diff --git a/Rewritten-docs.md b/Rewritten-docs.md index 06430b5..2ba6049 100644 --- a/Rewritten-docs.md +++ b/Rewritten-docs.md @@ -85,10 +85,10 @@ outputs ones; provides good real world experience, but requires extensive security measures). This project focuses on the machine-controlled part of source code evaluation. -First, general concepts of grading systems are observed, new requirements are -specified and project with similar functionality are examined. Also, problems of -the software previously used at Charles University in Prague are briefly -discussed. With acquired knowledge from such projects in production, we set up +First, general concepts of grading systems are observed and problems of the +software previously used at Charles University in Prague are briefly discussed. +Then new requirements are specified and projects with similar functionality are +examined. With acquired knowledge from such projects in production, we set up goals for the new evaluation system, designed the architecture and implemented a fully operational solution based on dynamic evaluation. The system is now ready for production testing at the university. @@ -110,39 +110,33 @@ consists of following basic steps: 4. compare program outputs with predefined values 5. award the code with a numeric score -The project has a great starting point -- there is an old grading system +The whole system is intended to help both teachers (supervisors) and students. +To achieve this, it is crucial to keep in mind the typical usage scenarios of +the system and to try to make these tasks as simple as possible. To fulfil this +task, the project has a great starting point -- there is an old grading system currently used at the university (CodEx), so its flaws and weaknesses can be addressed. Furthermore, many teachers desire to use and test the new system and they are willing to consult ideas or problems during development with us. -### Intended usage +## Current system -The whole system is intended to help both teachers (supervisors) and students. -To achieve this, it is crucial to keep in mind the typical usage scenarios of -the system and to try to make these tasks as simple as possible. +The grading solution currently used at the Faculty of Mathematics and Physics of +the Charles University in Prague was implemented in 2006 by a group of students. +It is called [CodEx -- The Code Examiner](http://codex.ms.mff.cuni.cz/project/) +and it has been used with some improvements since then. The original plan was to +use the system only for basic programming courses, but there was a demand for +adapting it for many different subjects. + +CodEx is based on dynamic analysis. It features a web-based interface, where +supervisors can assign exercises to their students and the students have a time +window to submit their solutions. Each solution is compiled and run in sandbox +(MO-Eval). The metrics which are checked are: correctness of the output, time +and memory limits. It supports programs written in C, C++, C#, Java, Pascal, +Python and Haskell. The system has a database of users. Each user is assigned a role, which corresponds to his/her privileges. There are user groups reflecting the -structure of lectured courses. Groups can be hierarchically ordered to reflect -additional metadata such as the academic year. For example, a reasonable group -hierarchy could look like this: - -``` -Summer term 2016 -|-- Language C# and .NET platform -|   |-- Labs Monday 10:30 -|   `-- Labs Thursday 9:00 -|-- Programming I -|   |-- Labs Monday 14:00 - ... -``` - -In this example, students are members of the leaf groups and the higher level -nodes are just for keeping related groups together. The structure can be -modified and altered to fit specific needs of the university or any other -organization, even a flat structure is possible. One user can be a member of -multiple groups and have a different role in each of them (a student can attend -labs for several courses while also teaching one). +structure of lectured courses. A database of exercises (algorithmic problems) is another part of the project. Each exercise consists of a text describing the problem in multiple language @@ -155,30 +149,48 @@ points, a configuration for calculating the score, a maximum number of submissions, and a list of supported runtime environments (e.g. programming languages) including specific time and memory limits for each one. -Typical use cases for supported user roles are illustrated on following UML -diagram: - -![System use case diagram](https://github.com/ReCodEx/wiki/raw/master/images/System_use_case.png) - -#### Exercise evaluation chain +Typical use cases for supported user roles are following: + +- **student** + - join a group + - get assignments in group + - submit solution to assignment -- upload one source file and trigger + evaluation process + - view solution results -- which parts succeeded and failed, total number of + acquired points, bonus points +- **supervisor** + - create exercise -- create description text and evaluation configuration + (for each programming environment), upload testing inputs and outputs + - assign exercise to group -- choose exercise and set deadlines, number of + allowed submissions, weights of all testing cases and amount of points for + correct solutions + - modify assignment + - view all results in group + - check automatic solution grading -- view submitted source and optionally + set bonus points +- **administrator** + - create groups + - alter user privileges -- make supervisor accounts + - check system logs, upgrades and other management + +### Exercise evaluation chain The most important part of the system is evaluation of solutions submitted by students. Concepts of consecutive steps from source code to final results is described in more detail below to give readers solid overview of what have to happen during evaluation process. -First thing users have to do is to submit their solutions through some user -interface. Then, the system checks assignment invariants (deadlines, count of -submissions, ...) and stores submitted files. The runtime environment is -automatically detected based on input files and a suitable evaluation +First thing users have to do is to submit their solutions through web user +interface. The system checks assignment invariants (deadlines, count of +submissions, ...) and stores the submitted file. The runtime environment is +automatically detected based on input file and a suitable evaluation configuration variant is chosen (one exercise can have multiple variants, for example C and Java languages). This exercise configuration is then used for taking care of evaluation process. -There is a pool of worker computers dedicated to evaluation jobs. Each one of -them can support different environments and programming languages to allow -testing programs for as many platforms as possible. Incoming jobs are scheduled -to a worker that is capable of running the job. +There is a pool of uniform worker engines dedicated to evaluation jobs. Incoming +jobs are kept in a queue until a free worker picks them. Worker is capable of +sequential evaluation of jobs, one at a time. The worker obtains the solution and its evaluation configuration, parses it and starts executing the contained instructions. It is crucial to keep the worker @@ -192,6 +204,35 @@ was correct. The system then calculates a numeric score from this data, which is presented to the student. If the solution is wrong (incorrect output, uses too much memory,..), error messages are also displayed to the submitter. +### Weaknesses + +Current system is old, but robust. There were no major security incidents +during its production usage. However, from today's perspective there are +several drawbacks. The main ones are: + +- **web interface** -- The web interface is simple and fully functional. But + rapid development in web technologies opens new horizons of how web interface + can be made. +- **web API** -- CodEx offers a very limited XML API based on outdated + technologies that is not sufficient for users who would like to create custom + interfaces such as a command line tool or mobile application. +- **sandboxing** -- MO-Eval sandbox is based on principle of monitoring system + calls and blocking the bad ones. This can be easily done for single-threaded + applications, but proves difficult with multi-threaded ones. In present day, + parallelism is a very important area of computing, so there is requirement to + test multi-threaded applications too. +- **instances** -- Different ways of CodEx usage scenarios requires separate + instances (Programming I and II, Java, C#, etc.). This configuration is not + user friendly (students have to register in each instance separately) and + burdens administrators with unnecessary work. CodEx architecture does not + allow sharing hardware between instances, which results in an inefficient use + of hardware for evaluation. +- **task extensibility** -- There is a need to test and evaluate complicated + programs for classes such as Parallel programming or Compiler principles, + which have a more difficult evaluation chain than simple + compilation/execution/evaluation provided by CodEx. + + ## Requirements There are many different formal requirements for the system. Some of them @@ -203,62 +244,80 @@ from administrators and supervisors. The ideas were gathered mostly from our personal experience with the system and from meetings with faculty staff involved with the current system. -For clear arrangement all the requirements and wishes are presented grouped by -categories. +In general, CodEx features should be preserved, so only differences are +presented here. For clear arrangement all the requirements and wishes are +presented grouped by categories. ### System features System features represents directly accessible functionality to users of the -system. They describe the evaluation system in general and also university +system. They describe the evaluation system in general and also university addons (mostly administrative features). -<<<<<<< HEAD #### Requirements of the users -======= -#### End user requirements ->>>>>>> 87e4bcd39a4fca3eadbb4748e9a3b6ced2bd7150 - -- users have their own accounts in the system -- system users can be members of multiple groups (reflecting courses or labs) -- there is a database of exercises; teachers can create exercises including - textual description, sample inputs and correct reference outputs (for example - "sum all numbers from given file and write the result to the standard output") -- there is a list of assigned exercises in each group and an interface to submit - a solution; teachers can assign an existing exercise to their class with some - specific properties set (deadlines, etc.) -- users can see a list of submitted solutions for each assignment with - corresponding results -- teachers can specify way of computation grading points which will be awarded - to the students depending on the quality of his/her solution for each - assignment extra -- teachers can view detailed data about their students (users of a their groups) - including all submitted solutions; also, each of the solution can be manually - reviewed, commented and assigned additional points (positive or negative) -- one particular solution can be marked as accepted (used for grading this - assignment); otherwise, the solution with most points is used -- teacher can edit student solution and privately resubmit it; optionally saving - all results (including temporary ones) -- localization of all texts (user interface (UI) and exercises) -- Markdown support for creating exercise texts -- tagging exercises in database and search by these tags -- comments, comments, comments (exercises, tests, solutions, ...) -- plagiarism detection + +- _group hierarchy_ -- creating an arbitrarily nested tree structure should be + supported to allow keeping related groups together, such as in the example + below. A group hierarchy also allows archiving data from past courses. + +``` + Summer term 2016 + |-- Language C# and .NET platform + | |-- Labs Monday 10:30 + | `-- Labs Thursday 9:00 + |-- Programming I + | |-- Labs Monday 14:00 + ... +``` + +- _a database of exercises_ -- teachers should be able to create exercises + including textual description, sample inputs and correct reference outputs + (for example "sum all numbers from given file and write the result to the + standard output") and to browse this database +- _customizable grading system_ -- teachers need to specify the way of + computation of the final score, which will be awarded to the student's + submissions depending on their quality +- _viewing student details_ -- teachers should be able to view the details of + their students (members of their groups), including all submitted solutions +- _awarding additional points_ -- adding (or subtracting) points from the final + score of a submission by a supervisor must be supported +- _marking a solution as accepted_ -- the system should allow marking one + particular solution as accepted (used for grading the assignment) by the + supervisor +- _solution resubmission_ -- teachers should be able edit student's solutions + and privately resubmit them, optionally saving all results (including + temporary ones); this feature can be used to quickly fix errors in the + solution +- _localization_ -- all texts (UI and exercises) should be translatable +- _formatted exercise texts_ -- Markdown or another lightweight markup language + should be supported for formatting exercise texts +- _exercise tags_ -- the system should support tagging exercises searching by + these tags +- _comments_ -- adding both private and public comments to exercises, tests and + solutions should be supported +- _plagiarism detection_ #### Administrative requirements -- users can use an intuitive user interface for interaction with the system, - mainly for viewing assigned exercises, uploading their own solutions to the - assignments, and viewing the results of the solutions after an automatic - evaluation is finished; the two wanted interfaces are web and command-line - based -- user privilege separation (at least two roles -- _student_ and _supervisor_) -- logging in through a university authentication system (e.g. LDAP) -- SIS (university information system) integration for fetching personal user - data -- safe environment in which the students' solutions are executed -- support for multiple programming environments at once to avoid unacceptable - workload for administrator (maintain separate installation for every course) - and high hardware occupation +- _pluggable user interface_ -- the system should allow using an alternative + user interface, such as a command line client; implementation of such clients + should be as straightforward as possible +- _privilege separation_ -- there should be at least two roles -- _student_ and + _supervisor_. Cases when a student of a course is also a teacher of another + lab must be handled correctly +- _alternate authentication methods_ -- logging in through a university + authentication system (e.g. LDAP) and potentially other services, such as + OAuth, should be supported +- _querying SIS_ -- loading user data from the university information system + should be supported +- _sandboxing_ -- there should be a safe environment in which the students' + solutions are executed to prevent system failures due to malicious code being + submitted; the sandboxed environment should have the least possible impact on + measurement results (most importantly on measured times) +- _heterogeneous worker pool_ -- there must be support for submission evaluation + in multiple programming environments in a single installation to avoid + unacceptable workload for the administrator (maintaining a separate + installation for every course) and high hardware occupation - advanced low-level evaluation flow configuration with high-level abstraction layer for ordinary configuration cases; the configuration should be able to express more complicated flows than just compiling a source code and running @@ -267,85 +326,47 @@ addons (mostly administrative features). another tool and perform additional tests - use of modern technologies with state-of-the-art compilers -### Technical details - -Technical details are requirements of technical character with no direct mapping -to visible parts of system. In ideal word, users should not know about these if -they work properly, but would be at least annoyed if these requirements were not -met. Most notably they are these ones: - -- user interface of the system accessible on users' computers without - installation of any kind of additional software -- easy implementation of different user interfaces -- be ready for workload hundreds of students and tens of supervisors -- automated installation of all components -- source code with permissive license allowing further development; this also - applies on used libraries and frameworks -- multi-platform worker supporting at least two major operating systems +### Non-functional requirements + +Non-functional requirements are requirements of technical character with no +direct mapping to visible parts of the system. In an ideal world, users should +not know about these features if they work properly, but would be at least +annoyed if they did not. + +- _no installation_ -- the primary user interface of the system must be + accessible on users' computers without the need to install any additional + software +- _performance_ -- the system must be ready for at least hundreds of students + and tens of supervisors using it at once +- _automated deployment_ -- all of the components of the system must be easy to + deploy in an automated fashion +- _open source licensing_ -- the source code should be released under a + permissive license allowing further development; this also applies to used + libraries and frameworks +- _multi-platform worker_ -- worker machines running Linux, Windows and + potentially other operating systems must be supported ### Conclusion The survey shows that there are a lot of different requirements and wishes for -the new system. When the system is ready it is likely that there will be new +the new system. When the system is ready, it is likely that there will be new ideas of how to use the system and thus the system must be designed to be easily -extendable, so everyone can develop their own feature. This also means that -widely used programming languages and techniques should be used, so users can -quickly understand the code and make changes. +extendable, so that these new ideas can be easily implemented, either by us or +community members. This also means that widely used programming languages and +techniques should be used, so that users can quickly understand the code and +make changes. -To find out the current state in the field of automatic grading systems we did a -short market survey on the field of automatic grading systems at universities, +## Related work + +To find out the current state in the field of automatic grading systems, we did +a short market survey on the field of automatic grading systems at universities, programming contests, and possibly other places where similar tools are available. - -## Related work - This is not a complete list of available evaluators, but only a few projects which are used these days and can be an inspiration for our project. Each project from the list has a brief description and some key features mentioned. -### CodEx - -Currently used grading solution at the Faculty of Mathematics and Physics of -the Charles University in Prague which was implemented in 2006 by a group -of students. It is called [CodEx -- The Code Examiner](http://codex.ms.mff.cuni.cz/project/) -and it has been used with some improvements since then. The original plan was -to use the system only for basic programming courses, but there was a demand -for adapting it for many different subjects. - -CodEx is based on dynamic analysis. It features a web-based interface, where -supervisors can assign exercises to their students and the students have a time -window to submit their solutions. Each solution is compiled and run in sandbox -(MO-Eval). The metrics which are checked are: correctness of the output, time -and memory limits. It supports programs written in C, C++, C#, Java, Pascal, -Python and Haskell. - -Current system is old, but robust. There were no major security incidents -during its production usage. However, from today's perspective there are -several drawbacks. The main ones are: - -- **web interface** -- The web interface is simple and fully functional. But - rapid development in web technologies opens new horizons of how web interface - can be made. -- **web API** -- CodEx offers a very limited XML API based on outdated - technologies that is not sufficient for users who would like to create custom - interfaces such as a command line tool or mobile application. -- **sandboxing** -- MO-Eval sandbox is based on principle of monitoring system - calls and blocking the bad ones. This can be easily done for single-threaded - applications, but proves difficult with multi-threaded ones. In present day, - parallelism is a very important area of computing, so there is requirement to - test multi-threaded applications too. -- **instances** -- Different ways of CodEx usage scenarios requires separate - instances (Programming I and II, Java, C#, etc.). This configuration is not - user friendly (students have to register in each instance separately) and - burdens administrators with unnecessary work. CodEx architecture does not - allow sharing hardware between instances, which results in an inefficient use - of hardware for evaluation. -- **task extensibility** -- There is a need to test and evaluate complicated - programs for classes such as Parallel programming or Compiler principles, - which have a more difficult evaluation chain than simple - compilation/execution/evaluation provided by CodEx. - ### Progtest [Progtest](https://progtest.fit.cvut.cz/) is private project of [FIT @@ -909,10 +930,10 @@ protocol between these two logical parts will be described as well. ## Implementation analysis When developing a project like ReCodEx there has to be some discussion over -implementation details and how to solve some particular problems properly. -This discussion is a never ending story which is done through the whole -development process. Some of the most important implementation problems or -interesting observations will be discussed in this chapter. +implementation details and how to solve some particular problems properly. This +discussion is a never ending story which goes on through the whole development +process. Some of the most important implementation problems or interesting +observations will be discussed in this chapter. ### General communication @@ -1721,807 +1742,786 @@ applications. -# The Backend +# User documentation -The backend is the part which is hidden to the user and which has only -one purpose: evaluate user’s solutions of their assignments. +@todo: Describe different scenarios of the usage of the Web App -@todo: describe the configuration inputs of the Backend +@todo: Describe the requirements of running the web application (modern web browser, enabled CSS, JavaScript, Cookies & Local storage) -@todo: describe the outputs of the Backend +## Terminology -@todo: describe how the backend receives the inputs and how it -communicates the results +@todo: Describe the terminology: Instance, User, Group, Student, +Supervisor, Admin -## Components +## General basics -Whole backend is not just one service/component, it is quite complex system on its own. +@todo: actions which are available for all users -@todo: describe the inner parts of the Backend (and refer to the Wiki -for the technical description of the components) +@todo: how to solve problems with ReCodEx, first supervisors, then administrators, etc... -### Broker +### First steps in ReCodEx -@todo: gets stuff done, single point of failure and center point of ReCodEx universe +You can create an account if you click on the “*Create account*” menu +item in the left sidebar. You can choose between two types of +registration methods – by creating a local account with a specific +password, or pairing your new account with an existing CAS UK account. -### Fileserver +If you decide a new “*local*” account using the “*Create ReCodEx +account*” form, you will have to provide your details and choose a +password for your account. You will later sign in using your email +address as your username and the password you select. -@todo: stores particular data from frontend and backend, hashing, HTTP API +If you decide to use the CAS UK, then we will verify your credentials +and access your name and email stored in the system and create your +account based on this information. You can change your personal +information or email later on the “*Settings*” page. -### Worker +When creating your account both ways, you must select an instance your +account will belong to by default. The instance you will select will be +most likely your university or other organization you are a member of. -@todo: describe a bit of internal structure in general +To log in, go to the homepage of ReCodEx and in the left sidebar choose +the menu item “*Sign in*”. Then you must enter your credentials into one +of the two forms – if you selected a password during registration, then +you should sign with your email and password in the first form called +“*Sign into ReCodEx*”. If you registered using the Charles University +Authentication Service (CAS), you should put your student’s number and +your CAS password into the second form called “Sign into ReCodEx using +CAS UK”. -@todo: describe how jobs are generally executed +There are several options you can edit in your user account: -### Monitor +- changing your personal information (i.e., name) +- changing your credentials (email and password) +- updating your preferences (e.g., source code viewer/editor settings, + default language) -@todo: not necessary component which can be omitted, proxy-like service +You can access the settings page through the “*Settings*” button right +under your name in the left sidebar. -## Backend internal communication +If you don’t use ReCodEx for a whole day, you will be logged out +automatically. However, we recommend you sign out of the application +after you finished your interaction with it. The logout button is placed +in the top section of the left sidebar right under your name. You will +have to expand the sidebar with a button next to the “*ReCodEx*” title +(shown in the picture below). -@todo: internal backend communication, what communicates with what and why +### Forgotten password -The Frontend -============ +If you can’t remember your password and you don’t use CAS UK +authentication, then you can reset your password. You will find a link +saying “*You cannot remember what your password was? Reset your +password.*” under the sign in form. After you click on this link, you +will be asked to submit your email address. An email with a link +containing a special token will be sent to the address you fill in. We +make sure that the person who requested password resetting is really +you. When you click on the link (or you copy & paste it into your web +browser) you will be able to select a new password for your account. The +token is valid only for a couple of minutes, so do not forget to reset +the password as soon as possible, or you will have to request a new link +with a valid token. -The frontend is the part which is visible to the user of ReCodEx and -which holds the state of the system – the user accounts, their roles in -the system, the database of exercises, the assignments of these -exercises to groups of users (i.e., students), and the solutions and -evaluations of them. +If you sign in through CAS UK, then please follow the instructions +provided by the administrators of the service described on their +website. -Frontend is split into three parts: -- the server-side REST API (“API”) which holds the business logic and - keeps the state of the system consistent +## Student -- the relational database (“DB”) which persists the state of the - system +@todo: describe what it means to be a “student” and what are the +student’s rights -- the client side application (“client”) which simplifies access to - the API for the common users +### Join group and start solving assignments -The centerpiece of this architecture is the API. This component receives -requests from the users and from the Backend, validates them and -modifies the state of the system and persists this modified state in the -DB. +@todo: How to join a specific group -We have created a web application which can communicate with the API -server and present the information received from the server to the user -in a convenient way. The client can be though any application, which can -send HTTP requests and receive the HTTP responses. Users can use general -applications like [cURL](https://github.com/curl/curl/), -[Postman](https://www.getpostman.com/), or create their own specific -client for ReCodEx API. +@todo: Where can the user see groups description and details, what +information is available. -Frontend capabilities ---------------------- +@todo: Where the student can find the list of the assignment he is +expected to solve, what is the first and second deadline. -@todo: describe what the frontend is capable of and how it really works, -what are the limitations and how it can be extended +@todo: How does a student submit his solution through the web app -Terminology ------------ +@todo: When the results are ready and what the results mean and what to +do about them, when the user is convinced, that his solution is correct +although the results say different -This project was created for the needs of a university and this fact is -reflected into the terminology used throughout the Frontend. A list of -important terms’ definitions follows to make the meaning unambiguous. +@todo: Describe the comments thread behavior (public/private comments), +who else can see the comments, how notifications work (*not implemented +yet*!). -### User and user roles -*User* is a person who uses the application. User is granted access to -the application once he or she creates an account directly through the -API or the web application. There are several types of user accounts -depending on the set of permissions – a so called “role” – they have -been granted. Each user receives only the most basic set of permissions -after he or she creates an account and this role can be changed only by -the administrators of the service: +## Group supervisor -- *Student* is the most basic role. Student can become member of a - group and submit his solutions to his assignments. +@todo: describe what it means to be a “supervisor” of a group and what +are the supervisors rights -- *Supervisor* can be entitled to manage a group of students. - Supervisor can assign exercises to the students who are members of - his groups and review their solutions submitted to - these assignments. +### Create groups and manage them -- *Super-admin* is a user with unlimited rights. This user can perform - any action in the system. +@todo: How does a user become a supervisor of a group? -There are two implicit changes of roles: +@todo: How to add a specific student to a given group -- Once a *student* is added to a group as its supervisor, his role is - upgraded to a *supervisor* role. +### Assigning exercises -- Once a *supervisor* is removed from the lasts group where he is a - supervisor then his role is downgraded to a *student* role. +@todo: Describe how to access the database of the exercises and what are +the possibilities of assignment setup – availability, deadlines, points, +score configuration, limits -These mechanisms do not prevent a single user being a supervisor of one -group and student of a different group as supervisors’ permissions are -superset of students’ permissions. +@todo: How can I assign some exercises only to some students of the group? Describe how to achieve this using subgroups -### Login +### Students' solutions management -*Login* is a set of user’s credentials he must submit to verify he can -be allowed to access the system as a specific user. We distinguish two -types of logins: local and external. +@todo Describe where all the students’ solutions for a given assignment +can be found, where to look for all solutions of a given student, how to +see results of a specific student’s solution’s evaluation result. -- *Local login* is user’s email address and a password he chooses - during registration. +@todo Can I assign points to my students’ solutions manually instead of depending on automatic scoring? If and how to change the score of a solution – assignment +settings, setting points, bonus points, accepting a solution (*not +implemented yet!*). Describe how the student and supervisor will still +be able to see the percentage received from the automatic scoring, but +the awarded points will be overridden. -- *External login* is a mapping of a user profile to an account of - some authentication service (e.g., [CAS](https://ldap1.cuni.cz/)). +@todo: Describe the comments thread behavior (public/private comments), +who else can see the comments -- same as from the student perspective -### Instance +### Creating exercises -*An instance* of ReCodEx is in fact just a set of groups and user -accounts. An instance should correspond to a real entity as a -university, a high-school, an IT company or an HR agency. This approach -enables the system to be shared by multiple independent organizations -without interfering with each other. +@todo: how to create exercise, what has to be provided during creation, who can create exercises -Usage of the system by the users of an instance can be limited by -possessing a valid license. It is up to the administrators of the system -to determine the conditions under which they will assign licenses to the -instances. +@todo: Describe the form and explain the concept of reference solutions. +How to evaluate the reference solutions for the exercise right now (to +get the up-to-date information). -### Group -*Group* corresponds to a school class or some other unit which gathers -users who will be assigned the same set exercises. Each group can have -multiple supervisors who can manage the students and the list of -assignments. +## Group administrator -Groups can form a tree hierarchy of arbitrary depth. This is inspired by the -hierarchy of school classes belonging to the same subject over several school -years. For example, there can be a top level group for a programming class that -contains subgroups for every school year. These groups can then by divided into -actual student groups with respect to lab attendance. Supervisors can create -subgroups of their groups and further manage these subgroups. +@todo: who is this? -### Exercise +### Creating subgroups and managing supervisors -*An exercise* consists of textual assignment of a task and a definition -of how a solution to this exercise should be processed and evaluated in -a specific runtime environment (i.e., how to compile a submitted source -code and how to test the correctness of the program). It is a template -which can be instantiated as an *assignment* by a supervisor of a group. +@todo: What it means to create a subgroup and how to do it. -### Assignment +@todo: who can add another supervisor, what would be the rights of the +second supervisor -An assignment is an instance of an *exercise* assigned to a specific -*group*. An assignment can modify the text of the task assignment and it -has some additional information which is specific to the group (e.g., a -deadline, the number of points gained for a correct solution, additional -hints for the students in the assignment). The text of the assignment -can be edited and supervisors can translate the assignment into another -language. -### Solution +## Superadministrator -*A solution* is a set of files which a user submits to a given -*assignment*. +Superadmin is user with the most priviledges and as such superadmin should be +quite unique role. Ideally there should be only one of this kind, used with +special caution and adequate security. With this stated it is obvious that +superadmin can perform any action the API is capable of. -### Submission +### Users management -*A submission* corresponds to a *solution* being evaluated by the -Backend. A single *solution* can be submitted repeatedly (e.g., when the -Backend encounters an error or when the supervisor changes the assignment). +There are only few roles to which users can belong in ReCodEx. Basically there +are only three: _student_, _supervisor_, and _superadmin_. Base role is student +which is assigned to every registered user. Roles are stored in database +alongside other information about user. One user always has only one role at the +time. At first startup of ReCodEx administrator should create his account and +then change role in database by hand. After that manual intervention into +database should never be needed. -### Evaluation +There is a little catch in groups and instances management. Groups can have +admins and supervisors. This setting is valid only per one particular group and +has to be separated from basic role system. This implies that supervisor in one +group can be student in another and simultaneously have global supervisor role. +Changing role from student to supervisor and back is done automatically by +application and should not be managed by hand in database! Previously stated +information can be applied to instances as well, but instances can only have +admins. -*An evaluation* is the processed report received from the Backend after -a *submission* is processed. Evaluation contains points given to the -user based on the quality of his solution measured by the Backend and -the settings of the assignment. Supervisors can review the evaluation -and add bonus points (both positive and negative) if the student -deserves some. +Roles description: -### Runtime environment +- Student -- Default role which is used for newly created accounts. Student can + join or leave public groups and submit solutions of assigned exercises. +- Supervisor -- Inherits all permissions from student role. Can manage groups to + which he/she belongs to. Supervisor can also view and change groups details, + manage assigned exercises, view students in group and their solutions for + assigned exercises. On top of that supervisor can create/delete groups too, + but only as subgroup of groups he/she belongs to. +- Superadmin -- Inherits all permissions from supervisor role. Most powerful + user in ReCodEx who should be able to do everything which is provided by + application. -*A runtime environment* defines the used programming language or tools -which are needed to process and evaluate a solution. Examples of a -runtime environment can be: -- *Linux + GCC* -- *Linux + Mono* -- *Windows + .NET 4* -- *Bison + Yacc* +## Writing job configuration -### Limits +To run and evaluate an exercise the backend needs to know the steps how to do +that. This is different for each environment (operation system, programming +language, etc.), so each of the environments needs to have separate +configuration. -A correct *solution* of an *assignment* has to pass all specified tests (mostly -checks that it yields the correct output for various inputs) and typically must -also be effective in some sense. The Backend measures the time and memory -consumption of the solution while running. This consumption of resources can be -*limited* and the solution will receive fewer points if it exceeds the given -limits in some test cases defined by the *exercise*. +Backend works with a powerful, but quite low level description of simple +connected tasks written in YAML syntax. More about the syntax and general task +overview can be found on [separate +page](https://github.com/ReCodEx/wiki/wiki/Assignments). One of the planned +features was user friendly configuration editor, but due to tight deadline and +team composition it did not make it to the first release. However, writing +configuration in the basic format will be always available and allows users to +use the full expressive power of the system. -User management ---------------- +This section walks through creation of job configuration for _hello world_ +exercise. The goal is to compile file _source.c_ and check if it prints `Hello +World!` to the standard output. This is the only test case, let's call it +**A**. -@todo: roles and their rights, adding/removing different users, how the -role of a specific user changes +The problem can be split into several tasks: -Instances and hierarchy of groups ---------------------------------- +- compile _source.c_ into _helloworld_ with `/usr/bin/gcc` +- run _helloworld_ and save standard output into _out.txt_ +- fetch predefined output (suppose it is already uploaded to fileserver) with + hash `a0b65939670bc2c010f4d5d6a0b3e4e4590fb92b` to _reference.txt_ +- compare _out.txt_ and _reference.txt_ by `/usr/bin/diff` -@todo: What is an instance, how to create one, what are the licenses and -how do they work. Why can the groups form hierarchies and what are the -benefits – what it means to be an admin of a group, hierarchy of roles -in the group hierarchy. +The absolute path of tools can be obtained from system administrator. However, +`/usr/bin/gcc` is location, where the GCC binary is available almost everywhere, +so location of some tools can be (professionally) guessed. -Exercises database ------------------- +First, write header of the job to the configuration file. -@todo: How the exercises are stored, accessed, who can edit what +```{.yml} +submission: + job-id: hello-word-job + hw-groups: + - group1 +``` -### Creating a new exercise +Basically it means, that the job _hello-world-job_ needs to be run on workers +that belong to the `group_1` hardware group . Reference files are downloaded +from the default location configured in API (such as +`http://localhost:9999/exercises`) if not stated explicitly otherwise. Job +execution log will not be saved to result archive. -@todo Localized assignments, default settings +Next the tasks have to be constructed under _tasks_ section. In this demo job, +every task depends only on previous one. The first task has input file +_source.c_ (if submitted by user) already available in working directory, so +just call the GCC. Compilation is run in sandbox as any other external program +and should have relaxed time and memory limits. In this scenario, worker +defaults are used. If compilation fails, the whole job is immediately terminated +(because the _fatal-failure_ bit is set). Because _bound-directories_ option in +sandbox limits section is mostly shared between all tasks, it can be set in +worker configuration instead of job configuration (suppose this for following +tasks). For configuration of workers please contact your administrator. -### Runtime environments and hardware groups +```{.yml} +- task-id: "compilation" + type: "initiation" + fatal-failure: true + cmd: + bin: "/usr/bin/gcc" + args: + - "source.c" + - "-o" + - "helloworld" + sandbox: + name: "isolate" + limits: + - hw-group-id: group1 + chdir: ${EVAL_DIR} + bound-directories: + - src: ${SOURCE_DIR} + dst: ${EVAL_DIR} + mode: RW +``` -@todo read this later and see if it still makes sense +The compiled program is executed with time and memory limit set and the standard +output is redirected to a file. This task depends on _compilation_ task, because +the program cannot be executed without being compiled first. It is important to +mark this task with _execution_ type, so exceeded limits will be reported in +frontend. -ReCodEx is designed to utilize a rather diverse set of workers -- there can be -differences in many aspects, such as the actual hardware running the worker -(which impacts the results of measuring) or installed compilers, interpreters -and other tools needed for evaluation. To address these two examples in -particular, we assign runtime environments and hardware groups to exercises. +Time and memory limits set directly for a task have higher priority than worker +defaults. One important constraint is, that these limits cannot exceed limits +set by workers. Worker defaults are present as a safety measure so that a +malformed job configuration cannot block the worker forever. Worker default +limits should be reasonably high, like a gigabyte of memory and several hours of +execution time. For exact numbers please contact your administrator. -The purpose of runtime environments is to specify which tools (and often also -operating system) are required to evaluate a solution of the exercise -- for -example, a C# programming exercise can be evaluated on a Linux worker running -Mono or a Windows worker with the .NET runtime. Such exercise would be assigned -two runtime environments, `Linux+Mono` and `Windows+.NET` (the environment names -are arbitrary strings configured by the administrator). +It is important to know that if the output of a program (both standard and +error) is redirected to a file, the sandbox disk quotas apply to that file, as +well as the files created directly by the program. In case the outputs are +ignored, they are redirected to `/dev/null`, which means there is no limit on +the output length (as long as the printing fits in the time limit). -A hardware group is a set of workers that run on similar hardware (e.g. a -particular quad-core processor model and a SSD hard drive). Workers are assigned -to these groups by the administrator. If this is done correctly, performance -measurements of a submission should yield the same results. Thanks to this fact, -we can use the same resource limits on every worker in a hardware group. -However, limits can differ between runtime environments -- formally speaking, -limits are a function of three arguments: an assignment, a hardware group and a -runtime environment. +```{.yml} +- task-id: "execution_1" + test-id: "A" + type: "execution" + dependencies: + - compilation + cmd: + bin: "helloworld" + sandbox: + name: "isolate" + stdout: ${EVAL_DIR}/out.txt + limits: + - hw-group-id: group1 + chdir: ${EVAL_DIR} + time: 0.5 + memory: 8192 +``` -### Reference solutions +Fetch sample solution from file server. Base URL of file server is in the header +of the job configuration, so only the name of required file (its `sha1sum` in +our case) is necessary. -@todo: how to add one, how to evaluate it +```{.yml} +- task-id: "fetch_solution_1" + test-id: "A" + dependencies: + - execution + cmd: + bin: "fetch" + args: + - "a0b65939670bc2c010f4d5d6a0b3e4e4590fb92b" + - "${SOURCE_DIR}/reference.txt" +``` -The task of determining appropriate resource limits for exercises is difficult -to do correctly. To aid exercise authors and group supervisors, ReCodEx supports -assigning reference solutions to exercises. Those are example programs that -should cover the main approaches to the implementation. For example, searching -for an integer in an ordered array can be done with a linear search, or better, -using a binary search. +Comparison of results is quite straightforward. It is important to set the task +type to _evaluation_, so that the return code is set to 0 if the program is +correct and 1 otherwise. We do not set our own limits, so the default limits are +used. -Reference solutions can be evaluated on demand, using a selected hardware group. -The evaluation results are stored and can be used later to determine limits. In -our example problem, we could configure the limits so that the linear -search-based program doesn't finish in time on larger inputs, but a binary -search does. +```{.yml} +- task-id: "judge_1" + test-id: "A" + type: "evaluation" + dependencies: + - fetch_solution_1 + cmd: + bin: "/usr/bin/diff" + args: + - "out.txt" + - "reference.txt" + sandbox: + name: "isolate" + limits: + - hw-group-id: group1 + chdir: ${EVAL_DIR} +``` -Note that separate reference solutions should be supplied for all supported -runtime environments. -### Exercise assignments -@todo: Creating instances of an exercise for a specific group of users, -capabilities of settings. Editing limits according to the reference -solution. +# The Backend -Evaluation process ------------------- +The backend is the part which is hidden to the user and which has only +one purpose: evaluate user’s solutions of their assignments. -@todo: How the evaluation process works on the Frontend side. +@todo: describe the configuration inputs of the Backend -### Uploading files and file storage +@todo: describe the outputs of the Backend -@todo: One by one upload endpoint. Explain different types of the -Uploaded files. +@todo: describe how the backend receives the inputs and how it +communicates the results -### Automatic detection of the runtime environment +## Components -@todo: Users must submit correctly named files – assuming the RTE from -the extensions. +Whole backend is not just one service/component, it is quite complex system on its own. -REST API implementation ------------------------ +@todo: describe the inner parts of the Backend (and refer to the Wiki +for the technical description of the components) -@todo: What is the REST API, what are the basic principles – GET, POST, -Headers, JSON. +### Broker -### Authentication and authorization scopes +@todo: gets stuff done, single point of failure and center point of ReCodEx universe -@todo: How authentication works – signed JWT, headers, expiration, -refreshing. Token scopes usage. +### Fileserver -### HTTP requests handling +@todo: stores particular data from frontend and backend, hashing, HTTP API -@todo: Router and routes with specific HTTP methods, preflight, required -headers +### Worker -### HTTP responses format +@todo: describe a bit of internal structure in general -@todo: Describe the JSON structure convention of success and error -responses +@todo: describe how jobs are generally executed -### Used technologies +### Monitor -@todo: PHP7 – how it is used for typehints, Nette framework – how it is -used for routing, Presenters actions endpoints, exceptions and -ErrorPresenter, Doctrine 2 – database abstraction, entities and -repositories + conventions, Communication over ZMQ – describe the -problem with the extension and how we reported it and how to treat it in -the future when the bug is solved. Relational database – we use MariaDB, -Doctine enables us to switch the engine to a different engine if needed +@todo: not necessary component which can be omitted, proxy-like service -### Data model +## Backend internal communication -@todo: Describe the code-first approach using the Doctrine entities, how -the entities map onto the database schema (refer to the attached schemas -of entities and relational database models), describe the logical -grouping of entities and how they are related: +@todo: internal backend communication, what communicates with what and why -- user + settings + logins + ACL -- instance + licenses + groups + group membership -- exercise + assignments + localized assignments + runtime - environments + hardware groups -- submission + solution + reference solution + solution evaluation -- comment threads + comments +The Frontend +============ -### API endpoints +The frontend is the part which is visible to the user of ReCodEx and +which holds the state of the system – the user accounts, their roles in +the system, the database of exercises, the assignments of these +exercises to groups of users (i.e., students), and the solutions and +evaluations of them. -@todo: Tell the user about the generated API reference and how the -Swagger UI can be used to access the API directly. +Frontend is split into three parts: -Web Application ---------------- +- the server-side REST API (“API”) which holds the business logic and + keeps the state of the system consistent -@todo: What is the purpose of the web application and how it interacts -with the REST API. +- the relational database (“DB”) which persists the state of the + system -### Used technologies +- the client side application (“client”) which simplifies access to + the API for the common users -@todo: Briefly introduce the used technologies like React, Redux and the -build process. For further details refer to the GitHub wiki +The centerpiece of this architecture is the API. This component receives +requests from the users and from the Backend, validates them and +modifies the state of the system and persists this modified state in the +DB. -### How to use the application +We have created a web application which can communicate with the API +server and present the information received from the server to the user +in a convenient way. The client can be though any application, which can +send HTTP requests and receive the HTTP responses. Users can use general +applications like [cURL](https://github.com/curl/curl/), +[Postman](https://www.getpostman.com/), or create their own specific +client for ReCodEx API. -@todo: Describe the user documentation and the FAQ page. +Frontend capabilities +--------------------- -Backend-Frontend communication protocol -======================================= +@todo: describe what the frontend is capable of and how it really works, +what are the limitations and how it can be extended -@todo: describe the exact methods and respective commands for the -communication +Terminology +----------- -Initiation of a job evaluation ------------------------------- +This project was created for the needs of a university and this fact is +reflected into the terminology used throughout the Frontend. A list of +important terms’ definitions follows to make the meaning unambiguous. -@todo: How does the Frontend initiate the evaluation and how the Backend -can accept it or decline it +### User and user roles -Job processing progress monitoring ----------------------------------- +*User* is a person who uses the application. User is granted access to +the application once he or she creates an account directly through the +API or the web application. There are several types of user accounts +depending on the set of permissions – a so called “role” – they have +been granted. Each user receives only the most basic set of permissions +after he or she creates an account and this role can be changed only by +the administrators of the service: -When evaluating a job the worker sends progress messages on predefined points of -evaluation chain. The sending place can be on very beginning of the job, when -submit archive is downloaded or at the end of each simple task with its state -(completed, failed, skipped). These messages are sent to broker through existing -ZeroMQ connection. Detailed format of messages can be found on [communication -page](https://github.com/ReCodEx/wiki/wiki/Overall-architecture#commands-from-worker-to-broker). +- *Student* is the most basic role. Student can become member of a + group and submit his solutions to his assignments. -Broker only resends received progress messages to the monitor component via -ZeroMQ socket. The output message format is the same as the input format. +- *Supervisor* can be entitled to manage a group of students. + Supervisor can assign exercises to the students who are members of + his groups and review their solutions submitted to + these assignments. -Monitor parses received messages to JSON format, which is easy to work with in -JavaScript inside web application. All messages are cached (one queue per job) -and can be obtained multiple times through WebSocket communication channel. The -cache is cleared 5 minutes after receiving last message. +- *Super-admin* is a user with unlimited rights. This user can perform + any action in the system. -Publishing of the results -------------------------- +There are two implicit changes of roles: -After job finish the worker packs results directory into single archive and -uploads it to the fileserver through HTTP protocol. The target URL is obtained -from API in headers on job initiation. Then "job done" notification request is -performed to API via broker. Special submissions (reference or asynchronous -submissions) are loaded immediately, other types are loaded on-demand on first -results request. +- Once a *student* is added to a group as its supervisor, his role is + upgraded to a *supervisor* role. -Loading results means fetching archive from fileserver, parsing the main YAML -file generated by worker and saving data to the database. Also, points are -assigned by score calculator. +- Once a *supervisor* is removed from the lasts group where he is a + supervisor then his role is downgraded to a *student* role. +These mechanisms do not prevent a single user being a supervisor of one +group and student of a different group as supervisors’ permissions are +superset of students’ permissions. -# User documentation +### Login -@todo: Describe different scenarios of the usage of the Web App +*Login* is a set of user’s credentials he must submit to verify he can +be allowed to access the system as a specific user. We distinguish two +types of logins: local and external. -@todo: Describe the requirements of running the web application (modern web browser, enabled CSS, JavaScript, Cookies & Local storage) +- *Local login* is user’s email address and a password he chooses + during registration. -## Terminology +- *External login* is a mapping of a user profile to an account of + some authentication service (e.g., [CAS](https://ldap1.cuni.cz/)). -@todo: Describe the terminology: Instance, User, Group, Student, -Supervisor, Admin +### Instance -## General basics +*An instance* of ReCodEx is in fact just a set of groups and user +accounts. An instance should correspond to a real entity as a +university, a high-school, an IT company or an HR agency. This approach +enables the system to be shared by multiple independent organizations +without interfering with each other. -@todo: actions which are available for all users +Usage of the system by the users of an instance can be limited by +possessing a valid license. It is up to the administrators of the system +to determine the conditions under which they will assign licenses to the +instances. -### How to create a user account? +### Group -You can create an account if you click on the “*Create account*” menu -item in the left sidebar. You can choose between two types of -registration methods – by creating a local account with a specific -password, or pairing your new account with an existing CAS UK account. +*Group* corresponds to a school class or some other unit which gathers +users who will be assigned the same set exercises. Each group can have +multiple supervisors who can manage the students and the list of +assignments. -If you decide a new “*local*” account using the “*Create ReCodEx -account*” form, you will have to provide your details and choose a -password for your account. You will later sign in using your email -address as your username and the password you select. - -If you decide to use the CAS UK, then we will verify your credentials -and access your name and email stored in the system and create your -account based on this information. You can change your personal -information or email later on the “*Settings*” page. - -When crating your account both ways, you must select an instance your -account will belong to by default. The instance you will select will be -most likely your university or other organization you are a member of. - -### How to get into ReCodEx? - -To log in, go to the homepage of ReCodEx and in the left sidebar choose -the menu item “*Sign in*”. Then you must enter your credentials into one -of the two forms – if you selected a password during registration, then -you should sign with your email and password in the first form called -“*Sign into ReCodEx*”. If you registered using the Charles University -Authentication Service (CAS), you should put your student’s number and -your CAS password into the second form called “Sign into ReCodEx using -CAS UK”. - -### How do I sign out of ReCodEx? - -If you don’t use ReCodEx for a whole day, you will be logged out -automatically. However, we recommend you sign out of the application -after you finished your interaction with it. The logout button is placed -in the top section of the left sidebar right under your name. You will -have to expand the sidebar with a button next to the “*ReCodEx*” title -(shown in the picture below). - -@todo: Simon's image - -### What to do when you cannot remember your password? - -If you can’t remember your password and you don’t use CAS UK -authentication, then you can reset your password. You will find a link -saying “*You cannot remember what your password was? Reset your -password.*” under the sign in form. After you click on this link, you -will be asked to submit your email address. An email with a link -containing a special token will be sent to the address you fill in. We -make sure that the person who requested password resetting is really -you. When you click on the link (or you copy & paste it into your web -browser) you will be able to select a new password for your account. The -token is valid only for a couple of minutes, so do not forget to reset -the password as soon as possible, or you will have to request a new link -with a valid token. +Groups can form a tree hierarchy of arbitrary depth. This is inspired by the +hierarchy of school classes belonging to the same subject over several school +years. For example, there can be a top level group for a programming class that +contains subgroups for every school year. These groups can then by divided into +actual student groups with respect to lab attendance. Supervisors can create +subgroups of their groups and further manage these subgroups. -If you sign in through CAS UK, then please follow the instructions -provided by the administrators of the service described on their -website. +### Exercise -### How to configure your account? +*An exercise* consists of textual assignment of a task and a definition +of how a solution to this exercise should be processed and evaluated in +a specific runtime environment (i.e., how to compile a submitted source +code and how to test the correctness of the program). It is a template +which can be instantiated as an *assignment* by a supervisor of a group. -There are several options you have to edit your user account. +### Assignment -- changing your personal information (i.e., name) -- changing your credentials (email and password) -- updating your preferences (e.g., source code viewer/editor settings, - default language) +An assignment is an instance of an *exercise* assigned to a specific +*group*. An assignment can modify the text of the task assignment and it +has some additional information which is specific to the group (e.g., a +deadline, the number of points gained for a correct solution, additional +hints for the students in the assignment). The text of the assignment +can be edited and supervisors can translate the assignment into another +language. -You can access the settings page through the “*Settings*” button right -under your name in the left sidebar. +### Solution +*A solution* is a set of files which a user submits to a given +*assignment*. -## Student +### Submission -@todo: describe what it means to be a “student” and what are the -student’s rights +*A submission* corresponds to a *solution* being evaluated by the +Backend. A single *solution* can be submitted repeatedly (e.g., when the +Backend encounters an error or when the supervisor changes the assignment). -### How to join a group for my class? +### Evaluation -@todo: How to join a specific group +*An evaluation* is the processed report received from the Backend after +a *submission* is processed. Evaluation contains points given to the +user based on the quality of his solution measured by the Backend and +the settings of the assignment. Supervisors can review the evaluation +and add bonus points (both positive and negative) if the student +deserves some. -### Which assignments do I have to solve? +### Runtime environment -@todo: Where the student can find the list of the assignment he is -expected to solve, what is the first and second deadline. +*A runtime environment* defines the used programming language or tools +which are needed to process and evaluate a solution. Examples of a +runtime environment can be: -### Where can I see details of my classes’ group? +- *Linux + GCC* +- *Linux + Mono* +- *Windows + .NET 4* +- *Bison + Yacc* -@todo: Where can the user see groups description and details, what -information is available. +### Limits -### How to submit a solution of an assignment? +A correct *solution* of an *assignment* has to pass all specified tests (mostly +checks that it yields the correct output for various inputs) and typically must +also be effective in some sense. The Backend measures the time and memory +consumption of the solution while running. This consumption of resources can be +*limited* and the solution will receive fewer points if it exceeds the given +limits in some test cases defined by the *exercise*. -@todo: How does a student submit his solution through the web app +User management +--------------- -### Where are the results of my solutions? +@todo: roles and their rights, adding/removing different users, how the +role of a specific user changes -@todo: When the results are ready and what the results mean and what to -do about them, when the user is convinced, that his solution is correct -although the results say different +Instances and hierarchy of groups +--------------------------------- -### How can I discuss my solution with my teacher/group’s supervisor directly through the web application? +@todo: What is an instance, how to create one, what are the licenses and +how do they work. Why can the groups form hierarchies and what are the +benefits – what it means to be an admin of a group, hierarchy of roles +in the group hierarchy. -@todo: Describe the comments thread behavior (public/private comments), -who else can see the comments, how notifications work (*not implemented -yet*!). +Exercises database +------------------ +@todo: How the exercises are stored, accessed, who can edit what -## Group supervisor +### Creating a new exercise -@todo: describe what it means to be a “supervisor” of a group and what -are the supervisors rights +@todo Localized assignments, default settings -### How do I become a supervisor of a group? +### Runtime environments and hardware groups -@todo: How does a user become a supervisor of a group? +@todo read this later and see if it still makes sense -### How to add or remove a student to my group? +ReCodEx is designed to utilize a rather diverse set of workers -- there can be +differences in many aspects, such as the actual hardware running the worker +(which impacts the results of measuring) or installed compilers, interpreters +and other tools needed for evaluation. To address these two examples in +particular, we assign runtime environments and hardware groups to exercises. -@todo: How to add a specific student to a given group +The purpose of runtime environments is to specify which tools (and often also +operating system) are required to evaluate a solution of the exercise -- for +example, a C# programming exercise can be evaluated on a Linux worker running +Mono or a Windows worker with the .NET runtime. Such exercise would be assigned +two runtime environments, `Linux+Mono` and `Windows+.NET` (the environment names +are arbitrary strings configured by the administrator). -### How do I assign an exercise to my students? +A hardware group is a set of workers that run on similar hardware (e.g. a +particular quad-core processor model and a SSD hard drive). Workers are assigned +to these groups by the administrator. If this is done correctly, performance +measurements of a submission should yield the same results. Thanks to this fact, +we can use the same resource limits on every worker in a hardware group. +However, limits can differ between runtime environments -- formally speaking, +limits are a function of three arguments: an assignment, a hardware group and a +runtime environment. -@todo: Describe how to access the database of the exercises and what are -the possibilities of assignment setup – availability, deadlines, points, -score configuration, limits +### Reference solutions -### How do I configure the limits of an assignment and how to choose appropriate limits? +@todo: how to add one, how to evaluate it -@todo: Describe the form and explain the concept of reference solutions. -How to evaluate the reference solutions for the exercise right now (to -get the up-to-date information). +The task of determining appropriate resource limits for exercises is difficult +to do correctly. To aid exercise authors and group supervisors, ReCodEx supports +assigning reference solutions to exercises. Those are example programs that +should cover the main approaches to the implementation. For example, searching +for an integer in an ordered array can be done with a linear search, or better, +using a binary search. -### How can I assign some exercises only to some students of the group? +Reference solutions can be evaluated on demand, using a selected hardware group. +The evaluation results are stored and can be used later to determine limits. In +our example problem, we could configure the limits so that the linear +search-based program doesn't finish in time on larger inputs, but a binary +search does. -@todo: Describe how to achieve this using subgroups +Note that separate reference solutions should be supplied for all supported +runtime environments. -### How can I see my students’ solutions? +### Exercise assignments -@todo Describe where all the students’ solutions for a given assignment -can be found, where to look for all solutions of a given student, how to -see results of a specific student’s solution’s evaluation result. +@todo: Creating instances of an exercise for a specific group of users, +capabilities of settings. Editing limits according to the reference +solution. -### Can I assign points to my students’ solutions manually instead of depending on automatic scoring? +Evaluation process +------------------ -@todo If and how to change the score of a solution – assignment -settings, setting points, bonus points, accepting a solution (*not -implemented yet!*). Describe how the student and supervisor will still -be able to see the percentage received from the automatic scoring, but -the awarded points will be overridden. +@todo: How the evaluation process works on the Frontend side. -### How can I discuss student’s solution with him/her directly through the web application? +### Uploading files and file storage -@todo: Describe the comments thread behavior (public/private comments), -who else can see the comments -- same as from the student perspective +@todo: One by one upload endpoint. Explain different types of the +Uploaded files. +### Automatic detection of the runtime environment -## Group administrator +@todo: Users must submit correctly named files – assuming the RTE from +the extensions. -@todo: who is this? +REST API implementation +----------------------- -### How do I add another supervisor to my group? +@todo: What is the REST API, what are the basic principles – GET, POST, +Headers, JSON. -@todo: who can add another supervisor, what would be the rights of the -second supervisor +### Authentication and authorization scopes -### How do I create a subgroup of my group? +@todo: How authentication works – signed JWT, headers, expiration, +refreshing. Token scopes usage. -@todo: What it means to create a subgroup and how to do it. +### HTTP requests handling +@todo: Router and routes with specific HTTP methods, preflight, required +headers -## Superadministrator +### HTTP responses format -Superadmin is user with the most priviledges and as such superadmin should be -quite unique role. Ideally there should be only one of this kind, used with -special caution and adequate security. With this stated it is obvious that -superadmin can perform any action the API is capable of. +@todo: Describe the JSON structure convention of success and error +responses -### Users management +### Used technologies -There are only few roles to which users can belong in ReCodEx. Basically there -are only three: _student_, _supervisor_, and _superadmin_. Base role is student -which is assigned to every registered user. Roles are stored in database -alongside other information about user. One user always has only one role at the -time. At first startup of ReCodEx administrator should create his account and -then change role in database by hand. After that manual intervention into -database should never be needed. +@todo: PHP7 – how it is used for typehints, Nette framework – how it is +used for routing, Presenters actions endpoints, exceptions and +ErrorPresenter, Doctrine 2 – database abstraction, entities and +repositories + conventions, Communication over ZMQ – describe the +problem with the extension and how we reported it and how to treat it in +the future when the bug is solved. Relational database – we use MariaDB, +Doctine enables us to switch the engine to a different engine if needed -There is a little catch in groups and instances management. Groups can have -admins and supervisors. This setting is valid only per one particular group and -has to be separated from basic role system. This implies that supervisor in one -group can be student in another and simultaneously have global supervisor role. -Changing role from student to supervisor and back is done automatically by -application and should not be managed by hand in database! Previously stated -information can be applied to instances as well, but instances can only have -admins. +### Data model -Roles description: +@todo: Describe the code-first approach using the Doctrine entities, how +the entities map onto the database schema (refer to the attached schemas +of entities and relational database models), describe the logical +grouping of entities and how they are related: -- Student -- Default role which is used for newly created accounts. Student can - join or leave public groups and submit solutions of assigned exercises. -- Supervisor -- Inherits all permissions from student role. Can manage groups to - which he/she belongs to. Supervisor can also view and change groups details, - manage assigned exercises, view students in group and their solutions for - assigned exercises. On top of that supervisor can create/delete groups too, - but only as subgroup of groups he/she belongs to. -- Superadmin -- Inherits all permissions from supervisor role. Most powerful - user in ReCodEx who should be able to do everything which is provided by - application. +- user + settings + logins + ACL +- instance + licenses + groups + group membership +- exercise + assignments + localized assignments + runtime + environments + hardware groups +- submission + solution + reference solution + solution evaluation +- comment threads + comments +### API endpoints -## Writing job configuration +@todo: Tell the user about the generated API reference and how the +Swagger UI can be used to access the API directly. -To run and evaluate an exercise the backend needs to know the steps how to do -that. This is different for each environment (operation system, programming -language, etc.), so each of the environments needs to have separate -configuration. +Web Application +--------------- -Backend works with a powerful, but quite low level description of simple -connected tasks written in YAML syntax. More about the syntax and general task -overview can be found on [separate -page](https://github.com/ReCodEx/wiki/wiki/Assignments). One of the planned -features was user friendly configuration editor, but due to tight deadline and -team composition it did not make it to the first release. However, writing -configuration in the basic format will be always available and allows users to -use the full expressive power of the system. +@todo: What is the purpose of the web application and how it interacts +with the REST API. -This section walks through creation of job configuration for _hello world_ -exercise. The goal is to compile file _source.c_ and check if it prints `Hello -World!` to the standard output. This is the only test case, let's call it -**A**. +### Used technologies -The problem can be split into several tasks: +@todo: Briefly introduce the used technologies like React, Redux and the +build process. For further details refer to the GitHub wiki -- compile _source.c_ into _helloworld_ with `/usr/bin/gcc` -- run _helloworld_ and save standard output into _out.txt_ -- fetch predefined output (suppose it is already uploaded to fileserver) with - hash `a0b65939670bc2c010f4d5d6a0b3e4e4590fb92b` to _reference.txt_ -- compare _out.txt_ and _reference.txt_ by `/usr/bin/diff` +### How to use the application -The absolute path of tools can be obtained from system administrator. However, -`/usr/bin/gcc` is location, where the GCC binary is available almost everywhere, -so location of some tools can be (professionally) guessed. +@todo: Describe the user documentation and the FAQ page. -First, write header of the job to the configuration file. +Backend-Frontend communication protocol +======================================= -```{.yml} -submission: - job-id: hello-word-job - hw-groups: - - group1 -``` +@todo: describe the exact methods and respective commands for the +communication -Basically it means, that the job _hello-world-job_ needs to be run on workers -that belong to the `group_1` hardware group . Reference files are downloaded -from the default location configured in API (such as -`http://localhost:9999/exercises`) if not stated explicitly otherwise. Job -execution log will not be saved to result archive. +Initiation of a job evaluation +------------------------------ -Next the tasks have to be constructed under _tasks_ section. In this demo job, -every task depends only on previous one. The first task has input file -_source.c_ (if submitted by user) already available in working directory, so -just call the GCC. Compilation is run in sandbox as any other external program -and should have relaxed time and memory limits. In this scenario, worker -defaults are used. If compilation fails, the whole job is immediately terminated -(because the _fatal-failure_ bit is set). Because _bound-directories_ option in -sandbox limits section is mostly shared between all tasks, it can be set in -worker configuration instead of job configuration (suppose this for following -tasks). For configuration of workers please contact your administrator. +@todo: How does the Frontend initiate the evaluation and how the Backend +can accept it or decline it -```{.yml} -- task-id: "compilation" - type: "initiation" - fatal-failure: true - cmd: - bin: "/usr/bin/gcc" - args: - - "source.c" - - "-o" - - "helloworld" - sandbox: - name: "isolate" - limits: - - hw-group-id: group1 - chdir: ${EVAL_DIR} - bound-directories: - - src: ${SOURCE_DIR} - dst: ${EVAL_DIR} - mode: RW -``` +Job processing progress monitoring +---------------------------------- -The compiled program is executed with time and memory limit set and the standard -output is redirected to a file. This task depends on _compilation_ task, because -the program cannot be executed without being compiled first. It is important to -mark this task with _execution_ type, so exceeded limits will be reported in -frontend. +When evaluating a job the worker sends progress messages on predefined points of +evaluation chain. The sending place can be on very beginning of the job, when +submit archive is downloaded or at the end of each simple task with its state +(completed, failed, skipped). These messages are sent to broker through existing +ZeroMQ connection. Detailed format of messages can be found on [communication +page](https://github.com/ReCodEx/wiki/wiki/Overall-architecture#commands-from-worker-to-broker). -Time and memory limits set directly for a task have higher priority than worker -defaults. One important constraint is, that these limits cannot exceed limits -set by workers. Worker defaults are present as a safety measure so that a -malformed job configuration cannot block the worker forever. Worker default -limits should be reasonably high, like a gigabyte of memory and several hours of -execution time. For exact numbers please contact your administrator. +Broker only resends received progress messages to the monitor component via +ZeroMQ socket. The output message format is the same as the input format. -It is important to know that if the output of a program (both standard and -error) is redirected to a file, the sandbox disk quotas apply to that file, as -well as the files created directly by the program. In case the outputs are -ignored, they are redirected to `/dev/null`, which means there is no limit on -the output length (as long as the printing fits in the time limit). +Monitor parses received messages to JSON format, which is easy to work with in +JavaScript inside web application. All messages are cached (one queue per job) +and can be obtained multiple times through WebSocket communication channel. The +cache is cleared 5 minutes after receiving last message. -```{.yml} -- task-id: "execution_1" - test-id: "A" - type: "execution" - dependencies: - - compilation - cmd: - bin: "helloworld" - sandbox: - name: "isolate" - stdout: ${EVAL_DIR}/out.txt - limits: - - hw-group-id: group1 - chdir: ${EVAL_DIR} - time: 0.5 - memory: 8192 -``` +Publishing of the results +------------------------- -Fetch sample solution from file server. Base URL of file server is in the header -of the job configuration, so only the name of required file (its `sha1sum` in -our case) is necessary. +After job finish the worker packs results directory into single archive and +uploads it to the fileserver through HTTP protocol. The target URL is obtained +from API in headers on job initiation. Then "job done" notification request is +performed to API via broker. Special submissions (reference or asynchronous +submissions) are loaded immediately, other types are loaded on-demand on first +results request. -```{.yml} -- task-id: "fetch_solution_1" - test-id: "A" - dependencies: - - execution - cmd: - bin: "fetch" - args: - - "a0b65939670bc2c010f4d5d6a0b3e4e4590fb92b" - - "${SOURCE_DIR}/reference.txt" -``` +Loading results means fetching archive from fileserver, parsing the main YAML +file generated by worker and saving data to the database. Also, points are +assigned by score calculator. -Comparison of results is quite straightforward. It is important to set the task -type to _evaluation_, so that the return code is set to 0 if the program is -correct and 1 otherwise. We do not set our own limits, so the default limits are -used. -```{.yml} -- task-id: "judge_1" - test-id: "A" - type: "evaluation" - dependencies: - - fetch_solution_1 - cmd: - bin: "/usr/bin/diff" - args: - - "out.txt" - - "reference.txt" - sandbox: - name: "isolate" - limits: - - hw-group-id: group1 - chdir: ${EVAL_DIR} -```