Menu
▾
▴
Re: [WWdevel] New Message: Re: Some Gateway Questions
|
From: Sam H. <sh...@ma...> - 2006-10-18 14:36:47
|
> Sam, Mike and Gavin, > > I think I have a working snapshot of this now. I've uploaded the > modified files to > > http://moodle.math.wvu.edu/code/WWIPRestrict.tgz > > I made changes to > > lib/WeBWork/ContentGenerator/GatewayQuiz.pm > lib/WeBWork/ContentGenerator/Instructor/ProblemSetDetail.pm > lib/WeBWork/DB/Record/Set.pm > lib/WeBWork/DB/REcord/UserSet.pm > > and included them in the archive in their locations. Diff should > show the changes but let me know and I can give you an overview. > I've tested it here and have the behavior I was looking for. I have > some concerns about students being able to view the tests after > they submit them for grading but I'll work on that next. > > As a quick overview, there is a new field in the gateway set detail > edit page called IP Range that writes to a field in the database > called IP_block. I added this field by hand to the course _set and > _set_user tables as varchar(20) fields. I then added a function to > GatewayQuiz.pm called can_usecomputer and wrapped the pre_header > conditional with a test conditional for the IP address. Anyway, let > me know what you think. Hi Eddie, Your modifications look good. Just a few comments: > + IP_block I'd prefer if the database field you're adding was in all lowercase -- "ip_block" rather than "IP_block" -- c.f. "user_id". Also, "ip_block" is somewhat confusing, since it could also be interpreted as a list of IP addresses to block. Maybe "allow_ip"? (With a corresponding "deny_ip" to be added in the future if the need arises.) Also, take a look at bin/wwdb_upgrade. You should define a database version that adds the field to the appropriate tables. > + #get client IP and mask, split into quartets > + my @IP = split( /\./ , Apache->request->connection- > >remote_ip); This won't work with Apache 2 as written. The solution is to use the existing WeBWorK::Request object $self->r rather than Apache- >request. WeBWorK::Request inherits from Apache::Request or Apache2::Request depending on the mod_perl version. Both support - >connection->remote_ip. > + #this is kludgey and won't work as is with IPv6; probably > should add Net::IP module > + #compare each quartet in sequence from left to right; look > for wildcards I agree. It would also be nice to support more IP formats. Apache's Allow directive supports: * "A (partial) domain-name" -- might be kinda annoying to implement, since we'd have to do DNS lookups. It would be useful though, e.g. ".mathlab.yourschool.edu". * "A full IP address" -- supported right now. * "A partial IP address" -- supported right now, except wildcards are required. * "A network/netmask pair" -- maybe useful, but the next one is just as good: * "A network/nnn CIDR specification" -- useful. It looks like Net::IP would be able to do most of these. Now that I think about it, the domain-name one is just a matter of doing a reverse lookup of the remote IP and matching the string to it. Supporting a list of IPs/ranges would be nice too -- consider a quiz being given in two different labs. > +} else { ## not an allowed IP address > + $self->{invalidSet} = "Your computer at IP address " . > + Apache->request->connection->remote_ip . > + " is not authorized to take this exam."; > +} I think we're calling these "sets", not "exams". These names should be customizable at some point, but until then consistency is preferred. At some point, the IP checking code should probably go into a utility module, so we can use it in multiple modules. I'm thinking that normal (non-gateway) sets should be able to use IP limits as well. Let me know what you think. -sam |
