Integrate student_teams and invitations controller

Dockerfile

@@ -21,4 +21,4 @@ RUN bundle install
 EXPOSE 3002 
 
 # Set the entry point
-ENTRYPOINT ["/app/setup.sh"]
+ENTRYPOINT ["/app/setup.sh"]

app/controllers/bookmarks_controller.rb

@@ -2,7 +2,7 @@ class BookmarksController < ApplicationController
   rescue_from ActiveRecord::RecordNotFound, with: :not_found
 
   def action_allowed?
-    has_privileges_of?('Student')
+    current_user_has_student_privileges?
   end
   # Index method returns the list of JSON objects of the bookmark
   # GET on /bookmarks

app/controllers/concerns/authorization.rb

@@ -17,7 +17,7 @@ def authorize
 
   # Check if all actions are allowed
   def all_actions_allowed?
-    return true if has_privileges_of?('Super Administrator')
+    return true if current_user_has_super_admin_privileges?
     action_allowed?
   end
 
@@ -27,25 +27,13 @@ def action_allowed?
     true
   end
 
-  # Checks if current user has the required role or higher privileges
-  # @param required_role [Role, String] The minimum role required (can be Role object or role name)
-  # @return [Boolean] true if user has required role or higher privileges
-  # @example
-  #   has_privileges_of?('Administrator') # checks if user is an admin or higher
-  #   has_privileges_of?(Role::INSTRUCTOR) # checks if user is an instructor or higher
-  def has_privileges_of?(required_role)
-    required_role = Role.find_by_name(required_role) if required_role.is_a?(String)
-    current_user&.role&.all_privileges_of?(required_role) || false
-  end
-
-  # Unlike has_privileges_of? which checks for role hierarchy and privilege levels,
   # this method checks if the user has exactly the specified role
   # @param role_name [String, Role] The exact role to check for
   # @return [Boolean] true if user has exactly this role, false otherwise
   # @example
-  #   has_role?('Student') # true only if user is exactly a student
-  #   has_role?(Role::INSTRUCTOR) # true only if user is exactly an instructor
-  def has_role?(required_role)
+  #   current_user_has_role?('Student') # true only if user is exactly a student
+  #   current_user_has_role?(Role::INSTRUCTOR) # true only if user is exactly an instructor
+  def current_user_has_role?(required_role)
     required_role = required_role.name if required_role.is_a?(Role)
     current_user&.role&.name == required_role
   end
@@ -233,16 +221,28 @@ def current_user_has_all_heatgrid_data_privileges?(assignment)
     false
   end
 
+  # responding to an invitation i.e. accepting/declining the invitation is authorized only if they are recipient of that invitation
+  def current_user_can_respond_to_invitation?(invitation)
+    user_logged_in? && invitation.to_participant.user == current_user #to_participant refers to the participant class
+  end
+
+  # retracting an invitation is authorized only if they are sender of that invitation
+  def current_user_can_retract_invitation?(invitation)
+    user_logged_in? && invitation.from_participant.user == current_user #from_participant refers to the participant class
+  end
+
+  # only sender or teammates of the sender can view the invitations
+  def current_user_can_view_invitation?(invitation)
+    user_logged_in? && TeamsParticipant.where(team: invitation.from_team).pluck(:user_id).include?(current_user.id)
+  end
+
   # PRIVATE METHODS
   private
 
   # Determine if the currently logged-in user has the privileges of the given role name (or higher privileges)
   # Let the Role model define this logic for the sake of DRY
   # If there is no currently logged-in user simply return false
   def current_user_has_privileges_of?(role_name)
-    # puts current_user_and_role_exist?
-    # puts current_user
-    # puts current_user.role.all_privileges_of?(Role.find_by(name: role_name))
     current_user_and_role_exist? && current_user.role.all_privileges_of?(Role.find_by(name: role_name))
   end
 

app/controllers/courses_controller.rb

@@ -4,7 +4,7 @@ class CoursesController < ApplicationController
   rescue_from ActionController::ParameterMissing, with: :parameter_missing
 
   def action_allowed?
-    has_privileges_of?('Instructor')
+    current_user_has_instructor_privileges?
   end
 
   # GET /courses
@@ -51,7 +51,6 @@ def destroy
   # Adds a Teaching Assistant to the course
   def add_ta
     user_id = params[:ta_id] # Use user_id from the request
-    print(user_id)
     user = User.find_by(id: user_id)
 
     course_id = params[:id]

app/controllers/grades_controller.rb

@@ -16,7 +16,7 @@ def action_allowed?
         end
     end
 
-    # index (GET /api/v1/grades/:assignment_id/view_all_scores)
+    # index (GET /grades/:assignment_id/view_all_scores)
     # returns all review scores and computed heatmap data for the given assignment (instructor/TA view).
     def view_all_scores    
         @assignment = Assignment.find(params[:assignment_id])
@@ -38,7 +38,7 @@ def view_all_scores
     end
 
 
-    # view_our_scores (GET /api/v1/grades/:assignment_id/view_our_scores)
+    # view_our_scores (GET /grades/:assignment_id/view_our_scores)
     # similar to view but scoped to the requesting student’s own team.
     # It returns the same heatmap data with reviewer identities removed, plus the list of review items.
     # renders JSON with scores, assignment, averages.
@@ -47,14 +47,14 @@ def view_our_scores
         render json: get_our_scores_data(@team)
     end
 
-    # (GET /api/v1/grades/:assignment_id/view_my_scores)
+    # (GET /grades/:assignment_id/view_my_scores)
     # similar to view but scoped to the requesting student’s own scores given by its teammates and also .
     def view_my_scores
         render json: get_my_scores_data(@participant)
     end
 
 
-    # edit (GET /api/v1/grades/:participant_id/edit)
+    # edit (GET /grades/:participant_id/edit)
     # provides data for the grade-assignment interface.
     # Given an AssignmentParticipant ID, it looks up the participant and its assignment, gathers the full list of items 
     # (via a helper like list_questions(assignment)), and computes existing peer-review scores for those items.
@@ -74,7 +74,7 @@ def edit
     end
 
 
-    # assign_grade (PATCH /api/v1/grades/:participant_id/assign_grade)
+    # assign_grade (PATCH /grades/:participant_id/assign_grade)
     # saves an instructor’s grade and feedback for a team submission.
     # The method sets team.grade_for_submission and team.comment_for_submission. 
     # This implements “assign score & give feedback” functionality for instructor.
@@ -90,7 +90,7 @@ def assign_grade
     end
 
 
-    # instructor_review (GET /api/v1/grades/:participant_id/instructor_review)
+    # instructor_review (GET /grades/:participant_id/instructor_review)
     # helps the instructor begin grading or re-grading a submission.
     # It finds or creates the appropriate review mapping for the given participant and returns JSON indicating whether to go to 
     # Response#new (no review exists yet) or Response#edit (review already exists).
@@ -116,7 +116,7 @@ def instructor_review
 
     private
 
-    # helper method used when participant_id is passed as a paramater. this will be helpful in case of instructor/TA view 
+    # helper method used when participant_id is passed as a parameter. this will be helpful in case of instructor/TA view 
     # as they need participant id to view their scores or assign grade. It will take the participant id (i.e. AssignmentParticipant ID) to set 
     # the team and assignment variables which are used inside other methods like edit, update, assign_grade
     def set_team_and_assignment_via_participant
@@ -131,7 +131,7 @@ def set_team_and_assignment_via_participant
         @assignment = @participant.assignment
     end
 
-    # helper method used when participant_id is passed as a paramater. this will be helpful in case of student view 
+    # helper method used when participant_id is passed as a parameter. this will be helpful in case of student view 
     # It will take the assignment id and the current user's id to set the participant and team variables which are used inside other methods
     # like view_our_scores and view_my_scores
     def set_participant_and_team_via_assignment

app/controllers/institutions_controller.rb

@@ -1,7 +1,7 @@
 class InstitutionsController < ApplicationController
   rescue_from ActiveRecord::RecordNotFound, with: :institution_not_found
   def action_allowed?
-    has_role?('Instructor')
+    current_user_has_role?('Instructor')
   end
   # GET /institutions
   def index