dodona-edu · chvp · Oct 12, 2021 · Oct 8, 2021 · Oct 10, 2021 · Oct 11, 2021
diff --git a/app/controllers/courses_controller.rb b/app/controllers/courses_controller.rb
@@ -47,6 +47,13 @@ def show
       redirect_unless_secret_correct
       return if performed?
     end
+    if current_user&.course_admin?(@course) && [email protected]_activities_accessible?
+      flash[:alert] = I18n.t('courses.show.has_private_exercises')
+      flash[:extra] = {
+        'message' => I18n.t('courses.show.has_private_help'),
+        'url' => contact_url
+      }
+    end
     @title = @course.name
     @series = policy_scope(@course.series).includes(:evaluation)
     @series_loaded = params[:secret].present? ? @course.series.count : 2
@@ -134,7 +141,6 @@ def create
 
     respond_to do |format|
       if @course.save
-        flash[:alert] = I18n.t('courses.create.added_private_exercises') unless @course.exercises.where(access: :private).count.zero?
         @course.administrating_members << current_user unless @course.administrating_members.include?(current_user)
         format.html { redirect_to @course, notice: I18n.t('controllers.created', model: Course.model_name.human) }
         format.json { render :show, status: :created, location: @course }

diff --git a/app/models/activity.rb b/app/models/activity.rb
@@ -264,7 +264,6 @@ def accessible?(user, course)
       else
         return false unless course.visible_activities.pluck(:id).include? id
       end
-      return true if user&.repository_admin? repository
       return false unless access_public? \
           || repository.allowed_courses.pluck(:id).include?(course&.id)
       return true if user&.member_of? course

diff --git a/app/models/course.rb b/app/models/course.rb
@@ -211,6 +211,10 @@ def secret_required?(user = nil)
     true
   end
 
+  def all_activities_accessible?
+    activities.where(access: :private).where.not(repository_id: usable_repositories).count.zero?
+  end
+
   def invalidate_subscribed_members_count_cache
     Rails.cache.delete(format(SUBSCRIBED_MEMBERS_COUNT_CACHE_STRING, id: id))
   end

diff --git a/config/locales/views/courses/en.yml b/config/locales/views/courses/en.yml
@@ -88,6 +88,8 @@ en:
           other: "You can't remove a course with more than %{count} submissions yourself."
         contact_html: "<a href=\"%{contact_url}\">Contact us</a> if you want to delete the course anyway."
     show:
+      has_private_exercises: "This course uses private exercises that it hasn't been granted the rights to."
+      has_private_help: "Contact us if you don't know how to solve this."
       course: Course
       hidden_show_link: "Secret link"
       visibility-visible_for_all-info: "This course is visible for everyone: everyone can access this course from the course overview, and the contents are visible for everyone."
@@ -175,8 +177,6 @@ en:
       exercise_count: Exercises
       content_count: Reading activities
       more_statistics: "More statistics >"
-    create:
-      added_private_exercises: "Private exercises were added while creating this course. To use these exercises, this course will need to be granted permission from the relevant repositories."
     copy_courses_table:
       info: "Course"
       users: "# users"

diff --git a/config/locales/views/courses/nl.yml b/config/locales/views/courses/nl.yml
@@ -96,6 +96,8 @@ nl:
           other: "Je kan een cursus met meer dan %{count} oplossingen niet zelf verwijderen."
         contact_html: "<a href=\"%{contact_url}\">Contacteer ons</a> als je de cursus toch wilt verwijderen."
     show:
+      has_private_exercises: "Deze cursus gebruikt privé oefeningen waartoe die geen rechten heeft."
+      has_private_help: "Contacteer ons als je niet weet hoe je dit kan oplossen."
       course: Cursus
       hidden_show_link: 'Geheime link'
       visibility-visible_for_all-info: 'Deze cursus is zichtbaar voor iedereen: ze wordt opgelijst in het cursusoverzicht en de inhoud is toegankelijk voor iedereen.'
@@ -171,8 +173,6 @@ nl:
       content_count: Leesactiviteiten
       submitted_solutions: Ingediende oplossingen
       more_statistics: "Meer statistieken >"
-    create:
-      added_private_exercises: "Er werden privé oefeningen toegevoegd tijdens het aanmaken van deze cursus. Om deze oefeningen te kunnen gebruiken zal deze cursus toestemming moeten krijgen van de relevante repository's."
     copy_courses_table:
       info: "Cursus"
       users: "# gebruikers"
@@ -204,7 +204,7 @@ nl:
         enable: Schakel vragen in.
         disable: Schakel vragen uit.
     ical:
-      serie_deadline: "Deadline voor %{serie_name} van cursus %{course_name}: %{serie_url}" 
+      serie_deadline: "Deadline voor %{serie_name} van cursus %{course_name}: %{serie_url}"
   submissions:
     show:
       questions:

diff --git a/test/controllers/courses_controller_test.rb b/test/controllers/courses_controller_test.rb
@@ -13,6 +13,13 @@ class CoursesControllerTest < ActionDispatch::IntegrationTest
 
   test_crud_actions
 
+  test 'should render with inaccessible activities' do
+    @instance.series << create(:series)
+    @instance.series.first.activities << create(:exercise, access: :private)
+    get course_url(@instance)
+    assert_response :success
+  end
+
   test 'should reset token' do
     old_secret = @instance.secret
     post reset_token_course_url(@instance)

diff --git a/test/models/course_test.rb b/test/models/course_test.rb
@@ -249,4 +249,15 @@ class CourseTest < ActiveSupport::TestCase
     assert course.destroy
     assert_equal code, submission.reload.code
   end
+
+  test 'all_activities_accessible? should be correct' do
+    course = create :course, series_count: 1, exercises_per_series: 0
+    ex = create :exercise, access: :public
+    course.series.first.exercises << ex
+    assert course.all_activities_accessible?
+    ex.update(access: :private)
+    assert_not course.all_activities_accessible?
+    course.usable_repositories << ex.repository
+    assert course.all_activities_accessible?
+  end
 end