Autograder improvements

[KesterTan]

Description

This resolves #2198.

1. UI now indicates whether an autograder tar and makefile exists

2. UI now provides an option to download the existing autograder tar and makefile

3. Disable network access is now shifted from advanced settings to autograde settings.

Note that this does not appear when there is no file being selected, and the buttons to download should not appear as well.

Motivation and Context

This consolidates all autograder settings into a single place. This also minimizes confusion that a person has when uploading autograder tar and makefiles. This provides a fast and easy way for an instructor to check if they have uploaded a makefile or tar file and to also check the contents of the tar and makefile. Instructors will also no longer have to navigate out of autograder settings to disable or enable network access which is an autograder setting.

How Has This Been Tested?

1. Check that when there is no autograder uploaded, there is no buttons to download files and no help text
2. Check that when an autograder is uploaded, there are buttons to download the files and also the help text appears even when you refresh the page
3. Check that the buttons download the file as desired and that the buttons and help text work if only makefile is added or only tar file is added
4. Check that the check box for disable network access persists after refresh
5. Check that the checkbox for disable network access actually enables/disables network access as desired

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• I have run rubocop and erblint for style check. If you haven't, run overcommit --install && overcommit --sign to use pre-commit hook for linting
• My change requires a change to the documentation, which is located at Autolab Docs
• I have updated the documentation accordingly, included in this PR

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

📝 Walkthrough

Walkthrough

The changes involve enhancements to the AutogradersController, including the addition of file handling capabilities, updates to the assessment alongside the autograder, and a new method for downloading files. The user interface for uploading autograder files has been improved with conditional help text and download links for existing files. Additionally, the :disable_network checkbox has been modified to be included directly in the autograder settings form. A new route for downloading files has also been introduced, streamlining user interactions with the autograder feature.

Changes

Files	Change Summary
app/assets/stylesheets/style.css.scss	Modifications to styles for input fields, time picker components, error messages, and labels.
app/controllers/autograders_controller.rb	Added file existence checks, updated update method for assessments, added download_file method, and introduced assessment_params.
app/form_builders/form_builder_with_date_time_input.rb	Updated methods for handling file fields and score adjustments, including conditional logic for file display.
app/views/autograders/_form.html.erb	Enhanced file upload UI with conditional help text, added download links for existing files, and included a checkbox for :disable_network.

Assessment against linked issues

Objective	Addressed	Explanation
UI indication for uploaded autograder files (#2198)	✅
Ability to download existing autograder files through the UI (#2198)	✅
Consolidation of disable_network option into "Autograder Settings" (#2198)	❌	The checkbox was modified but not consolidated into a single settings area.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 6

Outside diff range and nitpick comments (2)

app/controllers/autograders_controller.rb (2)

95-95: Consistency: Redirect to the autograder edit page on error

When a file is not found, it would be more consistent to redirect back to the autograder edit page instead of the general assessment edit page.

Apply this diff to fix the inconsistency:

   flash[:error] = "File not found"
-  redirect_to(edit_course_assessment_path(@course, @assessment))
+  redirect_to(edit_course_assessment_autograder_path(@course, @assessment))

---

109-111: Style: Insert an empty line between method definitions

According to the Ruby style guide, there should be an empty line between method definitions for better readability.

Apply this diff:

 end
+ 
 def assessment_params
   params[:autograder][:assessment].permit(:disable_network)
 end

Tools

rubocop

[convention] 109-109: Expected 1 empty line between method definitions; found 0.

(Layout/EmptyLineBetweenDefs)

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 502e05b and a0b6658.

Files selected for processing (4)

• app/controllers/autograders_controller.rb (4 hunks)
• app/views/assessments/_edit_advanced.html.erb (0 hunks)
• app/views/autograders/_form.html.erb (1 hunks)
• config/routes.rb (1 hunks)

Files not reviewed due to no reviewable changes (1)

• app/views/assessments/_edit_advanced.html.erb

Additional context used

rubocop

app/controllers/autograders_controller.rb

[convention] 41-41: Use && instead of and.

(Style/AndOr)

---

[convention] 109-109: Expected 1 empty line between method definitions; found 0.

(Layout/EmptyLineBetweenDefs)

GitHub Check: CodeQL

app/controllers/autograders_controller.rb

[failure] 91-91: Uncontrolled data used in path expression
This path depends on a user-provided value.

Additional comments not posted (4)

app/views/autograders/_form.html.erb (3)

29-31: Consolidation of 'Disable Network' Setting Enhances Usability

Moving the disable_network checkbox into the Autograder settings section aligns related settings and improves the user experience by having all autograder configurations in one place.

---

43-45: Verify Security of File Download Links

As with the Makefile download link, ensure that @tar_exists used in the file_path parameter is properly sanitized to prevent unauthorized file access.

Run the following script to verify that @tar_exists is properly sanitized:

#!/bin/bash
# Description: Verify that @tar_exists is assigned only with allowed file paths.

# Test: Search for the assignment of @tar_exists in the controller and check the paths.
# Expected: @tar_exists is assigned safely and cannot be manipulated by users.

rg --type ruby '@tar_exists\s*='

---

39-41: Verify Security of File Download Links

Passing file_path: @makefile_exists directly to the download_file_course_assessment_autograder_path may introduce security risks if @makefile_exists can be manipulated to access unauthorized files. Ensure that the file_path parameter is properly validated and restricted to allowed directories.

Run the following script to verify that @makefile_exists is properly sanitized:

config/routes.rb (1)

142-144: LGTM

The addition of the download_file action within the autograder resource is appropriate and aligns with the goal of allowing users to download autograder files directly from the UI.

[evanyeyeye]

Would it be possible to reduce the spacing and align the new text more?

[coderabbitai]

Actionable comments posted: 2

🧹 Outside diff range and nitpick comments (4)

app/views/autograders/_form.html.erb (1)

15-16: Consider inlining the help text variables.

These variables are only used once each. Inlining them would reduce unnecessary complexity without sacrificing readability.

-  <% help_tar_text = "Tar file exists, upload a file to override." %>
-  <% help_makefile_text = "Makefile exists, upload a file to override." %>

app/assets/stylesheets/style.css.scss (1)

962-965: LGTM! Consider documenting the !important override.

The spacing adjustments for file input fields look good and address the UI feedback about reducing spacing. However, it would be helpful to add a comment explaining why the !important flag is necessary here to override other styles.

 div.file-field.input-field {
+  /* Override default materialize spacing for file inputs */
   padding-top: 0;
   margin-top: -0.5rem !important;
 }

app/controllers/autograders_controller.rb (2)

4-4: Consider removing unnecessary require 'pathname'

Rails applications usually have Pathname available by default via Rails.root, so explicitly requiring 'pathname' may be redundant.

---

Line range hint 41-47: Consider wrapping updates in a database transaction

To ensure that updates to @autograder and @assessment are atomic, consider wrapping them inside a database transaction. This will maintain data integrity if one update succeeds and the other fails.

Here's how you might implement it:

def update
  ActiveRecord::Base.transaction do
    if @autograder.update(autograder_params) && @assessment.update(assessment_params)
      flash[:success] = "Autograder saved."
      begin
        upload
      rescue StandardError
        flash[:error] = "Autograder could not be uploaded."
        raise ActiveRecord::Rollback
      end
    else
      flash[:error] = "Autograder could not be saved.<br>"
      flash[:error] += @autograder.errors.full_messages.join("<br>")
      flash[:error] += @assessment.errors.full_messages.join("<br>")
      flash[:html_safe] = true
      raise ActiveRecord::Rollback
    end
  end
  redirect_to(edit_course_assessment_autograder_path(@course, @assessment))
end

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 198db39 and 27c91fc.

📒 Files selected for processing (4)

• app/assets/stylesheets/style.css.scss (1 hunks)
• app/controllers/autograders_controller.rb (4 hunks)
• app/form_builders/form_builder_with_date_time_input.rb (2 hunks)
• app/views/autograders/_form.html.erb (1 hunks)

🧰 Additional context used

📓 Learnings (1)

app/controllers/autograders_controller.rb (2)

Learnt from: KesterTan
PR: autolab/Autolab#2209
File: app/controllers/autograders_controller.rb:32-36
Timestamp: 2024-09-19T06:35:55.985Z
Learning: In the `AutogradersController#edit` method, passing the file paths to the view is necessary to send the files in `download_file`.

Learnt from: evanyeyeye
PR: autolab/Autolab#2209
File: app/controllers/autograders_controller.rb:0-0
Timestamp: 2024-09-20T20:46:52.775Z
Learning: In the `AutogradersController`, ensure that the `download_file` method has `action_auth_level :download_file, :instructor` to restrict access to instructors.

🔇 Additional comments (8)

app/views/autograders/_form.html.erb (3)

17-18: LGTM! File upload fields effectively implement the requested indicators.

The implementation successfully addresses the PR objective of indicating file existence through the new attributes.

---

23-25: LGTM! Network access setting successfully moved to autograder form.

The implementation effectively addresses the PR objective of consolidating autograder settings by moving the network access control from advanced settings.

---

33-35: Verify authorization checks for file downloads.

While the download functionality meets the PR objectives, ensure proper authorization checks are in place in the controller's download_file action.

Consider improving button spacing.

Based on the UI feedback from evanyeyeye, consider removing the empty line between download buttons and adjusting their layout for better visual alignment.

  <% unless @makefile_exists.nil? %>
    <%= link_to "Download Makefile", download_file_course_assessment_autograder_path(file_path: @makefile_exists, file_key: 'makefile'), class: "btn" %>
  <% end %>
-
  <% unless @tar_exists.nil? %>
    <%= link_to "Download Tar", download_file_course_assessment_autograder_path(file_path: @tar_exists, file_key: 'tar'), class: "btn" %>
  <% end %>

Also applies to: 37-39

✅ Verification successful

Let me verify the authorization checks by searching for any before filters or authentication mechanisms in the controller.

---

Authorization checks for file downloads are properly implemented

The download_file action is well-secured with multiple layers of protection:

• Restricted to instructor-level access via action_auth_level :download_file, :instructor
• Protected by before_action filters that ensure course and assessment context
• Uses a whitelist approach with allowed_files hash to prevent path traversal
• Validates file existence before sending

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for download_file action implementation
ast-grep --pattern 'def download_file
  $$$
end'

Length of output: 1745

---

Script:

#!/bin/bash
# Search for before_action filters in the autograders controller
ast-grep --pattern 'class AutogradersController < $_
  $$$
end'

# Also search for any authentication related code
rg "before_" app/controllers/autograders_controller.rb

Length of output: 9553

app/form_builders/form_builder_with_date_time_input.rb (2)

30-31: LGTM! Clean formatting improvement.

The parameter alignment enhances code readability while maintaining functionality.

---

86-94: Implementation aligns well with PR objectives.

The conditional logic successfully implements the requirement to indicate whether an autograder file exists, improving the user experience as intended in issue #2198.

app/controllers/autograders_controller.rb (3)

32-37: LGTM! The edit method enhancements are appropriate

The additions correctly set up instance variables needed for the view to display the existence of the Makefile and tar file. This allows instructors to see if the files are present and provides the necessary paths for downloading.

---

88-106: LGTM! The download_file method is secure and well-implemented

The download_file action safely restricts downloads to predefined files and checks for file existence before sending. Using action_auth_level :download_file, :instructor ensures that only instructors can access this action.

---

119-120: LGTM! Proper handling of potentially missing parameters

The assessment_params method safely handles cases where parameters might be missing by using fetch with default empty hashes. This prevents potential NoMethodError exceptions due to nil values.

[coderabbitai]

Actionable comments posted: 1

🧹 Outside diff range and nitpick comments (1)

config/routes.rb (1)

143-145: Consider adding route documentation.

To improve maintainability, consider adding comments above the autograder resource block to document:

• The types of files that can be downloaded (Makefile, tar file)
• The authorization requirements
• The relationship with existing file management routes

Add documentation like this:

# Handles autograder configuration and file management
# GET /courses/:name/assessments/:name/autograder/download_file
#   - Allows instructors to download autograder files (Makefile, tar)
#   - Requires course_assistant or higher permissions
resource :autograder, except: [:new, :show] do
  get "download_file"
end

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between 27c91fc and 81a1e88.

📒 Files selected for processing (1)

• config/routes.rb (1 hunks)

[evanyeyeye]

LGTM