From 88c8f55e686f9b5db05153796939c7b7a76069c1 Mon Sep 17 00:00:00 2001 From: Jaimos Skriletz Date: Thu, 12 Dec 2024 16:08:29 -0700 Subject: [PATCH] Store acting confirmation in session for proctor logins. Store the confirmation state when creating a proctored test version for another user in the session so it can be used to confirm the first proctor authentication and not require a second while waiting to create the new test version. Credit to drgrice1. --- lib/WeBWorK.pm | 1 + lib/WeBWorK/Authen/Proctor.pm | 14 +++++++++---- lib/WeBWorK/ContentGenerator/GatewayQuiz.pm | 21 ++++++++++++------- .../ContentGenerator/GatewayQuiz.html.ep | 7 +++---- 4 files changed, 28 insertions(+), 15 deletions(-) diff --git a/lib/WeBWorK.pm b/lib/WeBWorK.pm index 319ea19c82..176d8d85cd 100644 --- a/lib/WeBWorK.pm +++ b/lib/WeBWorK.pm @@ -217,6 +217,7 @@ async sub dispatch ($c) { # current server time during a gateway quiz, and that definitely should not revoke proctor # authorization. delete $c->authen->session->{proctor_authorization_granted}; + delete $c->authen->session->{confirm_version_creation}; } return 1; } else { diff --git a/lib/WeBWorK/Authen/Proctor.pm b/lib/WeBWorK/Authen/Proctor.pm index 2cd91db890..704b946410 100644 --- a/lib/WeBWorK/Authen/Proctor.pm +++ b/lib/WeBWorK/Authen/Proctor.pm @@ -96,10 +96,16 @@ sub verify_normal_user { # is 'No', then the verify method will have returned 1, and this never happens. For an ongoing login session, only # a key with versioned set information is accepted, and that version must match the requested set version. The set # id will not have a version when opening a new version. For that new proctor credentials are required. - if ($self->{login_type} eq 'proctor_login' - && $c->stash('setID') =~ /,v\d+$/ - && $c->authen->session('proctor_authorization_granted') - && $c->authen->session('proctor_authorization_granted') eq $c->stash('setID')) + if ( + $self->{login_type} eq 'proctor_login' + && ( + ( + $c->stash('setID') =~ /,v\d+$/ + && $c->authen->session('proctor_authorization_granted') // '' eq $c->stash('setID') + ) + || $c->authen->session('confirm_version_creation') + ) + ) { return 1; } else { diff --git a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm index 5b156d7b98..6da8fb8c7c 100644 --- a/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm +++ b/lib/WeBWorK/ContentGenerator/GatewayQuiz.pm @@ -609,7 +609,7 @@ async sub pre_header_initialize ($c) { || $authz->hasPermissions($userID, 'create_new_set_version_when_acting_as_student')) ) { - $c->{actingConformation} = $c->maketext( + $c->stash->{actingConfirmation} = $c->maketext( 'You are acting as user [_1]. If you continue, you will create a new version of ' . 'this test for that user, which will count against their allowed maximum ' . 'number of versions for the current time interval. In general, this is not ' @@ -617,8 +617,7 @@ async sub pre_header_initialize ($c) { . 'the "Create New Test Version" button below. Alternatively, click "Cancel".', $effectiveUserID ); - $c->{actingConformationCreate} = 1; - return; + $c->stash->{actingConfirmationButton} = $c->maketext('Create New Test Version'); } elsif ($effectiveUserID ne $userID) { $c->{actingCreationError} = 1; @@ -659,7 +658,7 @@ async sub pre_header_initialize ($c) { # student which is dangerous for open test versions. Give a warning unless the user # has already confirmed they understand the risk. if ($effectiveUserID ne $userID && !$c->param('submit_for_student_ok')) { - $c->{actingConformation} = $c->maketext( + $c->stash->{actingConfirmation} = $c->maketext( 'You are trying to view an open test version for [_1] and have the permission to submit ' . 'answers for that user. This is dangerous, as your answers can overwrite the ' . q/student's answers as you move between test pages, preview, or check answers. / @@ -669,7 +668,7 @@ async sub pre_header_initialize ($c) { . 'before viewing open test versions.', $effectiveUserID ); - return; + $c->stash->{actingConfirmationButton} = $c->maketext('View Test Version'); } } } @@ -688,6 +687,13 @@ async sub pre_header_initialize ($c) { else { delete $c->authen->session->{proctor_authorization_granted}; } } + if ($c->stash->{actingConfirmation}) { + # Store session while waiting for confirmation for proctored tests. + $c->authen->session(confirm_version_creation => 1) if $c->{assignment_type} eq 'proctored_gateway'; + return; + } + delete $c->authen->session->{confirm_version_creation}; + # If the set is invalid, then delete any proctor session keys and return. if ($c->{invalidSet} || $c->{actingCreationError}) { if (defined $c->{assignment_type} && $c->{assignment_type} eq 'proctored_gateway') { @@ -1362,7 +1368,8 @@ sub path ($c, $args) { $args, 'WeBWorK' => $navigation_allowed ? $c->url_for('root') : '', $courseName => $navigation_allowed ? $c->url_for('set_list') : '', - $setID eq 'Undefined_Set' || $c->{invalidSet} || $c->{actingCreationError} || $c->{actingConformation} + $setID eq 'Undefined_Set' + || $c->{invalidSet} || $c->{actingCreationError} || $c->stash->{actingConfirmation} ? ($setID => '') : ( $c->{set}->set_id => $c->url_for('problem_list', setID => $c->{set}->set_id), @@ -1376,7 +1383,7 @@ sub nav ($c, $args) { my $userID = $c->param('user'); my $effectiveUserID = $c->param('effectiveUser'); - return '' if $c->{invalidSet} || $c->{actingCreationError} || $c->{actingConformation}; + return '' if $c->{invalidSet} || $c->{actingCreationError} || $c->stash->{actingConfirmation}; # Set up and display a student navigation for those that have permission to act as a student. if ($c->authz->hasPermissions($userID, 'become_student') && $effectiveUserID ne $userID) { diff --git a/templates/ContentGenerator/GatewayQuiz.html.ep b/templates/ContentGenerator/GatewayQuiz.html.ep index 7b251f1f24..52ab0a94bb 100644 --- a/templates/ContentGenerator/GatewayQuiz.html.ep +++ b/templates/ContentGenerator/GatewayQuiz.html.ep @@ -87,12 +87,11 @@ % last; % } % # Get confirmation before creating new test version or working on an open test for another user. -% if ($c->{actingConformation}) { +% if ($actingConfirmation) {
-
<%= $c->{actingConformation} =%>
+
<%= $actingConfirmation =%>
- <%= link_to $c->{actingConformationCreate} - ? maketext('Create New Test Version') : maketext('View Test Version') => $c->systemLink( + <%= link_to $actingConfirmationButton => $c->systemLink( url_for, params => { effectiveUser => $effectiveUserID, user => $userID, submit_for_student_ok => 1 } ),