Skip to content

Commit

Permalink
Add warning when view open test of user and can submit answers.
Browse files Browse the repository at this point in the history
Viewing an open gateway test while acting as a student with the
permission to submit answers for that student is dangerous since
the user's answers will be saved over the student's answers.

In this case, give a warning to the user about the danger and
suggest they disable the permission to submit answers as students
before viewing the open test version, unless they plan to submit
answers for that student.

The warning will only appear when they first view the test
version unless they back out of the test version loosing the
hidden `submit_for_student_ok` parameter.
  • Loading branch information
somiaj committed Dec 10, 2024
1 parent 8a50103 commit 10abd79
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 20 deletions.
24 changes: 21 additions & 3 deletions lib/WeBWorK/ContentGenerator/GatewayQuiz.pm
Original file line number Diff line number Diff line change
Expand Up @@ -545,7 +545,7 @@ async sub pre_header_initialize ($c) {
$authz->hasPermissions($userID, 'record_answers_when_acting_as_student')
|| $authz->hasPermissions($userID, 'create_new_set_version_when_acting_as_student')
)
&& $c->param('createnew_ok')
&& $c->param('submit_for_student_ok')
)
)
)
Expand Down Expand Up @@ -618,15 +618,16 @@ async sub pre_header_initialize ($c) {
. 'the "Create New Test Version" button below. Alternatively, click "Cancel".',
$effectiveUserID
);
$c->{invalidVersionCreation} = 1;
$c->{invalidVersionCreation} = 1;
$c->{confirmSubmitForStudent} = 1;

} elsif ($effectiveUserID ne $userID) {
$c->{invalidSet} = $c->maketext(
'You are acting as user [_1], and do not have the permission to create a new test version '
. 'when acting as another user.',
$effectiveUserID
);
$c->{invalidVersionCreation} = 2;
$c->{invalidVersionCreation} = 1;

} elsif (($maxAttemptsPerVersion == 0 || $currentNumAttempts < $maxAttemptsPerVersion)
&& $c->submitTime < $set->due_date() + $ce->{gatewayGracePeriod})
Expand Down Expand Up @@ -659,6 +660,23 @@ async sub pre_header_initialize ($c) {
{
if (between($set->open_date(), $set->due_date() + $ce->{gatewayGracePeriod}, $c->submitTime)) {
$versionIsOpen = 1;

# If acting as another user, then the user has permissions to record answers for the
# student which is dangerous for open test versions. Give a warning unless the user
# has already confirmed they understand the risk.
if ($effectiveUserID ne $userID && !$c->param('submit_for_student_ok')) {
$c->{invalidSet} = $c->maketext(
'You are trying to view an open test version for [_1] and have the permission to submit '
. 'answers for that user. This is dangerous, as your answers can overwrite the '
. q/student's answers as you move between test pages, preview, or check answers. /
. 'If you are planing to submit answers for this student, click "View Test Version" '
. 'below to continue. If you only want to view the test version, click "Cancel" '
. 'below, then disable the permission to record answers when acting as a student '
. 'before viewing open test versions.',
$effectiveUserID
);
$c->{confirmSubmitForStudent} = 1;
}
}
}
}
Expand Down
41 changes: 24 additions & 17 deletions templates/ContentGenerator/GatewayQuiz.html.ep
Original file line number Diff line number Diff line change
Expand Up @@ -68,30 +68,33 @@
% # If the set or problem is invalid, then show that information and exit.
% if ($c->{invalidSet}) {
<div class="alert alert-danger mb-2">
<div class="mb-2">
% if ($c->{invalidVersionCreation}) {
<%= maketext(
'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).',
$setID, $effectiveUserID, $userID
) =%>
% } else {
<%= maketext(
'The selected test ([_1]) is not a valid test for [_2].',
$setID, $effectiveUserID
) =%>
% }
</div>
% if (!$c->{confirmSubmitForStudent} || $c->{invalidVersionCreation}) {
<div class="mb-2">
% if ($c->{invalidVersionCreation}) {
<%= maketext(
'The selected test ([_1]) is not a valid test for [_2] (acted as by [_3]).',
$setID, $effectiveUserID, $userID
) =%>
% } else {
<%= maketext(
'The selected test ([_1]) is not a valid test for [_2].',
$setID, $effectiveUserID
) =%>
% }
</div>
% }
<div><%= $c->{invalidSet} %></div>
% if ($c->{invalidVersionCreation} && $c->{invalidVersionCreation} == 1) {
% if ($c->{confirmSubmitForStudent}) {
<div class="mt-3">
<%= link_to maketext('Create New Test Version') => $c->systemLink(
<%= link_to $c->{invalidVersionCreation}
? maketext('Create New Test Version') : maketext('View Test Version') => $c->systemLink(
url_for,
params => { effectiveUser => $effectiveUserID, user => $userID, createnew_ok => 1 }
params => { effectiveUser => $effectiveUserID, user => $userID, submit_for_student_ok => 1 }
),
class => 'btn btn-primary'
=%>
<%= link_to maketext('Cancel') => $c->systemLink(
url_for('problem_list', setID => $setID),
url_for('problem_list', setID => $setID =~ s/,v\d+$//r),
params => { effectiveUser => $effectiveUserID, user => $userID }
),
class => 'btn btn-primary'
Expand Down Expand Up @@ -410,6 +413,10 @@
<%= hidden_field newPage => '' =%>
<%= hidden_field currentPage => $pageNumber =%>
% }
% # Keep track that a user has confirmed it is okay to submit for a student.
% if (param('submit_for_student_ok')) {
<%= hidden_field submit_for_student_ok => 1 =%>
% }
%
% # Set up links between problems and, for multi-page tests, pages.
% for my $i (0 .. $#$pg_results) {
Expand Down

0 comments on commit 10abd79

Please sign in to comment.