Index: lams_central/conf/security/Owasp.CsrfGuard.properties =================================================================== diff -u -r845b503553ad948cb5db7b89950f7c5251ada5d7 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 845b503553ad948cb5db7b89950f7c5251ada5d7) +++ lams_central/conf/security/Owasp.CsrfGuard.properties (.../Owasp.CsrfGuard.properties) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -31,6 +31,13 @@ org.owasp.csrfguard.protected.centralSaveUserProfile=/lams/saveprofile.do org.owasp.csrfguard.protected.centralOutcomeSave=/lams/outcome/outcomeSave.do +org.owasp.csrfguard.protected.gradebookExportExcelCourse=/lams/gradebook/gradebookMonitoring/exportExcelCourseGradebook.do +org.owasp.csrfguard.protected.gradebookExportExcelLesson=/lams/gradebook/gradebookMonitoring/exportExcelLessonGradebook.do +org.owasp.csrfguard.protected.gradebookExportExcelSelectedLessons=/lams/gradebook/gradebookMonitoring/exportExcelSelectedLessons.do +org.owasp.csrfguard.protected.gradebookToggleReleaseMarks=/lams/gradebook/gradebookMonitoring/toggleReleaseMarks.do +org.owasp.csrfguard.protected.gradebookUpdateUserActivityData=/lams/gradebook/gradebookMonitoring/updateUserActivityGradebookData.do +org.owasp.csrfguard.protected.gradebookUpdateUserLessonData=/lams/gradebook/gradebookMonitoring/updateUserLessonGradebookData.do + org.owasp.csrfguard.protected.assessmentAuthoringSave=/lams/tool/laasse10/authoring/updateContent.do org.owasp.csrfguard.protected.assessmentAuthoringDefineLater=/lams/tool/laasse10/authoring/definelater.do org.owasp.csrfguard.protected.assessmentDiscloseCorrectAnswers=/lams/tool/laasse10/monitoring/discloseCorrectAnswers.do Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java =================================================================== diff -u -r679782834f99e7e2699f9f34ae8bf1c75abc7bb5 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java (.../GradebookController.java) (revision 679782834f99e7e2699f9f34ae8bf1c75abc7bb5) +++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookController.java (.../GradebookController.java) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -544,7 +544,6 @@ /** * Gets the average mark for an activity and writes the result in the response */ - @SuppressWarnings("unchecked") @RequestMapping("/getActivityMarkAverage") @ResponseBody public String getActivityMarkAverage(HttpServletRequest request, HttpServletResponse response) throws Exception { Index: lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java =================================================================== diff -u -r001591d119f3bc5d1d5939f7e8ea8a6ea7cdc965 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision 001591d119f3bc5d1d5939f7e8ea8a6ea7cdc965) +++ lams_gradebook/src/java/org/lamsfoundation/lams/gradebook/web/controller/GradebookMonitoringController.java (.../GradebookMonitoringController.java) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -24,10 +24,8 @@ import java.io.IOException; import java.util.Arrays; -import java.util.LinkedHashMap; import java.util.List; -import javax.servlet.ServletException; import javax.servlet.ServletOutputStream; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; @@ -52,7 +50,6 @@ import org.lamsfoundation.lams.util.FileUtil; import org.lamsfoundation.lams.util.JsonUtil; import org.lamsfoundation.lams.util.WebUtil; -import org.lamsfoundation.lams.util.excel.ExcelCell; import org.lamsfoundation.lams.util.excel.ExcelSheet; import org.lamsfoundation.lams.util.excel.ExcelUtil; import org.lamsfoundation.lams.web.session.SessionManager; @@ -87,81 +84,68 @@ private ISecurityService securityService; @RequestMapping("") - public String unspecified(HttpServletRequest request, HttpServletResponse response) throws Exception { - try { - Long lessonId = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); - if (log.isDebugEnabled()) { - log.debug("Getting gradebook for lesson " + lessonId); - } - UserDTO user = getUser(); - if (user == null) { - log.error("User missing from session. "); - return "error"; - } - if (!securityService.isLessonMonitor(lessonId, user.getUserID(), "get lesson gradebook", false)) { - response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson"); - return null; - } + public String unspecified(HttpServletRequest request, HttpServletResponse response) throws IOException { + Long lessonId = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); + if (log.isDebugEnabled()) { + log.debug("Getting gradebook for lesson " + lessonId); + } + UserDTO user = getUser(); + if (user == null) { + log.error("User missing from session. "); + return "error"; + } + if (!securityService.isLessonMonitor(lessonId, user.getUserID(), "get lesson gradebook", false)) { + response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson"); + return null; + } - Lesson lesson = lessonService.getLesson(lessonId); - boolean marksReleased = lesson.getMarksReleased(); - LessonDetailsDTO lessonDetatilsDTO = lesson.getLessonDetails(); - request.setAttribute("lessonDetails", lessonDetatilsDTO); - request.setAttribute("marksReleased", marksReleased); + Lesson lesson = lessonService.getLesson(lessonId); + boolean marksReleased = lesson.getMarksReleased(); + LessonDetailsDTO lessonDetatilsDTO = lesson.getLessonDetails(); + request.setAttribute("lessonDetails", lessonDetatilsDTO); + request.setAttribute("marksReleased", marksReleased); - List weights = gradebookService.getWeights(lesson.getLearningDesign()); - if (weights.size() > 0) { - request.setAttribute("weights", weights); - } + List weights = gradebookService.getWeights(lesson.getLearningDesign()); + if (weights.size() > 0) { + request.setAttribute("weights", weights); + } - request.setAttribute("isInTabs", WebUtil.readBooleanParam(request, "isInTabs", false)); + request.setAttribute("isInTabs", WebUtil.readBooleanParam(request, "isInTabs", false)); - return "gradebookMonitor"; - } catch (Exception e) { - log.error("Failed to load lesson gradebook", e); - return "error"; - } + return "gradebookMonitor"; } @RequestMapping("/courseMonitor") - public String courseMonitor(HttpServletRequest request, HttpServletResponse response) throws Exception { + public String courseMonitor(HttpServletRequest request, HttpServletResponse response) throws IOException { + Integer organisationID = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); + if (log.isDebugEnabled()) { + log.debug("Getting gradebook for organisation " + organisationID); + } - try { - Integer organisationID = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); - if (log.isDebugEnabled()) { - log.debug("Getting gradebook for organisation " + organisationID); - } - - UserDTO user = getUser(); - if (user == null) { - log.error("User missing from session. "); - return "error"; - } - if (!securityService.hasOrgRole(organisationID, user.getUserID(), - new String[] { Role.GROUP_MANAGER, Role.MONITOR }, "get course gradebook page", false)) { - response.sendError(HttpServletResponse.SC_FORBIDDEN, - "User is not a course manager in the organisation"); - return null; - } - - Organisation organisation = (Organisation) userManagementService.findById(Organisation.class, - organisationID); - request.setAttribute("organisationID", organisationID); - request.setAttribute("organisationName", organisation.getName()); - - return "gradebookCourseMonitor"; - } catch (Exception e) { - log.error("Failed to load course gradebook", e); + UserDTO user = getUser(); + if (user == null) { + log.error("User missing from session. "); return "error"; } + if (!securityService.hasOrgRole(organisationID, user.getUserID(), + new String[] { Role.GROUP_MANAGER, Role.MONITOR }, "get course gradebook page", false)) { + response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a course manager in the organisation"); + return null; + } + + Organisation organisation = (Organisation) userManagementService.findById(Organisation.class, organisationID); + request.setAttribute("organisationID", organisationID); + request.setAttribute("organisationName", organisation.getName()); + + return "gradebookCourseMonitor"; } /** * Updates a user's mark or feedback for an entire lesson. */ @RequestMapping(path = "/updateUserLessonGradebookData", method = RequestMethod.POST) public void updateUserLessonGradebookData(HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws IOException { Long lessonID = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); if (!securityService.isLessonMonitor(lessonID, getUser().getUserID(), "update lesson gradebook", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson"); @@ -192,7 +176,7 @@ @RequestMapping(path = "/updateUserActivityGradebookData", method = RequestMethod.POST) @ResponseBody public void updateUserActivityGradebookData(HttpServletRequest request, HttpServletResponse response) - throws Exception { + throws IOException { Long lessonID = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); if (!securityService.isLessonMonitor(lessonID, getUser().getUserID(), "update activity gradebook", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson"); @@ -255,9 +239,9 @@ /** * Toggles the release mark flag for a lesson. */ - @RequestMapping("/toggleReleaseMarks") + @RequestMapping(path = "/toggleReleaseMarks", method = RequestMethod.POST) @ResponseBody - public String toggleReleaseMarks(HttpServletRequest request, HttpServletResponse response) throws Exception { + public String toggleReleaseMarks(HttpServletRequest request, HttpServletResponse response) throws IOException { Long lessonID = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); if (!securityService.isLessonMonitor(lessonID, getUser().getUserID(), "toggle release marks", false)) { response.sendError(HttpServletResponse.SC_FORBIDDEN, "User is not a monitor in the lesson"); @@ -266,15 +250,14 @@ gradebookService.toggleMarksReleased(lessonID); response.setContentType("text/plain; charset=utf-8"); return "success"; - } /** * Exports Lesson Gradebook into excel. */ @RequestMapping("/exportExcelLessonGradebook") @ResponseBody - public void exportExcelLessonGradebook(HttpServletRequest request, HttpServletResponse response) throws Exception { + public void exportExcelLessonGradebook(HttpServletRequest request, HttpServletResponse response) throws IOException { Long lessonID = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); if (!securityService.isLessonMonitor(lessonID, getUser().getUserID(), "export lesson gradebook spreadsheet", false)) { @@ -309,7 +292,7 @@ */ @RequestMapping("/exportExcelCourseGradebook") @ResponseBody - public void exportExcelCourseGradebook(HttpServletRequest request, HttpServletResponse response) throws Exception { + public void exportExcelCourseGradebook(HttpServletRequest request, HttpServletResponse response) throws IOException { Integer organisationID = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); UserDTO user = getUser(); if (!securityService.hasOrgRole(organisationID, user.getUserID(), new String[] { Role.GROUP_MANAGER }, @@ -345,7 +328,7 @@ */ @RequestMapping("/exportExcelSelectedLessons") @ResponseBody - public void exportExcelSelectedLessons(HttpServletRequest request, HttpServletResponse response) throws Exception { + public void exportExcelSelectedLessons(HttpServletRequest request, HttpServletResponse response) throws IOException { Integer organisationID = WebUtil.readIntParam(request, AttributeNames.PARAM_ORGANISATION_ID); UserDTO user = getUser(); if (!securityService.isGroupMonitor(organisationID, user.getUserID(), @@ -386,9 +369,7 @@ */ @RequestMapping("/getMarkChartData") @ResponseBody - public String getMarkChartData(HttpServletRequest request, HttpServletResponse response) - throws IOException, ServletException { - + public String getMarkChartData(HttpServletRequest request, HttpServletResponse response) throws IOException { Long lessonID = WebUtil.readLongParam(request, AttributeNames.PARAM_LESSON_ID); if (!securityService.isLessonMonitor(lessonID, getUser().getUserID(), "export lesson gradebook spreadsheet", false)) { @@ -406,7 +387,6 @@ response.setContentType("application/json;charset=utf-8"); return responseJSON.toString(); - } private UserDTO getUser() { Index: lams_gradebook/web/403.jsp =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/403.jsp (.../403.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_gradebook/web/403.jsp (.../403.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,6 +1,5 @@ -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> -<%@ taglib uri="tags-lams" prefix="lams"%> -<%@ taglib uri="tags-core" prefix="c" %> + +<%@ include file="/common/taglibs.jsp"%> Index: lams_gradebook/web/404.jsp =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/404.jsp (.../404.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_gradebook/web/404.jsp (.../404.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,6 +1,5 @@ -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> -<%@ taglib uri="tags-lams" prefix="lams"%> -<%@ taglib uri="tags-core" prefix="c" %> + +<%@ include file="/common/taglibs.jsp"%> Index: lams_gradebook/web/WEB-INF/web.xml =================================================================== diff -u -rb935721d25817b83c29d3166a7fa9b4b9b7d3785 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/WEB-INF/web.xml (.../web.xml) (revision b935721d25817b83c29d3166a7fa9b4b9b7d3785) +++ lams_gradebook/web/WEB-INF/web.xml (.../web.xml) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -75,6 +75,10 @@ UTF-8 + + CSRFGuard + org.owasp.csrfguard.CsrfGuardFilter + SystemSessionFilter @@ -88,6 +92,10 @@ HibernateFilter /* + + CSRFGuard + *.do + @@ -190,6 +198,13 @@ tags-lams /WEB-INF/tlds/lams/lams.tld + + + + + csrfguard + /WEB-INF/tlds/security/csrfguard.tld + Index: lams_gradebook/web/common/taglibs.jsp =================================================================== diff -u --- lams_gradebook/web/common/taglibs.jsp (revision 0) +++ lams_gradebook/web/common/taglibs.jsp (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -0,0 +1,8 @@ +<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%> +<%@ taglib uri="csrfguard" prefix="csrf" %> +<%@ taglib uri="tags-core" prefix="c"%> +<%@ taglib uri="tags-function" prefix="fn" %> +<%@ taglib uri="tags-fmt" prefix="fmt"%> +<%@ taglib uri="tags-lams" prefix="lams"%> +<%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> + \ No newline at end of file Index: lams_gradebook/web/error.jsp =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/error.jsp (.../error.jsp) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_gradebook/web/error.jsp (.../error.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,11 +1,8 @@ -<%@ page language="java" isErrorPage="true" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%> -<%@ taglib uri="tags-lams" prefix="lams"%> -<%@ taglib uri="tags-core" prefix="c"%> -<%@ taglib uri="tags-fmt" prefix="fmt"%> + +<%@ include file="/common/taglibs.jsp"%> <%@ page import="org.lamsfoundation.lams.util.Configuration" import="org.lamsfoundation.lams.util.ConfigurationKeys" %> - Index: lams_gradebook/web/errorContent.jsp =================================================================== diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/errorContent.jsp (.../errorContent.jsp) (revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02) +++ lams_gradebook/web/errorContent.jsp (.../errorContent.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,9 +1,6 @@ -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> - -<%@ taglib uri="tags-lams" prefix="lams" %> -<%@ taglib uri="tags-fmt" prefix="fmt" %> - +<%@ include file="/common/taglibs.jsp"%> + Index: lams_gradebook/web/gradebookCourseLearner.jsp =================================================================== diff -u -r62aaf160878735888d077bf28fac3c1989bb8fbd -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/gradebookCourseLearner.jsp (.../gradebookCourseLearner.jsp) (revision 62aaf160878735888d077bf28fac3c1989bb8fbd) +++ lams_gradebook/web/gradebookCourseLearner.jsp (.../gradebookCourseLearner.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,10 +1,6 @@ +<%@ include file="/common/taglibs.jsp"%> -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%> -<%@ taglib uri="tags-lams" prefix="lams"%> -<%@ taglib uri="tags-fmt" prefix="fmt"%> -<%@ taglib uri="tags-core" prefix="c"%> - Course Gradebook Learner Index: lams_gradebook/web/gradebookCourseMonitor.jsp =================================================================== diff -u -r36dd665e11edc512f2cc27c9c6ebf0f5ade9480a -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/gradebookCourseMonitor.jsp (.../gradebookCourseMonitor.jsp) (revision 36dd665e11edc512f2cc27c9c6ebf0f5ade9480a) +++ lams_gradebook/web/gradebookCourseMonitor.jsp (.../gradebookCourseMonitor.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,10 +1,6 @@ +<%@ include file="/common/taglibs.jsp"%> -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8"%> -<%@ taglib uri="tags-lams" prefix="lams"%> -<%@ taglib uri="tags-fmt" prefix="fmt"%> -<%@ taglib uri="tags-core" prefix="c"%> - <fmt:message key="gradebook.title.window.courseMonitor"/> @@ -93,11 +89,11 @@ }, subGrid: true, subGridRowExpanded: function(subgrid_id, row_id) { - var subgrid_table_id; - var lessonID = jQuery("#organisationGrid").getRowData(row_id)["id"]; - subgrid_table_id = subgrid_id+"_t"; - jQuery("#"+subgrid_id).html("
"); - jQuery("#"+subgrid_table_id).jqGrid({ + var subgrid_table_id = subgrid_id+"_t"; + lessonID = jQuery("#organisationGrid").getRowData(row_id)["id"]; + + jQuery("#"+subgrid_id).html("
"); + jQuery("#"+subgrid_table_id).jqGrid({ guiStyle: "bootstrap", iconSet: 'fontAwesome', autoencode:false, @@ -107,7 +103,7 @@ autowidth:true, cmTemplate: { title: false }, cellEdit:true, - cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?lessonID=" + lessonID, + cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?&lessonID=" + lessonID, sortorder: "asc", sortname: "rowName", pager: subgrid_table_id + "_pager", @@ -312,10 +308,9 @@ //modify cellurl setting to include lessonid var lessonID = jQuery("#"+subgrid_table_id).getRowData(rowid)["id"]; - $("#"+subgrid_table_id).setGridParam({cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?lessonID=" + lessonID + "&id=" + userID}); + $("#"+subgrid_table_id).setGridParam({cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?&lessonID=" + lessonID + "&id=" + userID}); }, afterSaveCell: function(rowid, cellname,value, iRow, iCol) { - var currRowData = jQuery("#"+subgrid_table_id).getRowData(rowid); if (cellname == "mark") { @@ -349,7 +344,7 @@ $("#export-course-button").click(function() { var areaToBlock = "export-link-area"; - var exportExcelUrl = "gradebookMonitoring/exportExcelCourseGradebook.do?organisationID=${organisationID}"; + var exportExcelUrl = "gradebookMonitoring/exportExcelCourseGradebook.do?&organisationID=${organisationID}"; blockExportButton(areaToBlock, exportExcelUrl, languageLabelWait); return false; @@ -368,7 +363,7 @@ var areaToBlock = "select-lessons-area"; var simplified = jQuery("#export-selected-simplified").prop('checked'); simplified = "simplified="+simplified; - var exportExcelUrl = "gradebookMonitoring/exportExcelSelectedLessons.do?"+simplified+"&organisationID=${organisationID}" + lessonIds; + var exportExcelUrl = "gradebookMonitoring/exportExcelSelectedLessons.do?&"+simplified+"&organisationID=${organisationID}" + lessonIds; blockExportButton(areaToBlock, exportExcelUrl, languageLabelWait); } Index: lams_gradebook/web/gradebookMonitor.jsp =================================================================== diff -u -r9f491bfb157944ee893c52fa819fad27de872f51 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/gradebookMonitor.jsp (.../gradebookMonitor.jsp) (revision 9f491bfb157944ee893c52fa819fad27de872f51) +++ lams_gradebook/web/gradebookMonitor.jsp (.../gradebookMonitor.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,10 +1,6 @@ +<%@ include file="/common/taglibs.jsp"%> -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> -<%@ taglib uri="tags-lams" prefix="lams" %> -<%@ taglib uri="tags-fmt" prefix="fmt"%> -<%@ taglib uri="tags-core" prefix="c"%> - ${not empty weights} @@ -74,9 +70,7 @@ } - function toggleRelease() { - var conf; if (marksReleased) { conf = confirm(""); @@ -85,21 +79,27 @@ } if (conf) { - $.get("gradebook/gradebookMonitoring/toggleReleaseMarks.do", {lessonID:"${lessonDetails.lessonID}"}, function(xml) { - var str = new String(xml) - if (str.indexOf("success") != -1) { - - if (marksReleased) { - marksReleased = false; - } else { - marksReleased = true; - } - displayReleaseOption(); - } else { - - alert(""); - } - }); + $.post( + "gradebook/gradebookMonitoring/toggleReleaseMarks.do", + { + "":"", + lessonID:"${lessonDetails.lessonID}" + }, + function(xml) { + var str = new String(xml) + if (str.indexOf("success") != -1) { + if (marksReleased) { + marksReleased = false; + } else { + marksReleased = true; + } + displayReleaseOption(); + + } else { + alert(""); + } + } + ); } } @@ -118,7 +118,6 @@ } jQuery(document).ready(function(){ - var jqgridWidth = $(window).width() - 100; displayReleaseOption(); @@ -141,7 +140,7 @@ pager: 'userViewPager', rowList:[10,20,30,40,50,100], rowNum:10, - cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?lessonID=${lessonDetails.lessonID}", + cellurl: "gradebook/gradebookMonitoring/updateUserLessonGradebookData.do?&lessonID=${lessonDetails.lessonID}", colNames:["", "", "", @@ -177,12 +176,13 @@ }, subGrid: true, subGridRowExpanded: function(subgrid_id, row_id) { - var subgrid_table_id = subgrid_id+"_t", + var subgrid_table_id = subgrid_id+"_t", rowData = jQuery("#userView").getRowData(row_id), userID = rowData["id"], hasArchivedMarks = rowData["hasArchivedMarks"] == "true"; - jQuery("#"+subgrid_id).html("
"); - jQuery("#"+subgrid_table_id).jqGrid({ + + jQuery("#"+subgrid_id).html("
"); + jQuery("#"+subgrid_table_id).jqGrid({ guiStyle: "bootstrap", iconSet: 'fontAwesome', autoencode:false, @@ -197,7 +197,7 @@ rowNum:10, sortorder: "asc", sortname: "sequence", - cellurl: "gradebook/gradebookMonitoring/updateUserActivityGradebookData.do?lessonID=${lessonDetails.lessonID}&view=monUserView&userID=" + userID, + cellurl: "gradebook/gradebookMonitoring/updateUserActivityGradebookData.do?&lessonID=${lessonDetails.lessonID}&view=monUserView&userID=" + userID, colNames: [ '', '', @@ -293,11 +293,18 @@ } // Update the aggregated lesson mark - $.get("/gradebook/gradebook/getLessonMarkAggregate.do", {lessonID:"${lessonDetails.lessonID}", userID:row_id}, function(xml) { - if (xml!=null) { - jQuery("#userView").setCell(row_id, "mark", xml, "", ""); - } - }); + $.get( + "/gradebook/gradebook/getLessonMarkAggregate.do", + { + lessonID:"${lessonDetails.lessonID}", + userID:row_id + }, + function(xml) { + if (xml!=null) { + jQuery("#userView").setCell(row_id, "mark", xml, "", ""); + } + } + ); } }, errorCell: function(serverresponse, status) { @@ -490,7 +497,7 @@ autowidth:true, cmTemplate: { title: false }, cellEdit:true, - cellurl: "gradebook/gradebookMonitoring/updateUserActivityGradebookData.do?lessonID=${lessonDetails.lessonID}&view=monActivityView&activityID=" + activityID, + cellurl: "gradebook/gradebookMonitoring/updateUserActivityGradebookData.do?&lessonID=${lessonDetails.lessonID}&view=monActivityView&activityID=" + activityID, sortorder: "asc", sortname: "fullName", pager: subgrid_table_id + "_pager", @@ -585,11 +592,15 @@ } // Update the average activity mark - $.get("/gradebook/gradebook/getActivityMarkAverage.do", {activityID:row_id}, function(xml) { - if (xml!=null) { - jQuery("#activityView").setCell(row_id, "avgMark", xml, "", ""); - } - }); + $.get( + "/gradebook/gradebook/getActivityMarkAverage.do", + {activityID:row_id}, + function(xml) { + if (xml!=null) { + jQuery("#activityView").setCell(row_id, "avgMark", xml, "", ""); + } + } + ); } }, errorCell: function(serverresponse, status) { @@ -667,7 +678,7 @@ $("#export-grades-button").click(function() { var areaToBlock = "export-link-area"; - var exportExcelUrl = "gradebookMonitoring/exportExcelLessonGradebook.do?lessonID=${lessonDetails.lessonID}"; + var exportExcelUrl = "gradebookMonitoring/exportExcelLessonGradebook.do?&lessonID=${lessonDetails.lessonID}"; var languageLabelWait = ""; // if exportSpan is hidden then icon only mode, use small font. blockExportButton(areaToBlock, exportExcelUrl, languageLabelWait, $("#exportSpan:hidden").length > 0); Index: lams_gradebook/web/includes/javascript/blockexportbutton.js =================================================================== diff -u -r7475d08afc280b5e2e5ddf04e8bf35e3166aaf80 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/includes/javascript/blockexportbutton.js (.../blockexportbutton.js) (revision 7475d08afc280b5e2e5ddf04e8bf35e3166aaf80) +++ lams_gradebook/web/includes/javascript/blockexportbutton.js (.../blockexportbutton.js) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -32,7 +32,21 @@ $('#' + areaToBlock).unblock(); } }, 1000); - - document.location.href = exportExcelUrl + "&downloadTokenValue=" + token; + + //dynamically create a form and submit it + var form = $('
'); + form.attr("method", "post"); + form.attr("action", exportExcelUrl); + + var hiddenField = $(''); + hiddenField.attr("type", "hidden"); + hiddenField.attr("name", "downloadTokenValue"); + hiddenField.attr("value", token); + form.append(hiddenField); + + // The form needs to be a part of the document in order to be submitted + $(document.body).append(form); + form.submit(); + return false; } Index: lams_gradebook/web/msgContent.jsp =================================================================== diff -u -r37bb2ae017713b44cdfd6a55cfceca28c3efab02 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_gradebook/web/msgContent.jsp (.../msgContent.jsp) (revision 37bb2ae017713b44cdfd6a55cfceca28c3efab02) +++ lams_gradebook/web/msgContent.jsp (.../msgContent.jsp) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -1,9 +1,6 @@ -<%@ page language="java" pageEncoding="UTF-8" contentType="text/html;charset=utf-8" %> - -<%@ taglib uri="tags-lams" prefix="lams" %> -<%@ taglib uri="tags-fmt" prefix="fmt" %> - +<%@ include file="/common/taglibs.jsp"%> + Index: lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/AuthoringController.java =================================================================== diff -u -r845b503553ad948cb5db7b89950f7c5251ada5d7 -r0933451e694b19886dd20e2962fc984e997dbf6e --- lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/AuthoringController.java (.../AuthoringController.java) (revision 845b503553ad948cb5db7b89950f7c5251ada5d7) +++ lams_tool_preview/src/java/org/lamsfoundation/lams/tool/peerreview/web/controller/AuthoringController.java (.../AuthoringController.java) (revision 0933451e694b19886dd20e2962fc984e997dbf6e) @@ -173,7 +173,7 @@ * all peer review item, information etc. */ @SuppressWarnings("unchecked") - @RequestMapping("/update") + @RequestMapping(path = "/update", method = RequestMethod.POST) public String updateContent(@ModelAttribute PeerreviewForm peerreviewForm, HttpServletRequest request, HttpSession session) throws IllegalAccessException, InvocationTargetException, NoSuchMethodException {