CSC/ECE 517 Fall 2016 E1687 Instructor account creation over the web: Difference between revisions
| Line 149: | Line 149: | ||
=='''Database Changes'''== | =='''Database Changes'''== | ||
We | We have created a new table called '''requested_users''' with table description that is similar to '''users''' | ||
The description of the table is as follows: | |||
[[File: | [[File:Requested_user_db.png ]] | ||
=='''Test Plan'''== | =='''Test Plan'''== | ||
Revision as of 23:00, 3 December 2016
E1687. Instructor Account Creation Over the Web
This page gives a detail of the final project of creating an instructor account over the web in Expertiza.
Introduction
Expertiza is a Ruby on Rails based open source project. The main motive of this project is to make learning more effective through peer review. This website is a result of combined effort of both students and faculty at NC State, and is used not just by this university but also in many other universities. The website allows students to form teams and work on various projects listed by the instructor and also suggest new topics that seem interesting, though they can opt not to work on them. It also makes it easy for the instructor to add a new topic to an assignment/project, create a new project and add students to it. The time spent by TAs and instructor is greatly reduced. The key feature is peer review, where the students can review the work of others and provide feedback. This helps in improving the existing work and also provides a new way to learn. There isn’t any restriction on the format of submission as it accepts any form of submission varying from URL to wiki pages, which isn’t a common feature in other websites.
Problem Statement
In Expertiza, user and instructor accounts are currently created by existing super administrators, instructors or TAs. For new users to access the system and experiment the features offered by Expertiza, a “demo-like” feature needs to implemented. The following are the set of requirements that needs to be catered with this feature:
- Allow people to request instructor accounts over the web. This feature should also have security features such as Captchas to help avoid account creation by bots.
- When a user account is created over the web, the super-admin should get e-mail regarding the same and also the user should be notified upon approval/denial (if denied, then reason should be specified).
- Currently, Expertiza consists of a lot of entities that can be made publicly visible to all other users in the system. But, accounts created this way should not be able to see existing public features, until the super-admin manually gives them permission to view public courses, assignments, and questionnaires.
- A user who creates an account over the web should be pointed to an instruction page and/or video on how to create an assignment and register students for it, etc.
Implementation
The following solutions shall be addressing the problems discussed above.
Problem 1
Once a user wants to register and try the features of Expertiza, upon opening the website, one can register by filling up the form and click the register button. There is a captcha that shall be shown below, to make sure that it isn't any bot that is accessing. It provides security to the application.
Problem 2
Once the user requests for an account creation, the super admin receives a mail informing about the request with the name of the requested user. The super admin shall then, look for the details of the user in the Requests tab and can either approve/decline the request. Once the super admin approves the user request, the user gets a mail notifying the same. If the request is rejected, then the reason should be mentioned in the reason tab of the form. But there is no mail sent to the user regarding that.
Problem 3
There shall be a flash message saying, “Login denied. Needs permission from super admin” that can be seen on the login page if an unregistered user tries to access the features of Expertiza. This helps in removing the access to few publicly visible features as it denies access completely.
Problem 4
Once the user account is approved by the super admin and the user tries to login upon notification, he/she shall be redirected to an “Instructions” page on successful login.
This page shall contain the video tutorials explaining various features of Expertiza and also on how to access them.
Files changed
The following are the list of files that were created/edited throughout the project.
- views/auth/_login.html.erb
- views/users/request_new.html.erb
- views/users/review.html
- views/instructions/home.html.erb
- views/users/edit.html.erb
- views/mailer/request_user_message.html.erb
- views/users/new.html.erb
- views/users/_password.html.erb
- views/users/_user.html.erb
- users_controller.rb
- routes.rb
- models
- mailer_helper.rb
- mailer.rb
- models/requested_user.rb
- config/initializers/recaptcha.rb
In _login.html.erb a new button called Request Sign Up was added for the new users to register. The register page will look as above. On clicking Request sign up, a user will be redirected to a page like below:
User will have to fill up all the required details and request a signup.
When a super administrator logins to his account he can go to Request/reject users menu as shown below
Super Admin can either approve/reject a user. The view for this page would be as shown below.
In addition to the above files a new file in instructions, named home.html.erb is created which will have all the videos explaining how Expertiza works.
In users_controller.rb we will be having two new methods. One method (request_user_create) to the new user to request for an account in Expertiza and also mail all the super admins about the new user request. Other method (create_approved_user) is for the super admin to either approve or reject the user request and send a mail to the requested user if his/her account is created. The mail also contains a password for the user to login.
The codes for each method are:
def request_user_create
#TODO: Do not allow duplicates
#TODO: All fields should be entered
@user = RequestedUser.new(user_params)
@user.institution_id = params[:user][:institution_id]
@user.status = 'Under Review'
#The super admin receives a mail about a new user request with the user name
if verify_recaptcha(model: @user) && @user.save
@super_users = User.joins(:role).where('roles.name' =>'Super-Administrator');
@super_users.each do |super_user|
prepared_mail = MailerHelper.send_mail_to_all_super_users(super_user,@user, "New account Request")
prepared_mail.deliver
end
flash[:success] = "User signup for \"#{@user.name}\" has been successfully requested. "
redirect_to '/instructions/home'
else
flash[:error] = "Error requesting sign up "
redirect_to :controller => 'users', :action => 'request_new', :role=>"Student"
end
end
def create_approved_user
@user = RequestedUser.find params[:id]
@user.status=params[:status]
@user.reason=params[:reason]
if @user.status.nil?
flash[:error] = "Please Approve or Reject before submitting"
elsif @user.update_attributes(params[:user])
flash[:success] = "The user \"#{@user.name}\" has been successfully updated."
end
if @user.status=="Approved"
check = User.find_by_name(@user.name)
@usernew = User.new()
@usernew.name = @user.name
@usernew.role_id = @user.role_id
@usernew.institution_id = @user.institution_id
@usernew.fullname = @user.fullname
@usernew.email = @user.email
# record the person who created this new user
@usernew.parent_id = session[:user].id
# set the user's timezone to its parent's
@usernew.timezonepref = User.find(@usernew.parent_id).timezonepref
if @usernew.save
password = @usernew.reset_password # the password is reset
# Mail is sent to the user with a new password
prepared_mail = MailerHelper.send_mail_to_user(@usernew, "Your Expertiza account and password
have been created.", "user_welcome", password)
prepared_mail.deliver
flash[:success] = "A new password has been sent to new user's e-mail address."
if @usernew.role.name == "Instructor" or @usernew.role.name == "Administrator"
AssignmentQuestionnaire.create(user_id: @user.id)
end
undo_link("The user \"#{@user.name}\" has been successfully created. ")
else
foreign
end
else
if @user.status=="Rejected"
#If the user request has been rejected, a flash message is shown and redirected to review page
if @user.update_columns(reason: params[:reason], status: params[:status])
flash[:success] = "The user \"#{@user.name}\" has been Rejected."
redirect_to action: 'review'
return
else
flash[:error] = "Error processing request."
end
end
end
redirect_to action: 'review'
end
Database Changes
We have created a new table called requested_users with table description that is similar to users
The description of the table is as follows:
Test Plan
We will be testing each of the functionality separately.
1. Test all views
will be testing if _login.html.erb, Request_new.html.erb and approve.html.erb are rendered properly.
2. Test all controller methods.
New test cases will be included for each case:
a) Does request_list method gives the proper list of requested users? b) Does approve_user actually create a new user c) Does reject_user actually not create a new user and change the status properly. d) Also test cases where the functions should not work.