Merge pull request #5997 from dodona-edu/fix/submit-to-invalid

Don't allow admins to submit to invalid exercises
dodona-edu · Dec 17, 2024 · 93886f6 · 93886f6
2 parents ecf37d2 + d373898
commit 93886f6
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 6 deletions.
diff --git a/app/policies/activity_policy.rb b/app/policies/activity_policy.rb
@@ -58,6 +58,7 @@ def media?
   def submit?
     return false if record.removed?
     return false if user.blank?
+    return false if record.not_valid?
     return true if user.admin?
     return true if record.ok?
 

diff --git a/test/controllers/submissions_controller_test.rb b/test/controllers/submissions_controller_test.rb
@@ -486,4 +486,24 @@ def expected_score_string(*args)
 
     assert_response :ok
   end
+
+  test 'should not be able to submit to invalid exercise' do
+    attrs = generate_attr_hash
+    exercise = Exercise.find(attrs[:exercise_id])
+    exercise.update!(status: :not_valid)
+
+    sign_in create(:staff)
+    create_request(attr_hash: attrs)
+
+    assert_response :unprocessable_entity
+  end
+
+  test 'should be able to submit to valid exercise' do
+    attrs = generate_attr_hash
+
+    sign_in create(:staff)
+    create_request(attr_hash: attrs)
+
+    assert_response :success
+  end
 end
diff --git a/test/system/activities_test.rb b/test/system/activities_test.rb
@@ -68,4 +68,11 @@ class ActivitiesTest < ApplicationSystemTestCase
 
     assert_text '`<script>alert("😀\\n")</script>\\n\n\\0`'
   end
+
+  test 'should not be able to submit to invalid exercise' do
+    exercise = create :exercise, status: :not_valid
+    visit exercise_path(id: exercise.id)
+
+    assert_no_selector '#editor-process-btn'
+  end
 end
diff --git a/test/system/scratchpad_test.rb b/test/system/scratchpad_test.rb
@@ -17,12 +17,6 @@ class ScratchpadTest < ApplicationSystemTestCase
     @course.series.first.activities << @exercise
 
     sign_in @zeus
-
-    # Open Papyros ready for use
-    visit(course_activity_path(course_id: @course.id, id: @exercise.id))
-
-    assert_selector '#scratchpad-offcanvas-show-btn'
-    find_by_id('scratchpad-offcanvas-show-btn').click
   end
 
   def codemirror_send_keys(parent, code)
@@ -41,6 +35,12 @@ def run_code(code)
   test 'Scratchpad can run code' do
     skip("This test fails infrequently, but i haven't figured out why yet")
 
+    # Open Papyros ready for use
+    visit(course_activity_path(course_id: @course.id, id: @exercise.id))
+
+    assert_selector '#scratchpad-offcanvas-show-btn'
+    find_by_id('scratchpad-offcanvas-show-btn').click
+
     ## Hello World!
     code = "print(\"Hello World!\")\n"
     run_code code