Adds warning when assessment.rb file upload isn't a .rb file #1999
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
WalkthroughThe changes introduced add a new feature to the assessment editing interface. Now, when a user selects a Ruby configuration file ( Changes
TipsChat with CodeRabbit Bot (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files ignored due to filter (1)
- Gemfile.lock
Files selected for processing (2)
- app/assets/javascripts/edit_assessment.js (1 hunks)
- app/views/assessments/_edit_basic.html.erb (1 hunks)
Files skipped from review due to trivial changes (1)
- app/views/assessments/_edit_basic.html.erb
Additional comments: 1
app/assets/javascripts/edit_assessment.js (1)
- 32-44: The code looks good and follows the best practices. It checks if the selected file has the
.rbextension and displays a warning message if it doesn't. However, it's important to note that this is a client-side check and can be bypassed. Make sure to also validate the file type on the server-side to ensure security.
|
Verified that upload file field checks for correct file type, LGTM |
20wildmanj
approved these changes
Nov 1, 2023
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
There was a problem hiding this comment.
Review Status
Actionable comments generated: 0
Configuration used: CodeRabbit UI
Files selected for processing (1)
- app/assets/javascripts/edit_assessment.js (1 hunks)
Additional comments: 1
app/assets/javascripts/edit_assessment.js (1)
- 32-44: The code checks if the selected file has a
.rbextension and displays a warning message if it doesn't. This is a good practice to prevent users from uploading files of incorrect types. However, it's important to note that this is client-side validation and can be bypassed. Make sure to also validate the file type on the server-side.
NicholasMy
pushed a commit
to UB-CSE-IT/Autolab
that referenced
this pull request
Jan 5, 2024
…#1999) * preliminary working version * only validates .rb files --------- Co-authored-by: Damian Ho <[email protected]> (cherry picked from commit 3676b13)
michellexliu
added a commit
that referenced
this pull request
Feb 4, 2024
* Lint views/submissions (#1969) * Begin linting views/submissions * finish linting views/submissions * address issues in code_viewer * Prevent spoofing the author of an annotation (#1985) * Prevent spoofing the author of an annotation (cherry picked from commit d2ab510) * Remove submitted_by from createAnnotation * Update link to docs in PR template (#1991) Fix link to docs * Hide irrelevant cud fields for students (#1988) * Show edit CUD button for students * Hide irrelevant CUD fields from students * Lint views/autograders, fix help-block gap from input (#1963) * lint views/autograders, fix help block gap from input * update form path * Lint views/announcements and Touch-up UI (#1957) * lint views/announcements and touch-up UI * address nits * Add erblint to overcommit and github actions (#1994) * update erb-lint config, overcommit config to enable erb-lint as a pre-commit hook, run erblint --lint-all * update github actions to run erb-lint during linting phase * update pull request template to include erblint check * Display Grace Day usage on submission history table, improve management of assessment penalty settings (#1990) * Display of grace days used * Fix calculation of effective_late_penalty and effective_version_penalty * Show course default values when applicable * Show warning messages when late submissions allowed but config does not make sense * Fix tests * Update wording * Improve formatting * Revert changes to effective penalties * Simplify check * Add toggles * Update wording on courseFields * Fix version threshold logic * Correctly set version threshold to blank when using course default * Clear / default values when checkbox clicked * Remove bottom padding * Improve UI when checkboxes selected * Address AI nits * Handle malformed scoreboard results from autograder, fix error handling for scoreboards (#1982) * begin fixing broken redirects * add code to check that entries are arrays, return flash error if not valid entry * fix spacing * address nit * Add logging * Click into submissions from gradebook score (#1998) * Clickable gradebook scores * Only scores have links --------- Co-authored-by: kestertan <[email protected]> * Switch mossnet clean to use rails root instead of tilde expansion (#1997) use Rails root join function instead of ~/ to make sure moss clean script works across systems * Merge pull request from GHSA-h8wq-ghfq-5hfx * fixes * Add validation for handout, writeup, and handin_directory * Avoid use of and * Check that handout/writeup exists before checking path (#2001) Move present? check to front * Adds warning when assessment.rb file upload isn't a .rb file (#1999) * preliminary working version * only validates .rb files --------- Co-authored-by: Damian Ho <[email protected]> * Refactor Assessment name rules, remove config file requirement (#1987) * begin refactoring naming rules for assessments * continue working on file acceptance * add testing * fix autograde * work on backwards compatibility / revertibility * keep working on implementing revertability * Fix some code creating assessmentConfigFile before assessment id created * Add documentation to naming rules * add line about assessment name uniqueness * update error messages * fix tests * add error handling code to redirect user in case assessment config file can't be loaded, run robocop * address AI code review * remove redundant flash * Fix text * Fix reload assessment config button text * Add more error handling, revamp regex string to better reflect valid ruby module names, add better sanitization for display name -> name conversion, fix docs to reflect actually valid assessment names. * fix test * Address nits * Fix issue where assessment could affect another assessment's config file if they both had names that mapped to pre-PR config file name * Delete config/oauth_config.yml * Delete diff.patch * Delete assessment.patch * remove unnecessary files * more removals * Suppress confirmation dialog on edit assessment page when no changes made (#2004) * Extract logic, call functions directly * Remove extraneous space * Remove another extraneous space * Display submission version in gradebook (#2005) * First Commit: version info is on gradebook as new columns * Second commit: only add a ver column after each assignment * Delete database.docker.yml * Delete schema.rb * Deleted debug code * change gitignore to original version * Address nits * Fix tooltips * Simplify version logic * Stop overwriting headerCssClass * Fix tooltip for not_yet_submitted * Handle nil aud * Add version to gradebook CSV export * Render tooltips onMouseEnter too * Simplify version header * Simplify logic * Increase gradebook width --------- Co-authored-by: SimonMen65 <[email protected]> Co-authored-by: Simon Men <[email protected]> * Don't clear assessment penalty fields on initial load (#2006) * Don't clear on initial load * Remove extraneous spaces * No line breaks when generating base64 strings (#2008) * fix bug for long strings * Update base64.js using new TextEncoder * Show all courses for MOSS (#2015) * Show all courses, restore filter * Address AI nits * Fix use of autocomplete attribute * Add newline * Simplify toggleOptions implementation * Fix style of isArchive checkboxes * Correct use of javascript_include_tag * Fix failing test * Update styling of warning * Extract dropdown logic, use OR for filtering * Add newline * Add spacing between dropdowns * Use find instead of children, check for selector existence * Removed name from assessment yml (#1993) * Removed name from assessment yml * Modified test after removing name from assessment yml * Removed unnecessary test for wrong assessment name * Removed yml name check in assessments_controller --------- Co-authored-by: Nicholas Clark <[email protected]> * Account for hooks in viewFeedback instead of feedback output (#2003) * preliminary working version * resolve merge conflicts * use submission.scores instead of feedback array * don't show non autograded scores in autograded scores tab * rabbit ai suggestions * more rabbit.ai nits * make finishedAutograding not an instance variable * Remove element overlapping scrollbar hitbox (#2009) * Remove element overlapping scrollbar hitbox * Move style to annotation.scss --------- Co-authored-by: Damian Ho <[email protected]> * Attachment categories (#1983) * Add category_name field and update course attachment UI * Improve styling of list items * Remove anchor link for unreleased badge, simplify delete button logic * Hide assessment attachments from course landing page * Add release_at field, remove released field * Fix tests * Add fixtures * Simplify variable names * Remove bullet points * Group buttons together * Make font-family consistent * Hide category for assessment attachments * Add cancel button, remove delete button, improve styling * Improve migration to be backwards compatible / reversible * Use update instead of update_attribute * Display when attachment will be released * Update tests * Simplify code * Use Time instead of DateTime * Add download icon for students * Vertically align icons * Hide assessment attachments from course attachment index * Add vertical space above release date * Passwordless temporary login (#1984) * Passwordless temporary login created * Login using devise * User is not signed in before changing password * Removing unneeded files * Removing changes to user.rb * Removing unneeded files * Resetting password does not log you out * Added mailer * Added/removed newlines * Changed naming * Added checks for nil user or params * Error handling for passwords * Removed email after password reset * Added documentation * Updated documentation * Moved documentation to features * Renamed to admin-features * Added link in mkdocs.yml * Visual cue for assessments (#2016) * Add dates to assessment card * Add CSS formatting for date * Fix margin and card sizes to be more pretty * Show all students on gradesheet (#2019) * add course members with blank info if no submissions found * add email for no submission users * update bg color * Move submission version logic to be handled by AUD (#2024) * Move submission version logic to be handled by AUD * update migration variable naming * fix unit tests, version number for new auds * fix coderabbit issues * add version number to schema * change schema timestamp * Use ActiveStorage for attachments, add attachment size limit (#2023) * 1810 Use ActiveStorage for attachments * 1864 Add backwards compatibility to ActiveStorage Attachments * 1872 Add size limit to attachments * Set mime_type * Remove require * redirect to index on error * Rails 6.1.7.6 Migration (#2037) * Initial update to 6.1.7.6 * Lock fomantic-ui-sass to 2.8.8.1 * Update schema.rb * Avoid locking setup-ruby version * Include net-http in Gemfile to avoid errors * Run rubocop * Lock uri to 0.10.0 * Fix lint issue * Fix course_number values for roster export * Use flash for drop warning * Properly display submission errors * Only show invalid assessment warning to instructors * Ensure gradebook search bar renders correctly for CAs * Filter by lecture too when CA views section * Only show missing submissions from section if CA filters by section * Update tests * Better handling for submission errors * More specific error handling for save_entries * Better error display for statistics page * Return 404 for popover on non-existent submission * load Archive in files that use its methods * Update Ruby to 3.2.2, Misc fixes (#2040) * Update Ruby to 3.2.2 - update Capybara config so that it works with new ruby version and so that js can be enabled again on selenium test - update releaseSectionGrades redirect to go to viewGradesheet for CA's section - add some more status text / more informative flash when instructor drops student - redact tango key in getjob * Address nits, update bundler / github integration * add arm64-darwin-23 to platforms * fix users nit * Bump uri from 0.10.0 to 0.10.3 (#2039) Bumps [uri](https:/ruby/uri) from 0.10.0 to 0.10.3. - [Release notes](https:/ruby/uri/releases) - [Commits](ruby/uri@v0.10.0...v0.10.3) --- updated-dependencies: - dependency-name: uri dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Update old migrations for Ruby 3 (#2044) Use splat on old migrations * Remove grading deadline (#2014) * Initial removal of grading_deadline * Add brackets around arguments to grading_complete? * Consistency fixes * Migration to remove grading deadline * Add guards to migration * Rename grading_complete? to grades_released? * Address issues from v2.8.0 testing, misc fixes/changes (#2038) * Fix command for promoting a user to admin * Extract aria/collapsible code, switch to path helpers * Automatically open first accordion * Fix docs for Tango info endpoint * Create user directory on autograde_done * Coalesce accordions, simplify js, remove admin options * Update doorkeeper translations * Remove extraneous quotes * Remove redundant / useless assessment nil check * Fix error display when calling downloadAll on invalid assessment * Simplify failure redirect logic for downloadAll * Deduplicate logic for autograde feedback path and handin file path * Remove unused ass_dir variable * Remove redundant gitignores * Uncoalesce accordions * Fix redirects for invalid assessment Previously, calling downloadAll with an invalid assessment led to infinite redirects * Update the API to allow retrieving group members (#1956) * Add a param to the index groups api to retriee group members * Add api show endpoint for groups * Update docs * Update api docs for groups#show * Compact group members api response * Move fetching group json to a private method * Remove empty line --------- Co-authored-by: Damian Ho <[email protected]> * Update index and show docs for Groups API (#2045) Update index and show docs * Main Table UI Changes (#1886) * Start Manage Submissions * Center checkbox in manage submission table (#1868) fix checkbox issue * Main Table UI * Updates with selecting students and buttons * Add Score Popup Icon * Icon spacing and codebase style --------- Co-authored-by: Michelle Liu <[email protected]> * Add sorting icons to new manage submissions (#1890) * change icon to swap_vert, hide for file and actions headers * change icon on diff sort * Adds Score Details (#1893) * Adds score details without styling * address general styling for score details * refactor code * address pr issues * bring back css * bring back div * add back class names * add back icons * addressed nits * address nits --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: Joey Wildman <[email protected]> Co-authored-by: Nicholas Myers <[email protected]> Co-authored-by: Damian Ho <[email protected]> Co-authored-by: Kester <[email protected]> Co-authored-by: kestertan <[email protected]> Co-authored-by: SimonMen65 <[email protected]> Co-authored-by: Simon Men <[email protected]> Co-authored-by: Ugo <[email protected]> Co-authored-by: Nicholas AJ Clark <[email protected]> Co-authored-by: Nicholas Clark <[email protected]> Co-authored-by: lykimchee <[email protected]> Co-authored-by: Joanna Ge <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Umar Alkafaween <[email protected]> Co-authored-by: Victor Huang <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Summary generated by Reviewpad on 04 Nov 23 02:48 UTC
This pull request includes two patches.
The first patch, "preliminary working version," adds functionality to the code with changes to Gemfile.lock and edit_assessment.js files. It introduces a new platform, x86_64-darwin-21, to the Gemfile.lock file. In the edit_assessment.js file, it adds an event listener for the #assessment_config_file element, where it checks if the selected file matches the expected target file name. If not, it displays a warning message.
The second patch, "only validates .rb files," modifies the edit_assessment.js and _edit_basic.html.erb files. In the edit_assessment.js file, it updates the if condition in the event listener for #assessment_config_file element to check if the selected file does not end with ".rb". If it doesn't match, it displays a warning message. In the _edit_basic.html.erb file, it removes the data attribute that stored the target file name.
Overall, these patches make improvements and bug fixes to enhance the functionality and validation of the code for the assessment editing feature.
Description
Resolves #1973
If a file for assessment.rb is an invalid file type (i.e., not a
.rbfile), shows user a warning.Motivation and Context
Warn instructors from submitting an invalid / error prone file.
How Has This Been Tested?
Go into an assessment --> Click "Edit Assessment" --> Click Upload .rb button
Types of changes
Checklist:
overcommit --install && overcommit --signto use pre-commit hook for lintingOther issues / help required
If unsure, feel free to submit first and we'll help you along.