E2524. Reimplement student_review_controller.rb

.dockerignore

@@ -0,0 +1,25 @@
+**/.classpath
+**/.dockerignore
+**/.env
+**/.git
+**/.gitignore
+**/.project
+**/.settings
+**/.toolstarget
+**/.vs
+**/.vscode
+**/*.*proj.user
+**/*.dbmdl
+**/*.jfm
+**/bin
+**/charts
+**/docker-compose*
+**/compose*
+**/Dockerfile*
+**/node_modules
+**/npm-debug.log
+**/obj
+**/secrets.dev.yaml
+**/values.dev.yaml
+LICENSE
+README.md

.github/workflows/main.yml

@@ -2,7 +2,7 @@ name: CI/CD
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, check_tests ]
   pull_request:
     branches: [ main ]
 
@@ -49,6 +49,14 @@ jobs:
           gem install bundler:2.4.7
           bundle install
 
+      - name: Wait for MySQL to be ready
+        run: |
+          while ! nc -z localhost 3306; do
+            echo "Waiting for MySQL..."
+            sleep 3
+          done
+          echo "MySQL is ready."
+
       - name: Setup database
         run: |
           bundle exec rails db:create RAILS_ENV=test
@@ -67,7 +75,19 @@ jobs:
         run: bundle exec rspec spec/requests/
 
       - name: Format code coverage report
-        run: ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.models.json" --debug
+        run: |
+          mkdir -p coverage
+          if [ -f "coverage/codeclimate.json" ]; then
+            ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.models.json" coverage/codeclimate.json
+          else
+            echo "coverage.json not found, looking for .resultset.json"
+            if [ -f "coverage/.resultset.json" ]; then
+              ./cc-test-reporter format-coverage -t simplecov -o "coverage/codeclimate.models.json"
+            else
+              echo "No coverage files found!"
+              find coverage -type f
+            fi
+          fi
 
       - name: Upload coverage artifacts
         uses: actions/upload-artifact@v4
@@ -77,24 +97,32 @@ jobs:
 
 
   publish_code_coverage:
-    needs: test  # Ensures this job runs after the test job
+    needs: test
     runs-on: ubuntu-latest
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'  # Only run when there's a push to main branch
-
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'  # No secret check here!
     steps:
       - uses: actions/checkout@v3
+
       - uses: actions/download-artifact@v4
         with:
           name: code-coverage-artifacts
           path: coverage/
 
-      - name: Upload code-coverage report to code-climate
+      - name: Upload code-coverage report to Code Climate
+        env:
+          CC_TEST_REPORTER_ID: ${{ secrets.CC_TEST_REPORTER_ID }}
         run: |
+          if [ -z "$CC_TEST_REPORTER_ID" ]; then
+            echo "Secret CC_TEST_REPORTER_ID not set. Skipping code coverage upload."
+            exit 0
+          fi
+
           export GIT_BRANCH="${GITHUB_REF/refs\/heads\//}"
           curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
           chmod +x ./cc-test-reporter
-          ./cc-test-reporter sum-coverage coverage/codeclimate.*.json 
-          ./cc-test-reporter after-build -t simplecov -r ${{ secrets.CC_TEST_REPORTER_ID }}
+          ./cc-test-reporter sum-coverage coverage/codeclimate.*.json
+          ./cc-test-reporter after-build -t simplecov -r "$CC_TEST_REPORTER_ID"
+
 
   docker:
     needs: test

.gitignore

@@ -31,3 +31,5 @@
 /config/master.key
 coverage/
 rsa_keys.yml
+
+/config/credentials/test.key

.ruby-version

@@ -1 +1 @@
-ruby-3.2.7
+3.2.7

Gemfile.lock

@@ -363,6 +363,7 @@ PLATFORMS
   aarch64-linux
   arm64-darwin-22
   arm64-darwin-23
+  arm64-darwin-24
   x64-mingw-ucrt
   x86_64-linux
 

README.md

@@ -5,7 +5,7 @@ application up and running.
 
 Things you may want to cover:
 
-* Ruby version - 3.2.1
+* Ruby version - 3.2.
 
 ## Development Environment
 

app/controllers/api/v1/student_review_controller.rb

@@ -0,0 +1,125 @@
+class Api::V1::StudentReviewController < ApplicationController
+  # Constants for action names and roles to avoid magic strings
+  LIST_ACTION     = 'list'.freeze
+  SUBMITTER_ROLE  = 'submitter'.freeze
+
+
+  # Ensure proper authorization and service initialization before actions
+  before_action :authorize_user, only: [LIST_ACTION.to_sym]
+  before_action :load_service, only: [:list]
+  # Handle service-specific errors gracefully
+  rescue_from 'StudentReviewService::Error', with: :handle_service_error
+
+  # GET /api/v1/student_review/list
+  # Returns a list of reviews for the authenticated student participant
+  def list
+    return unless authorized_participant?
+
+    render json: build_review_response
+  end
+
+  protected
+
+      def check_bidding_redirect
+        if @service&.bidding_enabled?
+          redirect_to controller: 'review_bids', action: 'index', assignment_id: params[:assignment_id], id: params[:id]
+        end
+      end
+
+  private
+
+  # Ensures the user has proper authorization to access the endpoint
+  def authorize_user
+    unless action_allowed?
+      render json: { error: 'Unauthorized' }, status: :unauthorized
+      return
+    end
+  end
+
+  # Add this method to handle locale
+  def controller_locale
+    # Use the user's locale preference if available
+    if current_user && current_user.locale.present?
+      I18n.locale = current_user.locale
+    else
+      # Fall back to default locale
+      I18n.locale = I18n.default_locale
+    end
+  end
+
+  # Quick-exit unless they're a student.
+  # Then, only allow the LIST_ACTION for users who also have the SUBMITTER_ROLE on this resource.
+  def action_allowed?
+    # guard clause: must be a student at all
+    return false unless current_user_has_student_privileges?  # early return
+
+    # only permit “list” for submitters
+    action_name == LIST_ACTION &&
+      are_needed_authorizations_present?(params[:id], SUBMITTER_ROLE)
+  end
+
+  # Initializes the StudentReviewService with the participant ID
+  # Handles any errors that occur during service initialization
+  def load_service
+    @service = StudentReviewService.new(params[:id])
+  rescue StandardError => e
+    render_error(e.message)
+  end
+
+  # Verifies that the current user matches the participant's user ID
+  # Returns false and renders unauthorized error if verification fails
+  def authorized_participant?
+    if current_user_id?(@service.participant.user_id)
+      check_bidding_redirect
+      true
+    else
+      render json: { error: 'Unauthorized participant' }, status: :unauthorized
+      false
+    end
+  end
+
+  # Builds the complete review response JSON structure
+  # Includes participant details, assignment info, and review statistics
+  def build_review_response
+    {
+      participant: @service.participant,
+      assignment: @service.assignment,
+      topic_id: @service.topic_id,
+      review_phase: @service.review_phase,
+      review_mappings: @service.review_mappings,
+      reviews: build_reviews_summary,
+      response_ids: @service.response_ids
+    }
+  end
+
+  # Constructs a summary of review statistics including:
+  # - Total number of reviews
+  # - Number of completed reviews
+  # - Number of reviews in progress
+  def build_reviews_summary
+    {
+      total: @service.num_reviews_total,
+      completed: @service.num_reviews_completed,
+      in_progress: @service.num_reviews_in_progress
+    }
+  end
+
+  # Renders error messages with unprocessable entity status
+  def render_error(message)
+    render json: { error: message }, status: :unprocessable_entity
+  end
+
+  # TODO- implementation for review_bids has not been done yet
+  # Handles redirection for review bidding functionality
+  # Will be implemented in future iterations
+  # def check_bidding_redirect
+  #   if @service.bidding_enabled?
+  #     redirect_to(
+  #       controller: 'review_bids',
+  #       action: 'index',
+  #       assignment_id: params[:assignment_id],
+  #       id: params[:id]
+  #     ) and return
+  #   end
+  # end
+end

app/controllers/application_controller.rb

@@ -1,7 +1,32 @@
 class ApplicationController < ActionController::API
   include Authorization
   include JwtToken
-
+
+  # 1) Set locale for every request
+  before_action :set_locale
+  # 2) Perform authorization
   before_action :authorize
 
+  private
+
+  # Sets I18n.locale based on params, Accept-Language header, or default
+  def set_locale
+    I18n.locale = extract_locale || I18n.default_locale
+  end
+
+  # Returns a valid locale symbol or nil
+  def extract_locale
+    # 1) Param override
+    if params[:locale].present?
+      sym = params[:locale].to_sym
+      return sym if I18n.available_locales.include?(sym)
+    end
+
+    # 2) Accept-Language header fallback
+    header = request.env['HTTP_ACCEPT_LANGUAGE'].to_s
+    header
+      .split(',')
+      .map { |l| l[0..1].downcase.to_sym }
+      .find { |loc| I18n.available_locales.include?(loc) }
+  end
 end