Expertiza_Wiki - User contributions [en]

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-14T16:57:13Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''user_has_needed_privileges?:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def user_has_needed_privileges?(user_rights, required_privilege)
return false unless user_rights.present? && user_rights['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*'''current_user_has_super_admin_privileges:'''
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*'''current_user_has_admin_privileges:'''
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*'''current_user_has_instructor_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*'''current_user_has_ta_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*'''current_user_has_student_privileges:'''
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*'''current_user_is_assignment_participant:'''
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*'''current_user_teaching_staff_of_assignment:'''
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*'''current_user_is_a:'''
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*'''current_user_has_id:'''
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*'''current_user_created_bookmark_id:'''
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*'''current_user_can_submit:'''
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def current_user_can_submit?(token, user_id)
current_user_can?(token, user_id, 'submit')
end

*'''current_user_can_review:'''
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def current_user_can_review?(token, user_id)
current_user_can?(token, user_id, 'review')
end

*'''current_user_can_take_quiz:'''
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def current_user_can_take_quiz?(token, user_id)
current_user_can?(token, user_id, 'take_quiz')
end

*'''current_user_can_read:'''
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def current_user_can_read?(token, user_id)
current_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.

'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.

'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.

'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.

'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.

'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.

'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.

'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.

'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.

'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*'''Generate a JWT token using Postman:'''

1.Open Postman and create a new request or collection.

2.In the request, go to the "Authorization" tab and choose "Bearer Token" as the type.

3.Click "Get New Access Token" to open the "Token" modal.

4.Configure the token with a name, grant type, token endpoint URL, client ID, secret, scope, etc.

5.Click "Request Token" to obtain the token, and enter additional credentials if prompted.

6.The generated token is displayed in the "Token" modal and is automatically added to the request's "Authorization" header.

7.Use the token to authenticate subsequent requests.

8.Configure Postman to handle token expiry and automatic token refresh if needed.

9.Save the token configuration for reuse.

[[File:E2379 token.png|500px|center]]

*'''Decode JWT Token:'''

The JWT token can be decoded using jwt.io.

[[File:E2379 postman.png|500px|center]]

*'''Run the rails server and confirm its successful execution:'''
[[File:E2379 RubyOnRails.png|500px|center]]

* '''Rspec Test cases file:'''
Rspec test cases file is run, and all the tests have passed.

[[File:E2379 TestsSuccess.png|500px|center]]

For more detailed explanation of the project, here is the [https://youtu.be/VJhz1xKAde4 Demo Link].

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

== Pull Request ==
[https://github.com/expertiza/reimplementation-back-end/pull/67 Pull Request]

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-14T16:54:10Z

Snadend3: /* New methods created */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''user_has_needed_privileges?:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def user_has_needed_privileges?(user_rights, required_privilege)
return false unless user_rights.present? && user_rights['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*'''current_user_has_super_admin_privileges:'''
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*'''current_user_has_admin_privileges:'''
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*'''current_user_has_instructor_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*'''current_user_has_ta_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*'''current_user_has_student_privileges:'''
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*'''current_user_is_assignment_participant:'''
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*'''current_user_teaching_staff_of_assignment:'''
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*'''current_user_is_a:'''
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*'''current_user_has_id:'''
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*'''current_user_created_bookmark_id:'''
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*'''given_user_can_submit:'''
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*'''given_user_can_review:'''
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*'''given_user_can_take_quiz:'''
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*'''given_user_can_read:'''
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.

'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.

'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.

'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.

'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.

'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.

'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.

'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.

'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.

'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*'''Generate a JWT token using Postman:'''

1.Open Postman and create a new request or collection.

2.In the request, go to the "Authorization" tab and choose "Bearer Token" as the type.

3.Click "Get New Access Token" to open the "Token" modal.

4.Configure the token with a name, grant type, token endpoint URL, client ID, secret, scope, etc.

5.Click "Request Token" to obtain the token, and enter additional credentials if prompted.

6.The generated token is displayed in the "Token" modal and is automatically added to the request's "Authorization" header.

7.Use the token to authenticate subsequent requests.

8.Configure Postman to handle token expiry and automatic token refresh if needed.

9.Save the token configuration for reuse.

[[File:E2379 token.png|500px|center]]

*'''Decode JWT Token:'''

The JWT token can be decoded using jwt.io.

[[File:E2379 postman.png|500px|center]]

*'''Run the rails server and confirm its successful execution:'''
[[File:E2379 RubyOnRails.png|500px|center]]

* '''Rspec Test cases file:'''
Rspec test cases file is run, and all the tests have passed.

[[File:E2379 TestsSuccess.png|500px|center]]

For more detailed explanation of the project, here is the [https://youtu.be/VJhz1xKAde4 Demo Link].

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

== Pull Request ==
[https://github.com/expertiza/reimplementation-back-end/pull/67 Pull Request]

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:40:15Z

Snadend3: /* Test Cases */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*'''Error Handling:''' The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*'''check_user_privileges(user_info, required_privilege):''' The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*'''Updating existing methods in the helper wherever session is being used.'''

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''check_user_privileges:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*'''current_user_has_super_admin_privileges:'''
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*'''current_user_has_admin_privileges:'''
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*'''current_user_has_instructor_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*'''current_user_has_ta_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*'''current_user_has_student_privileges:'''
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*'''current_user_is_assignment_participant:'''
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*'''current_user_teaching_staff_of_assignment:'''
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*'''current_user_is_a:'''
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*'''current_user_has_id:'''
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*'''current_user_created_bookmark_id:'''
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*'''given_user_can_submit:'''
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*'''given_user_can_review:'''
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*'''given_user_can_take_quiz:'''
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*'''given_user_can_read:'''
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.

'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.

'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.

'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.

'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.

'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.

'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.

'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.

'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.

'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*'''Generate a JWT token using Postman:'''

1.Open Postman and create a new request or collection.

2.In the request, go to the "Authorization" tab and choose "Bearer Token" as the type.

3.Click "Get New Access Token" to open the "Token" modal.

4.Configure the token with a name, grant type, token endpoint URL, client ID, secret, scope, etc.

5.Click "Request Token" to obtain the token, and enter additional credentials if prompted.

6.The generated token is displayed in the "Token" modal and is automatically added to the request's "Authorization" header.

7.Use the token to authenticate subsequent requests.

8.Configure Postman to handle token expiry and automatic token refresh if needed.

9.Save the token configuration for reuse.

[[File:E2379 token.png|500px|center]]

*'''Decode JWT Token:'''

The JWT token can be decoded using jwt.io.

[[File:E2379 postman.png|500px|center]]

*'''Run the rails server and confirm its successful execution:'''
[[File:E2379 RubyOnRails.png|500px|center]]

* '''Rspec Test cases file:'''
Rspec test cases file is run, and all the tests have passed.

[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:26:52Z

Snadend3: /* Test Plan */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*'''Error Handling:''' The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*'''check_user_privileges(user_info, required_privilege):''' The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*'''Updating existing methods in the helper wherever session is being used.'''

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''check_user_privileges:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*'''current_user_has_super_admin_privileges:'''
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*'''current_user_has_admin_privileges:'''
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*'''current_user_has_instructor_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*'''current_user_has_ta_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*'''current_user_has_student_privileges:'''
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*'''current_user_is_assignment_participant:'''
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*'''current_user_teaching_staff_of_assignment:'''
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*'''current_user_is_a:'''
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*'''current_user_has_id:'''
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*'''current_user_created_bookmark_id:'''
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*'''given_user_can_submit:'''
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*'''given_user_can_review:'''
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*'''given_user_can_take_quiz:'''
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*'''given_user_can_read:'''
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.

'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.

'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.

'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.

'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.

'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.

'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.

'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.

'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.

'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:25:24Z

Snadend3: /* Existing methods updated */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*'''Error Handling:''' The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*'''check_user_privileges(user_info, required_privilege):''' The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*'''Updating existing methods in the helper wherever session is being used.'''

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''check_user_privileges:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*'''current_user_has_super_admin_privileges:'''
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*'''current_user_has_admin_privileges:'''
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*'''current_user_has_instructor_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*'''current_user_has_ta_privileges:'''
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*'''current_user_has_student_privileges:'''
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*'''current_user_is_assignment_participant:'''
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*'''current_user_teaching_staff_of_assignment:'''
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*'''current_user_is_a:'''
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*'''current_user_has_id:'''
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*'''current_user_created_bookmark_id:'''
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*'''given_user_can_submit:'''
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*'''given_user_can_review:'''
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*'''given_user_can_take_quiz:'''
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*'''given_user_can_read:'''
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:23:23Z

Snadend3: /* New methods created */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*'''Error Handling:''' The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*'''check_user_privileges(user_info, required_privilege):''' The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*'''Updating existing methods in the helper wherever session is being used.'''

== New methods created==
*'''jwt_verify_and_decode:'''
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*'''check_user_privileges:'''
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:22:41Z

Snadend3: /* Methods Details */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*'''Error Handling:''' The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*'''check_user_privileges(user_info, required_privilege):''' The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*'''Updating existing methods in the helper wherever session is being used.'''

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:18:56Z

Snadend3: /* Existing methods to be updated */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:18:29Z

Snadend3: /* Test Plan */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

== Existing methods to be updated ==
*current_user_has_super_admin_privileges
*current_user_is_a?

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
'''Token Encoding:'''
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
'''Token Decoding:'''
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
'''Token Expiry Handling:'''
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
'''Token Signature Verification:'''
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
'''Role-Based Access Control (RBAC):'''
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
'''Privilege Validation Methods:'''
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
'''User ID Verification:'''
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
'''User Role Verification:'''
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
'''Method Refactoring:'''
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
'''Unit Testing:'''
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-05T00:15:30Z

Snadend3: /* Test Plan */

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

== Existing methods to be updated ==
*current_user_has_super_admin_privileges
*current_user_is_a?

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info['role'].present?

case required_privilege
when 'Super-Administrator'
return user_info['role'] == 'Super-Administrator'
when 'Administrator'
return user_info['role'] == 'Administrator'
when 'Instructor'
return user_info['role'] == 'Instructor'
when 'Teaching Assistant'
return user_info['role'] == 'Teaching Assistant'
when 'Student'
return user_info['role'] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
Token Encoding:
Ensure that a user's information (e.g., user_id, role) is properly encoded into a JWT token during the authentication process.
Token Decoding:
Implement a method to decode and verify JWT tokens.
Confirm that the decoding process is successful and returns the expected user information.
Token Expiry Handling:
Check that the system handles token expiry properly and denies access or requests re-authentication when a token is expired.
Token Signature Verification:
Validate that the system verifies the signature of the JWT token to ensure its authenticity.

*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
Role-Based Access Control (RBAC):
Integrate RBAC using JWT claims to determine user roles.
Update methods that check for specific privileges to rely on JWT claims instead of other mechanisms.
Privilege Validation Methods:
Update existing methods (e.g., current_user_has_admin_privileges?) to utilize information from JWT claims.
Ensure that the system grants or denies access based on the user's role and privileges stored in the JWT token.

*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
ser ID Verification:
Update methods that validate the user's identity (current_user_has_id?) to use the user_id claim from the JWT token.
Ensure that the system checks the user's ID against the one provided in the token.
User Role Verification:
Implement methods to check if the user has a specific role (current_user_is_a?) based on JWT claims.
Verify that the system accurately identifies the user's role using the JWT token.

*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.
Method Refactoring:
Refactor existing authentication and authorization methods to utilize JWT claims for user information.
Ensure that methods no longer rely on separate data stores for user roles or privileges.
Unit Testing:
Create unit tests for each updated method to ensure that they work correctly with JWT claims.
Verify that the methods return expected results for various scenarios, such as different roles and expired tokens.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

*mgcghcmhv
[[File:E2379 postman.png|500px|center]]

*mbcgfjhgf
[[File:E2379 token.png|500px|center]]

*jtfjgkjhbj
[[File:E2379 RubyOnRails.png|500px|center]]

* Rspec Test cases file:
[[File:E2379 TestsSuccess.png|500px|center]]

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-04T17:09:41Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Authorization Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.
*'''Role Verification:'''
The module allows you to determine if the current user possesses specific roles such as Super-Admin, Admin, Instructor, TA (Teaching Assistant), or Student. This is pivotal for identifying the user's overarching responsibilities and access levels within the system.
*'''Assignment-related Checks:'''
You can use the module to check whether the user is a participant in a particular assignment, holds the role of an instructor for an assignment, or has TA mappings (Teaching Assistant assignments) associated with a specific task. These checks are instrumental in understanding the user's involvement and responsibilities in the context of assignments.
*'''Action Permissions:'''
The AuthorizationHelper module provides methods to determine if the current user is allowed to perform specific actions. For instance, you can check if the user can submit work, conduct reviews, or take quizzes. This functionality ensures that user actions align with their assigned roles and responsibilities.
*'''Access Control:'''
Through the aforementioned checks, the module facilitates robust access control by enabling you to tailor the user experience based on their roles and permissions. This is vital for maintaining system security and ensuring that users can only perform actions for which they are authorized.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==

JSON Web Tokens (JWT) are commonly used for implementing authorization in web applications. The AuthorizationHelper module can leverage JWT tokens to determine the privileges and roles of a user. Here's a general overview of how JWT tokens are typically used for authorization:
*'''Token Generation:'''
When a user logs in or authenticates, a JWT token is generated on the server-side. This token typically includes information such as the user's ID, roles, and any other relevant claims.
*'''Token Issuance:'''
The server issues the JWT token to the client after successful authentication. The client then stores this token, usually in a secure manner such as in an HTTP-only cookie or local storage.
*'''Token Inclusion in Requests:'''
For subsequent requests to the server that require authorization, the client includes the JWT token in the request headers. This can be done using the "Authorization" header with a value like "Bearer <token>".
*'''Token Verification on the Server:'''
The server-side AuthorizationHelper module receives the JWT token from the client in the request. It then verifies the token's integrity and authenticity using a secret key known only to the server.
*'''Decoding the Token:'''
Once the token is verified, the server decodes its content. The decoded payload includes information about the user, such as their roles, which the AuthorizationHelper module can use for authorization checks.
*'''Authorization Checks:'''
The AuthorizationHelper module performs checks based on the decoded information from the JWT token. For example, it may check if the user has the required roles or permissions to access certain resources or perform specific actions.
*'''Access Granted or Denied:'''
Based on the results of the authorization checks, the server responds to the client's request by either allowing or denying access to the requested resource.

A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

== Existing methods to be updated ==
*current_user_has_super_admin_privileges
*current_user_is_a?

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info[:role].present?

case required_privilege
when 'Super-Administrator'
return user_info[:role] == 'Super-Administrator'
when 'Administrator'
return user_info[:role] == 'Administrator'
when 'Instructor'
return user_info[:role] == 'Instructor'
when 'Teaching Assistant'
return user_info[:role] == 'Teaching Assistant'
when 'Student'
return user_info[:role] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-12-04T16:48:32Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki. The Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==
A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

== Existing methods to be updated ==
*current_user_has_super_admin_privileges
*current_user_is_a?

== New methods created==
*jwt_verify_and_decode:
Description:
This method is part of the JWT (JSON Web Token) Authentication Integration in the application. It serves the purpose of verifying and decoding a given JWT token using the JsonWebToken class. JWT tokens are commonly used for authentication and authorization purposes in web applications.

Parameters:
token (String): The JWT token that needs to be verified and decoded.

Returns:
If the provided JWT token is valid, the method decodes the token using the JsonWebToken.decode method.
If decoding is successful, the decoded information is converted into a HashWithIndifferentAccess to provide easy access to the user information with indifferent access to symbol and string keys.
If the token is invalid or decoding fails (raises JWT::DecodeError), the method returns nil.

'''Code'''
def jwt_verify_and_decode(token)
begin
decoded_token = JsonWebToken.decode(token)
return HashWithIndifferentAccess.new(decoded_token)
rescue JWT::DecodeError
return nil
end
end

*check_user_privileges:
Description:
This method is responsible for checking user privileges based on the claims provided in a JWT (JSON Web Token). Given the user information extracted from the JWT and a required privilege, the method determines if the user possesses the specified privilege. The method primarily validates the user's role against the required privilege.

Parameters:
user_info (HashWithIndifferentAccess): User information extracted from the JWT, typically containing details like the user's role.

required_privilege (String): The required privilege that the method checks against the user's role.
Returns:
true if the user possesses the required privilege.
false otherwise, including cases where the user information is not present (nil) or lacks a role.

'''Code''':
def check_user_privileges(user_info, required_privilege)
return false unless user_info.present? && user_info[:role].present?

case required_privilege
when 'Super-Administrator'
return user_info[:role] == 'Super-Administrator'
when 'Administrator'
return user_info[:role] == 'Administrator'
when 'Instructor'
return user_info[:role] == 'Instructor'
when 'Teaching Assistant'
return user_info[:role] == 'Teaching Assistant'
when 'Student'
return user_info[:role] == 'Student'
else
return false
end
end

== Existing methods updated==
*current_user_has_super_admin_privileges:
Determine if the currently logged-in user has the privileges of a Super-Admin. It checks if the user has Super-Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_super_admin_privileges?
current_user_has_privileges_of?('Super-Administrator')
end

'''Updated Code''':
def current_user_has_super_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Super-Administrator') if user_info.present?
false
end

*current_user_has_admin_privileges:
Determine if the currently logged-in user has the privileges of an Admin (or higher). It checks if the user has Administrator privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_admin_privileges?
current_user_has_privileges_of?('Administrator')
end

'''Updated Code''':
def current_user_has_admin_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Administrator') if user_info.present?
false
end

*current_user_has_instructor_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_instructor_privileges?
current_user_has_privileges_of?('Instructor')
end

'''Updated Code''':
def current_user_has_instructor_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Instructor') if user_info.present?
false
end

*current_user_has_ta_privileges:
Determine if the currently logged-in user has the privileges of an Instructor (or higher). It checks if the user has Instructor privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_ta_privileges?
current_user_has_privileges_of?('Teaching Assistant')
end

'''Updated Code''':
def current_user_has_ta_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Teaching Assistant') if user_info.present?
false
end

*current_user_has_student_privileges:
Determine if the currently logged-in user has the privileges of a Student (or higher). It checks if the user has Student privileges based on the JWT token. The method calls check_user_privileges with the appropriate privilege and returns the result.

'''Old Code''':
def current_user_has_student_privileges?
current_user_has_privileges_of?('Student')
end

'''Updated Code''':
def current_user_has_student_privileges?(token)
user_info = jwt_verify_and_decode(token)
return check_user_privileges(user_info, 'Student') if user_info.present?
false
end

*current_user_is_assignment_participant:
Determine if the currently logged-in user is participating in an Assignment based on the assignment_id argument. It checks if the user is a participant in a specific assignment based on the JWT token.

'''Old Code''':
def current_user_is_assignment_participant?(assignment_id)
if user_logged_in?
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: session[:user].id)
end
false
end

'''Updated Code''':
def current_user_is_assignment_participant?(token, assignment_id)
user_info = jwt_verify_and_decode(token)
return AssignmentParticipant.exists?(parent_id: assignment_id, user_id: user_info[:id]) if user_info.present?
false
end

*current_user_teaching_staff_of_assignment:
Determine if the currently logged-in user is teaching staff of an Assignment based on the assignment_id argument. It checks if the user is an instructor or has TA mapping for a specific assignment based on the JWT token.

'''Old Code''':
def current_user_teaching_staff_of_assignment?(assignment_id)
assignment = Assignment.find(assignment_id)
user_logged_in? &&
(
current_user_instructs_assignment?(assignment) ||
current_user_has_ta_mapping_for_assignment?(assignment)
)
end

'''Updated Code''':
def current_user_teaching_staff_of_assignment?(token, assignment_id)
assignment = Assignment.find(assignment_id)
user_info = jwt_verify_and_decode(token)
user_info.present? &&
(
current_user_instructs_assignment?(assignment, user_info) ||
current_user_has_ta_mapping_for_assignment?(assignment, user_info)
)
end

*current_user_is_a:
Determine if the currently logged-in user IS of the given role name. It checks if the user's role in the JWT token matches the provided role name.

'''Old Code''':
def current_user_is_a?(role_name)
current_user_and_role_exist? && session[:user].role.name == role_name
end

'''Updated Code''':
def current_user_is_a?(token, role_name)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:role] == role_name
end

*current_user_has_id:
Determine if the current user has the passed-in id value. It checks if the user's ID in the JWT token matches the provided ID.

'''Old Code''':
def current_user_has_id?(id)
user_logged_in? && session[:user].id.eql?(id.to_i)
end

'''Updated Code''':
def current_user_has_id?(token, id)
user_info = jwt_verify_and_decode(token)
return user_info.present? && user_info[:id].to_i == id.to_i
end

*current_user_created_bookmark_id:
Determine if the currently logged-in user created the bookmark with the given ID. It checks if the user in the JWT token created the bookmark with the specified ID.

'''Old Code''':
def current_user_created_bookmark_id?(bookmark_id)
user_logged_in? && !bookmark_id.nil? && Bookmark.find(bookmark_id.to_i).user_id == session[:user].id
rescue ActiveRecord::RecordNotFound
false
end

'''Updated Code''':
def current_user_created_bookmark_id?(token, bookmark_id)
user_info = jwt_verify_and_decode(token)
return user_info.present? &&
!bookmark_id.nil? &&
Bookmark.find(bookmark_id.to_i).user_id == user_info[:id]
rescue ActiveRecord::RecordNotFound
false
end

*given_user_can_submit:
Determine if the given user can submit work. It checks if the user in the JWT token can submit work.

'''Old Code''':
def given_user_can_submit?(user_id)
given_user_can?(user_id, 'submit')
end

'''Updated Code''':
def given_user_can_submit?(token, user_id)
given_user_can?(token, user_id, 'submit')
end

*given_user_can_review:
Determine if the given user can review work. It checks if the user in the JWT token can review work.

'''Old Code''':
def given_user_can_review?(user_id)
given_user_can?(user_id, 'review')
end

''' Updated Code ''':
def given_user_can_review?(token, user_id)
given_user_can?(token, user_id, 'review')
end

*given_user_can_take_quiz:
Determine if the given user can take quizzes. It checks if the user in the JWT token can take quizzes.

'''Old Code''':
def given_user_can_take_quiz?(user_id)
given_user_can?(user_id, 'take_quiz')
end

'''Updated Code''':
def given_user_can_take_quiz?(token, user_id)
given_user_can?(token, user_id, 'take_quiz')
end

*given_user_can_read:
Determine if the given user can read work. It checks if the user in the JWT token can read work.

'''Old Code''':
def given_user_can_read?(user_id)
given_user_can_take_quiz?(user_id)
end

''' Updated Code ''':
def given_user_can_read?(token, user_id)
given_user_can_take_quiz?(token, user_id)
end

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2379. Reimplement authorization helper.rb

2023-11-16T05:46:22Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2379 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza currently uses session-based authentication in its AuthorizationHelper module. The reimplementation back end uses JSON Web Token (JWT) based authentication. This requires a redesign of the AuthorizationHelper module to accommodate JWT-based authentication.

== About Helper==
The AuthorizationHelper module provides methods to check a user's privileges and roles within the system. It allows you to determine if the current user has specific roles like Super-Admin, Admin, Instructor, TA, or Student. You can also check if the user is a participant in a particular assignment, instructs an assignment, or has TA mappings for an assignment. Additionally, it provides methods to identify if the current user can perform actions like submitting work, reviewing, or taking quizzes. These functions are essential for managing user permissions and access control in the application.

== Requirements ==
*JWT Authentication Integration: Modify the AuthorizationHelper module to integrate JWT-based authentication, allowing users to authenticate and authorize requests using JWT tokens instead of sessions.
*Token Verification: Implement methods to verify and decode JWT tokens to extract user information and permissions.
*Privilege Verification: Update the existing methods (e.g., current_user_has_super_admin_privileges?, current_user_is_a?, etc) to use JWT claims to determine a user's privileges. Users will be granted access based on their role and claims within the JWT.
*User Identity Verification: Implement a method to verify the identity of the current user based on the JWT token. Ensure that the user's role is validated correctly.
*Methods should be updated to use the user's JWT claims.
*Error Handling: Implement appropriate error handling to deal with JWT verification failures or unauthorized access attempts.

==Methods to be implemented==
*jwt_verify_and_decode(token): This method will verify and decode a JWT token and return the user's information, including role and claims.
*check_user_privileges(user_info, required_privilege): Given user information from the JWT and a required privilege, this method will determine if the user has the required privilege.
*Update and adapt the existing methods to use JWT claims for authentication and authorization.

== Deliverables ==
*A modified and fully functional AuthorizationHelper module with JWT-based authentication.
*Updated methods to ensure JWT claims are used for authentication and authorization.
*Appropriate error handling to handle JWT-related issues.
*Unit tests should cover different scenarios and edge cases to ensure that each function works as expected
*Comments for every function.

== JWT Token ==
A JWT contains three parts:

*Header: Consists of two parts: The signing algorithm that’s being used and the type of token.
*Payload: The payload contains the claims or the JSON object.
*Signature: A string that is generated via a cryptographic algorithm that can be used to verify the integrity of the JSON payload.

[[File:Jwt-structure.png]]

== Methods Details ==
*Error Handling: The method is wrapped in a begin and rescue block to handle JWT::DecodeError. If an error occurs during the decoding process (e.g., an invalid signature or expired token), the method returns nil.

'''Error Handling'''
rescue JWT::DecodeError
nil
end

*check_user_privileges(user_info, required_privilege): The check_user_privileges method is responsible for determining whether a user, based on their role and claims stored in a JSON Web Token (JWT), possesses the required privilege within the context of the application.

'''Pseudo Code'''
function check_user_privileges(user_info, required_privilege):
Check if User info is null
return false
switch statement:
case 'Administrator':
return user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
case 'Student':
return user_info[:role] == 'Student' OR user_info[:role] == 'Teaching Assistant' OR user_info[:role] == 'Instructor' OR user_info[:role] == 'Administrator' OR user_info[:role] == 'Super-Administrator'
Other cases
default:
return false

*Updating existing methods in the helper wherever session is being used.

==Test Plan==
*'''JWT Authentication Integration'''
'''Objectives:'''

*'''Verify JWT Token Processing:'''
Confirm that JWT tokens are correctly processed, verified, and decoded.
*'''User Privilege Verification:'''
Ensure that user privileges are correctly verified based on JWT claims.
*'''User Identity Verification:'''
Confirm that the user's identity is accurately verified based on the JWT token.
*'''Existing Methods Update:'''
Validate that existing methods are successfully updated to use JWT claims.

===Test Cases===
*'''JWT Token Processing:'''
Verify that a valid JWT token is successfully processed and decoded.
Test with an invalid token to ensure proper error handling.
*'''User Privilege Verification:'''
Check user privileges for various roles (super admin, admin, instructor, TA, student).
Verify user privileges for specific actions (submitting work, reviewing, etc.).
*'''Error Handling:'''
Test error handling for JWT verification failures.
Attempt unauthorized access and validate appropriate error handling.
*'''User Identity Verification:'''
Verify the correct identification of the current user based on the JWT token.
Test with various roles to ensure accurate identification.
*'''Existing Methods Update:'''
Confirm that existing methods are updated to use JWT claims for authentication and authorization.
Validate the behavior of updated methods with various scenarios.

== Existing methods to be updated ==
*current_user_has_super_admin_privileges
*current_user_is_a?

== Team ==
===Mentor===
*Ameya Vaichalikar (agvaicha)

===Members===
*Sravya Karanam (skarana)
*Sucharitha Nadendla (snadend3)
*Abhishek Desai (adesai7)

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T05:01:06Z

Snadend3: /* Manual Testing */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''
Here is the link to [https://github.com/abhi934/expertiza/commit/4ef5ef04388d9a578a1a367a10656764bee00c94 GitHub commit].

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed. Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.
Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity. Here is the link to [https://github.com/abhi934/expertiza/commit/16e295a4ccc9f8e01ee8b6a72f967858ff57cbf3 GitHub commit].

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.
Here is the link to [https://github.com/abhi934/expertiza/commit/a8969c314854e1b216523657cdf4b9592545874c GitHub commit].

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement.

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

* When dropping topic if submission already done.
* When deadline from dropping topic has passed.
* Deleting topic when topic cannot be found.
* Signup in case when user cannot be found.
* Create signup_sheet when sign_up_topic cannot be found.
* Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===
Follow these instructions to manually test the below functionalities:

->'''The instructor assigns a student to a topic: '''
#Log in as an instructor using the credentials: username - instructor6, password - password.
#Select Manage -> Assignments, go to Etc, there add the student to participant.
#Then select a topic which you want to assign to that student.
->'''Set/updates deadlines to that topic'''
#To set/update deadlines, select Manage -> Assignments
#Enable the staggered deadline checkbox
#Go to Topics, then select start show/ due date
#There you can assign the deadline, and click on save
->'''Drop/Delete student from the topic'''
#Now go to Manage-> Assignments ->Topics
#We can see the assigned users to the topic
#Click on the ‘drop student’, then that student would be dropped from the topic.

Here is the [https://www.youtube.com/watch?v=f98fqcRbA2U Demo Link] for manual testing.

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 Pull_Request]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T04:58:52Z

Snadend3: /* Manual Testing */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''
Here is the link to [https://github.com/abhi934/expertiza/commit/4ef5ef04388d9a578a1a367a10656764bee00c94 GitHub commit].

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed. Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.
Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity. Here is the link to [https://github.com/abhi934/expertiza/commit/16e295a4ccc9f8e01ee8b6a72f967858ff57cbf3 GitHub commit].

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.
Here is the link to [https://github.com/abhi934/expertiza/commit/a8969c314854e1b216523657cdf4b9592545874c GitHub commit].

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement.

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

* When dropping topic if submission already done.
* When deadline from dropping topic has passed.
* Deleting topic when topic cannot be found.
* Signup in case when user cannot be found.
* Create signup_sheet when sign_up_topic cannot be found.
* Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===
Follow these instructions to manually test the below functionalities:

->'''The instructor assigns a student to a topic: '''
#Log in as an instructor using the credentials: username - instructor6, password - password.
#Select Manage -> Assignments, go to Etc, there add the student to participant.
#Then select a topic which you want to assign to that student.
->'''Set/updates deadlines to that topic'''
#To set/update deadlines, select Manage -> Assignments
#Enable the staggered deadline checkbox
#Go to Topics, then select start show/ due date
#There you can assign the deadline, and click on save
->'''Drop/Delete student from the topic'''
#Now go to Manage-> Assignments ->Topics
#We can see the assigned users to the topic
#Click on the ‘drop student’, then that student would be dropped from the topic.

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 Pull_Request]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T04:58:20Z

Snadend3: /* Manual Testing */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''
Here is the link to [https://github.com/abhi934/expertiza/commit/4ef5ef04388d9a578a1a367a10656764bee00c94 GitHub commit].

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed. Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.
Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity. Here is the link to [https://github.com/abhi934/expertiza/commit/16e295a4ccc9f8e01ee8b6a72f967858ff57cbf3 GitHub commit].

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.
Here is the link to [https://github.com/abhi934/expertiza/commit/a8969c314854e1b216523657cdf4b9592545874c GitHub commit].

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement.

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

* When dropping topic if submission already done.
* When deadline from dropping topic has passed.
* Deleting topic when topic cannot be found.
* Signup in case when user cannot be found.
* Create signup_sheet when sign_up_topic cannot be found.
* Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===
Follow these instructions to manually test the below functionalities:

->The instructor assigns a student to a topic:
#Log in as an instructor using the credentials: username - instructor6, password - password.
#Select Manage -> Assignments, go to Etc, there add the student to participant.
#Then select a topic which you want to assign to that student.
->Set/updates deadlines to that topic
#To set/update deadlines, select Manage -> Assignments
#Enable the staggered deadline checkbox
#Go to Topics, then select start show/ due date
#There you can assign the deadline, and click on save
->Drop/Delete student from the topic
#Now go to Manage-> Assignments ->Topics
#We can see the assigned users to the topic
#Click on the ‘drop student’, then that student would be dropped from the topic.

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 Pull_Request]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T03:54:11Z

Snadend3: /* Solutions */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''
Here is the link to [https://github.com/abhi934/expertiza/commit/4ef5ef04388d9a578a1a367a10656764bee00c94 GitHub commit].

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed. Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.
Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity. Here is the link to [https://github.com/abhi934/expertiza/commit/16e295a4ccc9f8e01ee8b6a72f967858ff57cbf3 GitHub commit].

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.
Here is the link to [https://github.com/abhi934/expertiza/commit/a8969c314854e1b216523657cdf4b9592545874c GitHub commit].

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement.

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.Here is the link to [https://github.com/abhi934/expertiza/commits/main GitHub commit].

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T03:45:42Z

Snadend3: /* Solutions */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.
Here is the link to [https://github.com/abhi934/expertiza/commit/372d0cdc0c29b78266a9a6e845e5a7464fa3182d GitHub commit].

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:55:18Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

The RSpec test cases for the `SignUpSheetController` in `signup_sheet_controller.rb` are designed to thoroughly evaluate the functionality of managing sign-up topics for assignments. These test cases cover various scenarios, including creating new topics, updating topic properties, deleting topics, switching from original to suggested topics, and more. They verify that the controller correctly handles actions by students and instructors, respecting deadlines and submission status. Additionally, the test cases ensure that actions such as setting priorities for topics and saving topic deadlines work as intended.

All these tests aim to validate that the controller's actions respond appropriately to user input, and that the underlying logic, database interactions, and authorization checks are functioning as expected. With these tests, developers can have confidence that the `SignUpSheetController` is working correctly and that it provides a robust platform for managing sign-up topics in an educational setting.

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:50:56Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:48:57Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

*'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

*'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*'''Code Climate Issues'''

#unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

#Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

#Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

#Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

#Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

#Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

#Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:46:27Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
#The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

#'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

#'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

#'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

#'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

#'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

#'''Code Climate Issues'''

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:43:37Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

'''Refactoring the Update method'''

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''Improved Method names as follows'''

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

''' signup_as_instructor function'''
signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

def signup_as_instructor; end

'''Refactoring List Method'''

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Refactored Code'''
def list
# Fetch the AssignmentParticipant based on the given ID
@participant = AssignmentParticipant.find(params[:id].to_i)
# Retrieve the assignment associated with the participant
@assignment = @participant.assignment
# Find the number of slots filled and waitlisted for sign-up topics
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
# Fetch sign-up topics for the assignment
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
# Fetch the team ID if exists
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
handle_intelligent_assignment
end
# Extract code related to intelligent assignment handling
# Find the number of sign-up topics available
@num_of_topics = @sign_up_topics.size
# Retrieve important deadline information
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
# Fetch student bids if available
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
# Check if certain deadlines have passed to determine whether to show actions
handle_deadlines
# Rendering the appropriate view based on the assignment type
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end
# Handle intelligent assignment scenarios
def handle_intelligent_assignment
# Fetch the team ID (if it exists)
team_id = @participant.team.try(:id)
# Fetch bids for the team (if any) and order them by priority
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
# Find topics that have been signed up and update the available sign-up topics
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
# Extract code related to handling deadlines into a separate method
def handle_deadlines
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
@show_actions = false
end
# Find whether the user has signed up for any topics; if so, the user won't be able to sign up again
# unless the former was a waitlisted topic
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
end

'''Refactoring Signup_as_instructor_action'''

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Refactored Code'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

'''Refactoring Delete_signup and delete_signup_as_instructor'''

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''Refactored Code'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end
def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end
def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''Code Climate Issues'''

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Test Plan==
===Edge Cases===

# When dropping topic if submission already done.
# When deadline from dropping topic has passed.
# Deleting topic when topic cannot be found.
# Signup in case when user cannot be found.
# Create signup_sheet when sign_up_topic cannot be found.
# Destroy signup_sheet when other topics with the same assignment exists.

===RSpec===

[[File:rspec_champions.png|1000px|center]]

===Manual Testing===

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:22:49Z

Snadend3: /* RSpec */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Tests==

===RSpec===

[[File:rspec_champions.png|1000px|center]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:22:29Z

Snadend3: /* RSpec */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Tests==

===RSpec===

[[File:rspec_champions.png|800px|center]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:21:58Z

Snadend3: /* Team Members */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*sign_up_sheet_controller_spec.rb
*response_controller.rb
*badges_controller_spec.rb
*pair_programming_controller_spec.rb
*participants_helper_spec.rb
*collusion_cycle_spec.rb

==Tests==

===RSpec===

[[File:rspec_champions.png|500px|center]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharitha Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:09:20Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.png|500px|center]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T02:04:37Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:

[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:

*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

"After Refactoring" code is the replacement of the safe navigation operator (&.) used in the original code with a combination of nil? and empty? checks to maintain the same functionality while being compatible with Ruby 2.1.

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

The refactored code utilizes if params[:id].present? instead, which is a more concise way to check if the params[:id] is not nil or not an empty string, maintaining the same functionality. We have assigned session[:user].id to current_user and review.map.assignment to assignment, which enhances readability and code clarity. The refactored code consolidates the logic to find or create a FeedbackResponseMap based on certain conditions and maintains better code structure with straightforward if-else logic.

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

The edit method is now broken down into smaller, more focused methods such as load_response_data and handle_team_reviewing.Each method is responsible for specific tasks: load_response_data handles the loading and processing of response data, while handle_team_reviewing deals with team reviewing scenarios.This separation of concerns improves code organization and readability.

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

The refactored code changes the conditional check for setting flash messages to use nil? and empty? instead of the safe navigation operator (&.), as the safe navigation operator is available from Ruby 2.3 onwards. The refactored version separates the logic for redirection based on different params[:return] values into the redirect_based_on_return method. It centralizes and isolates the redirection logic for improved readability and maintainability.

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:36:41Z

Snadend3: /* Solutions */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method
The refactored version is more concise and readable. It uses the Rails 'update_attributes' method to update multiple attributes of the @topic object in a single call. It also sets a success flash message when the topic is updated successfully, which was missing in the original code. Additionally, it removes redundant calls to @topic.save after attribute assignments.

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

The refactored code organizes the list method by breaking it down into smaller, more specialized methods (handle_intelligent_assignment and handle_deadlines). Here, the refactored version improves code readability, maintainability, and organization by breaking down the method into smaller, specialized functions and separating concerns, resulting in a more structured and manageable codebase.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

The refactored version assigns params[:assignment_id] and params[:topic_id] to assignment_id and topic_id variables, respectively, to avoid repetitive use of these parameters and increase code readability. The refactored version enhances readability by using meaningful variable names (assignment_id and topic_id), the string interpolation ("The student is not registered for the assignment: #{user.id}") is used, providing a more elegant way of embedding user.id within the string. The redirection statement is cleaner, referencing the previously defined assignment_id variable (redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)), reducing repetition and enhancing code clarity.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

A new method, delete_signup_common, centralizes the shared functionality, reducing redundancy and improving maintainability. The refactored code uses the who_user parameter to determine the type of user performing the deletion action, allowing a single method to handle both cases. By utilizing a shared method and parameters, the code is more concise, easier to understand, and maintain.
'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:21:45Z

Snadend3: /* Issues/Problem Statement */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well.
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:21:11Z

Snadend3: /* Issues */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues/Problem Statement ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well. [Mostly fixed by previous version of project.]
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:20:48Z

Snadend3: /* Test Login Credentials */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well. [Mostly fixed by previous version of project.]
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:20:07Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Test Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

== Issues ==

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well. [Mostly fixed by previous version of project.]
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-07T01:19:44Z

Snadend3:

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Issues ==

== Test Login Credentials ==
<li>UserId: instructor6</li>
<li>Password: password</li>

*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well. [Mostly fixed by previous version of project.]
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function "delete_signup_common" to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''
def delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
if who_user == "instructor"
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
else
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
end
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
if who_user == "instructor"
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
end
else
if who_user == "instructor"
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
end
end

def delete_signup
who_user = "student"
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
who_user = "instructor"
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(who_user,participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

===RSpec===

[[File:rspec_champions.jpg]]

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-11-06T21:37:53Z

Snadend3: /* Modified Files */

This wiki page is for the information regarding the changes made for the E2257 OSS assignment for Fall 2023, CSC/ECE 517.

__TOC__

== Introduction ==
Expertiza is an open source project developed on Ruby on Rails. This web application is maintained by the student and faculty at NC State. This application gives complete control to the instructor to maintain the assignments in their class. With multiple functionalities such as adding topics, creating groups, and peer reviews, Expertiza is a well-developed application that can handle all types of assignments. To learn more about the full functionality Expertiza has to offer, visit the Expertiza wiki.

== About Controller ==
The sign up sheet controller contains all functions related to the management of the signup sheet for an assignment:

*Allows an instructor to add/remove topics to an assignment.
*Allows an instructor to edit properties of topics.
*Allows an instructor to assign/remove students to topics
*Allows a student to see the list of available topics which they can bid on for a given OSS assignment.

== Issues ==
*Naming is inconsistent. When used as a verb, “sign up” is two words. When an adjective or a noun, it should be one word, e.g., “signup_sheet_controller.” Cf. “sign_up_as_instructor”. Please make the naming consistent. Of course, this will result in changes in calling methods as well. [Mostly fixed by previous version of project.]
*Update method has a plethora of instance variables defined before updating. These might not be necessary (e.g., look at update method of bookmarks_controller). Decide whether so many instance variables are really needed. Refactor the variables not needed out. [This may have already been fixed, but save_topic_deadline also has these problems.]
*Add_signup_topics_staggered does not do anything different from add_signup_topics. Separate functions are needed, because add_signup_topics_staggered needs to make sure that the deadlines are set. [Assignment 1042 has staggered deadlines]
*Several method names can be improved (including: load_add_signup_topics, list, ad_info etc.)
*What are differences between signup_as_instructor and signup_as_instructor_action methods? Investigate if they are needed and improve the method names if both are needed. Provide comments as to what each method does.
*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods.
*Refactor participants variable in load_add_signup_topics
#[In retrospect, the meaning of this is not clear. The @participants variable is used in a way that is very obscure, with code spread across several views, and no comments saying what it is doing. It used to be that participants (individual students) signed up for topics. Now, only teams can sign up for topics. So @participants does not make sense.
*Signup_as_instructor_action has if-else ladder. It can be made more elegant. [If it is worth keeping this method at all.]
*Delete_signup and delete_signup_as_instructor have much in common and violate the DRY principle. Refactor.
*Code Climate issues

==Previous Version of Project==
#[https://wiki.expertiza.ncsu.edu/index.php?title=CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb CSC/ECE_517_Spring_2022_-_E2223._Refactor_sign_up_sheet_controller.rb]
#[https://github.com/palvitgarg99/expertiza https://github.com/palvitgarg99/expertiza]
#[https://github.com/expertiza/expertiza/pull/2345 https://github.com/expertiza/expertiza/pull/2345]
==Solutions==
*The naming inconsistency issue has already been fixed by the previous version of the project. It has been verified by us.

*Refactoring the Update method

'''Before refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
@topic.topic_identifier = params[:topic][:topic_identifier]
update_max_choosers @topic
@topic.category = params[:topic][:category]
@topic.topic_name = params[:topic][:topic_name]
@topic.micropayment = params[:topic][:micropayment]
@topic.description = params[:topic][:description]
@topic.link = params[:topic][:link]
@topic.save
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

'''After refactoring'''
def update
@topic = SignUpTopic.find(params[:id])
if @topic
update_max_choosers @topic
@topic.update_attributes(topic_identifier: params[:topic][:topic_identifier], category: params[:topic][:category],
topic_name: params[:topic][:topic_name], micropayment: params[:topic][:micropayment], description: params[:topic][:description],link:params[:topic][:link] )
undo_link("The topic: \"#{@topic.topic_name}\" has been successfully updated. ")
flash[:success] = 'The topic has been updated.'
else
flash[:error] = 'The topic could not be updated.'
end
# Akshay - correctly changing the redirection url to topics tab in edit assignment view.
redirect_to edit_assignment_path(params[:assignment_id]) + '#tabs-2'
end

*Improved Method names as follows:
[[File:Methodname1.png|500px|left]]
[[File:Methodname2.jpeg|500px|center]]
[[File:Methodname3.jpeg|500px|center]]

*signup_as_instructor_action is used to sign up a student for a particular topic for an assignment as an instructor. signup_as_instructor function does nothing. It is an empty function. The function is not being called anywhere in the code. The method is not needed and hence removed.

''' signup_as_instructor_action '''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' signup_as_instructor function'''

def signup_as_instructor; end

*The list method is too long and is sparsely commented. Provide comments and identify if the method can be split or made cleaner by moving code to models or helper methods. This issue is fixed by refactoring the List Method using helper methods. Here the 'list' method is doing a lot of different things, making it quite lengthy and potentially harder to maintain. So by refactoring and restructuring we can improve readability and maintainability.

'''Before Refactoring'''

def list
@participant = AssignmentParticipant.find(params[:id].to_i)
@assignment = @participant.assignment
@slots_filled = SignUpTopic.find_slots_filled(@assignment.id)
@slots_waitlisted = SignUpTopic.find_slots_waitlisted(@assignment.id)
@show_actions = true
@priority = 0
@sign_up_topics = SignUpTopic.where(assignment_id: @assignment.id, private_to: nil)
@max_team_size = @assignment.max_team_size
team_id = @participant.team.try(:id)
@use_bookmark = @assignment.use_bookmark
if @assignment.is_intelligent
@bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = []
@bids.each do |bid|
sign_up_topic = SignUpTopic.find_by(id: bid.topic_id)
signed_up_topics << sign_up_topic if sign_up_topic
end
signed_up_topics &= @sign_up_topics
@sign_up_topics -= signed_up_topics
@bids = signed_up_topics
end
@num_of_topics = @sign_up_topics.size
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = team_id.nil? ? [] : Bid.where(team_id: team_id)
unless @assignment.due_dates.find_by(deadline_type_id: 1).nil?
@show_actions = false if !@assignment.staggered_deadline? && (@assignment.due_dates.find_by(deadline_type_id: 1).due_at < Time.now)
# Find whether the user has signed up for any topics; if so the user won't be able to
# sign up again unless the former was a waitlisted topic
# if team assignment, then team id needs to be passed as parameter else the user's id
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = if users_team.empty?
nil
else
SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
end
render('sign_up_sheet/intelligent_topic_selection') && return if @assignment.is_intelligent
end

'''After Refactoring'''

#Controller method
def display_topics_and_signup_info
find_participant_and_assignment
load_signup_topic_details
process_intelligent_topics if @assignment.is_intelligent
load_deadlines
check_user_signup_topics
render_intelligent_topic_selection if @assignment.is_intelligent
end
private
# Helper method: Find participant and assignment
def find_participant_and_assignment
@participant = find_participant
@assignment = @participant.assignment
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Find participant based on the given ID
def find_participant
AssignmentParticipant.find(params[:id].to_i)
end
# Helper method: Load sign-up topic details
def load_signup_topic_details
@slots_filled = SignUpTopic.slots_filled_for(@assignment.id)
@slots_waitlisted = SignUpTopic.slots_waitlisted_for(@assignment.id)
@signup_topics = SignUpTopic.public_topics_for_assignment(@assignment.id)
@max_team_size = @assignment.max_team_size
@use_bookmark = @assignment.use_bookmark
end
# Helper method: Process intelligent topics
def process_intelligent_topics
@bids, signed_up_topics = retrieve_bids_and_signed_topics
@signup_topics -= signed_up_topics
@bids = signed_up_topics
@num_of_topics = @signup_topics.size
end
# Helper method: Retrieve bids and signed topics
def retrieve_bids_and_signed_topics
team_id = @participant.team.try(:id)
bids = team_id.nil? ? [] : Bid.where(team_id: team_id).order(:priority)
signed_up_topics = bids.each_with_object([]) do |bid, topics|
topic = SignUpTopic.find_by(id: bid.topic_id)
topics << topic if topic
end
[bids, signed_up_topics & @signup_topics]
end
# Helper method: Load deadlines
def load_deadlines
@signup_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 7)
@drop_topic_deadline = @assignment.due_dates.find_by(deadline_type_id: 6)
@student_bids = @participant.team.nil? ? [] : Bid.where(team_id: @participant.team.id)
end
# Helper method: Check user signup topics
def check_user_signup_topics
return unless (due_date = @assignment.due_dates.find_by(deadline_type_id: 1))
@show_actions = !@assignment.staggered_deadline? && (due_date.due_at < Time.now)
users_team = SignedUpTeam.find_team_users(@assignment.id, session[:user].id)
@selected_topics = users_team.empty? ? nil : SignedUpTeam.find_user_signup_topics(@assignment.id, users_team.first.t_id)
end
# Helper method: Render intelligent topic selection
def render_intelligent_topic_selection
render('sign_up_sheet/intelligent_topic_selection') && return
end

*Signup_as_instructor_action has if-else ladder. Made this function more elegant. The `assignment_id` and `topic_id` are assigned to variables at the beginning of the method. This makes the code more concise and improves clarity. The refactored code reduces nesting by breaking down the conditions into separate if statements. This avoids deep nesting and makes the code more linear.

'''Before refactoring Signup_as_instructor_action'''

def signup_as_instructor_action
user = User.find_by(name: params[:username])
if user.nil? # validate invalid user
flash[:error] = 'That student does not exist!'
else
if AssignmentParticipant.exists? user_id: user.id, parent_id: params[:assignment_id]
if SignUpSheet.signup_team(params[:assignment_id], user.id, params[:topic_id])
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor signed up student for topic: ' + params[:topic_id].to_s)
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'The student is not registered for the assignment: ' << user.id)
end
end
redirect_to controller: 'assignments', action: 'edit', id: params[:assignment_id]
end

''' After refactoring Signup_as_instructor_action'''

# Signs up a student for a specific topic in an assignment by an instructor
def signup_as_instructor_action
user = User.find_by(name: params[:username])
# validate invalid user
if user.nil?
flash[:error] = 'That student does not exist!'
else
#assign params[:assignment_id] and params[:topic_id] to variables and use these variables to avoid repetition
assignment_id = params[:assignment_id]
topic_id = params[:topic_id]
if AssignmentParticipant.exists?(user_id: user.id, parent_id: assignment_id)
if SignUpSheet.signup_team(assignment_id, user.id, topic_id)
flash[:success] = 'You have successfully signed up the student for the topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "Instructor signed up student for topic: #{topic_id}"))
else
flash[:error] = 'The student has already signed up for a topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', 'Instructor is signing up a student who already has a topic')
end
else
flash[:error] = 'The student is not registered for the assignment!'
ExpertizaLogger.info LoggerMessage.new(controller_name, '', "The student is not registered for the assignment: #{user.id}")
end
end
redirect_to(controller: 'assignments', action: 'edit', id: assignment_id)
end

*Delete_signup and delete_signup_as_instructor violate the DRY principle. Refactored this. Created a new private function handle_signup_deletion to handle deletion for both instructor as well as student. A new function, check_signup_eligibility, generates the error message that the topic cannot be dropped. The redirect_path function is used to redirect the user.

'''Before Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
# A student who has already submitted work should not be allowed to drop his/her topic!
# (A student/team has submitted if participant directory_num is non-null or submitted_hyperlinks is non-null.)
# If there is no drop topic deadline, student can drop topic at any time (if all the submissions are deleted)
# If there is a drop topic deadline, student cannot drop topic after this deadline.
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for already submitted a work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Dropping topic for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], session[:user].id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, 'Student has dropped the topic: ' + params[:topic_id].to_s)
end
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# find participant using assignment using team and topic ids
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'The student has already submitted their work, so you are not allowed to remove them.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for already submitted work: ' + params[:topic_id].to_s)
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop a student after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Drop failed for ended work: ' + params[:topic_id].to_s)
else
delete_signup_for_topic(assignment.id, params[:topic_id], participant.user_id)
flash[:success] = 'You have successfully dropped the student from the topic!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, 'Student has been dropped from the topic: ' + params[:topic_id].to_s)
end
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

'''After Refactoring Delete_signup and delete_signup_as_instructor'''

def delete_signup_common(participant, assignment, drop_topic_deadline, topic_id)
if !participant.team.submitted_files.empty? || !participant.team.hyperlinks.empty?
flash[:error] = 'You have already submitted your work, so you are not allowed to drop your topic.'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for already submitted work: #{topic_id}")
elsif !drop_topic_deadline.nil? && (Time.now > drop_topic_deadline.due_at)
flash[:error] = 'You cannot drop your topic after the drop topic deadline!'
ExpertizaLogger.error LoggerMessage.new(controller_name, session[:user].id, "Dropping topic for ended work: #{topic_id}")
else
delete_signup_for_topic(assignment.id, topic_id, participant.user_id)
flash[:success] = 'You have successfully dropped your topic!'
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].id, "Student has dropped the topic: #{topic_id}")
end
end

def delete_signup
# delete_signup method
participant = AssignmentParticipant.find(params[:id])
assignment = participant.assignment
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(participant, assignment, drop_topic_deadline, topic_id)
redirect_to action: 'list', id: params[:id]
end

def delete_signup_as_instructor
# delete_signup_as_instructor method
team = Team.find(params[:id])
assignment = Assignment.find(team.parent_id)
user = TeamsUser.find_by(team_id: team.id).user
participant = AssignmentParticipant.find_by(user_id: user.id, parent_id: assignment.id)
drop_topic_deadline = assignment.due_dates.find_by(deadline_type_id: 6)
topic_id = params[:topic_id]
delete_signup_common(participant, assignment, drop_topic_deadline, topic_id)
redirect_to controller: 'assignments', action: 'edit', id: assignment.id
end

*Code Climate Issues:
*unexpected token error (Using Ruby 2.1 parser; configure using TargetRubyVersion parameter, under AllCops): Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement

'''Before Refactoring'''
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?

'''After Refactoring'''
flash[:error] = error_id unless error_id.nil? || error_id.empty?
flash[:note] = message_id unless message_id.nil? || message_id.empty?

*Method new_feedback has a Cognitive Complexity of 6 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def new_feedback
review = Response.find(params[:id]) unless params[:id].nil?
if review
reviewer = AssignmentParticipant.where(user_id: session[:user].id, parent_id: review.map.assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first
if map.nil?
# if no feedback exists by dat user den only create for dat particular response/review
map = FeedbackResponseMap.create(reviewed_object_id: review.id, reviewer_id: reviewer.id, reviewee_id: review.map.reviewer.id)
end
redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

'''After Refactoring'''

def new_feedback
# Replaced unless params[:id].nil? with if params[:id].present? for a more concise condition
review = Response.find(params[:id]) if params[:id].present?

if review
#Assigned session[:user] and review.map.assignment to variables for clarity
current_user = session[:user]
assignment = review.map.assignment
reviewer = AssignmentParticipant.where(user_id: current_user.id, parent_id: assignment.id).first
map = FeedbackResponseMap.where(reviewed_object_id: review.id, reviewer_id: reviewer.id).first

# if no feedback exists by dat user den only create for dat particular response/review
if map.nil?
map = FeedbackResponseMap.create(
reviewed_object_id: review.id,
reviewer_id: reviewer.id,
reviewee_id: review.map.reviewer.id
)
end

redirect_to action: 'new', id: map.id, return: 'feedback'
else
redirect_back fallback_location: root_path
end
end

*Method edit has 29 lines of code (exceeds 25 allowed). Method edit has a Cognitive Complexity of 10 (exceeds 5 allowed). Consider refactoring

'''Before Refactoring'''

def edit
assign_action_parameters
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a
if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end
# Added for E1973, team-based reviewing
@map = @response.map
if @map.team_reviewing_enabled
@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
if @response.nil?
response_lock_action
return
end
end
@modified_object = @response.response_id
# set more handy variables for the view
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
render action: 'response'
end

'''After Refactoring'''
def edit
assign_action_parameters
load_response_data
render action: 'response'
end

def handle_team_reviewing
return unless @map.team_reviewing_enabled

@response = Lock.get_lock(@response, current_user, Lock::DEFAULT_TIMEOUT)
response_lock_action if @response.nil?
end

def load_response_data
@prev = Response.where(map_id: @map.id)
@review_scores = @prev.to_a

if @prev.present?
@sorted = @review_scores.sort do |m1, m2|
if m1.version_num.to_i && m2.version_num.to_i
m2.version_num.to_i <=> m1.version_num.to_i
else
m1.version_num ? -1 : 1
end
end
@largest_version_num = @sorted[0]
end

@map = @response.map
handle_team_reviewing
@modified_object = @response.response_id
set_content
@review_scores = []
@review_questions.each do |question|
@review_scores << Answer.where(response_id: @response.response_id, question_id: question.id).first
end
@questionnaire = questionnaire_from_response
end

*Method redirect has 27 lines of code (exceeds 25 allowed). Consider refactoring.

'''Before Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id&.empty?
flash[:note] = message_id unless message_id&.empty?
@map = Response.find_by(map_id: params[:id])
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team
# the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

'''After Refactoring'''
def redirect
error_id = params[:error_msg]
message_id = params[:msg]
flash[:error] = error_id unless error_id.nil? || error_id.empty?
# Safe navigation operator &. is available from Ruby 2.3. Currently replaced it with nil check conditional statement
flash[:note] = message_id unless message_id.nil? || message_id.empty?

@map = Response.find_by(map_id: params[:id])

redirect_based_on_return
end
def redirect_based_on_return
case params[:return]
when 'feedback'
redirect_to controller: 'grades', action: 'view_my_scores', id: @map.reviewer.id
when 'teammate'
redirect_to view_student_teams_path student_id: @map.reviewer.id
when 'instructor'
redirect_to controller: 'grades', action: 'view', id: @map.response_map.assignment.id
when 'assignment_edit'
redirect_to controller: 'assignments', action: 'edit', id: @map.response_map.assignment.id
when 'selfreview'
redirect_to controller: 'submitted_content', action: 'edit', id: @map.response_map.reviewer_id
when 'survey'
redirect_to controller: 'survey_deployment', action: 'pending_surveys'
when 'bookmark'
bookmark = Bookmark.find(@map.response_map.reviewee_id)
redirect_to controller: 'bookmarks', action: 'list', id: bookmark.topic_id
when 'ta_review' # Page should be directed to list_submissions if TA/instructor performs the review
redirect_to controller: 'assignments', action: 'list_submissions', id: @map.response_map.assignment.id
else
# if reviewer is team, then we have to get the id of the participant from the team. the id in reviewer_id is of an AssignmentTeam
reviewer_id = @map.response_map.reviewer.get_logged_in_reviewer_id(current_user.try(:id))
redirect_to controller: 'student_review', action: 'list', id: reviewer_id
end
end

*Method create has a Cognitive Complexity of 8 (exceeds 5 allowed). Method create has 29 lines of code (exceeds 25 allowed). Consider refactoring:

'''Before Refactoring'''
def create
map_id = params[:id]
unless params[:map_id].nil?
map_id = params[:map_id]
end # pass map_id as a hidden field in the review form
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
is_submitted = (params[:isSubmit] == 'Yes')
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: @round.to_i).order(created_at: :desc).first
if @response.nil?
@response = Response.create(map_id: @map.id, additional_comment: params[:review][:comments],
round: @round.to_i, is_submitted: is_submitted)
end
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if (@map.is_a? ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

'''After refactoring'''
def create
setup_response
process_response
finalize_response
end

def setup_response
map_id = params[:map_id].presence || params[:id]
@map = ResponseMap.find(map_id)
if params[:review][:questionnaire_id]
@questionnaire = Questionnaire.find(params[:review][:questionnaire_id])
@round = params[:review][:round]
else
@round = nil
end
end

def process_response
is_submitted = (params[:isSubmit] == 'Yes')
@response = find_or_create_response
was_submitted = @response.is_submitted
# ignore if autoupdate try to save when the response object is not yet created.s
@response.update(additional_comment: params[:review][:comments], is_submitted: is_submitted)
# :version_num=>@version)
end

def finalize_response
# Change the order for displaying questions for editing response views.
questions = sort_questions(@questionnaire.questions)
create_answers(params, questions) if params[:responses]
msg = 'Your response was successfully saved.'
error_msg = ''
# only notify if is_submitted changes from false to true
if should_notify_instructor_on_difference?(was_submitted)
@response.notify_instructor_on_difference
@response.email
end
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, error_msg: error_msg, review: params.permit(:review)[:review], save_options: params.permit(:save_options)[:save_options]
end

def find_or_create_response
round = @round.to_i
is_submitted = params[:isSubmit] == 'Yes'
# There could be multiple responses per round, when re-submission is enabled for that round.
# Hence we need to pick the latest response.
@response = Response.where(map_id: @map.id, round: round).order(created_at: :desc).first
@response ||= Response.create(map_id: @map.id, additional_comment: params[:review][:comments], round: round, is_submitted: is_submitted)
end

def should_notify_instructor_on_difference?(was_submitted)
@map.is_a?(ReviewResponseMap) && (!was_submitted && @response.is_submitted) && @response.significant_difference?
end

*Method action_allowed? has a Cognitive Complexity of 6 (exceeds 5 allowed).

'''Before Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
response = Response.find(params[:id])
user_id = response.map.reviewer.user_id if response.map.reviewer
end
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, user_id)
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, user_id)
when 'view'
response_edit_allowed?(response.map, user_id)
else
user_logged_in?
end
end

'''After Refactoring'''
def action_allowed?
response = user_id = nil
action = params[:action]
response = find_response_for_actions(action)
case action
when 'edit'
# If response has been submitted, no further editing allowed.
return false if response&.is_submitted
# Else, return true if the user is a reviewer for that response.
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
# Deny access to anyone except reviewer & author's team
when 'delete', 'update'
current_user_is_reviewer?(response.map, response_reviewer_user_id(response))
when 'view'
response_edit_allowed?(response.map, response_reviewer_user_id(response))
else
user_logged_in?
end
end

def find_response_for_actions(action)
# Initialize response and user id if action is edit or delete or update or view.
if %w[edit delete update view].include?(action)
Response.find(params[:id])
end
end

def response_reviewer_user_id(response)
response.map.reviewer&.user_id
end

*Method update has a Cognitive Complexity of 9 (exceeds 5 allowed). Consider refactoring.

'''Before Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
begin
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
@response.update_attribute('additional_comment', params[:review][:comments])
@questionnaire = questionnaire_from_response
questions = sort_questions(@questionnaire.questions)
# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
create_answers(params, questions) unless params[:responses].nil?
if params['isSubmit'] && params['isSubmit'] == 'Yes'
@response.update_attribute('is_submitted', true)
end
if (@map.is_a? ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
@response.notify_instructor_on_difference
end
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

'''After Refactoring'''

def update
render nothing: true unless action_allowed?
msg = ''
# the response to be updated
# Locking functionality added for E1973, team-based reviewing
begin
if @map.team_reviewing_enabled && !Lock.lock_between?(@response, current_user)
response_lock_action
return
end
update_response_attributes
process_questionnaire
create_answers_if_needed
submit_response_if_requested
rescue StandardError
msg = "Your response was not saved. Cause:189 #{$ERROR_INFO}"
end
log_and_redirect_response_save(msg)
end

def update_response_attributes
@response.update_attribute('additional_comment', params[:review][:comments])
@response.update_attribute('is_submitted', true) if params['isSubmit'] && params['isSubmit'] == 'Yes'
end

def process_questionnaire
@questionnaire = questionnaire_from_response
@questions = sort_questions(@questionnaire.questions)
end

# for some rubrics, there might be no questions but only file submission (Dr. Ayala's rubric)
def create_answers_if_needed
create_answers(params, @questions) unless params[:responses].nil?
end

def submit_response_if_requested
@response.notify_instructor_on_difference if @map.is_a?(ReviewResponseMap) && @response.is_submitted && @response.significant_difference?
end

def log_and_redirect_response_save(msg)
ExpertizaLogger.info LoggerMessage.new(controller_name, session[:user].name, "Your response was submitted: #{@response.is_submitted}", request)
redirect_to controller: 'response', action: 'save', id: @map.map_id,
return: params.permit(:return)[:return], msg: msg, review: params.permit(:review)[:review],
save_options: params.permit(:save_options)[:save_options]
end

==Modified Files==
*sign_up_sheet_controller.rb
*response_controller.rb

==Tests==

describe '#update' do
context 'when topic cannot be found' do
it 'shows an error flash message and redirects to assignment#edit page' do
allow(SignUpTopic).to receive(:find).with('1').and_return(nil)
request_params = { id: 1, assignment_id: 1 }
post :update, params: request_params
expect(flash[:error]).to eq('The topic could not be updated.')
expect(response).to redirect_to('/assignments/1/edit#tabs-2')
end
end
describe '#delete_signup_as_instructor' do
before(:each) do
allow(Team).to receive(:find).with('1').and_return(team)
allow(TeamsUser).to receive(:find_by).with(team_id: 1).and_return(double('TeamsUser', user: student))
allow(AssignmentParticipant).to receive(:find_by).with(user_id: 8, parent_id: 1).and_return(participant)
allow(participant).to receive(:team).and_return(team)
end
context 'when either submitted files or hyperlinks of current team are not empty' do
it 'shows a flash error message and redirects to assignment#edit page' do
allow(assignment).to receive(:instructor).and_return(instructor)
request_params = { id: 1 }
user_session = { user: instructor }
get :delete_signup_as_instructor, params: request_params, session: user_session
expect(flash[:error]).to eq('The student has already submitted their work, so you are not allowed to remove them.')
expect(response).to redirect_to('/assignments/1/edit')
end
end

context 'when both submitted files and hyperlinks of current team are empty and drop topic deadline is not nil and its due date has already passed' do
it 'shows a flash error message and redirects to assignment#edit page' do
due_date.due_at = DateTime.now.in_time_zone - 1.day
allow(assignment).to receive(:due_dates).and_return(due_date)
allow(due_date).to receive(:find_by).with(deadline_type_id: 6).and_return(due_date)
allow(team).to receive(:submitted_files).and_return([])
allow(team).to receive(:hyperlinks).and_return([])
request_params = {
id: 1,
due_date: {
'1_submission_1_due_date' => nil,
'1_review_1_due_date' => nil
}
}
user_session = { user: instructor }
get :delete_signup_as_instructor, params: request_params, session: user_session
expect(flash[:error]).to eq('You cannot drop a student after the drop topic deadline!')
expect(response).to redirect_to('/assignments/1/edit')
end
end

context 'when both submitted files and hyperlinks of current team are empty and drop topic deadline is nil' do
it 'shows a flash success message and redirects to assignment#edit page' do
allow(team).to receive(:submitted_files).and_return([])
allow(team).to receive(:hyperlinks).and_return([])
allow(SignedUpTeam).to receive(:find_team_users).with(1, 6).and_return([team])
allow(team).to receive(:t_id).and_return(1)
request_params = { id: 1, topic_id: 1 }
user_session = { user: instructor }
get :delete_signup_as_instructor, params: request_params, session: user_session
expect(flash[:success]).to eq('You have successfully dropped the student from the topic!')
expect(response).to redirect_to('/assignments/1/edit')
end
end
end

== Team ==
=== Mentor ===
* Ameya Vaichalikar (agvaicha)

=== Team Members ===
* Sravya Karanam (skarana)
* Sucharita Nadendla (snadend3)
* Abhishek Desai (adesai7)

==Pull Request==
*[https://github.com/expertiza/expertiza/pull/2684 https://github.com/expertiza/expertiza/pull/2684]
*[https://github.com/expertiza/expertiza/pull/2678 https://github.com/expertiza/expertiza/pull/2678]
*[https://github.com/expertiza/expertiza/pull/2677 https://github.com/expertiza/expertiza/pull/2677]
*[https://github.com/expertiza/expertiza/pull/2669 https://github.com/expertiza/expertiza/pull/2669]

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T04:01:54Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T04:00:10Z

Snadend3: /* Tests */

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:59:36Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:52:41Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:51:08Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:38:21Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:27:51Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:24:17Z

Snadend3: /* Modified Files */

File:Methodname1.png

2023-10-31T03:20:29Z

Snadend3: Snadend3 uploaded a new version of File:Methodname1.png

File:Methodname1.png

2023-10-31T03:19:29Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:16:13Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:14:45Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:12:30Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:10:28Z

Snadend3:

CSC/ECE 517 Fall 2023 - E2357. Refactor sign up sheet controller.rb

2023-10-31T03:08:39Z

Snadend3: