Expertiza_Wiki - User contributions [en]

CSC/ECE 517 Spring 2024

2024-04-23T23:55:46Z

Mbhande2:

* [[CSC/ECE 517 Spring 2024 - E2401 Implementing and testing import & export controllers]]
* [[CSC/ECE 517 Spring 2024 - E2405 Refactor review_mapping_helper.rb]]
* [[CSC/ECE 517 Spring 2024 - E2407 Refactor review_mapping_controller.rb]]
* [[CSC/ECE 517 Spring 2024 - E2418. Reimplement of due date.rb]]
* [[CSC/ECE 517 Spring 2024 - E2428 Replicate Roles and Institution UIs ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2429 Reimplement student_task list]]
* [[CSC/ECE 517 Spring 2024 - E2430 Reimplement student_task view]]
* [[CSC/ECE 517 Spring 2024 - E2410. View for Results of Bidding ]]
* [[CSC/ECE 517 Spring 2024 - E2414 Grading Audit Trail]]
* [[CSC/ECE 517 Spring 2024 - NTNX-1 : Extend NDB Operator to Support Postgres HA]]
* [[CSC/ECE 517 Spring 2024 - ‬NTNX-2‬‭ : Snapshot Functionality for provisioned databases]]
* [[CSC/ECE 517 Spring 2024 - E2411 : Fix "Back" link on “New Late Policy” page]]
* [[CSC/ECE 517 Spring 2024 - E2416. Reimplement the Question hierarchy]]
* [[CSC/ECE 517 Spring 2024 - E2420. Reimplement student_quizzes_controller]]
* [[CSC/ECE 517 Spring 2024 - E2424. Reimplement the Bookmarks Controller]]
* [[CSC/ECE 517 Spring 2024 - E2426. Create a UI for Assignment Edit page "Etc" tab in ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2417. Reimplement submitted content controller.rb]]
* [[CSC/ECE 517 Spring 2024 - E2417. Reimplement submitted content controller.rb (Phase 2)]]
* [[CSC/ECE 517 Spring 2024 - E2425. Create a Courses user interface in ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2431. Reimplement grades/view_team]]
* [[CSC/ECE 517 Spring 2024 - E2404 Refactor student teams functionality]]
* [[CSC/ECE 517 Spring 2024 - E2406 Refactor review_mapping_helper.rb]]
* [[CSC/ECE 517 Spring 2024 - E2403 Mentor-Meeting Management]]
* [[CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb) - Final Project]]
* [[CSC/ECE 517 Spring 2024 - E2413. Testing - Answer Tagging]]
* [[CSC/ECE 517 Spring 2024 - E2412. Testing for hamer.rb]]
* [[CSC/ECE 517 Spring 2024 - E2427. UI for questionnaire.rb]]
* [[CSC/ECE 517 Spring 2024 - E2419. Reimplement duties controller.rb and badges controller.rb]]
* [[CSC/ECE 517 Spring 2024 - E2432. UI for Participants.rb]]
* [[CSC/ECE 517 Spring 2024 - G2402 Implement REST client, REST API, and Graphql API endpoint for repositories]]
* [[CSC/ECE 517 Spring 2024 - G2400 DevOp for GitHub Miner app]]
* [[CSC/ECE 517 Spring 2024 - E2439 Testing for view_translation_substitutor.rb]]
* [[CSC/ECE 517 Spring 2024 - E2442 Reimplement student task controller]]
* [[CSC/ECE 517 Spring 2024 - E2443 Reimplement grades_controller]]
* [[CSC/ECE 517 Spring 2024 - E2434 Reimplement Frontend for the Grades view]]
* [[CSC/ECE 517 Spring 2024 - E2435 Implement Frontend for the My Profile]]
* [[CSC/ECE 517 Spring 2024 - E2446 Implement Front End for Student Task List]]
* [[CSC/ECE 517 Spring 2024 - E2444 Implement Frontend for the Review]]
* [[CSC/ECE 517 Spring 2024 - E2440 Testing for questionnaire_helper, review_bids_helper]]
* [[CSC/ECE 517 Spring 2024 - E2433 Implement UI for the Student Teams]]
* [[CSC/ECE 517 Spring 2024 - E2415. Reimplement responses controller.rb (Design Document)]]
* [[CSC/ECE 517 Spring 2024 - E2445. Implement BackEnd for participants.rb (Design Document)]]
* [[CSC/ECE 517 Spring 2024 - E2445. Implement BackEnd for participants.rb]]
* [[CSC/ECE 517 Spring 2024 - E2441 Reimplement grades/view_team (Phase 2)]]
* [[CSC/ECE 517 Spring 2024 - E2418. Reimplement of due date.rb (Phase 2)]]

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb) - Final Project

2024-04-23T23:49:14Z

Mbhande2:

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

==Project Overview==

The goal of this project is to update the backend code for the user impersonation feature in the new version of Expertiza. The existing implementation relies on sessions, which is incompatible with the new implementation that uses JWT (JSON Web Tokens) for authentication and JSON responses. The primary challenge is to migrate the impersonation logic from session-based management to JWT-based authentication while preserving the same functionality. This reimplementation requires planning for the communication between the backend and frontend, which may necessitate modifications to existing files or the creation of new files beyond the impersonate_controller.rb file.

==Implementation==

===UML Diagram===
The following UML diagram shows the association between models we will be working on

[[File:UML-Diagram-E2421.jpeg]]

===Hierarchy Diagram===
Visualization of the hierarchical structure

[[File:Hierarchy-diagram E2421.png]]

===Request===

*GET: {BASE_URL}/api/v1/impersonate/:username
- Response:

"message": "Successfully Fetched User List!",
"userList": [
{
"id": 4,
"name": "Mihir",
"full_name": "Mihir BHanderi",
"email": "mbhande@example.com",
"email_on_review": false,
"email_on_submission": false,
"email_on_review_of_review": false,
"role": {
"id": 4,
"name": "Teaching Assistant"
},
"institution": {
"id": 1,
"name": "North Carolina State University"
},
"parent": {
"id": null,
"name": null
}
}
],
"success": true

*POST: {BASE_URL}/api/v1/impersonate
- Payload: impersonate_id
- Response:

"message": "Successfully Impersonated Ketul!",
"token": "eyJhbGciOiJSUzI1NiJ9.eyJpZCI6MywibmFtZSI6IktldHVsIiwiZnVsbF9uYW1lIjoiS2V0dWwgQ2hheXlhIiwicm9sZSI6Ikluc3RydWN0b3IiLCJpbnN0aXR1dGlvbl9pZCI6MSwiaW1wZXJzb25hdGVkIjp0cnVlLCJvcmlnaW5hbF91c2VyIjoiIzxVc2VyOjB4MDAwMDdmMzVmYTc5YjVmOD4iLCJleHAiOjE3MTEzMjc0MTV9.U9wDOT618UCkf25MnCiK8W3ybeZv5BSQDNTEPOMUDABAvDd0HWSj3kIGccITHaoVsIykZFsyUDY3rL_M32zmfEXvxZuEleWSqUZGxbjQRIFP1bR_Q5sPESoBdlxVJ4QG8sUGQtuhOzMyH3z4R4ruhz1JpsQlalVZQHCbdtJOI9B4WKhNJ98Dls1fefnzYwLMnTr6e3ttbGGGK5Bm8zSpPvIWmCVNoueKHNptFcNejbU4Mt9RHWHLsTwdAtuywNLCu7li7RRNXo00D5JOUMxL7eB5AiQRpxah8BF7b0lM_Xh7bB56WvD5JTjoNZu3c3AK_EJksGXiFxwlPzNRc8Q",
"success": true

===Impersonate Controller===
The ImpersonateController facilitates user impersonation functionality. It includes methods to fetch a list of users available for impersonation based on a provided username parameter and to impersonate a selected user by generating a new JWT token with the necessary user information. The controller ensures that impersonation requests are handled securely, validating permissions before allowing impersonation to occur.

*impersonate_controller.rb file

<pre>
class Api::V1::ImpersonateController < ApplicationController

# Fetches users to impersonate whose name match the passed parameter
def get_users_list
users = current_user.get_available_users(params[:user_name])
render json: { message: "Successfully Fetched User List!", userList:users, success:true }, status: :ok
end

def is_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])
if impersonate_user
return current_user.can_impersonate? impersonate_user
end
false
end

# Impersonates a new user and returns new jwt token
def impersonate
unless params[:impersonate_id].present?
render json: { error: "impersonate_id is required", success:false }, status: :unprocessable_entity
return
end

if is_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])

payload = { id: impersonate_user.id, name: impersonate_user.name, full_name: impersonate_user.full_name, role: impersonate_user.role.name,
institution_id: impersonate_user.institution.id, impersonated:true, original_user: current_user }
impersonate_user_token = JsonWebToken.encode(payload, 24.hours.from_now)

render json: { message: "Successfully Impersonated #{impersonate_user.name}!", token:impersonate_user_token, success:true }, status: :ok

else
render json: { error: "You do not have permission to impersonate this user", success:false }, status: :forbidden
end
end
end
</pre>

===User===
These methods extend the functionality of the User model. The get_available_users method retrieves users whose full names match a provided parameter. can_impersonate? determines whether the user has the authority to impersonate another user based on their role hierarchy. teaching_assistant_for? checks if the user is a teaching assistant for a given student, and teaching_assistant? determines if the user is a teaching assistant based on their role. Lastly, recursively_parent_of recursively checks for parent-child relationships between user roles.

*user.rb file
<pre>
has_many :assignments, through: :participants

# Fetches available users whose full names match the provided name prefix (case-insensitive).
# Returns a limited list of users (up to 10) who have roles similar or subordinate to the current user's role.
def get_available_users(name)
lesser_roles = role.subordinate_roles_and_self
all_users = User.where('full_name LIKE ?', "%#{name}%").limit(20)
visible_users = all_users.select { |user| lesser_roles.include? user.role }
visible_users[0, 10] # the first 10
end

# Check if the user can impersonate another user
def can_impersonate?(user)
return true if role.super_administrator?
return true if instructor_for?(user)
# Skip below check if user's role is "Instructor"
return false if instructor?
return true if teaching_assistant_for?(user)
# Skip recursively_parent_of check if user's role is "Teaching Assistant"
return false if teaching_assistant?
return true if recursively_parent_of(user.role)
false
end

# Check if the current user is an instructor and has any relationship with the given user (student or TA)
def instructor_for?(user)
return false unless instructor?
return true if instructor_for_student?(user)
return true if instructor_for_ta?(user)
end

# Helper method to check if there are any courses where a student is enrolled in assignments
def courses_with_student_participation(courses, student)
courses.any? do |course|
course.assignments.any? do |assignment|
assignment.participants.map(&:user_id).include?(student.id)
end
end
end

# Check if the instructor has any relationship with the given student
def instructor_for_student?(student)
return false unless student.role.name == 'Student' # Ensure the role is 'Student'

instructor = Instructor.find(id)

# Check if the instructor has any courses where the student is enrolled in an assignment
return courses_with_student_participation(Instructor.list_all(Course, instructor),student)
end

# Check if the instructor has common courses with the given teaching assistant
def instructor_for_ta?(ta)
return false unless ta.role.name == 'Teaching Assistant' # Ensure the role is 'Teaching Assistant'

instructor = Instructor.find(id)

# Get all courses taught by the instructor
instructor_courses = Instructor.list_all(Course, instructor)

# Get all courses associated with the TA
ta_courses = TaMapping.get_courses(ta)

# Convert lists to sets for efficient intersection
instructor_course_set = instructor_courses.to_set
ta_course_set = ta_courses.to_set

# Check for common courses using set intersection
has_common_course = !(instructor_course_set & ta_course_set).empty?

return has_common_course
end

# Check if the user is a teaching assistant for the student's course
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)

# Check if the TA has any courses where the student is enrolled in an assignment
return courses_with_student_participation(TaMapping.get_courses(ta),student)

false
end

# Check if the user is a teaching assistant
def teaching_assistant?
true if role.ta?
end

# Recursively check if parent child relationship exists
def recursively_parent_of(user_role)
p = user_role.parent
return false if p.nil?
return true if p == self.role
return false if p.super_administrator?
recursively_parent_of(p)
end
</pre>

===Assignment===
The Assignment model represents a task or project that is associated with a course. It is linked to a specific course and involves multiple participants (users) who are involved in or responsible for completing the assignment. Each assignment may have various users associated with it, depending on their role or participation within the course.

*assignment.rb file
<pre>
belongs_to :course
has_many :participants, dependent: :destroy
has_many :users, through: :participants, inverse_of: :assignment
</pre>

===Course===
Fixed the assignment mapping

*course.rb file
<pre>
has_many :assignments, dependent: :destroy
</pre>

===Instructor===
Created a method to get all the courses assigned to the specific instructor

*instructor.rb file
<pre>
def self.list_all(object_type, user_id)
object_type.where('instructor_id = ? AND private = 0', user_id)
end
</pre>

===TA===
Refactored the code to handle a error if TA is not assigned to any course.

*ta.rb file
<pre>
class Ta < User
has_many :ta_mappings, dependent: :destroy
</pre>

*ta_mapping.rb file
<pre>
#Returns course ids of the TA
def self.get_course_ids(user_id)
TaMapping.find_by(ta_id: user_id).course_id
ta_mapping = TaMapping.find_by(user_id: user_id)
ta_mapping&.course_id
end

#Returns courses of the TA
def self.get_courses(user_id)
Course.where('id = ?', get_course_ids(user_id))
course_ids = get_course_ids(user_id)

return Course.none unless course_ids # Return Course.none if course_ids is nil

Course.where(id: course_ids)
end
end
</pre>

==Design Pattern==
===Facade Design Pattern===
The Api::V1::ImpersonateController acts as a facade by providing a simplified interface to interact with more complex subsystems (such as user authentication, authorization, and user management) within the application. It encapsulates the logic for impersonating users and fetching user lists behind a single interface.

===Strategy Design Pattern===
The is_user_impersonateable? method implements a strategy for determining whether the current user has permission to impersonate another user. It checks if the impersonated user exists and if the current user has the necessary permissions to impersonate them. This method encapsulates a specific algorithm for evaluating impersonation permissions, which can be changed or extended independently of the controller logic.
Overall, these design pattern principles contribute to a modular and maintainable design by promoting encapsulation, separation of concerns, and flexibility in the implementation of complex behaviors.

== Files added / modified ==

*reimplementation-back-end/app/models/user.rb
*reimplementation-back-end/app/controllers/api/v1/impersonate_controller.rb
*reimplementation-back-end/app/models/course.rb
*reimplementation-back-end/app/models/instructor.rb
*reimplementation-back-end/app/models/ta.rb
*reimplementation-back-end/app/models/ta_mapping.rb
*reimplementation-back-end/config/routes.rb

==List of Users in Database==
{| class="wikitable"
|-
! ID !! Email !! Password !! Role
|-
| 1 || admin2@example.com || password123 || Super-Administrator
|-
| 2 || jay@example.com || password123 || Administration
|-
| 3 || k2l@example.com || password123 || Instructor
|-
| 4 || mbhande@example.com || password123 || TA
|-
| 7 || dpatesl@example.com || password123 || Student
|}

==Testing on Postman==

Postman was used to manually test the additional method in impersonate_controller.rb, as well as the actions and routes of the corresponding controllers. Before testing any of these methods with Postman, submit a request to /login using the user_name and password fields, which will send an authentication token. This token must be added to Postman's 'Authorization' tab as a 'Bearer token' before any further requests can be made. Postman collection [https://www.postman.com/blue-water-189861/workspace/oodd-project-3/collection/13428669-4d663583-0b90-4316-bd6c-9441ea576085?action=share&creator=13428669 link]

*First of all, fork the expertiza workspace in order to work upon it
[[File:Fork-expertiza-postman.png | 800px]]

*Fetch User List which can be impersonated (For eg: If Instructor fetches list he can see matched TAs and Students only)
[[File:Userlist.jpg | 800px]]

* Login with provided credentials and copy the token
[[File:Postman-1.jpg | 800px]]

*In the Expertiza/Authorization paste the token and save
[[File:Postman-2.jpg | 800px]]

*Put the id for the user to be impersonated
[[File:Postman-3.jpg | 800px]]

*Success message if the user is impersonable
[[File:Postman-4.jpg | 800px]]

*Failure message if the user is not impersonable (Here instructor is trying to impersonate admin)
[[File:Inst-admin.jpg | 800px]]

==Swagger UI Documentation==
[[File:Swagger E2421.png | 1000px]]

Here is the demo video of working of the project [https://youtu.be/cq6k05-q8UI]

==Team==
'''Mentor''' 
*Chetana Chunduru <cchetan2@ncsu.edu>

'''Students''' 
*Devansh Shah <dshah8@ncsu.edu> 
*Jay Patel <jhpatel9@ncsu.edu> 
*Mihir Bhanderi <mbhande2@ncsu.edu> 

==Pull Request==
*[https://github.com/expertiza/reimplementation-back-end/pull/88]

==References==
*[https://docs.google.com/document/d/1MzdTjsULAMI1ZJRbf-xvThkSxxUXjk-hNMQ9DPdhmrI/edit#heading=h.vh7jk2b6nlb2 Project Instructions]

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb) - Final Project

2024-04-23T23:09:52Z

Mbhande2:

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

==Project Overview==

The goal of this project is to update the backend code for the user impersonation feature in the new version of Expertiza. The existing implementation relies on sessions, which is incompatible with the new implementation that uses JWT (JSON Web Tokens) for authentication and JSON responses. The primary challenge is to migrate the impersonation logic from session-based management to JWT-based authentication while preserving the same functionality. This reimplementation requires planning for the communication between the backend and frontend, which may necessitate modifications to existing files or the creation of new files beyond the impersonate_controller.rb file.

==Design Pattern==
===Facade Design Pattern===
The Api::V1::ImpersonateController acts as a facade by providing a simplified interface to interact with more complex subsystems (such as user authentication, authorization, and user management) within the application. It encapsulates the logic for impersonating users and fetching user lists behind a single interface.

===Strategy Design Pattern===
The is_user_impersonateable? method implements a strategy for determining whether the current user has permission to impersonate another user. It checks if the impersonated user exists and if the current user has the necessary permissions to impersonate them. This method encapsulates a specific algorithm for evaluating impersonation permissions, which can be changed or extended independently of the controller logic.
Overall, these design pattern principles contribute to a modular and maintainable design by promoting encapsulation, separation of concerns, and flexibility in the implementation of complex behaviors.

==Implementation==

===UML Diagram===
The following UML diagram shows the association between models we will be working on

[[File:UML-Diagram-E2421.jpeg]]

===Hierarchy Diagram===
Visualization of the hierarchical structure

[[File:Hierarchy-diagram E2421.png]]

===Request===

*GET: {BASE_URL}/api/v1/impersonate/:username
- Response:

"message": "Successfully Fetched User List!",
"userList": [
{
"id": 4,
"name": "Mihir",
"full_name": "Mihir BHanderi",
"email": "mbhande@example.com",
"email_on_review": false,
"email_on_submission": false,
"email_on_review_of_review": false,
"role": {
"id": 4,
"name": "Teaching Assistant"
},
"institution": {
"id": 1,
"name": "North Carolina State University"
},
"parent": {
"id": null,
"name": null
}
}
],
"success": true

*POST: {BASE_URL}/api/v1/impersonate
- Payload: impersonate_id
- Response:

"message": "Successfully Impersonated Ketul!",
"token": "eyJhbGciOiJSUzI1NiJ9.eyJpZCI6MywibmFtZSI6IktldHVsIiwiZnVsbF9uYW1lIjoiS2V0dWwgQ2hheXlhIiwicm9sZSI6Ikluc3RydWN0b3IiLCJpbnN0aXR1dGlvbl9pZCI6MSwiaW1wZXJzb25hdGVkIjp0cnVlLCJvcmlnaW5hbF91c2VyIjoiIzxVc2VyOjB4MDAwMDdmMzVmYTc5YjVmOD4iLCJleHAiOjE3MTEzMjc0MTV9.U9wDOT618UCkf25MnCiK8W3ybeZv5BSQDNTEPOMUDABAvDd0HWSj3kIGccITHaoVsIykZFsyUDY3rL_M32zmfEXvxZuEleWSqUZGxbjQRIFP1bR_Q5sPESoBdlxVJ4QG8sUGQtuhOzMyH3z4R4ruhz1JpsQlalVZQHCbdtJOI9B4WKhNJ98Dls1fefnzYwLMnTr6e3ttbGGGK5Bm8zSpPvIWmCVNoueKHNptFcNejbU4Mt9RHWHLsTwdAtuywNLCu7li7RRNXo00D5JOUMxL7eB5AiQRpxah8BF7b0lM_Xh7bB56WvD5JTjoNZu3c3AK_EJksGXiFxwlPzNRc8Q",
"success": true

===Impersonate Controller===
The ImpersonateController facilitates user impersonation functionality. It includes methods to fetch a list of users available for impersonation based on a provided username parameter and to impersonate a selected user by generating a new JWT token with the necessary user information. The controller ensures that impersonation requests are handled securely, validating permissions before allowing impersonation to occur.

*impersonate_controller.rb file

<pre>
class Api::V1::ImpersonateController < ApplicationController

# Fetches users to impersonate whose name match the passed parameter
def get_users_list
users = current_user.get_available_users(params[:user_name])
render json: { message: "Successfully Fetched User List!", userList:users, success:true }, status: :ok
end

def is_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])
if impersonate_user
return current_user.can_impersonate? impersonate_user
end
false
end

# Impersonates a new user and returns new jwt token
def impersonate
unless params[:impersonate_id].present?
render json: { error: "impersonate_id is required", success:false }, status: :unprocessable_entity
return
end

if is_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])

payload = { id: impersonate_user.id, name: impersonate_user.name, full_name: impersonate_user.full_name, role: impersonate_user.role.name,
institution_id: impersonate_user.institution.id, impersonated:true, original_user: current_user }
impersonate_user_token = JsonWebToken.encode(payload, 24.hours.from_now)

render json: { message: "Successfully Impersonated #{impersonate_user.name}!", token:impersonate_user_token, success:true }, status: :ok

else
render json: { error: "You do not have permission to impersonate this user", success:false }, status: :forbidden
end
end
end
</pre>

===User===
These methods extend the functionality of the User model. The get_available_users method retrieves users whose full names match a provided parameter. can_impersonate? determines whether the user has the authority to impersonate another user based on their role hierarchy. teaching_assistant_for? checks if the user is a teaching assistant for a given student, and teaching_assistant? determines if the user is a teaching assistant based on their role. Lastly, recursively_parent_of recursively checks for parent-child relationships between user roles.

*user.rb file
<pre>
has_many :assignments, through: :participants

# Fetches available users whose full names match the provided name prefix (case-insensitive).
# Returns a limited list of users (up to 10) who have roles similar or subordinate to the current user's role.
def get_available_users(name)
lesser_roles = role.subordinate_roles_and_self
all_users = User.where('full_name LIKE ?', "%#{name}%").limit(20)
visible_users = all_users.select { |user| lesser_roles.include? user.role }
visible_users[0, 10] # the first 10
end

# Check if the user can impersonate another user
def can_impersonate?(user)
return true if role.super_administrator?
return true if instructor_for?(user)
# Skip below check if user's role is "Instructor"
return false if instructor?
return true if teaching_assistant_for?(user)
# Skip recursively_parent_of check if user's role is "Teaching Assistant"
return false if teaching_assistant?
return true if recursively_parent_of(user.role)
false
end

# Check if the current user is an instructor and has any relationship with the given user (student or TA)
def instructor_for?(user)
return false unless instructor?
return true if instructor_for_student?(user)
return true if instructor_for_ta?(user)
end

# Helper method to check if there are any courses where a student is enrolled in assignments
def courses_with_student_participation(courses, student)
courses.any? do |course|
course.assignments.any? do |assignment|
assignment.participants.map(&:user_id).include?(student.id)
end
end
end

# Check if the instructor has any relationship with the given student
def instructor_for_student?(student)
return false unless student.role.name == 'Student' # Ensure the role is 'Student'

instructor = Instructor.find(id)

# Check if the instructor has any courses where the student is enrolled in an assignment
return courses_with_student_participation(Instructor.list_all(Course, instructor),student)
end

# Check if the instructor has common courses with the given teaching assistant
def instructor_for_ta?(ta)
return false unless ta.role.name == 'Teaching Assistant' # Ensure the role is 'Teaching Assistant'

instructor = Instructor.find(id)

# Get all courses taught by the instructor
instructor_courses = Instructor.list_all(Course, instructor)

# Get all courses associated with the TA
ta_courses = TaMapping.get_courses(ta)

# Convert lists to sets for efficient intersection
instructor_course_set = instructor_courses.to_set
ta_course_set = ta_courses.to_set

# Check for common courses using set intersection
has_common_course = !(instructor_course_set & ta_course_set).empty?

return has_common_course
end

# Check if the user is a teaching assistant for the student's course
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)

# Check if the TA has any courses where the student is enrolled in an assignment
return courses_with_student_participation(TaMapping.get_courses(ta),student)

false
end

# Check if the user is a teaching assistant
def teaching_assistant?
true if role.ta?
end

# Recursively check if parent child relationship exists
def recursively_parent_of(user_role)
p = user_role.parent
return false if p.nil?
return true if p == self.role
return false if p.super_administrator?
recursively_parent_of(p)
end
</pre>

===Assignment===
The Assignment model represents a task or project that is associated with a course. It is linked to a specific course and involves multiple participants (users) who are involved in or responsible for completing the assignment. Each assignment may have various users associated with it, depending on their role or participation within the course.

*assignment.rb file
<pre>
belongs_to :course
has_many :participants, dependent: :destroy
has_many :users, through: :participants, inverse_of: :assignment
</pre>

===Course===
Fixed the assignment mapping

*course.rb file
<pre>
has_many :assignments, dependent: :destroy
</pre>

===Instructor===
Created a method to get all the courses assigned to the specific instructor

*instructor.rb file
<pre>
def self.list_all(object_type, user_id)
object_type.where('instructor_id = ? AND private = 0', user_id)
end
</pre>

===TA===
Refactored the code to handle a error if TA is not assigned to any course.

*ta.rb file
<pre>
class Ta < User
has_many :ta_mappings, dependent: :destroy
</pre>

*ta_mapping.rb file
<pre>
#Returns course ids of the TA
def self.get_course_ids(user_id)
TaMapping.find_by(ta_id: user_id).course_id
ta_mapping = TaMapping.find_by(user_id: user_id)
ta_mapping&.course_id
end

#Returns courses of the TA
def self.get_courses(user_id)
Course.where('id = ?', get_course_ids(user_id))
course_ids = get_course_ids(user_id)

return Course.none unless course_ids # Return Course.none if course_ids is nil

Course.where(id: course_ids)
end
end
</pre>

== Files added / modified ==

*reimplementation-back-end/app/models/user.rb
*reimplementation-back-end/app/controllers/api/v1/impersonate_controller.rb
*reimplementation-back-end/app/models/course.rb
*reimplementation-back-end/app/models/instructor.rb
*reimplementation-back-end/app/models/ta.rb
*reimplementation-back-end/app/models/ta_mapping.rb
*reimplementation-back-end/config/routes.rb

==List of Users in Database==
{| class="wikitable"
|-
! ID !! Email !! Password !! Role
|-
| 1 || admin2@example.com || password123 || Super-Administrator
|-
| 2 || jay@example.com || password123 || Administration
|-
| 3 || k2l@example.com || password123 || Instructor
|-
| 4 || mbhande@example.com || password123 || TA
|-
| 7 || dpatesl@example.com || password123 || Student
|}

==Testing on Postman==

Postman was used to manually test the additional method in impersonate_controller.rb, as well as the actions and routes of the corresponding controllers. Before testing any of these methods with Postman, submit a request to /login using the user_name and password fields, which will send an authentication token. This token must be added to Postman's 'Authorization' tab as a 'Bearer token' before any further requests can be made. Postman collection [https://www.postman.com/blue-water-189861/workspace/oodd-project-3/collection/13428669-4d663583-0b90-4316-bd6c-9441ea576085?action=share&creator=13428669 link]

*First of all, fork the expertiza workspace in order to work upon it
[[File:Fork-expertiza-postman.png | 800px]]

*Fetch User List which can be impersonated (For eg: If Instructor fetches list he can see matched TAs and Students only)
[[File:Userlist.jpg | 800px]]

* Login with provided credentials and copy the token
[[File:Postman-1.jpg | 800px]]

*In the Expertiza/Authorization paste the token and save
[[File:Postman-2.jpg | 800px]]

*Put the id for the user to be impersonated
[[File:Postman-3.jpg | 800px]]

*Success message if the user is impersonable
[[File:Postman-4.jpg | 800px]]

*Failure message if the user is not impersonable (Here instructor is trying to impersonate admin)
[[File:Inst-admin.jpg | 800px]]

==Swagger UI Documentation==
[[File:Swagger E2421.png | 1000px]]

Here is the video of successfully running the tests [https://www.loom.com/share/b1b6b7e52a884a2f8e097e25a53e77f3?sid=e80f4d44-4667-4874-8ef8-de10f8ac1bb2]

Here is the demo video of working of the project [https://youtu.be/cq6k05-q8UI]

==Team==
'''Mentor''' 
*Chetana Chunduru <cchetan2@ncsu.edu>

'''Students''' 
*Devansh Shah <dshah8@ncsu.edu> 
*Jay Patel <jhpatel9@ncsu.edu> 
*Mihir Bhanderi <mbhande2@ncsu.edu> 

==Pull Request==
*[https://github.com/expertiza/reimplementation-back-end/pull/88]

==References==
*[https://docs.google.com/document/d/1MzdTjsULAMI1ZJRbf-xvThkSxxUXjk-hNMQ9DPdhmrI/edit#heading=h.vh7jk2b6nlb2 Project Instructions]

File:Swagger E2421.png

2024-04-23T23:06:44Z

Mbhande2:

File:Swagger.png

2024-04-23T23:06:12Z

Mbhande2: Mbhande2 reverted File:Swagger.png to an old version

File:Swagger.png

2024-04-23T23:02:34Z

Mbhande2: Mbhande2 uploaded a new version of File:Swagger.png

File:Hierarchy-diagram E2421.png

2024-04-23T22:29:40Z

Mbhande2:

File:UML-Diagram-E2421.jpeg

2024-04-23T22:24:37Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb) - Final Project

2024-04-08T20:51:29Z

Mbhande2: Created page with "==Expertiza== [http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions. ==Project Over..."

==Expertiza==

[http://expertiza.ncsu.edu/ Expertiza] is a [http://rubyonrails.org/ Ruby on Rails] based open source project. Instructors have the ability to add new projects, assignments, etc., as well as edit existing ones. Later on, they can view student submissions and grade them. Students can also use Expertiza to organize into teams to work on different projects and assignments and submit their work. They can also review other students' submissions.

==Project Overview==

The goal of this project is to update the backend code for the user impersonation feature in the new version of Expertiza. The existing implementation relies on sessions, which is incompatible with the new implementation that uses JWT (JSON Web Tokens) for authentication and JSON responses. The primary challenge is to migrate the impersonation logic from session-based management to JWT-based authentication while preserving the same functionality. This reimplementation requires planning for the communication between the backend and frontend, which may necessitate modifications to existing files or the creation of new files beyond the impersonate_controller.rb file.

==Design Document==
===Current Status===
We have successfully implemented the impersonate_users.controller and the necessary methods to generate a new JWT token with the required user information. The can_impersonate method in the user.rb file has been implemented to determine which roles have the authority to impersonate other users.

We have also thoroughly tested the API and functionality using Postman and created a detailed video showcasing the tests performed.

===Issues and Plan of Action===
'''Updated UML Diagram'''

[[File:E2421-Updated UML.png]]

1. TA-Student Mapping: The current implementation does not have a mapping between Teaching Assistants (TAs) and students, which is preventing TAs from accessing specific courses for the students they are impersonating. Currently, TAs have access to all courses, which needed to be fixed. So, we will work on implementing a mapping between TAs and students to ensure that TAs can only access courses for the students they are assigned to.

2. Refactoring Code: We will work on refactoring some of the code, including changing naming conventions based on the feedback received from the first project.

3. Testing Improvement: We will enhance the testing process by:
* Incorporating Swagger UI to test the API endpoints.
* Recording and uploading a video demonstrating the execution of automated test cases.
4. Documentation Update: We will update the wiki page to address the following issues:
* Update the Role Hierarchy diagram to accurately reflect each role's permissions and get a clear idea of impersonating Hierarchy.
* Improve the flow between the five sections under Implementation and provide an explanation for the order in which these topics are covered.
* Include more detailed information about the tests performed, such as the conditions tested for.
* Replace the illegible code snippets in the screenshots with larger, more readable images or code blocks.

By addressing these issues and implementing the necessary improvements, we will aim to deliver a comprehensive and well-documented implementation of the impersonate_users functionality.

=Previous Work=
==Implementation==

===UML Diagram===
The following UML diagram shows the association between models we will be working on

[[File:Uml reimplement impersonate.png]]

===Hierarchy Diagram===
Visualization of the hierarchical structure

[[File:User-hierarchy.jpg]]

===Request===

*GET: {BASE_URL}/api/v1/impersonate/:username
- Response:

"message": "Successfully Fetched User List!",
"userList": [
{
"id": 4,
"name": "Mihir",
"full_name": "Mihir BHanderi",
"email": "mbhande@example.com",
"email_on_review": false,
"email_on_submission": false,
"email_on_review_of_review": false,
"role": {
"id": 4,
"name": "Teaching Assistant"
},
"institution": {
"id": 1,
"name": "North Carolina State University"
},
"parent": {
"id": null,
"name": null
}
}
],
"success": true

*POST: {BASE_URL}/api/v1/impersonate
- Payload: impersonate_id
- Response:

"message": "Successfully Impersonated Ketul!",
"token": "eyJhbGciOiJSUzI1NiJ9.eyJpZCI6MywibmFtZSI6IktldHVsIiwiZnVsbF9uYW1lIjoiS2V0dWwgQ2hheXlhIiwicm9sZSI6Ikluc3RydWN0b3IiLCJpbnN0aXR1dGlvbl9pZCI6MSwiaW1wZXJzb25hdGVkIjp0cnVlLCJvcmlnaW5hbF91c2VyIjoiIzxVc2VyOjB4MDAwMDdmMzVmYTc5YjVmOD4iLCJleHAiOjE3MTEzMjc0MTV9.U9wDOT618UCkf25MnCiK8W3ybeZv5BSQDNTEPOMUDABAvDd0HWSj3kIGccITHaoVsIykZFsyUDY3rL_M32zmfEXvxZuEleWSqUZGxbjQRIFP1bR_Q5sPESoBdlxVJ4QG8sUGQtuhOzMyH3z4R4ruhz1JpsQlalVZQHCbdtJOI9B4WKhNJ98Dls1fefnzYwLMnTr6e3ttbGGGK5Bm8zSpPvIWmCVNoueKHNptFcNejbU4Mt9RHWHLsTwdAtuywNLCu7li7RRNXo00D5JOUMxL7eB5AiQRpxah8BF7b0lM_Xh7bB56WvD5JTjoNZu3c3AK_EJksGXiFxwlPzNRc8Q",
"success": true

===Impersonate Controller===
The ImpersonateController facilitates user impersonation functionality. It includes methods to fetch a list of users available for impersonation based on a provided username parameter and to impersonate a selected user by generating a new JWT token with the necessary user information. The controller ensures that impersonation requests are handled securely, validating permissions before allowing impersonation to occur.

*impersonate_controller.rb file

<pre>
class Api::V1::ImpersonateController < ApplicationController

# Fetches users to impersonate whose name match the passed parameter
def get_users_list
users = current_user.get_available_users(params[:user_name])
render json: { message: "Successfully Fetched User List!", userList:users, success:true }, status: :ok
end

def check_if_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])
if impersonate_user
return current_user.can_impersonate? impersonate_user
end
false
end

# Impersonates a new user and returns new jwt token
def impersonate
unless params[:impersonate_id].present?
render json: { error: "impersonate_id is required", success:false }, status: :unprocessable_entity
return
end

if check_if_user_impersonateable?
impersonate_user = User.find_by(id: params[:impersonate_id])

payload = { id: impersonate_user.id, name: impersonate_user.name, full_name: impersonate_user.full_name, role: impersonate_user.role.name,
institution_id: impersonate_user.institution.id, impersonated:true, original_user: current_user }
impersonate_user_token = JsonWebToken.encode(payload, 24.hours.from_now)

render json: { message: "Successfully Impersonated #{impersonate_user.name}!", token:impersonate_user_token, success:true }, status: :ok

else
render json: { error: "You do not have permission to impersonate this user", success:false }, status: :forbidden
end
end
end
</pre>

===User===
These methods extend the functionality of the User model. The get_available_users method retrieves users whose full names match a provided parameter. can_impersonate? determines whether the user has the authority to impersonate another user based on their role hierarchy. teaching_assistant_for? checks if the user is a teaching assistant for a given student, and teaching_assistant? determines if the user is a teaching assistant based on their role. Lastly, recursively_parent_of recursively checks for parent-child relationships between user roles.

*user.rb file
<pre>
# Check if the user can impersonate another user
def can_impersonate?(user)
return true if role.super_administrator?
return true if recursively_parent_of(user.role)
false
end

# Check if the user is a teaching assistant for the student's course
def teaching_assistant_for?(student)
return false unless teaching_assistant?
return false unless student.role.name == 'Student'

# We have to use the Ta object instead of User object
# because single table inheritance is not currently functioning
ta = Ta.find(id)
ta.managed_users.each do |user|
return true if user.id == student.id
end
false
end

# Check if the user is a teaching assistant
def teaching_assistant?
true if role.ta?
end

# Recursively check if parent child relationship exists
def recursively_parent_of(user_role)
p = user_role.parent
return false if p.nil?
return true if p == self.role
return false if p.super_administrator?
recursively_parent_of(p)
end
</pre>

== Files added / modified ==

*reimplementation-back-end/app/models/user.rb
*reimplementation-back-end/app/controllers/api/v1/impersonate_controller.rb
*reimplementation-back-end/config/routes.rb

==List of Users in Database==
{| class="wikitable"
|-
! ID !! Email !! Password !! Role
|-
| 1 || admin2@example.com || password123 || Super-Administrator
|-
| 2 || jay@example.com || password123 || Administration
|-
| 3 || k2l@example.com || password123 || Instructor
|-
| 4 || mbhande@example.com || password123 || TA
|-
| 7 || dpatesl@example.com || password123 || Student
|}

==Testing on Postman==

Postman was used to manually test the additional method in impersonate_controller.rb, as well as the actions and routes of the corresponding controllers. Before testing any of these methods with Postman, submit a request to /login using the user_name and password fields, which will send an authentication token. This token must be added to Postman's 'Authorization' tab as a 'Bearer token' before any further requests can be made. Postman collection [https://www.postman.com/blue-water-189861/workspace/oodd-project-3/collection/13428669-4d663583-0b90-4316-bd6c-9441ea576085?action=share&creator=13428669 link]

*First of all, fork the expertiza workspace in order to work upon it
[[File:Fork-expertiza-postman.png | 500px]]

*Fetch User List which can be impersonated (For eg: If Instructor fetches list he can see matched TAs and Students only)
[[File:Userlist.jpg | 500px]]

* Login with provided credentials and copy the token
[[File:Postman-1.jpg | 500px]]

*In the Expertiza/Authorization paste the token and save
[[File:Postman-2.jpg | 500px]]

*Put the id for the user to be impersonated
[[File:Postman-3.jpg | 500px]]

*Success message if the user is impersonable
[[File:Postman-4.jpg | 500px]]

*Failure message if the user is not impersonable (Here instructor is trying to impersonate admin)
[[File:Inst-admin.jpg | 500px]]

Here is the video of successfully running the tests [https://www.loom.com/share/b1b6b7e52a884a2f8e097e25a53e77f3?sid=e80f4d44-4667-4874-8ef8-de10f8ac1bb2]

==Team==
'''Mentor''' 
*Chetana Chunduru <cchetan2@ncsu.edu>

'''Students''' 
*Devansh Shah <dshah8@ncsu.edu> 
*Jay Patel <jhpatel9@ncsu.edu> 
*Mihir Bhanderi <mbhande2@ncsu.edu> 

==Pull Request==
*[https://github.com/expertiza/reimplementation-back-end/pull/88]

==References==
*[https://docs.google.com/document/d/1MzdTjsULAMI1ZJRbf-xvThkSxxUXjk-hNMQ9DPdhmrI/edit#heading=h.vh7jk2b6nlb2 Project Instructions]

File:E2421-Updated UML.png

2024-04-08T20:47:38Z

Mbhande2: Mbhande2 uploaded a new version of File:E2421-Updated UML.png

File:E2421-Updated UML.png

2024-04-08T20:45:38Z

Mbhande2: Mbhande2 uploaded a new version of File:E2421-Updated UML.png

File:E2421-Updated UML.png

2024-04-08T20:42:06Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T23:42:06Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T23:36:51Z

Mbhande2:

CSC/ECE 517 Spring 2024

2024-03-24T16:20:33Z

Mbhande2:

* [[CSC/ECE 517 Spring 2024 - E2407 Refactor review_mapping_controller.rb]]
* [[CSC/ECE 517 Spring 2024 - E2428 Replicate Roles and Institution UIs ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2429 Reimplement student_task list]]
* [[CSC/ECE 517 Spring 2024 - E2414 Grading Audit Trail]]
* [[CSC/ECE 517 Spring 2024 - ‬NTNX-2‬‭ : Snapshot Functionality for provisioned databases]]
* [[CSC/ECE 517 Spring 2024 - E2411 : Fix "Back" link on “New Late Policy” page]]
* [[CSC/ECE 517 Spring 2024 - E2416. Reimplement the Question hierarchy]]
* [[CSC/ECE 517 Spring 2024 - E2420. Reimplement student_quizzes_controller]]
* [[CSC/ECE 517 Spring 2024 - E2424. Reimplement the Bookmarks Controller]]
* [[CSC/ECE 517 Spring 2024 - E2426. Create a UI for Assignment Edit page "Etc" tab in ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2417. Reimplement submitted content controller.rb]]
* [[CSC/ECE 517 Spring 2024 - E2425. Create a Courses user interface in ReactJS]]
* [[CSC/ECE 517 Spring 2024 - E2431. Reimplement grades/view_team]]
* [[CSC/ECE 517 Spring 2024 - E2404 Refactor student teams functionality]]
* [[CSC/ECE 517 Spring 2024 - E2403 Mentor-Meeting Management]]
* [[CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)]]

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T16:16:43Z

Mbhande2:

File:Fork-expertiza-postman.png

2024-03-24T16:14:10Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T01:20:37Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T01:15:52Z

Mbhande2:

File:User-hierarchy.jpg

2024-03-24T01:02:21Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-24T01:01:21Z

Mbhande2:

File:Uml reimplement impersonate.png

2024-03-24T00:42:29Z

Mbhande2:

File:UML Diagram.png

2024-03-24T00:41:46Z

Mbhande2: Mbhande2 reverted File:UML Diagram.png to an old version

File:UML Diagram.png

2024-03-24T00:39:27Z

Mbhande2: Mbhande2 uploaded a new version of File:UML Diagram.png

File:Userlist.jpg

2024-03-24T00:10:38Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-23T23:43:27Z

Mbhande2:

File:Inst-admin.jpg

2024-03-23T23:28:24Z

Mbhande2:

File:Postman-4.jpg

2024-03-23T23:28:11Z

Mbhande2:

File:Postman-3.jpg

2024-03-23T23:27:52Z

Mbhande2:

File:Postman-2.jpg

2024-03-23T23:27:26Z

Mbhande2:

File:Postman-1.jpg

2024-03-23T23:24:40Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-23T20:38:53Z

Mbhande2:

CSC/ECE 517 Spring 2024 - E2421. Reimplement impersonating users (within impersonate controller.rb)

2024-03-23T18:38:13Z