Expertiza_Wiki - User contributions [en]

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-05T02:49:08Z

Mayyapp: /* Pull Request */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We have converted the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. We have reimplemented the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertiza can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]

This is not the only file that we have edited. We also needed to edit users.rb file to add some functionality regarding the impersonation criteria. We have used JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code works work to change the current user as and when necessary in the API. We also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We have also ensured that we have the supporting methods in the User class implemented. One such example of a method that we have reimplemented is the “can_impersonate?” method within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we first tested all functionality using the Postman API.

We test by creating tokens for each user logged in and check if the logged in user (current user) can impersonate any other user or not.
We also check if adding special characters in the URL lets us impersonate other users or throws an appropriate error.

The working of the Postman testing is included in the vidoe link below.

Later we moved on to testing our program using the RSwag tool. This allowed us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods - https://drive.google.com/file/d/19BTXHedw4iUgbIQf8c5cWdKpnnNUVm6k/view?usp=sharing

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

Link - https://github.com/expertiza/reimplementation-back-end/pull/68

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-05T02:46:43Z

Mayyapp: /* Test Plan */

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-05T02:43:33Z

Mayyapp: /* Test Plan */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We have converted the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. We have reimplemented the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertiza can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]

This is not the only file that we have edited. We also needed to edit users.rb file to add some functionality regarding the impersonation criteria. We have used JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code works work to change the current user as and when necessary in the API. We also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We have also ensured that we have the supporting methods in the User class implemented. One such example of a method that we have reimplemented is the “can_impersonate?” method within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we first tested all functionality using the Postman API. The working of the Postman testing is included in the vidoe link below. We then tested our program using the RSwag tool. This allowed us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods - https://drive.google.com/file/d/19BTXHedw4iUgbIQf8c5cWdKpnnNUVm6k/view?usp=sharing

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-05T02:30:30Z

Mayyapp: /* Solution */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We have converted the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. We have reimplemented the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertiza can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]

This is not the only file that we have edited. We also needed to edit users.rb file to add some functionality regarding the impersonation criteria. We have used JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code works work to change the current user as and when necessary in the API. We also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We have also ensured that we have the supporting methods in the User class implemented. One such example of a method that we have reimplemented is the “can_impersonate?” method within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we first tested all functionality using the Postman API. The working of the Postman testing video will be posted here in some time. We then tested our program using the RSwag tool. This allowed us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here soon.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-05T02:30:14Z

Mayyapp: /* Solution */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We have converted the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. We have reimplemented the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertiza can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we have edited. We also needed to edit users.rb file to add some functionality regarding the impersonation criteria. We have used JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code works work to change the current user as and when necessary in the API. We also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We have also ensured that we have the supporting methods in the User class implemented. One such example of a method that we have reimplemented is the “can_impersonate?” method within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we first tested all functionality using the Postman API. The working of the Postman testing video will be posted here in some time. We then tested our program using the RSwag tool. This allowed us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here soon.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-04T20:25:04Z

Mayyapp: /* Test Plan */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we first tested all functionality using the Postman API. The working of the Postman testing video will be posted here in some time. We then tested our program using the RSwag tool. This allowed us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here soon.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-04T16:34:36Z

Mayyapp: /* Methods Reimplemented */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

'''Original'''
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

'''Modification''' :
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

'''Original'''

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

'''Modification''' :
Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

'''Original'''

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

'''Modification''' :
We removed the flash error as it will not work in the our new implementation.

'''Original'''
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

'''Modification''' :
This method is now called inside the 'impersonate' method using JWT token

'''Original'''
<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

'''Modification''' :
We got rid of this method as we now authenticate the user with a JWT token instead.

'''Original'''
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

'''Modified code'''

<pre> def check_if_input_is_valid
if params[:impersonate].blank? || warn_for_special_chars(params[:impersonate], 'Username')
# render json: { success: false, error: 'Please enter valid user name' }, status: :unprocessable_entity
end
end

def warn_for_special_chars(str, field_name)
puts str
if contains_special_chars? str
render json: { success: false, error: field_name + " must not contain special characters '" + special_chars + "'." }, status: :unprocessable_entity
return true
end
false
end

def contains_special_chars?(str)
special = special_chars
regex = /[#{Regexp.escape(special)}]/
!str.match(regex).nil?
end
def special_chars
'/\\?<>|&$#'
end
</pre>

'''Modification''' :
This new method checks and warns about special characters used in the input. The special characters it checks for are /\\?<>|&$#

'''Original'''

<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>

'''Modification''' :
We changed the session to a JWT token in this method.

'''Modified code'''
<pre> def check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate] )
if user
return @current_user.can_impersonate? user
end
false
end
</pre>

'''Original'''

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

'''Modification''' :
Modified code using JWT tokens

<pre>
def impersonate
if check_if_user_impersonatable?
user = User.find_by(name: params[:impersonate])

if user
impersonate_payload = { id: user.id, name: user.name, full_name: user.full_name, role: user.role.name,
institution_id: user.institution.id, impersonate: true, original_user: @current_user }
impersonate_token = JsonWebToken.encode(impersonate_payload, 24.hours.from_now)

render json: { success: true, token: impersonate_token, message: "Successfully impersonated #{user.name}" }
else
render json: { success: false, error: 'User not found' }, status: :not_found
end
else
render json: { success: false, error: "You don't have permission to impersonate this user" }, status: :forbidden
end
end
</pre>

'''Modification''' :
In order to check if the user can be impersonated, we delegate it to the user class. The user class now handles this part of checking

'''Modified code in user.rb'''

<pre>
def can_impersonate?(user)
return true if role.super_administrator?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false

end
def teaching_assistant_for?(student)
return false unless ta?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each { |user|
if user.id == student.id
return true
end
}
false
end

def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_administrator?

recursively_parent_of(p)
end
end
</pre>

'''Original'''

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

'''Modification''' :
'''IMPORTANT'''
We believe that this project is a mix of frontend and backend. So the assumption we have made is that when a user wants to impersonate any other user, the JWT token for the current user is stored in the frontend. And when the 'session' for impersonation is over, the user is assigned their previous JWT token retrieved from the frontend.

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-04T03:29:05Z

Mayyapp: /* Methods Reimplemented */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

Original
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

Update
We have removed the session and stored the user with a JWT token to authenticate. So this method is no longer required.

Original

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

Update

Instead of using session we just access the current user, and since this is a frontend task we decided to not keep it.

Original

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

Updated
We removed the flash error as it will not work in the our new implementation.

Original:
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

Updated
This method is now called inside the 'impersonate' method using JWT token

Original

<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

Updated
We got rid of this method as we now authenticate the user with a JWT token instead.

Original
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

Updated:
We have changed the number of parameters for this method. Instead of two, this method now only takes one parameter which is the username of the user we wish to impersonate. We also have removed the flash errors.

Original
<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>
Updated:

--we will change the session to a JWT token in this method

Original

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- we will change the session to a JWT token and flash message from this method.

Original:

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

Updated:
-- we will implement a JWT token instead of using a session here

Original 
<pre>
def can_impersonate?(user)
return true if role.super_admin?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_admin?

recursively_parent_of(p)
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
return true if ta.courses_assisted_with.any? do |c|
c.assignments.map(&:participants).flatten.map(&:user_id).include? student.id
end
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-04T00:01:52Z

Mayyapp: /* Design */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==

[[File:UML_diagram_E2377.png|900px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

Original
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

Updated
-- we will remove the session and store the user with a JWT token to authenticate

Original

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

Updated

--instead of using session we will just access the current user
-- we will remove the inline rendering and return a JSON instead

Original

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

Updated
--we will remove the flash error as it will not work in the new implementation

Original:
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

Updated:
-- We will not be using sessions so we will be using JWT tokens to authenticate users instead of making a traditional session

Original

<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

Updated
--instead, we will just update the current User but we will authenticate the user with a JWT token instead.

Original
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- in this method we will remove the flash errors

Original
<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>
Updated:

--we will change the session to a JWT token in this method

Original

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- we will change the session to a JWT token and flash message from this method.

Original:

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

Updated:
-- we will implement a JWT token instead of using a session here

Original 
<pre>
def can_impersonate?(user)
return true if role.super_admin?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_admin?

recursively_parent_of(p)
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
return true if ta.courses_assisted_with.any? do |c|
c.assignments.map(&:participants).flatten.map(&:user_id).include? student.id
end
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

File:UML diagram E2377.png

2023-12-03T23:58:36Z

Mayyapp: Mayyapp uploaded a new version of File:UML diagram E2377.png

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-03T23:58:18Z

Mayyapp:

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==
UML Diagram
[[File:UML_diagram_E2377.png|700px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

Original
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

Updated
-- we will remove the session and store the user with a JWT token to authenticate

Original

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

Updated

--instead of using session we will just access the current user
-- we will remove the inline rendering and return a JSON instead

Original

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

Updated
--we will remove the flash error as it will not work in the new implementation

Original:
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

Updated:
-- We will not be using sessions so we will be using JWT tokens to authenticate users instead of making a traditional session

Original

<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

Updated
--instead, we will just update the current User but we will authenticate the user with a JWT token instead.

Original
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- in this method we will remove the flash errors

Original
<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>
Updated:

--we will change the session to a JWT token in this method

Original

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- we will change the session to a JWT token and flash message from this method.

Original:

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

Updated:
-- we will implement a JWT token instead of using a session here

Original 
<pre>
def can_impersonate?(user)
return true if role.super_admin?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_admin?

recursively_parent_of(p)
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
return true if ta.courses_assisted_with.any? do |c|
c.assignments.map(&:participants).flatten.map(&:user_id).include? student.id
end
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

File:UML diagram E2377.png

2023-12-03T23:54:51Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-12-03T23:40:43Z

Mayyapp:

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==
UML Diagram
[[File:UML_E2377.jpeg|600px|UML Diagram]]
 

[[File:Hierarchy_diagram_E2377.png|500px|hierarchy_diagram]]

== Methods Reimplemented ==

Original
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

Updated
-- we will remove the session and store the user with a JWT token to authenticate

Original

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

Updated

--instead of using session we will just access the current user
-- we will remove the inline rendering and return a JSON instead

Original

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

Updated
--we will remove the flash error as it will not work in the new implementation

Original:
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

Updated:
-- We will not be using sessions so we will be using JWT tokens to authenticate users instead of making a traditional session

Original

<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

Updated
--instead, we will just update the current User but we will authenticate the user with a JWT token instead.

Original
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- in this method we will remove the flash errors

Original
<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>
Updated:

--we will change the session to a JWT token in this method

Original

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- we will change the session to a JWT token and flash message from this method.

Original:

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

Updated:
-- we will implement a JWT token instead of using a session here

Original 
<pre>
def can_impersonate?(user)
return true if role.super_admin?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_admin?

recursively_parent_of(p)
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
return true if ta.courses_assisted_with.any? do |c|
c.assignments.map(&:participants).flatten.map(&:user_id).include? student.id
end
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

File:Hierarchy diagram E2377.png

2023-12-03T23:38:18Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:47:00Z

Mayyapp: /* Methods Reimplemented */

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

== Problem Statement ==
The current expertiza platform allows authorized users to impersonate others, utilizing session-based authentication. The challenge is to reimplement this feature in the new expertiza backend (https://github.com/expertiza/reimplementation-back-end), which employs JWT token authentication.

Key challenges include adapting the existing session-based logic to work seamlessly with JWT tokens and transitioning from a Model-View-Controller (MVC) architecture to an API-only setup, requiring responses in JSON format. The goal is to ensure the smooth integration of the impersonation feature into the new backend while addressing authentication changes and architectural shifts.

== Solution ==

We plan to convert the impersonate users functionality from the MVC pattern in Expertiza to match the Rails API specification for the reimplementation backend repository. To do this we will reimplement the impersonate_controller.rb file located within expertiza/app/controllers/. The link to the original controller within expertizsa can be found at this link: [https://github.com/expertiza/expertiza/blob/main/app/controllers/impersonate_controller.rb Original Controller]
This is not the only file that we will be editing. We will be using JWT Tokens for authentication. The front end will still be responsible for storing the original user to get the original user back in function. Our code will work to change the current user as and when necessary in the API. Will also ensure that user privileges are checked to authorize only the relevant users to impersonate student users. Users that are super admin, TAs for other users or recursively parents of the user they are trying to impersonate can impersonate the user.
We will also ensure that we have the supporting methods in the User class are implemented. One such example of a method that we may need to reimplement is “can_impersonate?” within the User class.

== Design ==

[[File:UML_E2377.jpeg|600px|UML Diagram]]

== Methods Reimplemented ==

Original
<pre>def action_allowed?
# Check for TA privileges first since TA's also have student privileges.
if ['Student'].include? current_role_name
!session[:super_user].nil?
else
['Super-Administrator',
'Administrator',
'Instructor',
'Teaching Assistant'].include? current_role_name
end
end</pre>

Updated
-- we will remove the session and store the user with a JWT token to authenticate

Original

<pre>def auto_complete_for_user_name
@users = session[:user].get_available_users(params[:user][:name])
render inline: "<%= auto_complete_result @users, 'name' %>", layout: false
end</pre>

Updated

--instead of using session we will just access the current user
-- we will remove the inline rendering and return a JSON instead

Original

<pre>
def start
flash[:error] = "This page doesn't take any query string." unless request.GET.empty?
end
</pre>

Updated
--we will remove the flash error as it will not work in the new implementation

Original:
<pre> def generate_session(user)
AuthController.clear_user_info(session, nil)
session[:original_user] = @original_user
session[:impersonate] = true
session[:user] = user
end</pre>

Updated:
-- We will not be using sessions so we will be using JWT tokens to authenticate users instead of making a traditional session

Original

<pre>def overwrite_session
if params[:impersonate].nil?
user = real_user(params[:user][:name])
session[:super_user] = session[:user] if session[:super_user].nil?
generate_session(user)
elsif !params[:impersonate][:name].empty?
user = real_user(params[:impersonate][:name])
generate_session(user)
else
session[:user] = session[:super_user]
session[:super_user] = nil
end
end</pre>

Updated
--instead, we will just update the current User but we will authenticate the user with a JWT token instead.

Original
<pre>def check_if_input_is_valid
if params[:user] && warn_for_special_chars(params[:user][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
elsif params[:impersonate] && warn_for_special_chars(params[:impersonate][:name], 'Username')
flash[:error] = 'Please enter valid user name'
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- in this method we will remove the flash errors

Original
<pre>def check_if_user_impersonateable
if params[:impersonate].nil?
user = real_user(params[:user][:name])
unless @original_user.can_impersonate? user
@message = "You cannot impersonate '#{params[:user][:name]}'."
temp
AuthController.clear_user_info(session, nil)
else
overwrite_session
end
else
unless params[:impersonate][:name].empty?
overwrite_session
end
end
end</pre>
Updated:

--we will change the session to a JWT token in this method

Original

<pre>
def impersonate
begin
@original_user = session[:super_user] || session[:user]
if params[:impersonate].nil?
@message = "You cannot impersonate '#{params[:user][:name]}'."
@message = 'User name cannot be empty' if params[:user][:name].empty?
user = real_user(params[:user][:name])
check_if_user_impersonateable if user
elsif !params[:impersonate][:name].empty?
# Impersonate a new account
@message = "You cannot impersonate '#{params[:impersonate][:name]}'."
user = real_user(params[:impersonate][:name])
check_if_user_impersonateable if user
# Revert to original account when currently in the impersonated session
elsif !session[:super_user].nil?
AuthController.clear_user_info(session, nil)
session[:user] = session[:super_user]
user = session[:user]
session[:super_user] = nil
end
# Navigate to user's home location as the default landing page after impersonating or reverting
AuthController.set_current_role(user.role_id, session)
redirect_to action: AuthHelper.get_home_action(session[:user]),
controller: AuthHelper.get_home_controller(session[:user])
rescue StandardError
flash[:error] = @message
redirect_back fallback_location: root_path
end
end</pre>

Updated:
-- we will change the session to a JWT token and flash message from this method.

Original:

<pre>def real_user(name)
if User.anonymized_view?(session[:ip])
user = User.real_user_from_anonymized_name(name)
else
user = User.find_by(name: name)
end
return user
end</pre>

Updated:
-- we will implement a JWT token instead of using a session here

Original 
<pre>
def can_impersonate?(user)
return true if role.super_admin?
return true if teaching_assistant_for?(user)
return true if recursively_parent_of(user)

false
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def recursively_parent_of(user)
p = user.parent
return false if p.nil?
return true if p == self
return false if p.role.super_admin?

recursively_parent_of(p)
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

Original
<pre>
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
return true if ta.courses_assisted_with.any? do |c|
c.assignments.map(&:participants).flatten.map(&:user_id).include? student.id
end
end
</pre>

-- We will reimplement these methods to work with our JWT based authentication system

== Test Plan ==
For the testing of this project, we will first test all functionality using the Postman API. If everything works as expected, we will then start testing our program using the RSwag tool. This will allow us to test and explore operations using a UI and directly from the rspec integration tests. 
The video links for these testing methods will be posted here when we complete it.

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:44:10Z

Mayyapp:

File:UML E2377.jpeg

2023-11-14T22:41:36Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:29:42Z

Mayyapp: /* Methods Reimplemented */

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:15:00Z

Mayyapp: /* Test Plan */

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:14:47Z

Mayyapp: /* Test Plan */

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T22:04:26Z

Mayyapp: /* Problem Statement */

CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate controller.rb)

2023-11-14T20:33:38Z

Mayyapp: Created page with "==Expertiza== [http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects,..."

CSC/ECE 517 Fall 2023

2023-11-14T20:30:58Z

Mayyapp:

* [[CSC/ECE 517 Fall 2023 - E2350. Allow reviewers to bid on what to review]]
* [[CSC/ECE 517 Fall 2023 - E2351. Finish mentor management for assignments without topics]]
* [[CSC/ECE 517 Fall 2023 - E2352. Fix "Back" link on “New Late Policy” page]]
* [[CSC/ECE 517 Fall 2023 - E2353. Further refactoring and improvement of review mapping helper]]
* [[CSC/ECE 517 Fall 2023 - E2355. Improving Search Facility In Expertiza]]
* [[CSC/ECE 517 Fall 2023 - E2356. Refactor review_mapping_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2357. Refactor sign_up_sheet_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2358. Refactor student_quizzes_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2359. Refactor user_controller.rb, user.rb, and its child classes]]
* [[CSC/ECE 517 Fall 2023 - E2360. View for Results of Bidding]]
* [[CSC/ECE 517 Fall 2023 - E2361. Create a page to create and update a Questionnaire in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2362. Create a page to edit an Assignment's due date in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2363. Create a UI for Assignment Edit page "Etc" tab in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2364. Create a UI for Course's & Assignment's "Add Participants" page]]
* [[CSC/ECE 517 Fall 2023 - E2365. Create a user interface for Questionnaire in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2366. Reimplement assignment model and assignment controller]]
* [[CSC/ECE 517 Fall 2023 - E2367. Reimplement participants_controller.rb, participants.rb and its child classes]]
* [[CSC/ECE 517 Fall 2023 - E2368. Reimplement of due_date.rb]]
* [[CSC/ECE 517 Fall 2023 - E2369. Reimplement duties controller.rb and badges controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller]]
* [[CSC/ECE 517 Fall 2023 - E2371. Reimplement quiz_questionnaires_controller]]
* [[CSC/ECE 517 Fall 2023 - E2373. Reimplementation of teams controller]]
* [[CSC/ECE 517 Fall 2023 - E2374. Reimplement the Question hierarchy]]
* [[CSC/ECE 517 Fall 2023 - E2375. Reimplement Waitlists]]
* [[CSC/ECE 517 Fall 2023 - E2376. Reimplement student_quizzes_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization_helper.rb]]
* [[CSC/ECE 517 Fall 2023 - E2382. Optimizing the LatePoliciesController]]
* [[CSC/ECE 517 Fall 2023 - E2383. Grading Audit Trail]]
* [[CSC/ECE 517 Fall 2023 - E2377. Reimplement impersonating users (functionality within impersonate_controller.rb)]]
* [[CSC/ECE 517 Fall 2023 - NTX-2 Observability and Debuggability]]
* [[CSC/ECE 517 Fall 2023 - NTX-4 Extend NDB Operator capabilities to support Postgres HA]]
* [[CSC/ECE 517 Fall 2023 - G2350. Add GitLab support for using GraphQL to query user metrics 1]]
* [[CSC/ECE 517 Fall 2023 - G2352. Add GitLab support for using GraphQL to query repository information]]

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-11-03T19:10:45Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-11-03T02:41:55Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-11-02T20:27:54Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-11-02T20:12:42Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-10-31T01:24:07Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-10-31T01:16:11Z

Mayyapp:

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-10-31T01:01:53Z

Mayyapp:

== Introduction ==

<nowiki>
The controller join_team_requests_controller.rb contains functions to create, list, update, delete, and decline requests to join teams. This is a fairly straightforward controller with basic functionalities which is easily tested using Postman. The objective of this project was to change the operation of this controller to suit our API.
</nowiki>

==New Files==
#app/controllers/join_team_requests_controller.rb
#app/models/join_team_requests.rb
#spec/requests/api/v1/join_team_requests_spec.rb

==File Changes==
#app/models/participant.rb
#config/routes.rb

== Testing ==
<nowiki>
We have thoroughly tested our code using Postman and the controller works flawlessly.
</nowiki>

==Modifications==

- Created new methods for the Join Team Requests Controller to support CRUD functionality. 
- Added an accept and decline method. 
- Modified the status to use constants such as 'PENDING', 'ACCEPTED', and 'DECLINED' instead of 'P', 'D', 'A'. 

==Results==

==Team==
'''Mentor''' 
Renji Joseph Sabu <rsabu@ncsu.edu>

'''Students''' 
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request https://github.com/expertiza/reimplementation-back-end/pull/50

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-10-31T00:57:00Z

Mayyapp:

== Introduction ==

<nowiki>
The controller join_team_requests_controller.rb contains functions to create, list, update, delete, and decline requests to join teams. This is a fairly straightforward controller with basic functionalities which is easily tested using Postman. The objective of this project was to change the operation of this controller to suit our API.
</nowiki>

==New Files==
#app/controllers/join_team_requests_controller.rb
#app/models/join_team_requests.rb
#spec/requests/api/v1/join_team_requests_spec.rb

==File Changes==
#app/models/participant.rb
#config/routes.rb

== Testing ==
<nowiki>
We have thoroughly tested our code using Postman and the controller works flawlessly.
</nowiki>

==Modifications==

- Created new methods for the Join Team Requests Controller to support CRUD functionality. 
- Added an accept and decline method. 
- Modified the status to use constants such as 'PENDING', 'ACCEPTED', and 'DECLINED' instead of 'P', 'D', 'A'. 

==Results==

==Team==
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request https://github.com/expertiza/reimplementation-back-end/pull/50

CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller

2023-10-30T20:32:50Z

Mayyapp: Added some initial content

== Introduction ==

<nowiki>

</nowiki>

==New Files==
#app/controllers/join_team_requests_controller.rb
#app/models/join_team_requests.rb
#spec/requests/api/v1/join_team_requests_spec.rb

==File Changes==
#app/models/participant.rb
#config/routes.rb

== Test Plan==
<nowiki>

</nowiki>

==Modifications==

==Results==

==Team==
Manoj Ayyappan <mayyapp@ncsu.edu> 
Pradeep Patil <papatil@ncsu.edu> 
Maya Patel <mdpatel2@ncsu.edu> 

==Pull Request==
Changes for this project are under Expertiza Pull Request https://github.com/expertiza/reimplementation-back-end/pull/50

CSC/ECE 517 Fall 2023

2023-10-30T19:40:00Z

Mayyapp:

* [[CSC/ECE 517 Fall 2023 - E2358. Refactor student_quizzes_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2351. Finish mentor management for assignments without topics]]
* [[CSC/ECE 517 Fall 2023 - E2359. Refactor user_controller.rb, user.rb, and its child classes]]
* [[CSC/ECE 517 Fall 2023 - E2367. Reimplement participants_controller.rb, participants.rb and its child classes]]
* [[CSC/ECE 517 Fall 2023 - E2355. Improving Search Facility In Expertiza]]
* [[CSC/ECE 517 Fall 2023 - E2365. Create a user interface for Questionnaire in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2364. Create a UI for Course's & Assignment's "Add Participants" page]]
* [[CSC/ECE 517 Fall 2023 - E2361. Create a page to create and update a Questionnaire in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2362. Create a page to edit an Assignment's due date in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2363. Create a UI for Assignment Edit page "Etc" tab in ReactJS]]
* [[CSC/ECE 517 Fall 2023 - E2375. Reimplement Waitlists]]
* [[CSC/ECE 517 Fall 2023 - E2357. Refactor sign_up_sheet_controller.rb]]
* [[CSC/ECE 517 Fall 2023 - E2366. Reimplement assignment model and assignment controller]]
* [[CSC/ECE 517 Fall 2023 - E2370. Reimplement join team requests controller]]