E1842 Issues Related To Participants: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
No edit summary
 
(84 intermediate revisions by 3 users not shown)
Line 1: Line 1:
==Introduction==
This page provides a description of the Expertiza based OSS project.
__TOC__
 
=='''About Expertiza'''==
 
[http://expertiza.ncsu.edu/ Expertiza] is an open source project developed using Ruby on Rails framework.Expertiza allows the instructor to create new assignments and customize new or existing assignments.The application allows students to submit and peer-review learning objects (articles, code, web sites, etc)[1].Expertiza supports submission across various document types, including the URLs and wiki pages.
 
 
==='''Problem Statement'''===
==='''Problem Statement'''===
In Expertiza, an instructor is responsible for adding a participant to his course or assignment. This makes the course material available to the participant (or student per se). Since the instructor has admin rights, he is capable of impersonating the participant. This creates a few problems. This project addresses those issues.
In Expertiza, an instructor is responsible for adding a participant to his course or assignment. This makes the course material available to the participant (or student per se). Since the instructor has admin rights, he is capable of impersonating the participant. This creates a few problems. This project addresses those issues.
Line 8: Line 15:
Issues as described by the problem statement:
Issues as described by the problem statement:


Issue #536: Once the instructor impersonates the participant, he/she is capable of accessing all of participant’s work, irrespective of the course or the assignment. This raises serious security concerns.  
==='''Issue #536'''===
Suggested solution is to restrict the instructor to view only his coursework. You are free to provide suggestions and implement a solution to solve this problem.
Once the instructor impersonates the participant, he/she is capable of accessing all of participant’s work, irrespective of the course or the assignment. This raises serious security concerns.  
Suggested solution is to restrict the instructor to view only his coursework.  


Issue #1185: After adding a participant, the page has to be manually refreshed to show the name of the participant on the list. This creates a bad user experience and needs to be fixed.
==='''Issue #1185'''===
After adding a participant, the page has to be manually refreshed to show the name of the participant on the list. This creates a bad user experience and needs to be fixed.


----
----
Line 17: Line 26:
=='''Modified Files'''==
=='''Modified Files'''==


1) app/models/sign_up_sheet.rb
1) app/controllers/auth_controller.rb
 
2) app/controllers/impersonate_controller.rb
 
3) app/controllers/student_task_controller.rb


2) app/helpers/student_teams_helper.rb
4) app/views/participants/add.js.erb


3) app/views/sign_up_sheet/_table_line.html.erb
5) app/views/participants/_participant.html.erb


4) app/views/student_teams/view.html.erb
6) app/views/shared_scripts/_user_list.html.erb


----
----
Line 29: Line 42:
=='''Approach taken to resolve the issues'''==
=='''Approach taken to resolve the issues'''==


==='''Issue #311 '''===
==='''Issue #536 '''===
 
 
Once the instructor or teaching assistant impersonates the participant, he/she is capable of accessing all the assignments of this participant irrespective of the course and this raises serious security concerns.
Ideally, when this happened, the system should have displayed only those assignments to which he/she is assigned as an instructor or teaching assistant.
 
 
'''This issue has been fixed by modifying the current implementations of data filtering and session/role handling features.'''
 
 
'''1. Impersonation and Session Handling:'''
 
 
Setting and resetting of all the session data associated with impersonation are handled in auth_controller.rb file.
 
 
i] After login, session[:impersonate] value is set to false by default.
 
  session[:impersonate] = false
 
 
ii] Once the Instructor tries to impersonate any student, the following actions are performed.
 
 
a) Assign the instructor/TA data to a session variable and use this data when instructor/TA tries to switch back to their original role.
      # This data is used during data filtering also.
     
      original_user = session[:super_user] || session[:user]
      session[:original_user] = original_user
 
b) Impersonate flag is set to true and the session's user variable is set to the user data of impersonated student.
     
      session[:impersonate] = true
      session[:user] = user
 
 
iii] All the session data is cleared off when the user logs out.
 
    session[:original_user] = nil
    session[:impersonate] = nil
 
 
'''2. Data Filtering:'''
 
Logged in user's role data and impersonation status is used to filter the data for populating the assignments list.
 
This is implemented in student_task_controller.rb file:
 
  // check if the user is impersonating as TA
  def impersonating_as_ta?
    original_user = session[:original_user]
    ta_role = Role.where(name:['Teaching Assistant']).pluck(:id)
    ta_role.include? original_user.role_id
  end
 
  // Filter and populate all the relevant data
  def list
    redirect_to(controller: 'eula', action: 'display') if current_user.is_new_user
    session[:user] = User.find_by(id: current_user.id)
    @student_tasks = StudentTask.from_user current_user
    if session[:impersonate] && !impersonating_as_admin?
      @student_tasks = @student_tasks.select {|t| session[:original_user].id == t.assignment.instructor_id }
      if impersonating_as_ta?
        ta_course_ids = TaMapping.where(:ta_id => session[:original_user].id).pluck(:course_id)
        @student_tasks = @student_tasks.select {|t| ta_course_ids.include?t.assignment.course_id }
      else
        @student_tasks = @student_tasks.select {|t| session[:original_user].id == t.assignment.course.instructor_id }
      end
  end


A user who is enrolled in an assignment and has a topic, can advertise for more team members. When another user goes on the 'your team' link, who is enrolled in the same assignment but doesn't have a team and topic yet, he will be able to see the team advertisements by other teams. He can respond to any of the available advertisements. As soon as he responds to an advertisement, an entry is created in the "join_team_requests" table and the "status" attribute of the corresponding tuple holds "P" value signifying pending status. This request goes to the team who had posted that advertisement. The request can be approved or denied by the team members. In either of the case, the  "status" changes to "A" or "D" respectively for that entry.


If there is an entry in the "join_team_requests" table for a user, then (s)he can only see advertisements if the corresponding "status" is "D", which implies that this user is not yet part of a team. This can be checked by querying for participant_id, which is unique for each combination of (user_id, assignment_id), and then checking the "status" corresponding to that participant_id.
'''Why this approach?'''


Pseudocode representing the logic we have used to modify sign_up_sheet.rb:
We wanted some way to maintain the details of the logged in user to be available throughout the session and across all the controllers.
So, we have used session variables to store the user data and impersonation flag. Then, we use this impersonation flag and user data (role details) to decide whether to return whole or filtered results.


  Respond_To_Ads(user_id, assignment_id)
==='''Issue #1185 '''===
  p_id=Fetch participant_id corresponding to (user_id, assignment_id)
  Check entries for p_id in table join_team_request_table where status is either "A" or "P"
  count=number of such entries
  return count


Pseudocode representing the logic we have used to modify view.html.erb:
The user (instructor, TA or admin) has to click the ''Add'' button on the course or assignment page to add a new participant to the course or assignment. On click of the button, the browser initiates an AJAX request and gets a response HTML representing success or failure of the action. The failure case was already handled - an error message appears at the top of the page.
On success, it was observed that, though the HTML for a new table row (representing the just added participant) was part of the response, it was not being appended properly to the page's DOM.
This is fixed by giving an '''id''' to the ''table'' HTML element, and appending the new row to its ''tbody'' element.


  If Sign Up Sheet has topics for a particular assignment()
  If Respond_To_Ads(user_id, assignment_id) is equal to 0
    Show Trumpet icon which is a link to the Ads


==='''Issue #227 '''===
'''Why this approach?'''


If a user has an assignment and a topic only then (s)he will be able to advertise for team members to join their team. If a user doesn't have a topic (s)he won't be able to advertise.
Since we are appending to a html <nowiki><tbody></nowiki> element, we need a way to identify it. We could select the table body or the table itself. However, it looks more optimal to provide an id to the <nowiki><table></nowiki> that contains this <nowiki><tbody></nowiki> element, since this provides a way to edit other parts of this table in future.
The scenario in which A, B were two users, A with a topic, B without a topic, A joins B's  team but A's topic gets dropped; A,B become a team but with no topic. Such cases are now avoided as we have ensured that without first selecting a topic a user cannot advertise for team members nor can he send invitations to other users to join his team. This is done by quering in the database using inner join between tables-SignUpTopic, signed_up_teams,  team_users; and checking if the user has a topic for a particular assignment. If (s)he has a topic then he'll be able to see the option for advertising for teammates.
If the assignment doesn't have a topic then the user will be able to send out team invitations.
Pseudocode representing the logic we have used to modify student_teams_helper.rb:


  StudentTeamsHelper
After appending, we must also ensure that the "Submit" button which is part of the new HTML must be functional. So, an onchange listener is added to the button element (in the file add.js.erb).
    If the concerned assignment has topics
      return false if their are topics
    else return true


   User_Has_Topic(user_id, assignment_id)
   In app/views/shared_scripts/_user_list.html.erb:
    Query the database using inner joins between SignUpTopic, signed_up_teams, team_users
  <nowiki><</nowiki>table id="table_list" class="table table-striped" style="font-size: 15px"<nowiki>></nowiki>
    rows= number of rows returned by the above query
 
    If rows>0
  In app/views/participants/add.js.erb
      return true
  $("#table_list").find("tbody").append(
     else
  "<%= j render :partial => 'participant', :locals => {participant: @participant, :userid => @participant.user_id, :controller => 'participants'} %>");
      return false
  )
Pseudocode representing the logic we have used to modify view.html.erb:
  $('#'.concat(student_id.toString())).change(function(){
     $('#button'.concat(student_id.toString())).css("opacity",1);
  });


    If concerned assignment does not have topics OR User_Has_Topic is true
      Make Invite link visible


----
----
=='''Test Plan'''==
==='''''Issue #536'''===
1) Login as ''Instructor4''. Add a new assignment ''Assignment_Instructor4'' under the course ''Course 617, Spring 2016''.
2) Make ''student6400'' as the participant of that assignment and logout.
3) Login as ''Instructor6''. Add a new assignment ''Assignment_Instructor6'' under the course ''Course 517, Spring 2016''.
4) Make ''student6400'' as the participant of that assignment and logout.
5) Click on Manage -> Impersonate User and enter ''student6400'' as the user to be impersonated.
6) After impersonation, ''Instructor6'' will be able to see only his/her assignment details and not of any other instructors.
7) We need to login as ''Instructor4'' and verify that ''Instructor4'' is not able to see other assignment details of the other instructors.
8) Login as ''Instructor4''. Click on Manage -> Impersonate user. Enter ''student6400'' as the user to be impersonated.
9) After impersonation, ''Instructor4'' will be able to see only his/her assignment details and not of any other instructors.
10) Login as ''TeachingAssistant1274'' who is a TA for the Course 517, Spring 2016, who is a TA under Instructor6.
11) Create an assignment ''TA_Assignment'' and make ''student6400'' as a participant.
12) Click on Manage->Impersonate user and enter ''student6400'' as the student to be impersonated.
13) After impersonation, ''TeachingAssistant1274'' will be able to see all the assignment details of all courses for which (s)he is the TA and not the details of the other assignments.
14) Now suppose ''Instructor6'' logs in and impersonates the student ''student6400'', he will be able to see all the assignment details under his/her course i.e. all the details of the assignment that was created by ''Instructor6'' himself as well as the assignments created by his TA's.
15) Next, login as student6400 and click on assignments. The student will be able to see all the assignments of all the courses to which he/she is assigned to.
16) This verifies that the bugs have been fixed.
==='''Issue #1185'''===
1) Login as an ''Instructor'' or ''Admin'' or ''Super-Admin'' or ''TA''.
2) Click on Manage -> Assignments. In the ''Actions'' column click on ''Add Participant''.
3) After the list of all the participants you will be able to see ''Enter a user login'' text box.
4) Enter the user login in the text box (Ex: student9000) and click on ''Add'' button.
5) After clicking on the ''Add'' button, you will see the participant added at end of the list.
6) This verifies the bug has been fixed.
'''
== Screenshots of the flow ==
'''
1) Login as ''Instructor4''. Add a new assignment ''Assignment_Instructor4'' under the course ''Course 617, Spring 2016''.
[[File: Instructor4 Page with Course.png]]
2) Make ''student6400'' as the participant of that assignment and logout.
[[File: Ins4 with student in course.png]]
3) Login as ''Instructor6''. Add a new assignment ''Assignment_Instructor6'' under the course ''Course 517, Spring 2016''.
[[File:Ins6 homepage.png]]




4) Make ''student6400'' as the participant of that assignment and logout.


=='''Test Plan'''==


Automated tests cannot be written for this project. Automated tests will only be able to test the functionality of Rails and not the functionality of the amended files.
5) Click on Manage -> Impersonate User and enter ''student6400'' as the user to be impersonated.
----
[[File: Ins6_entering_student_in_impersonate.png]]
https://mymediasite.online.ncsu.edu/online/Play/3b649b16e7f7448d9d1ee79ee1448b221d
 
----
 
https://mymediasite.online.ncsu.edu/online/Play/31dcb783510c4322bcfbc894c71fbdd01d
6) After impersonation, ''Instructor6'' will be able to see only his/her assignment details and not of any other instructors.
----
[[File: Ins6_result_after_impersonate.png]]
==='''Issue #311'''===
 
 
7) We need to login as ''Instructor4'' and verify that ''Instructor4'' is not able to see other assignment details of the other instructors.
 
 
8) Login as ''Instructor4''. Click on Manage -> Impersonate user. Enter ''student6400'' as the user to be impersonated.
[[File: Ins4_impersonating_6400.png]]
 
 
9) After impersonation, ''Instructor4'' will be able to see only his/her assignment details and not of any other instructors.
[[File: Ins4_display_res_after_impersonate.png]]
 
 
10) Login as ''TeachingAssistant1274'' who is a TA for the Course 517, Spring 2016, who is a TA under Instructor6.
 
 
11) Create an assignment ''TA_Assignment'' and make ''student6400'' as a participant.
[[File: Ta_homepage.png]]
 
 
12) Click on Manage->Impersonate user and enter ''student6400'' as the student to be impersonated.
[[File: TA_enters_student_impersonate.png]]
 


1)Login as Admin, create an assignment with all the necessary details like maximum no of users per team, add topics for the assignment, enroll users(students) in the assignment.
13) After impersonation, ''TeachingAssistant1274'' will be able to see all the assignment details of all courses for which (s)he is the TA and not the details of the other assignments.
[[File: TA_impersonate_res.png]]


2)Login as user(Student) or impersonate a student, say student A, whom you have enrolled in the assignment. You should be able to see the assignment now in the Assignment section.


3)Since A doesn't have a topic yet, so you won't be able to see the advertise link.
14) Next, login as student6400 and click on assignments. The student will be able to see all the assignments of all the courses to which he/she is assigned to.


4)Go to the sign-up sheet for the assignment, select a topic. A now has a topic, so now A can advertise for team-members.


5)Post an advertisement-"Need team-members who know Ruby."
15) This verifies that the bugs have been fixed.


6)Login as another user(Student) or impersonate another student, say student B, whom you have enrolled in the assignment.


7)Since B doesn't have a topic yet, so you won't be able to see the advertise link.


8)Go to the sign-up sheet for the assignment, you'll be able to see a trumpet icon next to the topic that has an ad posted.


9)Click on the icon, you'll see the ad posted by A. Click on request to join A's team.
==='''Issue #1185'''===


10)On doing so an entry is created on the table "" and status holds value "P" signifying a pending request.
1) Login as an ''Instructor'' or ''Admin'' or ''Super-Admin'' or ''TA''.  


11)Now if you go on the sign-up sheet again, you will no longer see the trumpet icon through which you can access the ads since you have already responded to an ad and the request is in pending state.


12)Login as user A or impersonate A, now you'll be able to see the team join request sent by user B.
2) Click on Manage -> Assignments. In the ''Actions'' column click on ''Add Participant''.


13) Now, you can either approve it or decline it. Suppose you approve it, B will become a part of your team, and the status will change to "A". And now if you login as B or impersonate B, you will no longer be able to access the trumpet icon which is a link to all ads pertaining to topics the concerned assignment.


14)Had user A declined User Bs join request, the status in the table "" would change to "D", that means user B still doesn't have a team. So, now if you login as B or impersonate, you'll be able to see the ads again.
3) After the list of all the participants you will be able to see ''Enter a user login'' text box.




==='''Issue #227'''===
4) Enter the user login in the text box (Ex: student9000) and click on ''Add'' button.
[[File:Ins_adding_participant1.png]]


1)Login as user(Student) or impersonate a student, say student A, whom you have enrolled in the assignment.


2)You should be able to see the assignment now in the Assignment section. Since A doesn't have a topic yet, so you won't be able to see the advertise link.
5) After clicking on the ''Add'' button, you will see the participant added at end of the list.
[[File:Added_participant.png]]


3)Go to the sign-up sheet for the assignment, select a topic. A now has a topic, so now A can advertise for team-members. Post an advertisement-"Need team-members who know Ruby."


4)This ensures that for an assignment with  topics, a user can send out advertisements only if (s)he has a topic.
6) This verifies the bug has been fixed.


5)Login as Admin, create an assignment with all the necessary details like maximum no of users per team, do not add topics for the assignment, enroll users(students) in the assignment.


6)Login as user(Student) or impersonate a student, say student A, whom you have enrolled in the assignment. You should be able to see the assignment now in the Assignment section.
=='''Additional Links and References'''==


7)Since the assignment doesn't have any topics, therefore, you will be able to see the advertise link. You won't see a sign-up sheet since the assignment has no topics. You can advertise for teammates.
*Git pull link: http://github.com/expertiza/expertiza/pull/1250
#[https://github.com/expertiza/expertiza Expertiza on GitHub]
#[https://github.com/MJSiddu/expertiza GitHub Project Repository Fork]
#[http://expertiza.ncsu.edu/ The live Expertiza website]


==='''Screenshots from conducted Test '''===
==Team==
1) On clicking on 'Manage Content' the following screen is rendered which lists the existing assignments.
[mailto:aagniho@ncsu.edu Amogh Agnihotri Subbanna]<br>
----
[mailto:ckaidab@ncsu.edu Chinmai Kaidabettu Srinivas]<br>
[[File:create public assignment.jpg ]]
[mailto:smadhur@ncsu.edu Siddu Madhure Jayanna]
----
2) On clicking on 'New Public Assignment' the following form is displayed in which assignment details can be entered.
----
[[File:create setup1.jpg  ]]
----
3)Editing the created assignment.
----
[[File:create setup2.jpg ]]
----
4)Click on 'Topics' to add topics for the assignment.
----
[[File:create setup3.jpg ]]
----
5)Click on 'Rubrics' to set up assignment rubrics.
----
[[File:create setup4.jpg ]]
----
6)The following screenshot shows the completed setup.
----
[[File:completed setup for assignment with topic.jpg]]
----
7)On clicking on the image-link for adding participants for an assignment, the following screen is rendered.
----
[[File:adding student to assignmet.jpg ]]
----
8)Showing all added participants.
----
[[File:add the students.jpg ]]
----
9)The following screen is rendered when a student who is a participant in the current assignment clicks on it's sign-up sheet.
----
[[File:see the  topic.jpg ]]
----
10)The following screen is rendered when a participant clicks on the sign-up sheet for the assignment. link.
----
[[File:select topic.jpg ]]
----
11)The following screen is rendered when a participant chooses a topic and then clicks on 'create advertisement'.
----
[[File:create ad.jpg ]]
----
12)After creating an ad, user can now see a horn icon which is a link to display the advertisements corresponding to that topic in that assignment.
----
[[File:see ad.jpg ]]
----
13)The following screen is rendered after clicking on the horn icon.
----
[[File:see the ad.jpg ]]
----
14)The following screen is rendered after clicking on the link 'Request invitation'.
----
[[File:respond to ad.jpg ]]
----
15)After sending a request to join a team (via ad), the user will no longer see the link for the ads unless the request is denied by the receiver.
----
[[File:cant see any more ad.jpg ]]
----
16)This is the screen of the user who had created the ad. He is now able to see any join requests that he can approve/decline.
----
[[File:request to join.jpg  ]]
----

Latest revision as of 22:04, 9 November 2018

This page provides a description of the Expertiza based OSS project.

About Expertiza

Expertiza is an open source project developed using Ruby on Rails framework.Expertiza allows the instructor to create new assignments and customize new or existing assignments.The application allows students to submit and peer-review learning objects (articles, code, web sites, etc)[1].Expertiza supports submission across various document types, including the URLs and wiki pages.


Problem Statement

In Expertiza, an instructor is responsible for adding a participant to his course or assignment. This makes the course material available to the participant (or student per se). Since the instructor has admin rights, he is capable of impersonating the participant. This creates a few problems. This project addresses those issues.

Issues to be fixed

Issues as described by the problem statement:

Issue #536

Once the instructor impersonates the participant, he/she is capable of accessing all of participant’s work, irrespective of the course or the assignment. This raises serious security concerns. Suggested solution is to restrict the instructor to view only his coursework.

Issue #1185

After adding a participant, the page has to be manually refreshed to show the name of the participant on the list. This creates a bad user experience and needs to be fixed.

Modified Files

1) app/controllers/auth_controller.rb

2) app/controllers/impersonate_controller.rb

3) app/controllers/student_task_controller.rb

4) app/views/participants/add.js.erb

5) app/views/participants/_participant.html.erb

6) app/views/shared_scripts/_user_list.html.erb

Approach taken to resolve the issues

Issue #536

Once the instructor or teaching assistant impersonates the participant, he/she is capable of accessing all the assignments of this participant irrespective of the course and this raises serious security concerns. Ideally, when this happened, the system should have displayed only those assignments to which he/she is assigned as an instructor or teaching assistant.


This issue has been fixed by modifying the current implementations of data filtering and session/role handling features.


1. Impersonation and Session Handling:


Setting and resetting of all the session data associated with impersonation are handled in auth_controller.rb file.


i] After login, session[:impersonate] value is set to false by default. 

 session[:impersonate] = false


ii] Once the Instructor tries to impersonate any student, the following actions are performed.


a) Assign the instructor/TA data to a session variable and use this data when instructor/TA tries to switch back to their original role. 

     # This data is used during data filtering also.
     
     original_user = session[:super_user] || session[:user]
     session[:original_user] = original_user

b) Impersonate flag is set to true and the session's user variable is set to the user data of impersonated student. 

     session[:impersonate] = true
     session[:user] = user


iii] All the session data is cleared off when the user logs out. 

   session[:original_user] = nil
   session[:impersonate] = nil


2. Data Filtering:

Logged in user's role data and impersonation status is used to filter the data for populating the assignments list.

This is implemented in student_task_controller.rb file: 

 // check if the user is impersonating as TA
 def impersonating_as_ta?
   original_user = session[:original_user]
   ta_role = Role.where(name:['Teaching Assistant']).pluck(:id)
   ta_role.include? original_user.role_id
 end

 // Filter and populate all the relevant data
 def list
   redirect_to(controller: 'eula', action: 'display') if current_user.is_new_user
   session[:user] = User.find_by(id: current_user.id)
   @student_tasks = StudentTask.from_user current_user
   if session[:impersonate] && !impersonating_as_admin?
     @student_tasks = @student_tasks.select {|t| session[:original_user].id == t.assignment.instructor_id }
      if impersonating_as_ta?
       ta_course_ids = TaMapping.where(:ta_id => session[:original_user].id).pluck(:course_id)
       @student_tasks = @student_tasks.select {|t| ta_course_ids.include?t.assignment.course_id }
     else
       @student_tasks = @student_tasks.select {|t| session[:original_user].id == t.assignment.course.instructor_id }
     end
  end


Why this approach?

We wanted some way to maintain the details of the logged in user to be available throughout the session and across all the controllers. So, we have used session variables to store the user data and impersonation flag. Then, we use this impersonation flag and user data (role details) to decide whether to return whole or filtered results.

Issue #1185

The user (instructor, TA or admin) has to click the Add button on the course or assignment page to add a new participant to the course or assignment. On click of the button, the browser initiates an AJAX request and gets a response HTML representing success or failure of the action. The failure case was already handled - an error message appears at the top of the page. On success, it was observed that, though the HTML for a new table row (representing the just added participant) was part of the response, it was not being appended properly to the page's DOM. This is fixed by giving an id to the table HTML element, and appending the new row to its tbody element.


Why this approach?

Since we are appending to a html <tbody> element, we need a way to identify it. We could select the table body or the table itself. However, it looks more optimal to provide an id to the <table> that contains this <tbody> element, since this provides a way to edit other parts of this table in future.

After appending, we must also ensure that the "Submit" button which is part of the new HTML must be functional. So, an onchange listener is added to the button element (in the file add.js.erb). 

 In app/views/shared_scripts/_user_list.html.erb:
 <table id="table_list" class="table table-striped" style="font-size: 15px">
 
 In app/views/participants/add.js.erb
 $("#table_list").find("tbody").append(
 "<%= j render :partial => 'participant', :locals => {participant: @participant, :userid => @participant.user_id, :controller => 'participants'} %>");
 )
 $('#'.concat(student_id.toString())).change(function(){
   $('#button'.concat(student_id.toString())).css("opacity",1);
 });


Test Plan

Issue #536

1) Login as Instructor4. Add a new assignment Assignment_Instructor4 under the course Course 617, Spring 2016.

2) Make student6400 as the participant of that assignment and logout.

3) Login as Instructor6. Add a new assignment Assignment_Instructor6 under the course Course 517, Spring 2016.

4) Make student6400 as the participant of that assignment and logout.

5) Click on Manage -> Impersonate User and enter student6400 as the user to be impersonated.

6) After impersonation, Instructor6 will be able to see only his/her assignment details and not of any other instructors.

7) We need to login as Instructor4 and verify that Instructor4 is not able to see other assignment details of the other instructors.

8) Login as Instructor4. Click on Manage -> Impersonate user. Enter student6400 as the user to be impersonated.

9) After impersonation, Instructor4 will be able to see only his/her assignment details and not of any other instructors.

10) Login as TeachingAssistant1274 who is a TA for the Course 517, Spring 2016, who is a TA under Instructor6.

11) Create an assignment TA_Assignment and make student6400 as a participant.

12) Click on Manage->Impersonate user and enter student6400 as the student to be impersonated.

13) After impersonation, TeachingAssistant1274 will be able to see all the assignment details of all courses for which (s)he is the TA and not the details of the other assignments.

14) Now suppose Instructor6 logs in and impersonates the student student6400, he will be able to see all the assignment details under his/her course i.e. all the details of the assignment that was created by Instructor6 himself as well as the assignments created by his TA's.

15) Next, login as student6400 and click on assignments. The student will be able to see all the assignments of all the courses to which he/she is assigned to.

16) This verifies that the bugs have been fixed.

Issue #1185

1) Login as an Instructor or Admin or Super-Admin or TA.

2) Click on Manage -> Assignments. In the Actions column click on Add Participant.

3) After the list of all the participants you will be able to see Enter a user login text box.

4) Enter the user login in the text box (Ex: student9000) and click on Add button.

5) After clicking on the Add button, you will see the participant added at end of the list.

6) This verifies the bug has been fixed.

Screenshots of the flow


1) Login as Instructor4. Add a new assignment Assignment_Instructor4 under the course Course 617, Spring 2016.


2) Make student6400 as the participant of that assignment and logout.


3) Login as Instructor6. Add a new assignment Assignment_Instructor6 under the course Course 517, Spring 2016.


4) Make student6400 as the participant of that assignment and logout.


5) Click on Manage -> Impersonate User and enter student6400 as the user to be impersonated.


6) After impersonation, Instructor6 will be able to see only his/her assignment details and not of any other instructors.


7) We need to login as Instructor4 and verify that Instructor4 is not able to see other assignment details of the other instructors.


8) Login as Instructor4. Click on Manage -> Impersonate user. Enter student6400 as the user to be impersonated.


9) After impersonation, Instructor4 will be able to see only his/her assignment details and not of any other instructors.


10) Login as TeachingAssistant1274 who is a TA for the Course 517, Spring 2016, who is a TA under Instructor6.


11) Create an assignment TA_Assignment and make student6400 as a participant.


12) Click on Manage->Impersonate user and enter student6400 as the student to be impersonated.


13) After impersonation, TeachingAssistant1274 will be able to see all the assignment details of all courses for which (s)he is the TA and not the details of the other assignments.


14) Next, login as student6400 and click on assignments. The student will be able to see all the assignments of all the courses to which he/she is assigned to.


15) This verifies that the bugs have been fixed.



Issue #1185

1) Login as an Instructor or Admin or Super-Admin or TA.


2) Click on Manage -> Assignments. In the Actions column click on Add Participant.


3) After the list of all the participants you will be able to see Enter a user login text box.


4) Enter the user login in the text box (Ex: student9000) and click on Add button.


5) After clicking on the Add button, you will see the participant added at end of the list.


6) This verifies the bug has been fixed.


Additional Links and References

  1. Expertiza on GitHub
  2. GitHub Project Repository Fork
  3. The live Expertiza website

Team

Amogh Agnihotri Subbanna
Chinmai Kaidabettu Srinivas
Siddu Madhure Jayanna

Retrieved from "https://wiki.expertiza.ncsu.edu/index.php?title=E1842_Issues_Related_To_Participants&oldid=119114"