Major overhaul.

2 years ago · 8954839a22
--- a/.gitignore
+++ b/.gitignore
@@ -13,7 +13,6 @@ doc/rdocs
 # Ignore the default SQLite database.
 /db/*.sqlite3
 /db/*.sqlite3-journal
 !/db/development.sqlite3

 # Ignore all logfiles and tempfiles.
 /log/*
@@ -26,3 +25,10 @@ doc/rdocs

 /vendor
 *.swp

 public/reports/*
 !public/reports/.keep
 public/uploads/*
 !public/uploads/.keep

 storage
--- a/+ 15
+++ b/+ 15
@@ -7,26 +7,26 @@ end


 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
 gem 'rails', '~> 5.0.2'
 gem 'rails', '~> 5.2.0'
 # Use sqlite3 as the database for Active Record
 gem 'sqlite3'
 gem 'sqlite3', '~> 1.3.0'
 # Use Puma as the app server
 gem 'puma', '~> 3.0'
 gem 'puma'
 # Use SCSS for stylesheets
 gem 'sass-rails', '~> 5.0'
 gem 'sass-rails'
 # Use Uglifier as compressor for JavaScript assets
 gem 'uglifier', '>= 1.3.0'
 gem 'uglifier'
 # Use CoffeeScript for .coffee assets and views
 gem 'coffee-rails', '~> 4.2'
 gem 'coffee-rails'
 # See https://github.com/rails/execjs#readme for more supported runtimes
 # gem 'therubyracer', platforms: :ruby

 # Use jquery as the JavaScript library
 gem 'jquery-rails'
 # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks
 gem 'turbolinks', '~> 5'
 gem 'turbolinks'
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 2.5'
 gem 'jbuilder'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 3.0'
 # Use ActiveModel has_secure_password
@@ -42,13 +42,16 @@ end

 group :development do
  # Access an IRB console on exception pages or by using <%= console %> anywhere in the code.
  gem 'web-console', '>= 3.3.0'
  gem 'listen', '~> 3.0.5'
  gem 'web-console'
  gem 'listen'
  # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring
  gem 'spring'
  gem 'spring-watcher-listen', '~> 2.0.0'
  gem 'spring-watcher-listen'
 end

 # Windows does not include zoneinfo files, so bundle the tzinfo-data gem
 gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
 gem 'authlogic', '3.5.0'
 gem 'rdoc'
 gem 'bootsnap'
 gem 'prawn'
 gem 'prawn-table'
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -1,186 +1,204 @@
 GEM
  remote: https://rubygems.org/
  specs:
    actioncable (5.0.2)
      actionpack (= 5.0.2)
      nio4r (>= 1.2, < 3.0)
      websocket-driver (~> 0.6.1)
    actionmailer (5.0.2)
      actionpack (= 5.0.2)
      actionview (= 5.0.2)
      activejob (= 5.0.2)
    actioncable (5.2.2)
      actionpack (= 5.2.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
    actionmailer (5.2.2)
      actionpack (= 5.2.2)
      actionview (= 5.2.2)
      activejob (= 5.2.2)
      mail (~> 2.5, >= 2.5.4)
      rails-dom-testing (~> 2.0)
    actionpack (5.0.2)
      actionview (= 5.0.2)
      activesupport (= 5.0.2)
    actionpack (5.2.2)
      actionview (= 5.2.2)
      activesupport (= 5.2.2)
      rack (~> 2.0)
      rack-test (~> 0.6.3)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
    actionview (5.0.2)
      activesupport (= 5.0.2)
    actionview (5.2.2)
      activesupport (= 5.2.2)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      erubi (~> 1.4)
      rails-dom-testing (~> 2.0)
      rails-html-sanitizer (~> 1.0, >= 1.0.3)
    activejob (5.0.2)
      activesupport (= 5.0.2)
    activejob (5.2.2)
      activesupport (= 5.2.2)
      globalid (>= 0.3.6)
    activemodel (5.0.2)
      activesupport (= 5.0.2)
    activerecord (5.0.2)
      activemodel (= 5.0.2)
      activesupport (= 5.0.2)
      arel (~> 7.0)
    activesupport (5.0.2)
    activemodel (5.2.2)
      activesupport (= 5.2.2)
    activerecord (5.2.2)
      activemodel (= 5.2.2)
      activesupport (= 5.2.2)
      arel (>= 9.0)
    activestorage (5.2.2)
      actionpack (= 5.2.2)
      activerecord (= 5.2.2)
      marcel (~> 0.3.1)
    activesupport (5.2.2)
      concurrent-ruby (~> 1.0, >= 1.0.2)
      i18n (~> 0.7)
      i18n (>= 0.7, < 2)
      minitest (~> 5.1)
      tzinfo (~> 1.1)
    arel (7.1.4)
    authlogic (3.5.0)
      activerecord (>= 3.2, < 5.1)
      activesupport (>= 3.2, < 5.1)
      request_store (~> 1.0)
      scrypt (>= 1.2, < 4.0)
    arel (9.0.0)
    bindex (0.5.0)
    bootsnap (1.3.2)
      msgpack (~> 1.0)
    builder (3.2.3)
    byebug (9.0.6)
    coffee-rails (4.2.1)
    byebug (10.0.2)
    coffee-rails (4.2.2)
      coffee-script (>= 2.2.0)
      railties (>= 4.0.0, < 5.2.x)
      railties (>= 4.0.0)
    coffee-script (2.4.1)
      coffee-script-source
      execjs
    coffee-script-source (1.12.2)
    concurrent-ruby (1.0.5)
    erubis (2.7.0)
    concurrent-ruby (1.1.4)
    crass (1.0.4)
    erubi (1.8.0)
    execjs (2.7.0)
    ffi (1.9.18)
    ffi-compiler (1.0.1)
      ffi (>= 1.0.0)
      rake
    globalid (0.3.7)
      activesupport (>= 4.1.0)
    i18n (0.8.1)
    jbuilder (2.6.3)
      activesupport (>= 3.0.0, < 5.2)
      multi_json (~> 1.2)
    jquery-rails (4.3.1)
    ffi (1.10.0)
    globalid (0.4.2)
      activesupport (>= 4.2.0)
    i18n (1.5.3)
      concurrent-ruby (~> 1.0)
    jbuilder (2.8.0)
      activesupport (>= 4.2.0)
      multi_json (>= 1.2)
    jquery-rails (4.3.3)
      rails-dom-testing (>= 1, < 3)
      railties (>= 4.2.0)
      thor (>= 0.14, < 2.0)
    listen (3.0.8)
    listen (3.1.5)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
    loofah (2.0.3)
      ruby_dep (~> 1.2)
    loofah (2.2.3)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.6.4)
      mime-types (>= 1.16, < 4)
    method_source (0.8.2)
    mime-types (3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2016.0521)
    mini_portile2 (2.1.0)
    minitest (5.10.1)
    multi_json (1.12.1)
    nio4r (2.0.0)
    nokogiri (1.7.1)
      mini_portile2 (~> 2.1.0)
    puma (3.8.2)
    rack (2.0.1)
    rack-test (0.6.3)
      rack (>= 1.0)
    rails (5.0.2)
      actioncable (= 5.0.2)
      actionmailer (= 5.0.2)
      actionpack (= 5.0.2)
      actionview (= 5.0.2)
      activejob (= 5.0.2)
      activemodel (= 5.0.2)
      activerecord (= 5.0.2)
      activesupport (= 5.0.2)
      bundler (>= 1.3.0, < 2.0)
      railties (= 5.0.2)
    mail (2.7.1)
      mini_mime (>= 0.1.1)
    marcel (0.3.3)
      mimemagic (~> 0.3.2)
    method_source (0.9.2)
    mimemagic (0.3.3)
    mini_mime (1.0.1)
    mini_portile2 (2.4.0)
    minitest (5.11.3)
    msgpack (1.2.6)
    multi_json (1.13.1)
    nio4r (2.3.1)
    nokogiri (1.10.1)
      mini_portile2 (~> 2.4.0)
    pdf-core (0.7.0)
    prawn (2.2.2)
      pdf-core (~> 0.7.0)
      ttfunk (~> 1.5)
    prawn-table (0.2.2)
      prawn (>= 1.3.0, < 3.0.0)
    puma (3.12.0)
    rack (2.0.6)
    rack-test (1.1.0)
      rack (>= 1.0, < 3)
    rails (5.2.2)
      actioncable (= 5.2.2)
      actionmailer (= 5.2.2)
      actionpack (= 5.2.2)
      actionview (= 5.2.2)
      activejob (= 5.2.2)
      activemodel (= 5.2.2)
      activerecord (= 5.2.2)
      activestorage (= 5.2.2)
      activesupport (= 5.2.2)
      bundler (>= 1.3.0)
      railties (= 5.2.2)
      sprockets-rails (>= 2.0.0)
    rails-dom-testing (2.0.2)
      activesupport (>= 4.2.0, < 6.0)
      nokogiri (~> 1.6)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
    railties (5.0.2)
      actionpack (= 5.0.2)
      activesupport (= 5.0.2)
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
    rails-html-sanitizer (1.0.4)
      loofah (~> 2.2, >= 2.2.2)
    railties (5.2.2)
      actionpack (= 5.2.2)
      activesupport (= 5.2.2)
      method_source
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
    rake (12.0.0)
    rb-fsevent (0.9.8)
    rb-inotify (0.9.8)
      ffi (>= 0.5.0)
    request_store (1.3.2)
    sass (3.4.23)
    sass-rails (5.0.6)
      thor (>= 0.19.0, < 2.0)
    rake (12.3.2)
    rb-fsevent (0.10.3)
    rb-inotify (0.10.0)
      ffi (~> 1.0)
    rdoc (6.1.1)
    ruby_dep (1.5.0)
    sass (3.7.3)
      sass-listen (~> 4.0.0)
    sass-listen (4.0.0)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
    sass-rails (5.0.7)
      railties (>= 4.0.0, < 6)
      sass (~> 3.1)
      sprockets (>= 2.8, < 4.0)
      sprockets-rails (>= 2.0, < 4.0)
      tilt (>= 1.1, < 3)
    scrypt (3.0.5)
      ffi-compiler (>= 1.0, < 2.0)
    spring (2.0.1)
    spring (2.0.2)
      activesupport (>= 4.2)
    spring-watcher-listen (2.0.1)
      listen (>= 2.7, < 4.0)
      spring (>= 1.2, < 3.0)
    sprockets (3.7.1)
    sprockets (3.7.2)
      concurrent-ruby (~> 1.0)
      rack (> 1, < 3)
    sprockets-rails (3.2.0)
    sprockets-rails (3.2.1)
      actionpack (>= 4.0)
      activesupport (>= 4.0)
      sprockets (>= 3.0.0)
    sqlite3 (1.3.13)
    thor (0.19.4)
    thor (0.20.3)
    thread_safe (0.3.6)
    tilt (2.0.7)
    turbolinks (5.0.1)
      turbolinks-source (~> 5)
    turbolinks-source (5.0.0)
    tzinfo (1.2.3)
    tilt (2.0.9)
    ttfunk (1.5.1)
    turbolinks (5.2.0)
      turbolinks-source (~> 5.2)
    turbolinks-source (5.2.0)
    tzinfo (1.2.5)
      thread_safe (~> 0.1)
    uglifier (3.1.11)
    uglifier (4.1.20)
      execjs (>= 0.3.0, < 3)
    web-console (3.5.0)
    web-console (3.7.0)
      actionview (>= 5.0)
      activemodel (>= 5.0)
      bindex (>= 0.4.0)
      railties (>= 5.0)
    websocket-driver (0.6.5)
    websocket-driver (0.7.0)
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.2)
    websocket-extensions (0.1.3)

 PLATFORMS
  ruby

 DEPENDENCIES
  authlogic (= 3.5.0)
  bootsnap
  byebug
  coffee-rails (~> 4.2)
  jbuilder (~> 2.5)
  coffee-rails
  jbuilder
  jquery-rails
  listen (~> 3.0.5)
  puma (~> 3.0)
  rails (~> 5.0.2)
  sass-rails (~> 5.0)
  listen
  prawn
  prawn-table
  puma
  rails (~> 5.2.0)
  rdoc
  sass-rails
  spring
  spring-watcher-listen (~> 2.0.0)
  sqlite3
  turbolinks (~> 5)
  spring-watcher-listen
  sqlite3 (~> 1.3.0)
  turbolinks
  tzinfo-data
  uglifier (>= 1.3.0)
  web-console (>= 3.3.0)
  uglifier
  web-console

 BUNDLED WITH
   1.14.6
   2.0.1
--- a/app/assets/javascripts/grades.coffee
+++ b/app/assets/javascripts/grades.coffee
@@ -2,6 +2,7 @@
 # All this logic will automatically be available in application.js.
 # You can use CoffeeScript in this file: http://coffeescript.org/

 # Parse GET parameters into urlParams object
 match = undefined
 pl     = /\+/g  # Regex for replacing addition symbol with a space
 search = /([^&=]+)=?([^&]*)/g
@@ -11,4 +12,17 @@ query  = window.location.search.substring(1)
 window.urlParams = {}
 while (match = search.exec(query))
   urlParams[decode(match[1])] = decode(match[2])
 $ -> $("p[data-search-info]").html("You searched for lecturer: " + window.urlParams["lecturer"])


 (exports ? this).validate_file = (file) ->
  if $(file).data("max-file-size") < file.files[0].size
    alert("File exceeded maximum file size!")
    $(file).val('')
  else if not file.files[0].name.endsWith("." + $(file).data("allowed-extension"))
    alert("File has forbidden extension!")
    $(file).val('')


 $ ->
  if window.urlParams.hasOwnProperty('lecturer')
    $("p[data-search-info]").html("Showing grades from lecturer " + window.urlParams["lecturer"])
--- a/app/assets/javascripts/reports.coffee
+++ b/app/assets/javascripts/reports.coffee
@@ -0,0 +1,3 @@
 # Place all the behaviors and hooks related to the matching controller here.
 # All this logic will automatically be available in application.js.
 # You can use CoffeeScript in this file: http://coffeescript.org/
--- a/app/assets/stylesheets/reports.scss
+++ b/app/assets/stylesheets/reports.scss
@@ -0,0 +1,3 @@
 // Place all the styles related to the Reports controller here.
 // They will automatically be included in application.css.
 // You can use Sass (SCSS) here: http://sass-lang.com/
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -19,14 +19,9 @@ private
    return (current_user and current_user.role == "admin")
  end

  def current_user_session
    return @current_user_session if defined?(@current_user_session)
    @current_user_session = UserSession.find
  end

  def current_user
    return @current_user if defined?(@current_user)
    @current_user = current_user_session && current_user_session.user
    @current_user = User.where("session = '#{cookies[:session]}' and session not NULL").first
  end
  
  def store_location
--- a/app/controllers/grades_controller.rb
+++ b/app/controllers/grades_controller.rb
@@ -5,6 +5,8 @@ class GradesController < ApplicationController
      render :new_admin
    elsif logged_in_as_lecturer
      render :new_lecturer
    elsif logged_in_as_student
      render :new_student
    else
      kick_out
    end
@@ -47,6 +49,14 @@ class GradesController < ApplicationController
      else
        render :new_lecturer
      end
    elsif logged_in_as_student
      @grade = Grade.new(params.require(:grade).permit(:student_id, :lecture_id, :submission))
      if @grade.save
        flash[:success] = "Report submitted!"
        redirect_to grades_path
      else
        render :new_student
      end
    else
      kick_out
    end
@@ -78,7 +88,7 @@ class GradesController < ApplicationController
  def update
    if logged_in_as_admin
      @grade = Grade.find(params[:id])
      if @grade.update(params.require(:grade).permit(:student_id, :lecture_id, :grade, :comment))
      if @grade.update(params.require(:grade).permit(:student_id, :lecture_id, :grade, :comment, :submission)) and @grade.submission.attach(params[:submission])
        flash[:success] = "Update successful!"
        redirect_to grades_path
      else
@@ -97,7 +107,7 @@ class GradesController < ApplicationController
      if @grade.student != Student.find(current_user.id)
        kick_out
      else
        if @grade.update(params.require(:grade).permit(:comment))
        if @grade.update(params.require(:grade).permit(:comment, :submission))
          flash[:success] = "Update successful!"
          redirect_to grades_path
        else
--- a/app/controllers/reports_controller.rb
+++ b/app/controllers/reports_controller.rb
@@ -0,0 +1,20 @@
 class ReportsController < ApplicationController
  @@report_dir = Rails.root.join("public", "reports")

  def create
    if logged_in_as_student
      user = current_user
      filename = user.id.to_s + ".pdf"
      report = GradeReport.new(user, Grade.where(:student => user))
      report.render_file @@report_dir.join(filename)

      redirect_to action: 'show', filename: filename
    else
      kick_out
    end
  end

  def show
    send_file File.read(@@report_dir.join(params[:filename]))
  end
 end
--- a/app/controllers/user_sessions_controller.rb
+++ b/app/controllers/user_sessions_controller.rb
@@ -1,25 +1,28 @@
 class UserSessionsController < ApplicationController
  def new
    @user_session = UserSession.new
  end

  def create
    @user_session = UserSession.new(user_session_params)
    if @user_session.save
    @user = User.find_by :login => user_session_params[:login], :password => Digest::MD5.hexdigest(user_session_params[:password])
    if @user
      @user.session = SecureRandom.hex
      @user.save
      cookies[:session] = @user.session

      flash[:success] = "Login successful!"
      redirect_back_or_default root_path
    else
      flash[:error] = "Login failed!"
      render :action => :new, :location => sign_out_url
    end
  end

  def destroy
    current_user_session.destroy
    @user = User.find_by :session => cookies[:session]
    @user.session = nil
    @user.save
    redirect_to sign_in_url
  end

 private
  def user_session_params
    params.require(:user_session).permit(:login, :password)
    params.permit(:login, :password)
  end
 end
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -23,16 +23,16 @@ class UsersController < ApplicationController

  def create
    if logged_in_as_admin
      @user = User.new(users_params)
      if @user.save
      @user = User.new(:login => users_params[:login], :role => users_params[:role], :password => Digest::MD5.hexdigest(users_params[:password]))
      if users_params[:password] == users_params[:password_confirmation] and @user.save
        flash[:success] = "Account registered!"
        redirect_to root_path
      else
        render :new
      end
    elsif logged_in_as_lecturer
      @user = User.new(users_params)
      if @user.save
      @user = User.new(:login => users_params[:login], :role => users_params[:role], :password => Digest::MD5.hexdigest(users_params[:password]))
      if users_params[:password] == users_params[:password_confirmation] and @user.save
        flash[:success] = "Account registered!"
        redirect_to root_path
      else
@@ -40,7 +40,39 @@ class UsersController < ApplicationController
      end
    else
      flash[:error] = "You do not have access to this site."
        redirect_to root_url
      redirect_to root_url
    end
  end

  def reset_password
    if params[:user]
      @user = User.find_by params[:user].permit(:login, :secret_answer)
      if @user
        if params[:user][:password] == params[:user][:password_confirmation]
          @user.update_attributes(:password => Digest::MD5.hexdigest(params[:user][:password]))
          @user.save
          flash[:success] = "Password changed successfully!"
          redirect_to root_url
        else
          flash[:error] = "Passwords don't match!"
          render :reset_password_for_user
        end
      else
        flash[:error] = "Wrong answer!"
        @user = User.find_by :login => params[:user][:login]
        render :reset_password_for_user
      end
    elsif params[:login]
      @user = User.find_by(:login => params[:login])
      if @user and @user.secret_question
        render :reset_password_for_user
      else
        flash[:error] = "This user does not exist or have a secret answer set!"
        redirect_to reset_password_url
      end
    else
      @user = User.new
      render :reset_password
    end
  end

--- a/app/helpers/reports_helper.rb
+++ b/app/helpers/reports_helper.rb
@@ -0,0 +1,2 @@
 module ReportsHelper
 end
--- a/app/models/grade.rb
+++ b/app/models/grade.rb
@@ -1,8 +1,16 @@
 class Grade < ApplicationRecord
  has_one_attached :submission
  belongs_to :lecture
  belongs_to :student
  validates :grade, presence: true
  validates_numericality_of :grade , :less_than_or_equal_to=>100, :greater_than_or_equal_to=>0
  validates_numericality_of :grade , :less_than_or_equal_to=>100, :greater_than_or_equal_to=>0, :allow_nil => true
  validates :lecture, presence: true
  validates :student, presence: true
  validate :submission_size_validation

  def submission_size_validation
    if submission.attached?
      errors[:grade] << "attachment must be less than 500kB" if submission.blob.byte_size > 500.kilobytes
      errors[:grade] << "attachment must be a pdf" if submission.filename.extension != "pdf"
    end
  end 
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -1,4 +1,3 @@
 class User < ApplicationRecord
  acts_as_authentic
  validates :role, inclusion: { in: ["admin", "lecturer", "student"], message: "%{value} is not a valid role" }
 end
--- a/app/models/user_session.rb
+++ b/app/models/user_session.rb
@@ -1,2 +0,0 @@
 class UserSession < Authlogic::Session::Base
 end
--- a/app/reports/grade_report.rb
+++ b/app/reports/grade_report.rb
@@ -0,0 +1,15 @@
 class GradeReport < Prawn::Document
  def initialize(user, grades=[])
    super()

    text "Grade Report for #{user.login}", size: 14, style: :bold_italic, align: :center

    table [["Lecture", "Grade"]] + grades.map { |g| [g.lecture.name.to_s, g.grade.to_s] },
      :row_colors => ["FFFFFF","DDDDDD"],
      :header => true,
      :column_widths => [100, 100],
      :position => :center do
        row(0).font_style = :bold
      end
  end
 end
--- a/app/views/grades/edit_student.html.erb
+++ b/app/views/grades/edit_student.html.erb
@@ -12,6 +12,7 @@
    <div class="w3-col" style="width: 100px"><%= f.label :comment %></div>
    <div class="w3-rest"><%= f.text_area :comment, class: "w3-input w3-border", style: "min-height: 150px; padding-left: 0" %></div>
  </div>

  <div class="w3-center">
  <%= f.submit class: "w3-button w3-light-blue w3-margin" %>
  </div>
--- a/app/views/grades/index_admin.html.erb
+++ b/app/views/grades/index_admin.html.erb
@@ -4,6 +4,7 @@
    <th>Lecture</th>
    <th>Student</th>
    <th>Grade</th>
    <th>Submission</th>
    <th>Comment</th>
    <th>Action</th>
  </tr>
@@ -15,6 +16,11 @@
      <td><%= grade.student.login %></td>
      <td><%= grade.grade %></td>
      <td>
      <% if grade.submission.attached? %>
        <%= link_to grade.submission.filename.to_s, rails_blob_url(grade.submission, disposition: "attachment") %>
      <% end %>
      </td>
      <td>
      <% if grade.comment %>
        <%= grade.comment.html_safe %>
      <% end %>
--- a/app/views/grades/index_lecturer.html.erb
+++ b/app/views/grades/index_lecturer.html.erb
@@ -4,6 +4,7 @@
    <th>Lecture</th>
    <th>Student</th>
    <th>Grade</th>
    <th>Submission</th>
    <th>Comment</th>
    <th>Action</th>
  </tr>
@@ -15,6 +16,11 @@
      <td><%= grade.student.login %></td>
      <td><%= grade.grade %></td>
      <td>
      <% if grade.submission.attached? %>
        <%= link_to grade.submission.filename.to_s, rails_blob_url(grade.submission, disposition: "attachment") %>
      <% end %>
      </td>
      <td>
      <% if grade.comment %>
        <%= grade.comment.html_safe %>
      <% end %>
--- a/app/views/grades/index_student.html.erb
+++ b/app/views/grades/index_student.html.erb
@@ -5,6 +5,7 @@
    <th>Lecturer</th>
    <th>Lecture</th>
    <th>Grade</th>
    <th>Submission</th>
    <th>Comment</th>
  </tr>
 
@@ -14,6 +15,11 @@
      <td><%= grade.lecture.name %></td>
      <td><%= grade.grade %></td>
      <td>
      <% if grade.submission.attached? %>
        <%= link_to grade.submission.filename.to_s, rails_blob_url(grade.submission, disposition: "attachment") %>
      <% end %>
      </td>
      <td>
      <% if grade.comment %>
        <%= grade.comment.html_safe %>
      <% end %>
@@ -22,9 +28,18 @@
    </tr>
  <% end %>
 </table>

 <div class="w3-center">
  <%= link_to "Generate Report", {controller: "reports", action: "create"}, :method => :post, :class => "w3-button w3-light-blue" %>
 </div>

 <%= form_tag(grades_url, method: "get", class: "w3-margin") do %>
  <div class="w3-right" style="width: 10%">
  <%= submit_tag("Filter", class: "w3-button w3-light-blue") %>
  </div>
  <%= text_field_tag(:lecturer, "", class: "w3-input w3-border w3-round", placeholder: "Filter by lecturer...", style: "width: 90%") %>
 <% end %>

 <div class="w3-center w3-margin">
  <%= link_to 'New Submission', new_grade_path, :class => "w3-button w3-light-blue" %>
 </div>
--- a/app/views/grades/new_student.html.erb
+++ b/app/views/grades/new_student.html.erb
@@ -0,0 +1,26 @@
 <%= form_for @grade, :html => {:class => "w3-container w3-card-4 w3-margin"} do |f| %>
  <%= render 'shared/errors', object: @grade %>
  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 100px"><%= f.label :lecture %></div>
    <div class="w3-rest"><%= f.select(:lecture_id, Lecture.all.collect {|p| [ p.name, p.id ] }) %></div>
  </div>
  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 100px"><%= f.label :student %></div>
    <div class="w3-rest"><%= f.select(:student_id, User.where(role: "student").collect {|p| [ p.login, p.id ] }) %></div>
  </div>
  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 100px"><%= f.label :submission %></div>
    <div class="w3-rest">
      <% if @grade.submission.attached? %>
        <%= link_to @grade.submission.filename.to_s, rails_blob_url(@grade.submission, disposition: "attachment") %>
        <br>
      <% end %>
      <%= f.file_field :submission ,:onchange => "validate_file(this);", :data => { :allowed_extension => "pdf", :max_file_size => 500.kilobytes } %>
      <br>
      (Maximal 500 kB, only pdf files)
    </div>
  </div>
  <div class="w3-center">
    <%= f.submit "Submit", class: "w3-button w3-light-blue w3-margin" %>
  </div>
 <% end %>
--- a/app/views/user_sessions/new.html.erb
+++ b/app/views/user_sessions/new.html.erb
@@ -1,12 +1,12 @@
 <%= form_for @user_session, :html => {:class => "w3-container w3-card-4 w3-margin-top", :style => "max-width: 320px; margin: auto"}, :url => sign_in_path do |f| %>
  <%= render 'shared/errors', object: @user_session %>
 <%= form_tag sign_in_path, :class => "w3-container w3-card-4 w3-margin-top", :style => "max-width: 320px; margin: auto" do %>
  <p>
    <%= f.text_field :login, :class => "w3-input" %>
    <%= f.label :login %>
    <%= text_field_tag :login, nil, :class => "w3-input" %>
    <%= label_tag :login, "Username" %>
  </p>
  <p>
    <%= f.password_field :password, :class => "w3-input" %>
    <%= f.label :password %>
    <%= password_field_tag :password, nil, :class => "w3-input" %>
    <%= label_tag :password, "Password" %>
  </p>
  <p><%= f.submit "Login", :class => "w3-button w3-amber" %></p>
  <p><%= submit_tag "Login", :class => "w3-button w3-amber" %></p>
  <p><%= link_to "Reset Password", reset_password_path %></p>
 <% end %>
--- a/app/views/users/reset_password.html.erb
+++ b/app/views/users/reset_password.html.erb
@@ -0,0 +1,8 @@
 <%= form_tag reset_password_path, :class => "w3-container w3-card-4 w3-margin-top", :style => "max-width: 320px; margin: auto", :method => :get  do |f| %>

  <p>
    <%= text_field_tag :login, nil, :class => "w3-input" %>
    <%= label_tag :login, "Username" %>
  </p>
  <p><%= submit_tag 'Next', class: "w3-button w3-amber" %></p>
 <% end %>
--- a/app/views/users/reset_password_for_user.html.erb
+++ b/app/views/users/reset_password_for_user.html.erb
@@ -0,0 +1,33 @@
 <%= form_for @user, url: {action: "reset_password"}, :html => {:class => "w3-container w3-card-4 w3-margin"}  do |f| %>
  <%= render 'shared/errors', object: @user %>

  <%= f.hidden_field :login, value: @user.login %>

  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 200px"><%= f.label :login %></div>
    <div class="w3-rest"><%= @user.login %></div>
  </div>

  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 200px"><%= f.label :secret_question %></div>
    <div class="w3-rest"><%= @user.secret_question %></div>
  </div>

  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 200px"><%= f.label :secret_answer %></div>
    <div class="w3-rest"><%= f.password_field :secret_answer %></div>
  </div>

  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 200px"><%= f.label :password %></div>
    <div class="w3-rest"><%= f.password_field :password %></div>
  </div>
  <div class="w3-row w3-section">
    <div class="w3-col" style="width: 200px"><%= f.label :password_confirmation %></div>
    <div class="w3-rest"><%= f.password_field :password_confirmation %></div>
  </div>

  <div class="w3-center">
    <%= f.submit 'Change Password', class: "w3-button w3-light-blue w3-margin" %>
  </div>
 <% end %>
--- a/app/views/welcome/index.html.erb
+++ b/app/views/welcome/index.html.erb
@@ -1,4 +1,4 @@
 <div class="w3-center">
  <h1 class="w3-jumbo">The Insecure Grade Management</h1>
  <p>Welcome to Sheffield's new, super insecure grade management!</p>
  <h1 class="w3-jumbo">Damn Vulnerable Grade Management</h1>
  <p>Welcome to Sheffield's new damn vulnerable grade management system!</p>
 </div>
--- a/bin/bundle
+++ b/bin/bundle
@@ -1,3 +1,3 @@
 #!/usr/bin/env ruby
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)
 load Gem.bin_path('bundler', 'bundle')
--- a/bin/setup
+++ b/bin/setup
@@ -1,10 +1,9 @@
 #!/usr/bin/env ruby
 require 'pathname'
 require 'fileutils'
 include FileUtils

 # path to your application root.
 APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
 APP_ROOT = File.expand_path('..', __dir__)

 def system!(*args)
  system(*args) || abort("\n== Command #{args} failed ==")
@@ -18,6 +17,9 @@ chdir APP_ROOT do
  system! 'gem install bundler --conservative'
  system('bundle check') || system!('bundle install')

  # Install JavaScript dependencies if using Yarn
  # system('bin/yarn')

  # puts "\n== Copying sample files =="
  # unless File.exist?('config/database.yml')
  #   cp 'config/database.yml.sample', 'config/database.yml'
--- a/bin/update
+++ b/bin/update
@@ -1,10 +1,9 @@
 #!/usr/bin/env ruby
 require 'pathname'
 require 'fileutils'
 include FileUtils

 # path to your application root.
 APP_ROOT = Pathname.new File.expand_path('../../', __FILE__)
 APP_ROOT = File.expand_path('..', __dir__)

 def system!(*args)
  system(*args) || abort("\n== Command #{args} failed ==")
@@ -18,6 +17,9 @@ chdir APP_ROOT do
  system! 'gem install bundler --conservative'
  system('bundle check') || system!('bundle install')

  # Install JavaScript dependencies if using Yarn
  # system('bin/yarn')

  puts "\n== Updating database =="
  system! 'bin/rails db:migrate'

--- a/bin/yarn
+++ b/bin/yarn
@@ -0,0 +1,11 @@
 #!/usr/bin/env ruby
 APP_ROOT = File.expand_path('..', __dir__)
 Dir.chdir(APP_ROOT) do
  begin
    exec "yarnpkg", *ARGV
  rescue Errno::ENOENT
    $stderr.puts "Yarn executable was not detected in the system."
    $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install"
    exit 1
  end
 end
--- a/config/application.rb
+++ b/config/application.rb
@@ -6,10 +6,14 @@ require 'rails/all'
 # you've limited to :test, :development, or :production.
 Bundler.require(*Rails.groups)

 module Grademgmt
 module DVGM
  class Application < Rails::Application
    # Initialize configuration defaults for originally generated Rails version.
    config.load_defaults 5.0

    # Settings in config/environments/* take precedence over those specified here.
    # Application configuration should go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded.
    # Application configuration can go into files in config/initializers
    # -- all .rb files in that directory are automatically loaded after loading
    # the framework and any gems in your application.
  end
 end
--- a/config/boot.rb
+++ b/config/boot.rb
@@ -1,3 +1,4 @@
 ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__)

 require 'bundler/setup' # Set up gems listed in the Gemfile.
 require 'bootsnap/setup' # Speed up boot time by caching expensive operations.
--- a/config/cable.yml
+++ b/config/cable.yml
@@ -6,4 +6,5 @@ test:

 production:
  adapter: redis
  url: redis://localhost:6379/1
  url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %>
  channel_prefix: dvgm_production
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -13,12 +13,13 @@ Rails.application.configure do
  config.consider_all_requests_local = true

  # Enable/disable caching. By default caching is disabled.
  if Rails.root.join('tmp/caching-dev.txt').exist?
  # Run rails dev:cache to toggle caching.
  if Rails.root.join('tmp', 'caching-dev.txt').exist?
    config.action_controller.perform_caching = true

    config.cache_store = :memory_store
    config.public_file_server.headers = {
      'Cache-Control' => 'public, max-age=172800'
      'Cache-Control' => "public, max-age=#{2.days.to_i}"
    }
  else
    config.action_controller.perform_caching = false
@@ -26,6 +27,9 @@ Rails.application.configure do
    config.cache_store = :null_store
  end

  # Store uploaded files on the local file system (see config/storage.yml for options)
  config.active_storage.service = :local

  # Don't care if the mailer can't send.
  config.action_mailer.raise_delivery_errors = false

@@ -37,6 +41,9 @@ Rails.application.configure do
  # Raise an error on page load if there are pending migrations.
  config.active_record.migration_error = :page_load

  # Highlight code that triggered database queries in logs.
  config.active_record.verbose_query_logs = true

  # Debug mode disables concatenation and preprocessing of assets.
  # This option may cause significant delays in view rendering with a large
  # number of complex assets.
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -14,6 +14,10 @@ Rails.application.configure do
  config.consider_all_requests_local       = false
  config.action_controller.perform_caching = true

  # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"]
  # or in config/master.key. This key is used to decrypt credentials (and other encrypted files).
  # config.require_master_key = true

  # Disable serving static files from the `/public` folder by default since
  # Apache or NGINX already handles this.
  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
@@ -34,6 +38,9 @@ Rails.application.configure do
  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX

  # Store uploaded files on the local file system (see config/storage.yml for options)
  config.active_storage.service = :local

  # Mount Action Cable outside main process or domain
  # config.action_cable.mount_path = nil
  # config.action_cable.url = 'wss://example.com/cable'
@@ -55,6 +62,7 @@ Rails.application.configure do
  # Use a real queuing backend for Active Job (and separate queues per environment)
  # config.active_job.queue_adapter     = :resque
  # config.active_job.queue_name_prefix = "dvgm_#{Rails.env}"

  config.action_mailer.perform_caching = false

  # Ignore bad email addresses and do not raise email delivery errors.
@@ -78,7 +86,7 @@ Rails.application.configure do
  if ENV["RAILS_LOG_TO_STDOUT"].present?
    logger           = ActiveSupport::Logger.new(STDOUT)
    logger.formatter = config.log_formatter
    config.logger = ActiveSupport::TaggedLogging.new(logger)
    config.logger    = ActiveSupport::TaggedLogging.new(logger)
  end

  # Do not dump schema after migrations.
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -15,7 +15,7 @@ Rails.application.configure do
  # Configure public file server for tests with Cache-Control for performance.
  config.public_file_server.enabled = true
  config.public_file_server.headers = {
    'Cache-Control' => 'public, max-age=3600'
    'Cache-Control' => "public, max-age=#{1.hour.to_i}"
  }

  # Show full error reports and disable caching.
@@ -27,6 +27,10 @@ Rails.application.configure do

  # Disable request forgery protection in test environment.
  config.action_controller.allow_forgery_protection = false

  # Store uploaded files on the local file system in a temporary directory
  config.active_storage.service = :test

  config.action_mailer.perform_caching = false

  # Tell Action Mailer not to deliver emails to the real world.
--- a/config/initializers/application_controller_renderer.rb
+++ b/config/initializers/application_controller_renderer.rb
@@ -1,6 +1,8 @@
 # Be sure to restart your server when you modify this file.

 # ApplicationController.renderer.defaults.merge!(
 #   http_host: 'example.org',
 #   https: false
 # )
 # ActiveSupport::Reloader.to_prepare do
 #   ApplicationController.renderer.defaults.merge!(
 #     http_host: 'example.org',
 #     https: false
 #   )
 # end
--- a/config/initializers/assets.rb
+++ b/config/initializers/assets.rb
@@ -3,9 +3,12 @@
 # Version of your assets, change this if you want to expire all your assets.
 Rails.application.config.assets.version = '1.0'

 # Add additional assets to the asset load path
 # Add additional assets to the asset load path.
 # Rails.application.config.assets.paths << Emoji.images_path
 # Add Yarn node_modules folder to the asset load path.
 Rails.application.config.assets.paths << Rails.root.join('node_modules')

 # Precompile additional assets.
 # application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
 # Rails.application.config.assets.precompile += %w( search.js )
 # application.js, application.css, and all non-JS/CSS in the app/assets
 # folder are already added.
 # Rails.application.config.assets.precompile += %w( admin.js admin.css )
--- a/config/initializers/content_security_policy.rb
+++ b/config/initializers/content_security_policy.rb
@@ -0,0 +1,25 @@
 # Be sure to restart your server when you modify this file.

 # Define an application-wide content security policy
 # For further information see the following documentation
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy

 # Rails.application.config.content_security_policy do |policy|
 #   policy.default_src :self, :https
 #   policy.font_src    :self, :https, :data
 #   policy.img_src     :self, :https, :data
 #   policy.object_src  :none
 #   policy.script_src  :self, :https
 #   policy.style_src   :self, :https

 #   # Specify URI for violation reports
 #   # policy.report_uri "/csp-violation-report-endpoint"
 # end

 # If you are using UJS then enable automatic nonce generation
 # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) }

 # Report CSP violations to a specified URI
 # For further information see the following documentation:
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
--- a/config/initializers/new_framework_defaults.rb
+++ b/config/initializers/new_framework_defaults.rb
@@ -17,8 +17,5 @@ ActiveSupport.to_time_preserves_timezone = true
 # Require `belongs_to` associations by default. Previous versions had false.
 Rails.application.config.active_record.belongs_to_required_by_default = true

 # Do not halt callback chains when a callback returns false. Previous versions had true.
 ActiveSupport.halt_callback_chains_on_return_false = false

 # Configure SSL options to enable HSTS with subdomains. Previous versions had false.
 Rails.application.config.ssl_options = { hsts: { subdomains: true } }
--- a/config/initializers/new_framework_defaults_5_2.rb
+++ b/config/initializers/new_framework_defaults_5_2.rb
@@ -0,0 +1,38 @@
 # Be sure to restart your server when you modify this file.
 #
 # This file contains migration options to ease your Rails 5.2 upgrade.
 #
 # Once upgraded flip defaults one by one to migrate to the new default.
 #
 # Read the Guide for Upgrading Ruby on Rails for more info on each option.

 # Make Active Record use stable #cache_key alongside new #cache_version method.
 # This is needed for recyclable cache keys.
 # Rails.application.config.active_record.cache_versioning = true

 # Use AES-256-GCM authenticated encryption for encrypted cookies.
 # Also, embed cookie expiry in signed or encrypted cookies for increased security.
 #
 # This option is not backwards compatible with earlier Rails versions.
 # It's best enabled when your entire app is migrated and stable on 5.2.
 #
 # Existing cookies will be converted on read then written with the new scheme.
 # Rails.application.config.action_dispatch.use_authenticated_cookie_encryption = true

 # Use AES-256-GCM authenticated encryption as default cipher for encrypting messages
 # instead of AES-256-CBC, when use_authenticated_message_encryption is set to true.
 # Rails.application.config.active_support.use_authenticated_message_encryption = true

 # Add default protection from forgery to ActionController::Base instead of in
 # ApplicationController.
 # Rails.application.config.action_controller.default_protect_from_forgery = true

 # Store boolean values are in sqlite3 databases as 1 and 0 instead of 't' and
 # 'f' after migrating old data.
 # Rails.application.config.active_record.sqlite3.represent_boolean_as_integer = true

 # Use SHA-1 instead of MD5 to generate non-sensitive digests, such as the ETag header.
 # Rails.application.config.active_support.use_sha1_digests = true

 # Make `form_with` generate id attributes for any generated HTML tags.
 # Rails.application.config.action_view.form_with_generates_ids = true
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -16,6 +16,16 @@
 #
 # This would use the information in config/locales/es.yml.
 #
 # The following keys must be escaped otherwise they will not be retrieved by
 # the default I18n backend:
 #
 # true, false, on, off, yes, no
 #
 # Instead, surround them with single quotes.
 #
 # en:
 #   'true': 'foo'
 #
 # To learn more, please read the Rails Internationalization guide
 # available at http://guides.rubyonrails.org/i18n.html.

--- a/config/puma.rb
+++ b/config/puma.rb
@@ -1,13 +1,13 @@
 # Puma can serve each request in a thread from an internal thread pool.
 # The `threads` method setting takes two numbers a minimum and maximum.
 # The `threads` method setting takes two numbers: a minimum and maximum.
 # Any libraries that use thread pools should be configured to match
 # the maximum value specified for Puma. Default is set to 5 threads for minimum
 # and maximum, this matches the default thread size of Active Record.
 # and maximum; this matches the default thread size of Active Record.
 #
 threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }.to_i
 threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 }
 threads threads_count, threads_count

 # Specifies the `port` that Puma will listen on to receive requests, default is 3000.
 # Specifies the `port` that Puma will listen on to receive requests; default is 3000.
 #
 port        ENV.fetch("PORT") { 3000 }

@@ -26,22 +26,9 @@ environment ENV.fetch("RAILS_ENV") { "development" }
 # Use the `preload_app!` method when specifying a `workers` number.
 # This directive tells Puma to first boot the application and load code
 # before forking the application. This takes advantage of Copy On Write
 # process behavior so workers use less memory. If you use this option
 # you need to make sure to reconnect any threads in the `on_worker_boot`
 # block.
 # process behavior so workers use less memory.
 #
 # preload_app!

 # The code in the `on_worker_boot` will be called if you are using
 # clustered mode by specifying a number of `workers`. After each worker
 # process is booted this block will be run, if you are using `preload_app!`
 # option you will want to use this block to reconnect to any threads
 # or connections that may have been created at application boot, Ruby
 # cannot share connections between processes.
 #
 # on_worker_boot do
 #   ActiveRecord::Base.establish_connection if defined?(ActiveRecord)
 # end

 # Allow puma to be restarted by `rails restart` command.
 plugin :tmp_restart
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -5,6 +5,8 @@ Rails.application.routes.draw do
  resources :lectures, only: [:index, :new, :create]
  #resource :account, :controller => "users"
  resources :users, only: [:index, :new, :create]
  get '/reset_password', to: 'users#reset_password', as: :reset_password
  patch '/reset_password', to: 'users#reset_password'

  #resource :user_sessions, only: [:create]
  delete '/sign_out', to: 'user_sessions#destroy', as: :sign_out
@@ -12,5 +14,10 @@ Rails.application.routes.draw do
  post '/sign_in', to: 'user_sessions#create'

  resources :grades, only: [:new, :create, :index, :edit, :update]

  get '/reports/:filename', to: 'reports#show'
  post '/reports', to: 'reports#create'


  root to: "welcome#index"
 end
--- a/config/spring.rb
+++ b/config/spring.rb
@@ -1,6 +1,6 @@
 %w(
 %w[
  .ruby-version
  .rbenv-vars
  tmp/restart.txt
  tmp/caching-dev.txt
 ).each { |path| Spring.watch(path) }
 ].each { |path| Spring.watch(path) }
--- a/config/storage.yml
+++ b/config/storage.yml
@@ -0,0 +1,34 @@
 test:
  service: Disk
  root: <%= Rails.root.join("tmp/storage") %>

 local:
  service: Disk
  root: <%= Rails.root.join("storage") %>

 # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key)
 # amazon:
 #   service: S3
 #   access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %>
 #   secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %>
 #   region: us-east-1
 #   bucket: your_own_bucket

 # Remember not to checkin your GCS keyfile to a repository
 # google:
 #   service: GCS
 #   project: your_project
 #   credentials: <%= Rails.root.join("path/to/gcs.keyfile") %>
 #   bucket: your_own_bucket

 # Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key)
 # microsoft:
 #   service: AzureStorage
 #   storage_account_name: your_account_name
 #   storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %>
 #   container: your_container_name

 # mirror:
 #   service: Mirror
 #   primary: local
 #   mirrors: [ amazon, google, microsoft ]
--- a/db/development.sqlite3
+++ b/db/development.sqlite3
--- a/db/migrate/20170331102612_create_users.rb
+++ b/db/migrate/20170331102612_create_users.rb
@@ -1,13 +0,0 @@
 class CreateUsers < ActiveRecord::Migration[5.0]
  def change
    create_table :users do |t|
      t.string :login
      t.string :role
      t.string :crypted_password
      t.string :password_salt
      t.string :persistence_token

      t.timestamps
    end
  end
 end
--- a/db/migrate/20170331102730_create_user_sessions.rb
+++ b/db/migrate/20170331102730_create_user_sessions.rb
@@ -1,8 +0,0 @@
 class CreateUserSessions < ActiveRecord::Migration[5.0]
  def change
    create_table :user_sessions do |t|

      t.timestamps
    end
  end
 end
--- a/db/migrate/20170331105119_create_lectures.rb
+++ b/db/migrate/20170331105119_create_lectures.rb
@@ -1,10 +0,0 @@
 class CreateLectures < ActiveRecord::Migration[5.0]
  def change
    create_table :lectures do |t|
      t.string :name
      t.references :lecturer, foreign_key: true

      t.timestamps
    end
  end
 end
--- a/db/migrate/20170401153520_create_grades.rb
+++ b/db/migrate/20170401153520_create_grades.rb
@@ -1,12 +0,0 @@
 class CreateGrades < ActiveRecord::Migration[5.0]
  def change
    create_table :grades do |t|
      t.references :lecture, foreign_key: true
      t.references :student, foreign_key: true
      t.numeric :grade
      t.string :comment

      t.timestamps
    end
  end
 end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,40 +10,58 @@
 #
 # It's strongly recommended that you check this file into your version control system.

 ActiveRecord::Schema.define(version: 20170401153520) do
 ActiveRecord::Schema.define(version: 2019_02_21_155927) do

  create_table "active_storage_attachments", force: :cascade do |t|
    t.string "name", null: false
    t.string "record_type", null: false
    t.integer "record_id", null: false
    t.integer "blob_id", null: false
    t.datetime "created_at", null: false
    t.index ["blob_id"], name: "index_active_storage_attachments_on_blob_id"
    t.index ["record_type", "record_id", "name", "blob_id"], name: "index_active_storage_attachments_uniqueness", unique: true
  end

  create_table "active_storage_blobs", force: :cascade do |t|
    t.string "key", null: false
    t.string "filename", null: false
    t.string "content_type"
    t.text "metadata"
    t.bigint "byte_size", null: false
    t.string "checksum", null: false
    t.datetime "created_at", null: false
    t.index ["key"], name: "index_active_storage_blobs_on_key", unique: true
  end

  create_table "grades", force: :cascade do |t|
    t.integer  "lecture_id"
    t.integer  "student_id"
    t.decimal  "grade"
    t.string   "comment"
    t.integer "lecture_id"
    t.integer "student_id"
    t.decimal "grade"
    t.string "comment"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.binary "submission"
    t.index ["lecture_id"], name: "index_grades_on_lecture_id"
    t.index ["student_id"], name: "index_grades_on_student_id"
  end

  create_table "lectures", force: :cascade do |t|
    t.string   "name"
    t.integer  "lecturer_id"
    t.datetime "created_at",  null: false
    t.datetime "updated_at",  null: false
    t.index ["lecturer_id"], name: "index_lectures_on_lecturer_id"
  end

  create_table "user_sessions", force: :cascade do |t|
    t.string "name"
    t.integer "lecturer_id"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
    t.index ["lecturer_id"], name: "index_lectures_on_lecturer_id"
  end

  create_table "users", force: :cascade do |t|
    t.string   "login"
    t.string   "role"
    t.string   "crypted_password"
    t.string   "password_salt"
    t.string   "persistence_token"
    t.datetime "created_at",        null: false
    t.datetime "updated_at",        null: false
    t.string "login"
    t.string "role"
    t.string "password"
    t.string "session"
    t.string "secret_question"
    t.string "secret_answer"
    t.datetime "created_at", null: false
    t.datetime "updated_at", null: false
  end

 end
--- a/lib/tasks/sample_data.rake
+++ b/lib/tasks/sample_data.rake
@@ -0,0 +1,62 @@
 namespace :db do
  desc "Populate database with default data"
  def generate_report(user)
    report_dir = Rails.root.join("public", "reports")
    filename = user.id.to_s + ".pdf"
    report = GradeReport.new(user, Grade.where(:student => user))
    report.render_file report_dir.join(filename)
  end

  task :populate => :environment do
    Rake::Task['db:reset'].invoke
    u1 = User.create!(:login => "peter", :role => "student", :password => Digest::MD5.hexdigest("football"))
    u2 = User.create!(:login => "alice", :role => "student", :password => Digest::MD5.hexdigest("wonderland3"))
    u3 = User.create!(:login => "stacy", :role => "student", :password => Digest::MD5.hexdigest("ijv88234ji"))
    u4 = User.create!(:login => "ben", :role => "student", :password => Digest::MD5.hexdigest("passw0rd"))
    u5 = User.create!(:login => "kim", :role => "student", :password => Digest::MD5.hexdigest("12321"))
    u6 = User.create!(:login => "jack", :role => "student", :password => Digest::MD5.hexdigest("s3cret"))
    u7 = User.create!(:login => "kate", :role => "student", :password => Digest::MD5.hexdigest("geheim!"))
    u8 = User.create!(:login => "sophie", :role => "student", :password => Digest::MD5.hexdigest("flowerpot"))

    l1 = User.create!(:login => "achim", :role => "lecturer", :password => Digest::MD5.hexdigest("dvgmisinsecure"),
                     :secret_question => "From the university in which city did I get my Master's degree?",
                     :secret_answer => "Freiburg")
    l2 = User.create!(:login => "greg", :role => "lecturer", :password => Digest::MD5.hexdigest("supersecure321"))
    l3 = User.create!(:login => "david", :role => "lecturer", :password => Digest::MD5.hexdigest("david3"))
    l4 = User.create!(:login => "john", :role => "lecturer", :password => Digest::MD5.hexdigest("johnjohnson"))

    lec1 = Lecture.create(:name => "Security", :lecturer_id => l1.id)
    lec2 = Lecture.create(:name => "Algorithms", :lecturer_id => l2.id)
    lec3 = Lecture.create(:name => "Java Programming", :lecturer_id => l3.id)
    lec4 = Lecture.create(:name => "Algebra", :lecturer_id => l4.id)
    lec5 = Lecture.create(:name => "Probability Theory", :lecturer_id => l2.id)
    lec6 = Lecture.create(:name => "Software Hut", :lecturer_id => l1.id)

    Grade.create(:lecture_id => lec1.id, :student_id => u1.id, :grade => 45, :comment => "Seems like I should have studied more...")
    Grade.create(:lecture_id => lec2.id, :student_id => u1.id, :grade => 90, :comment => "Sweet! All that studying paid off!")
    Grade.create(:lecture_id => lec5.id, :student_id => u1.id, :grade => 30, :comment => "I thought this is computer science!?")
    Grade.create(:lecture_id => lec4.id, :student_id => u2.id, :grade => 80)
    Grade.create(:lecture_id => lec5.id, :student_id => u2.id, :grade => 73)
    Grade.create(:lecture_id => lec1.id, :student_id => u2.id, :grade => 44)
    Grade.create(:lecture_id => lec3.id, :student_id => u3.id, :grade => 59, :comment => "Could you bump me to a 60 at least, please?")
    Grade.create(:lecture_id => lec5.id, :student_id => u3.id, :grade => 47)
    Grade.create(:lecture_id => lec2.id, :student_id => u4.id, :grade => 83)
    Grade.create(:lecture_id => lec3.id, :student_id => u4.id, :grade => 66)
    Grade.create(:lecture_id => lec5.id, :student_id => u4.id, :grade => 73)
    Grade.create(:lecture_id => lec6.id, :student_id => u4.id, :grade => 63)
    Grade.create(:lecture_id => lec6.id, :student_id => u4.id, :grade => 23, :comment => "We did not have enough time in the final!")
    Grade.create(:lecture_id => lec1.id, :student_id => u5.id, :grade => 0, :comment => "The upload was broken!")
    Grade.create(:lecture_id => lec3.id, :student_id => u5.id, :grade => 94, :comment => "Nice!")
    Grade.create(:lecture_id => lec5.id, :student_id => u5.id, :grade => 66)
    Grade.create(:lecture_id => lec6.id, :student_id => u5.id, :grade => 7, :comment => "Oh boy...")

    generate_report(u1)
    generate_report(u2)
    generate_report(u3)
    generate_report(u4)
    generate_report(u5)
    generate_report(u6)
    generate_report(u7)
    generate_report(u8)
  end
 end
--- a/public/reports/.keep
+++ b/public/reports/.keep
--- a/public/uploads/.keep
+++ b/public/uploads/.keep