Commit Graph

18231 Commits

Author SHA1 Message Date
73307096c3 Fix some remaining issues from the Spring migration (#20)
All checks were successful
Build and test / build-and-test (push) Successful in 6m50s
A few missing `@Bean` definitions were discovered.

Spring also has a much stricter requirement about requiring `@Transactional` for every database change.

## How to test `@Bean GroupFacadeImpl`
1. Log in as a supervisor
2. Go to "My groups" and create a group
3. Go back to "My groups" and try to open the group

## How to test `@Bean IdeaFacadae`
1. Create an application period that is open ("Admin" / "Match" / "Application periods")
2. Log in as an author
3. Go to "Ideas" / "My ideas"
4. Click "Select from available ideas" in the period created in step 1

## How to test missing `@Transactional`
1. Log in as a user with notifications (or generate some by for example writing in the forum)
2. Go to "Notifications" in the top right
3. Click on any notification subject to navigate to it

## How to test crash while trying to schedule final seminar
1. Log in as a supervisor
2. Open a project and attempt to schedule a final seminar

## How to test crash while trying to upload final thesis as supervisor
1. Log in as supervisor
2. Note down the supervisors username
3. Open a project that has had a final seminar
4. Go to the "Finishing up" tab
5. Submit the supervisors username as the custom principal
6. Try to upload a final thesis

## How to test removal of approved final thesis
1. Log in as supervisor
2. Note down the supervisors username
3. Open a project that has had a final seminar
4. Go to the "Finishing up" tab
5. Submit the supervisors username as the custom principal
6. Upload a final thesis
7. Approve the final thesis
8. Remove the approval

## How to test crash while trying to schedule first meeting
1. Log in as supervisor
2. Open a project
3. Go to the "First meeting tab"
4. Try to submit

## How to test crash while trying to unselect an idea as an author
1. Create an application period that is open ("Admin" / "Match" / "Application periods")
2. Log in as an author
3. Go to "Ideas" / "My ideas"
4. Click "Select from available ideas" in the period created in step 1
5. Select any available supervisor idea
6. Go back to "Ideas" / "My ideas"
7. Open the selected idea
8. Hit unselect at the bottom

## How to test crash while trying to toggle milestone
1. Log in as supervisor
2. Open any project
3. Go to "Milestones" tab
4. Attempt to toggle both individual and project milestones

## How to test crash while trying to get user's note
1. Find a user without a row in the `note` table
2. Log in as that user
3. Click "My notes" in the top right

Reviewed-on: #20
Reviewed-by: Nico Athanassiadis <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-11-20 12:56:21 +01:00
1f0f15fc18 3471: Reduced size of textarea as requested, also made small reformatting of Java code (#19)
All checks were successful
Build and test / build-and-test (push) Successful in 6m52s
* number of rows in textarea is reduced from 20 to 7.
* made small reformatting of ProjectNoteColumn

Reviewed-on: #19
Reviewed-by: ansv7779 <andreass@dsv.su.se>
Co-authored-by: Tom Zhao <tom.zhao@dsv.su.se>
Co-committed-by: Tom Zhao <tom.zhao@dsv.su.se>
2024-11-19 12:17:15 +01:00
d89417ceea Fix intermittent sorting of criterion to actual order (#18)
All checks were successful
Build and test / build-and-test (push) Successful in 12m43s
When you tried to edit a grading template in  "Project management" -> "Grading Templates" the criterion could be shown in an order not reflecting the sortOrder of the criterion.
The reason was that we only got the arbitrary order depending on the insertion order in the database.

Changed the Collection to a List, it is now an ArrayList. Also added @OrderBy("sortOrder ASC") to actually sort by the order of the criterion thus ensuring visual order is intact.

Co-authored-by: Tom Zhao <tom.zhao@dsv.su.se>
Reviewed-on: #18
Reviewed-by: Tom Zhao <tom.zhao@dsv.su.se>
Co-authored-by: Nico Athanassiadis <nico@dsv.su.se>
Co-committed-by: Nico Athanassiadis <nico@dsv.su.se>
2024-11-14 12:39:41 +01:00
a9b8542576 Fix users getting stuck at a blank white page after logging in. (#16)
All checks were successful
Build and test / build-and-test (push) Successful in 6m41s
By default, Tomcat will use a cookie to track the session. However, if there is no cookie sent by the browser it will append the session id to the URL. The way it does this is by adding a ";jsessionid=..." to the end. This is not a problem in itself, but it can enable session hijacking if the URL is shared and ";" is  a blocked character by the default Spring Security configuration (see StrictHttpFirewall).

So what happens is a user navigates to SciPro. No session cookie is sent since this is the first request. SciPro sees that the user is not authenticated and redirects the user to the login page. When SciPro checks for authentication it checks the session which will instruct Tomcat to create a session. Since Tomcat sees no cookie it will append the session id to the redirect URL to try and track the session. After the user has logged in they are redirected back to SciPro with the session id in the URL which is then blocked by Spring's StrictHttpFirewall.

To avoid this, we can set the tracking mode to *only* COOKIE.

An alternative solution is to tell Spring to allow ";" in the URL but there seems to be good reason as to why it is blocked, see the Javadoc linked below.

ab93541926/web/src/main/java/org/springframework/security/web/firewall/StrictHttpFirewall.java (L202)

## How to test
 1. Open a new private browsing window (to make sure there are no cookies).
 2. Go to http://localhost:8080 (or wherever you have SciPro running) while on the `develop` branch
 3. See that you're stuck on a blank white page with a ";jsessionid=..." in the URL with a 401 response
 4. Remove the ";jsessionid=..." part and you'll be logged in to SciPro
 5. Switch to this branch and try and see that you'll be logged in immediately

Reviewed-on: #16
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-11-13 08:01:17 +01:00
cfe61a9ed8 task/3382: Harmonize database names as snake_case (#6)
All checks were successful
Build and test / build-and-test (push) Successful in 6m45s
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Reviewed-on: #6
Reviewed-by: ansv7779 <andreass@dsv.su.se>
Co-authored-by: Tom Zhao <tom.zhao@dsv.su.se>
Co-committed-by: Tom Zhao <tom.zhao@dsv.su.se>
2024-11-12 13:33:43 +01:00
8e5c9f5687 Allow longer final thesis titles (#17)
All checks were successful
Build and test / build-and-test (push) Successful in 10m0s
The titles entered are most often the same as the project title. The project title however has no length limit. When such a project tries to upload their final thesis the system will crash because the accepted long project title is rejected as the final thesis title.

This change removes the length limit on final thesis titles to bring them to parity with the project title.

See OTRS ticket [202411011026](https://otrs.dsv.su.se/otrs/index.pl?Action=AgentTicketZoom;TicketID=389771#1413199)

This change has already been done manually in the production system to resolve the above ticket.

## How to test
Submit a final thesis using a title longer than 255 characters and see that is accepted.

Reviewed-on: #17
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-11-11 11:17:15 +01:00
ccac2c1cf8 Enable creating an API using Spring Web (#5)
All checks were successful
Build and test / build-and-test (push) Successful in 6m54s
SciPro will have to provide information to the upcoming student portal. Wicket does not have the ability to serve JSON in the usual REST way and is only able to serve HTML. The most common way to write JSON over HTTP API:s in Java is using Spring Web, but currently SciPro uses Guice for dependency injection rather than Spring which makes adding Spring Web a bit more tricky.

This pull request attempts to solve this by doing the following;
* Replacing Guice with Spring
* Adding a new API module that uses Spring Web
* Turning the entire system into a standard Spring Boot web application

The hope is that these changes will bring the following benefits;
* Harmonize our web stack (Daisy uses Spring and the new lecture hall system is full Spring Boot)
* Enable easy development of a traditional JSON over HTTP API
* Ease future recruitment by using the most common Java web frameworks

Reviewed-on: #5
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-11-06 11:23:28 +01:00
ad77085356 Build and test on each push (#9)
All checks were successful
Build and test / build-and-test (push) Successful in 7m1s
Adds an indicator to every commit and pull request that shows if every test passes.

Uses [Maven Wrapper](https://maven.apache.org/wrapper/) instead of relying on a system wide available `mvn` command. This ensures a stable build environment with a set version of Maven.

Co-authored-by: niat8586 <nico@dsv.su.se>
Reviewed-on: #9
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-10-30 10:19:50 +01:00
e18af72336 Allows admins to manage grading report templates (#14)
# Manage grading report templates
Every once in a while the criteria used to asses theses and individual performance changes. When this happens the criteria in SciPro needs to be updated.

Up until now there has not been a GUI to do this and it has instead been done manually, sometimes using database migrations. It was also time-sensitive since there was only ever one template (per project type) in SciPro such that the change had to happen at the correct time when the new template was to take effect.

There was also the question of how to calculate the grade the author should receive based on the point sum from the supervisors assessment of all the criteria and these limits were hard-coded in the system.

These changes address all of the above;
 * There can be multiple templates per type.
 * Each template has a period during which it is are current.
 * Each template has defined the conversion of point sums to grades.

The periods can not overlap and a template remains current from its start date until another template's start date is reached. There can not be two templates (within a project type) that become valid on the same date.

## How to test
 1. Log in as administrator
 2. Go to "Project management"
 3. Go to "Grading templates"
 4. Create/edit new templates
 5. View current template

Card 3482

Co-authored-by: niat8586 <nico@dsv.su.se>
Reviewed-on: #14
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-10-30 10:05:22 +01:00
d8e4f0dd22 Stop confusing Spring Boot with copied classes
These classes were copied from Spring Data a long time ago. Their existence on the class path confuses Spring Boot into thinking we use Spring Data JPA which we do not.
2024-10-28 14:02:31 +01:00
e300323135 Update pom.xml (#10)
changed the wicket version due to security scan

Reviewed-on: #10
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: wwest <wayne@dsv.su.se>
Co-committed-by: wwest <wayne@dsv.su.se>
2024-07-25 14:20:24 +02:00
949de4a260 Allow supervisors to write a note associated with their projects (#8)
There is a need among supervisors to maintain some work notes for each project. Where they are in the process, what students need to do, and other such things.

This PR gives the supervisors the ability to write a note for each project on their overview page.

Card 3399

Reviewed-on: DSV/scipro#8
Reviewed-by: niat8586 <nico@dsv.su.se>
2024-07-10 13:43:27 +02:00
4dc0ba32d0 Enable supervisors to get an overview of forum activity (#3)
Their project overview page now include a column indicating if any thread in that forum has an unread post and it also acts as a quick link directly to the forum.

Fixes #2
Card 3399

Reviewed-on: DSV/scipro#3
Reviewed-by: niat8586 <nico@dsv.su.se>
Co-authored-by: Andreas Svanberg <andreass@dsv.su.se>
Co-committed-by: Andreas Svanberg <andreass@dsv.su.se>
2024-07-10 13:18:20 +02:00
eccf6937a3 3380 Specify information URL about the review process for reviewers
Administrators want to inform the reviewers what dates are important during the thesis writing process.

They can now configure an information URL for each type of project under "Admin / System / Type settings" that is shown to the reviewers as they review projects.
2024-05-27 16:35:30 +02:00
663b92eb3b 3380 Specify information URL about the review process for supervisors
Administrators want to inform the supervisors how the reviewers are assigned and what dates are important during the thesis writing process.

They can now configure an information URL for each type of project under "Admin / System / Type settings" that is shown to the supervisors as they enter the review process.
2024-05-27 16:29:23 +02:00
da842a9fd2 3380 Made it possible to edit minimum/maximum authors
There has always been a minimum and maximum limit on the number of authors per project type, it was just never configurable. Made them configurable while working on the panel.
2024-05-27 16:04:09 +02:00
a48dccc4cd Merge branch 'bugfix/3372-link' into develop 2024-05-23 12:02:44 +02:00
0c06dbd6a3 3392 Multiple reviews on the same project should not fulfil multiple targets
Targets set by administrators are based on how many projects the reviewer gets assigned. If there are multiple reviews on a single project due to rejecting earlier versions the reviewer does not get more time.
2024-05-22 12:49:15 +02:00
58cd2003a7 3392 Refactoring 2024-05-22 12:38:57 +02:00
a79ee20cba 3392 Failing test 2024-05-22 12:35:50 +02:00
325b93ce3d 3391 Fix warning 2024-05-22 10:45:29 +02:00
6c0cf8a42f bugfix/3372-link: Complement allowed characters in forum links with exlamation mark. 2024-05-17 15:30:16 +02:00
e8e8bf8a68 3376 Upgrade Hibernate 2024-05-07 12:23:48 +02:00
a6d2502ebb 3381 Fix NPE when supervisors fill in individual criteria before final thesis is uploaded 2024-05-03 15:11:13 +02:00
8ccd6156b7 Fix table casing 2024-05-02 10:17:50 +02:00
9c78d9a648 Merge remote-tracking branch 'refs/remotes/origin/wicket-10' into develop 2024-04-26 10:10:24 +02:00
aa469a425b Fixed warning/error due to difference in name resolution between IntelliJ and Hibernate. 2024-04-26 10:07:54 +02:00
f5950a43ba 3126 Remove possibility to reply to forum posts via e-mail
Unused feature that caused issues with repeated posts.
2024-04-26 10:05:30 +02:00
bd90b34c42 Fix URKUND integration with new Guice UnitOfWork changes
Can not fetch the settings from the authenticator since that is ran on a HTTP request dispatching thread where no UnitOfWork has started.It is not possible to fetch the credentials in the constructor since then it would not be possible to change the settings while the system is running. Instead recreate the client with prefetched credentials on every request.
2024-04-25 09:51:51 +02:00
43516dba16 3275 orangemarkera två flikar i "finishing up" när man hovrar med musen 2024-04-24 16:43:03 +02:00
5c78a698f9 Wicket 10 downgraded the version so the security vulnerability popped up again 2024-04-24 14:53:57 +02:00
28bc8bf05a Merge branch 'wicket-10' into develop 2024-04-24 12:26:11 +02:00
29d8acf4d5 3361 Fix simultaneous requests to open the same checklist
What happens in there are simultaneous requests to open a checklist.
Both threads will read the checklist from the database, and since it
is versioned they will both get version N.
Then both threads will try to update the last open date and save the
checklist. When saving a versioned object a SQL query of the form
UPDATE checklist SET version = N+1 WHERE id = ? AND version = N
is generated, the first such query will succeed but the second one
will not update any row which Hibernate treats as an optimistic
locking error.
To work around this we use a global lock to ensure that only one
thread can update the checklist at a time. We can't use the
EntityManagers lock method since that too will cause an optimistic
locking failure. This is an unfortunate global lock that will affect
everyone even if they open different checklist, but it is such an
underused feature that it should not be a problem.
2024-04-22 15:28:08 +02:00
7e0d0a8558 3351 Downgrade servlet to match version used by Tomcat 2024-04-22 12:39:32 +02:00
c376554530 Merge branch 'develop' into wicket-10
# Conflicts:
#	pom.xml
2024-04-22 12:35:23 +02:00
0ebd179201 Upgrade Jackson and Jersey 2024-04-22 12:18:12 +02:00
d440956525 3351 Wicket uses ByteBuddy by default now 2024-04-22 10:38:43 +02:00
0c9b167100 3351 Wicketstuff 10 released 2024-04-22 10:20:21 +02:00
db0c36234a Merge branch 'develop' into wicket-10 2024-04-22 09:41:47 +02:00
9654fea439 Supress bogus security vulnerability 2024-04-22 09:30:47 +02:00
fea88cfcc6 3207 Disabling the button will break Wickets specific submit button behavior. Disable buttons with CSS instead 2024-04-18 09:57:24 +02:00
9b69fca5be Merge remote-tracking branch 'origin/develop' into develop 2024-04-16 21:31:29 +02:00
fb39fa9c64 3359 Bristande info under Final thesis and reflection 2024-04-16 21:31:12 +02:00
5a20a863d0 3207 TR 2024-04-16 14:17:07 +02:00
42cd644e74 Merge branch 'develop' into wicket-10
# Conflicts:
#	view/src/main/java/se/su/dsv/scipro/supervisor/pages/SupervisorViewGroupThreadPage.java
2024-04-16 14:13:03 +02:00
f1187390ff 3368 3369 Suppress nonsense vulnerabilities 2024-04-16 13:22:37 +02:00
2d7b032219 Clean up 2024-04-16 13:21:03 +02:00
a8707ab6f9 3367 Remove unused library with security vulnerability 2024-04-16 13:06:44 +02:00
eca412d9b5 2870 Stöd för att ange nationellt ämneskategori i samband med att godkänner final thesis 2024-04-08 17:04:06 +02:00
0474b18911 3207 Dubblett - POST finalseminar 2024-04-08 15:44:51 +02:00