Resolve merge conflict

.credo.exs

@@ -100,7 +100,7 @@
         {Credo.Check.Refactor.MatchInCondition},
         {Credo.Check.Refactor.NegatedConditionsInUnless},
         {Credo.Check.Refactor.NegatedConditionsWithElse},
-        {Credo.Check.Refactor.Nesting},
+        {Credo.Check.Refactor.Nesting, max_nesting: 5},
         {Credo.Check.Refactor.PipeChainStart},
         {Credo.Check.Refactor.UnlessWithElse},
         {Credo.Check.Warning.BoolOperationOnSameValues},

lib/cadet/assessments/assessments.ex

@@ -268,7 +268,7 @@ defmodule Cadet.Assessments do
       assessment = assessment |> Map.put(:questions, questions)
       {:ok, assessment}
     else
-      {:error, {:unauthorized, "Assessment not open"}}
+      {:error, {:forbidden, "Assessment not open"}}
     end
   end
 
@@ -1158,7 +1158,7 @@ defmodule Cadet.Assessments do
   a boolean which is false by default.
 
   The return value is {:ok, submissions} if no errors, else it is {:error,
-  {:unauthorized, "Forbidden."}}
+  {:forbidden, "Forbidden."}}
   """
   @spec all_submissions_by_grader_for_index(CourseRegistration.t()) ::
           {:ok, String.t()}
@@ -1224,6 +1224,7 @@ defmodule Cadet.Assessments do
                  (select
                    a.id,
                    a.title,
+                   a.number as "assessmentNumber",
                    bool_or(ac.is_manually_graded) as "isManuallyGraded",
                    max(ac.type) as "type",
                    sum(q.max_xp) as "maxXp",
@@ -1242,6 +1243,7 @@ defmodule Cadet.Assessments do
                  (select
                    cr.id,
                    u.name as "name",
+                   u.username as "username",
                    g.name as "groupName",
                    g.leader_id as "groupLeaderId"
                  from course_registrations cr
@@ -1270,7 +1272,7 @@ defmodule Cadet.Assessments do
   end
 
   @spec get_answers_in_submission(integer() | String.t()) ::
-          {:ok, [Answer.t()]} | {:error, {:bad_request | :unauthorized, String.t()}}
+          {:ok, [Answer.t()]} | {:error, {:bad_request, String.t()}}
   def get_answers_in_submission(id) when is_ecto_id(id) do
     answer_query =
       Answer
@@ -1338,7 +1340,7 @@ defmodule Cadet.Assessments do
           CourseRegistration.t()
         ) ::
           {:ok, nil}
-          | {:error, {:unauthorized | :bad_request | :internal_server_error, String.t()}}
+          | {:error, {:forbidden | :bad_request | :internal_server_error, String.t()}}
   def update_grading_info(
         %{submission_id: submission_id, question_id: question_id},
         attrs,
@@ -1393,7 +1395,7 @@ defmodule Cadet.Assessments do
         _,
         _
       ) do
-    {:error, {:unauthorized, "User is not permitted to grade."}}
+    {:error, {:forbidden, "User is not permitted to grade."}}
   end
 
   @spec force_regrade_submission(integer() | String.t(), CourseRegistration.t()) ::

lib/cadet/auth/guardian.ex

@@ -8,16 +8,24 @@ defmodule Cadet.Auth.Guardian do
   alias Guardian.DB
 
   def subject_for_token(user, _claims) do
-    {:ok, to_string(user.id)}
+    {:ok,
+     URI.encode_query(%{
+       id: user.id,
+       username: user.username,
+       provider: user.provider
+     })}
   end
 
   def resource_from_claims(claims) do
-    user = Accounts.get_user(claims["sub"])
-
-    if user == nil do
-      {:error, :not_found}
-    else
-      {:ok, user}
+    case claims["sub"] |> URI.decode_query() |> Map.fetch("id") do
+      :error ->
+        {:error, :bad_request}
+
+      {:ok, id} ->
+        case user = Accounts.get_user(id) do
+          nil -> {:error, :not_found}
+          _ -> {:ok, user}
+        end
     end
   end
 

lib/cadet_web/admin_controllers/admin_achievements_controller.ex

@@ -61,7 +61,7 @@ defmodule CadetWeb.AdminAchievementsController do
   end
 
   swagger_path :update do
-    put("/admin/achievements/{uuid}")
+    put("/courses/{course_id}/admin/achievements/{uuid}")
 
     summary("Inserts or updates an achievement")
 
@@ -87,7 +87,7 @@ defmodule CadetWeb.AdminAchievementsController do
   end
 
   swagger_path :bulk_update do
-    put("/admin/achievements")
+    put("/courses/{course_id}/admin/achievements")
 
     summary("Inserts or updates achievements")
 
@@ -108,7 +108,7 @@ defmodule CadetWeb.AdminAchievementsController do
   end
 
   swagger_path :delete do
-    PhoenixSwagger.Path.delete("/admin/achievements/{uuid}")
+    PhoenixSwagger.Path.delete("/courses/{course_id}/admin/achievements/{uuid}")
 
     summary("Deletes an achievement")
     security([%{JWT: []}])

lib/cadet_web/admin_controllers/admin_assessments_controller.ex

@@ -127,7 +127,7 @@ defmodule CadetWeb.AdminAssessmentsController do
   end
 
   swagger_path :index do
-    get("/admin/users/{courseRegId}/assessments")
+    get("/courses/{course_id}/admin/users/{courseRegId}/assessments")
 
     summary("Fetches assessment overviews of a user")
 
@@ -143,7 +143,7 @@ defmodule CadetWeb.AdminAssessmentsController do
   end
 
   swagger_path :create do
-    post("/admin/assessments")
+    post("/courses/{course_id}/admin/assessments")
 
     summary("Creates a new assessment or updates an existing assessment")
 
@@ -162,7 +162,7 @@ defmodule CadetWeb.AdminAssessmentsController do
   end
 
   swagger_path :delete do
-    PhoenixSwagger.Path.delete("/admin/assessments/{assessmentId}")
+    PhoenixSwagger.Path.delete("/courses/{course_id}/admin/assessments/{assessmentId}")
 
     summary("Deletes an assessment")
 
@@ -177,7 +177,7 @@ defmodule CadetWeb.AdminAssessmentsController do
   end
 
   swagger_path :update do
-    post("/admin/assessments/{assessmentId}")
+    post("/courses/{course_id}/admin/assessments/{assessmentId}")
 
     summary("Updates an assessment")
 

lib/cadet_web/admin_controllers/admin_assets_controller.ex

@@ -71,7 +71,7 @@ defmodule CadetWeb.AdminAssetsController do
   end
 
   swagger_path :index do
-    get("/admin/assets/{folderName}")
+    get("/courses/{course_id}/admin/assets/{folderName}")
 
     summary("Get a list of all assets in a folder")
 
@@ -89,7 +89,7 @@ defmodule CadetWeb.AdminAssetsController do
   end
 
   swagger_path :delete do
-    PhoenixSwagger.Path.delete("/admin/assets/{folderName}/{fileName}")
+    PhoenixSwagger.Path.delete("/courses/{course_id}/admin/assets/{folderName}/{fileName}")
 
     summary("Delete a file from an asset folder")
 
@@ -108,7 +108,7 @@ defmodule CadetWeb.AdminAssetsController do
   end
 
   swagger_path :upload do
-    post("/admin/assets/{folderName}/{fileName}")
+    post("/courses/{course_id}/admin/assets/{folderName}/{fileName}")
 
     summary("Upload a file to an asset folder")
 

lib/cadet_web/admin_controllers/admin_courses_controller.ex

@@ -91,7 +91,7 @@ defmodule CadetWeb.AdminCoursesController do
   end
 
   swagger_path :update_course_config do
-    put("/v2/courses/{course_id}/admin/config")
+    put("/courses/{course_id}/admin/config")
 
     summary("Updates the course configuration for the specified course")
 
@@ -117,7 +117,7 @@ defmodule CadetWeb.AdminCoursesController do
   end
 
   swagger_path :update_assessment_configs do
-    put("/v2/courses/{course_id}/admin/config/assessment_configs")
+    put("/courses/{course_id}/admin/config/assessment_configs")
 
     summary("Updates the assessment configuration for the specified course")
 

lib/cadet_web/admin_controllers/admin_grading_controller.ex

@@ -118,7 +118,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :index do
-    get("/admin/grading")
+    get("/courses/{course_id}/admin/grading")
 
     summary("Get a list of all submissions with current user as the grader")
 
@@ -141,7 +141,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :unsubmit do
-    post("/admin/grading/{submissionId}/unsubmit")
+    post("/courses/{course_id}/admin/grading/{submissionId}/unsubmit")
     summary("Unsubmit submission. Can only be done by the Avenger of a student")
     security([%{JWT: []}])
 
@@ -156,7 +156,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :autograde_submission do
-    post("/admin/grading/{submissionId}/autograde")
+    post("/courses/{course_id}/admin/grading/{submissionId}/autograde")
     summary("Force re-autograding of an entire submission")
     security([%{JWT: []}])
 
@@ -171,7 +171,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :autograde_answer do
-    post("/admin/grading/{submissionId}/{questionId}/autograde")
+    post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}/autograde")
     summary("Force re-autograding of a question in a submission")
     security([%{JWT: []}])
 
@@ -187,7 +187,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :show do
-    get("/admin/grading/{submissionId}")
+    get("/courses/{course_id}/admin/grading/{submissionId}")
 
     summary("Get information about a specific submission to be graded")
 
@@ -206,7 +206,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :update do
-    post("/admin/grading/{submissionId}/{questionId}")
+    post("/courses/{course_id}/admin/grading/{submissionId}/{questionId}")
 
     summary("Update marks given to the answer of a particular question in a submission")
 
@@ -228,7 +228,7 @@ defmodule CadetWeb.AdminGradingController do
   end
 
   swagger_path :grading_summary do
-    get("/admin/grading/summary")
+    get("/courses/{course_id}/admin/grading/summary")
 
     summary("Receives a summary of grading items done by this grader")
 
@@ -310,6 +310,7 @@ defmodule CadetWeb.AdminGradingController do
           properties do
             id(:integer, "student id", required: true)
             name(:string, "student name", required: true)
+            username(:string, "student username", required: true)
             groupName(:string, "name of student's group")
             groupLeaderId(:integer, "user id of group leader")
           end

lib/cadet_web/admin_controllers/admin_stories_controller.ex

@@ -53,7 +53,7 @@ defmodule CadetWeb.AdminStoriesController do
   end
 
   swagger_path :create do
-    post("/v2{course_id}/stories")
+    post("/courses/{course_id}/admin/stories")
 
     summary("Creates a new story")
 
@@ -65,7 +65,7 @@ defmodule CadetWeb.AdminStoriesController do
   end
 
   swagger_path :delete do
-    PhoenixSwagger.Path.delete("/v2/courses/{course_id}/stories/{storyId}")
+    PhoenixSwagger.Path.delete("/courses/{course_id}/admin/stories/{storyId}")
 
     summary("Delete a story from database by id")
 
@@ -81,7 +81,7 @@ defmodule CadetWeb.AdminStoriesController do
   end
 
   swagger_path :update do
-    post("/v2/courses/{course_id}/stories/{storyId}")
+    post("/courses/{course_id}/admin/stories/{storyId}")
 
     summary("Update details regarding a story")
 

lib/cadet_web/admin_controllers/admin_user_controller.ex

@@ -179,7 +179,7 @@ defmodule CadetWeb.AdminUserController do
   end
 
   swagger_path :index do
-    get("/v2/courses/{course_id}/admin/users")
+    get("/courses/{course_id}/admin/users")
 
     summary("Returns a list of users in the course owned by the admin")
 
@@ -190,7 +190,7 @@ defmodule CadetWeb.AdminUserController do
   end
 
   swagger_path :combined_total_xp do
-    get("/v2/courses/{course_id}/admin/users/{course_reg_id}/total_xp")
+    get("/courses/{course_id}/admin/users/{course_reg_id}/total_xp")
 
     summary("Get the specified user's total XP from achievements and assessments")
 
@@ -206,8 +206,8 @@ defmodule CadetWeb.AdminUserController do
     response(401, "Unauthorised")
   end
 
-  swagger_path :add_users do
-    put("/v2/courses/{course_id}/admin/users")
+  swagger_path :upsert_users_and_groups do
+    put("/courses/{course_id}/admin/users")
 
     summary("Adds the list of usernames and roles to the course")
     security([%{JWT: []}])
@@ -228,7 +228,7 @@ defmodule CadetWeb.AdminUserController do
   end
 
   swagger_path :update_role do
-    put("/v2/courses/{course_id}/admin/users/role")
+    put("/courses/{course_id}/admin/users/{course_reg_id}/role")
 
     summary("Updates the role of the given user in the the course")
     security([%{JWT: []}])
@@ -257,7 +257,7 @@ defmodule CadetWeb.AdminUserController do
   end
 
   swagger_path :delete_user do
-    delete("/v2/courses/{course_id}/admin/users")
+    delete("/courses/{course_id}/admin/users/{course_reg_id}")
 
     summary("Deletes a user from a course")
     consumes("application/json")

lib/cadet_web/admin_views/admin_grading_view.ex

@@ -10,7 +10,11 @@ defmodule CadetWeb.AdminGradingView do
   def render("grading_info.json", %{answer: answer}) do
     transform_map_for_view(answer, %{
       student:
-        &transform_map_for_view(&1.submission.student, %{name: fn st -> st.user.name end, id: :id}),
+        &transform_map_for_view(&1.submission.student, %{
+          name: fn st -> st.user.name end,
+          id: :id,
+          username: fn st -> st.user.username end
+        }),
       question: &build_grading_question/1,
       solution: &(&1.question.question["solution"] || ""),
       grade: &build_grade/1