Archived - CSC/ECE 517 Fall 2017/E1765 Rubrics.rb.
E1765. OSS project Brown: Rubrics
This page provides a description of the Expertiza based OSS project.
About Expertiza
Expertiza is an open source project based on Ruby on Rails framework. The Expertiza project is software to create reusable learning objects through peer review. It is a web application where students can submit and peer-review learning objects (articles, code, web sites, etc). It is used in select courses at NC State and by professors at several other colleges and universities. It also supports team projects, and the submission of almost any document type, including URLs and wiki pages. Expertiza enables the instructor to create new and customize existing assignments. It also enables the instructor to create a list of topics the students can sign up for as part of a project. Students can form teams in Expertiza to work on various projects and assignments. Expertiza supports submission across various document types, including the URLs and wiki pages.
Problem Statement
The following tasks were accomplished in this project:
- Fixed Issue 696: Instructors can make changes to each others' rubric, which should not happen
- Updated action_allowed for access_control to prevent unauthorized access of methods..
- Implemented new feature 577: Dumping and loading rubric criterion from CSV
- Refactored Questionnaires Controller to use existing Import and Export controllers.
- Added import method in Questions model to enable creation of questions from CSV.
About Questionnaires Controller
This class manages the questions attached to a questionnaire. It enables the creation of new questionnaires, and editing of existing questionnaires. The questions attached to the questionnaire can either be added/updated manually from the user interface or imported from an existing comma separated file. Once the questions are added/updated satisfactorily, they can be exported as a comma separated file. The controller currently has its own import and export methods to achieve this functionality.
Current Implementation
Functionality
- Any user irrespective of his/ her privileges can edit the questionnaire.
- The questionnaire should be restricted to be editable only by an instructor, administrator, or a super administrator. Furthermore, an existing questionnaire should be restricted to be editable only by the instructor who created the questionnaire in the first place.
- Import and Export functionality in the Questionnaires Controller
- The current implementation of the Questionnaires controller uses its own import and export methods. The Questionnaires controller should instead use the import and export implemented for the intended purpose. This promotes separation of concerns and code reuse.
Drawbacks and Solutions
- Problem 1: An instructor can change others' review rubrics.
- The method action_allowed in Questionnaires controller returns true for any user role for all actions.
def action_allowed? ['Super-Administrator', 'Administrator', 'Instructor', 'Teaching Assistant', 'Student'].include? current_role_name end
- Solution: The implementation has been changed in such a way that the restriction on who is allowed to edit an existing rubric is as follows:
- A super administrator can edit any existing rubric.
- An administrator can edit any existing rubric.
- An instructor can only edit an existing rubric if it was created by him or her. An instructor cannot edit a rubric created by another instructor.
- The other functionalities have been left as it is, assuming that any user can create, view, etc. a new or existing rubric.
- Problem 2: TODO: Add import/export problem
- Description
- Solution: Solution
New Implementation
- The action_allowed? method in Questionnaires controller has been modified to check for separate roles based on the action:
- If the action is edit, it checks that the user is a super administrator, an administrator, or an instructor who created the questionnaire in the first place.
- Else, all users are allowed to perform the action. (Assuming that even a student is allowed to add a questionnaire such as polls, surveys, etc)
def action_allowed? if action_name == "edit" @questionnaire = Questionnaire.find(params[:id]) (['Super-Administrator', 'Administrator' ].include? current_role_name) || ((['Instructor'].include? current_role_name) && current_user_id?( @questionnaire.instructor_id)) else ['Super-Administrator', 'Administrator', 'Instructor', 'Teaching Assistant', 'Student'].include? current_role_name end end
- TODO: Add new implementation for import/export functionality.
Code improvements
TODO: If any
Automated Testing using RSPEC
TODO: If any
Testing from UI
TODO: Get proper steps with user name and password Following are a few testcases with respect to our code changes that can be tried from UI: 1. Log in as instructor 1 and create a new rubric.
2. Log in as another instructor. Go to [ Edit] page for the rubric and try to edit the questions.
3. Re log in as a student. Go to [ Edit] page for the rubric and try to edit the questions.
3. Re log in as instructor 1. Go to [ Edit] page for the rubric and try to edit the questions.
4. Re log in as a super administrator / admininstrator. Go to [ Edit] page for the rubric and try to edit the questions.
5. TODO: Add steps
References
- Expertiza on GitHub
- GitHub Project Repository Fork
- The live Expertiza website
- [ Demo link]
- Expertiza project documentation wiki
- Rspec Documentation
- Clean Code: A handbook of agile software craftsmanship. Author: Robert C Martin