CSC/ECE 517 Spring 2025 - E2507. Reimplement back end for submission records

E2507. Reimplement back end for submission records
Currently only instructors can see the submission history of the participants of particular assignment currently. The goal of this project is to extend submission records to students.

Introduction

Ruby on Rails (Rails) is a server-side web application framework written in Ruby that follows the MVC (Model-View-Controller) architecture. It emphasizes convention over configuration, making web development faster and more efficient by providing built-in tools for common tasks like database management, routing, and authentication.

Expertiza's Existing Submission Records Feature

In the existing Expertiza system, instructors are provided with detailed submission history for each assignment. This allows instructors to track the progress of students, view their submissions, and monitor whether students have completed their assignments on time. However, this feature was restricted to instructors only, leaving students without visibility into their own submission records. This limitation often made it challenging for students to track their progress or verify that their submissions were properly recorded, especially in case of discrepancies or issues with the submission system.

With this project, the goal is to extend this feature, allowing students to view their own submission history, which will improve transparency and provide them with better control over their assignments.

Proposed System

The primary objective of this project is to modify the Submission Record Controller so that submission records become visible to students. Previously, only instructors had access to these records. The key deliverables include:

1. Updating the access control logic to grant students permission to view their own submission records.

2. Ensuring students cannot access other teams’ submission records.

3. Modifying the UI to present submission history in an intuitive manner.

4. Updating API routes and database queries to fetch the relevant submission data.

5. Writing and executing test cases to validate the changes.

Files Involved

app/controllers/submission_records_controller.rb
app/models/submission_record.rb
app/views/student_task/list.html.erb
app/views/submission_records/index.html.erb

Database Tables Involved

submission_records

Implementation

1. Identify the Existing Access Control Mechanism: We examined the existing authorization logic that restricted students from viewing their own submission records. Access permissions were defined at the controller level, requiring updates to include student roles.

2.Modify the Submission Record Controller: We modified the controller to allow students to retrieve their own submission records while ensuring security constraints.

Role-based conditions were implemented to prevent unauthorized access.

3.Update Submission-Records View for Students: A new student-friendly interface was added to display submission history.

The UI was updated to ensure that students could only access records linked to their own submissions.

4.Create a New View for Submission Records: A separate view was introduced to present submission records in a structured format.

This view mirrors the instructor’s interface but with restricted data access.

<code>
<h1>Submission History</h1>

<% if @submission_records.any? %>
  <table class="table table-striped">
    <thead>
      <tr>
        <th>Submission ID</th>
        <th>Submitted By</th>
        <th>Submission Time</th>
        <th>File</th>
        <th>Comments</th>
      </tr>
    </thead>
    <tbody>
      <% @submission_records.each do |record| %>
        <tr>
          <td><%= record.id %></td>
          <td><%= record.submitter.try(:name) || "Unknown" %></td>
          <td><%= record.created_at.strftime("%Y-%m-%d %H:%M:%S") %></td>
          <td>
            <% if record.file_url.present? %>
              <%= link_to "View File", record.file_url, target: "_blank" %>
            <% else %>
              No file uploaded
            <% end %>
          </td>
          <td><%= record.comments.presence || "No comments" %></td>
        </tr>
      <% end %>
    </tbody>
  </table>
<% else %>
  <p>No submission records found for this team.</p>
<% end %>

<%= link_to "Back to Assignments", assignments_path, class: "btn btn-primary" %>
</code>

5.Update API Routes in config/routes.rb: New API endpoints were configured to fetch relevant submission data for students. The changes ensured compatibility with the existing API architecture.

6.Perform Testing Using RSpec: We wrote unit and integration tests to verify that the new functionality worked as expected. These tests ensured that students could only access their own submission records.

Testing

Automated Testing using RSPEC

The current version of expertiza backend reimplementation did not have a testing suite for the Submission Records controller, or the submission record model that tested the extended student functionality that we added. Using a combination of the test driven development(TDD) and behavior driven design (BDD) approach, we added in RSpec testing for the SubmissionRecordsController and Submission model files that tested our modifications. The student functionality was only added and tested exhaustively since the instructor and admin functionality has already been developed. Since the controller was designed for APIs and returning all HTTP calls when appropriate, this was integrated into the testing framework to check as well. The testing suite is compatible with APIs and swagger framework according the the project document specifications.

Example review of test cases

The below code is an example of some of the testing structure for the RSpec testing.

 # GET /api/v1/student_task (Get student tasks)

  describe 'GET /submission_records/:id' do
    context 'when the student is part of the team' do
      it 'allows access and returns a 200 status' do
        get "/submission_records/#{submission_record.id}", headers: valid_headers
        expect(response).to have_http_status(:ok)
      end
    end

    context 'when the student is NOT part of the team' do
      it 'denies access and returns a 403 status' do
        get "/submission_records/#{submission_record.id}", headers: unauthorized_headers
        expect(response).to have_http_status(:forbidden)
      end
    end

    context 'when an invalid token is provided' do
      it 'returns a 401 status' do
        get "/submission_records/#{submission_record.id}", headers: invalid_headers
        expect(response).to have_http_status(:unauthorized)
      end
    end
  end

Executing test cases

The tests can be executed "rpec spec" command as shown below, and works best when set up locally or via Docker.

bundle install
rake db:create:all
rake db:migrate
rails s
.
user-expertiza/backend-reimplementation $rspec spec
.
.
.
Finished in 5.39 seconds (files took 25.33 seconds to load)

Testing from UI

The only UI changes that were made included added a student view that mimics the instructor view. The view path 'app/view/submission_records' represents this. The added functionality ensures that, when logged in as a student, only those students who are associated with the team of that specific assignment that has been submitted can view the record.

1. When logged in as Student A, navigate to the student task list, where there will be a column that links to the submission record view.

2. By clicking on the submission record column, student A will then be able to see the submission record history, if applicable.

3. When logging in as student B who is not associated with the team that the assignment/submission record is linked to, they will not be able to see any submission records.

Pull Request

Here is our pull request. In the link you can see all code snippets changed due to implementing the above steps, as well as integration test progression information.