CSC/ECE 517 Fall 2016/E1653. Fix and improve rubric criteria
E1653. Fix and Improve Rubric Criteria
Expertiza Background
Expertiza is an open source project based on Ruby on Rails framework.It is a web application to create reusable learning objects through peer review. It supports various features such as team projects, and the submission of various documents including URLs and wiki pages. Expertiza allows the instructor to create new assignments and customize new or existing assignments. It also allows the instructor to create a list of topics the students can sign up for. Students can form teams in Expertiza to work on various projects and assignments. Students can also peer review other students' submissions. Expertiza supports submission across various document types, including the URLs and wiki pages.
Tasks Identified
- Change allow_action? method of questionnaires controller to restrict unauthorized access to edit review rubrics. Only Instructors who own the rubric or their Teaching Assistants should be allowed edit them.
- Display an error message when a user who is not the owner of a questionnaire attempts to edit it.
Modified Files
- questionnaires_controller.rb
Summary of Implementation
New Functionality
- An instructor can no longer change others' review rubrics. If he attempts to do so, an error message will be displayed.
- Only those review rubrics can be modified by an instructor which are owned by him.
- A Teaching Assistant can modify only those review rubrics which are owned by the instructor under whom he works.
Changes in Source Code
1. Changes in allow_action? method of the Questionnaires controller.
The action_allow? method earlier provided access to all users to modify or view any review rubric.
# Source code before implementation. def action_allowed? ['Super-Administrator', 'Administrator', 'Instructor', 'Teaching Assistant', 'Student'].include? current_role_name end
The action_allow? method now provides access to modify a rubric to those instructors who own the rubric or the Teaching Assistants who work under them. However, any user can view the contents of the review rubric.
# Source code after implementation. def action_allowed? case params[:action] when 'edit', 'update', 'delete', 'toggle_access' #Modifications can only be done by papertrail q= Questionnaire.find_by(id:params[:id]) owner_inst_id = q.instructor_id if(current_user.role_id==6) current_ta = current_user; end b= (current_user.id == owner_inst_id) if(!current_ta.nil?) b = b or (current_ta.parent_id == owner_inst_id) end return b else #Allow all others ['Super-Administrator', 'Administrator', 'Instructor', 'Teaching Assistant', 'Student'].include? current_role_name end end