScratchpadTest < ApplicationSystemTestCase @course.series.first.activities << @exercise sign_in @zeus - - # Open Papyros ready for use - visit(course_activity_path(course_id: @course.id, id: @exercise.id)) - - assert_selector '#scratchpad-offcanvas-show-btn' - find_by_id('scratchpad-offcanvas-show-btn').click end def codemirror_send_keys(parent, code) @@ -41,6 +35,12 @@ def run_code(code) test 'Scratchpad can run code' do skip("This test fails infrequently, but i haven't figured out why yet") + # Open Papyros ready for use + visit(course_activity_path(course_id: @course.id, id: @exercise.id)) + + assert_selector '#scratchpad-offcanvas-show-btn' + find_by_id('scratchpad-offcanvas-show-btn').click + ## Hello World! code = "print(\"Hello World!\")\n" run_code code