CS Education site

jcrowson · January 15, 2020, 6:09pm

I am working on a website to host computer science lecture material, quizzes (Fill in the blank questions and fill in the blank tables based on algorithms such as bubble sort have been implemented as components so far). I have also created a pair of components where students can mark radio buttons whether they understand a topic or not, and I see a pie chart that tells me whether the class understands what I am saying or not. Quizzes are timed. Created components to add real.it iframes to include as part of my lecture.

Here are the two apps that I am focusing on. The first contains components that I am developing. The second represents a sample app that I would invite students too. The second one is dependent on the first. I know that I need to put some polish on everything, but first I would like advice on locking everything down so that students do not have access to portions of the code that they should not. Any other significant advice is welcome as well.

Site with components: https://LCCK6ECNNJFR5T6B.anvil.app/W4AQWFBVY6W54526UPA64UZD
Sample class site: https://FTYXFOGDFRKOGCGY.anvil.app/XXBO4WNJZHD45OULIHJMW5UH

campopianoa · January 15, 2020, 6:42pm

Hello and welcome,

This is a very nice idea.

I tried having a look but I didn’t quite feel like signing up at this point.

If I understand correctly, the second app is an app that you would like your students to log into, and in that app the students would have access to various quizzes or other materials. Am I getting the general concept correct?

If so, any sensitive data, as well as checking for authentication and permission, should be handled on the server side (e.g., checking if a quiz question was correctly answered, etc…). The client side code is running in the browser and therefore is under the user’s control.

Please let us know if I have misunderstood the question.

jcrowson · January 15, 2020, 6:53pm

Yes, that is the ideal. Are properties defined through the GUI such as the screen below accessible?

campopianoa · January 15, 2020, 7:08pm

Yes.

A clever enough user can edit the client-side code to do whatever they like.

Server modules, by contrast, cannot be edited by the user.

This is all taken from the docs related to Anvil’s security model here.

stefano.menci · January 15, 2020, 9:13pm

If you want to hide confidential information, then you need to know that the client side code and the form definition are exposed, but one needs to work hard to find and understand them.

If you want to hide the correct answers from a student that is fighting against the clock, you may be relatively safe, because they may need to work harder to decipher the code than to address the question.

As a rule of thumb, you should not put any information on the client unless you are comfortable with the user seeing it.
The safest workflow would be to call a server function passing the user input, run all the logic on the server side and return a dictionary to the client with anything required to update the interface.

stucork · January 16, 2020, 12:16am

Maybe you could share a demo username and password and share that on the forum so we can take a look without having to sign up… ?

jcrowson · January 16, 2020, 3:06am

Thanks stefano.menci. That helps some. I added a server call so that only admin can see the poll data.

sc549, I created the following users for both sites.

username: user@someemail.com
password: password

username: admin@someemail.com
password: password

I have created another site to experiment with doing everything that I want to keep private by utilizing server code. For the process of quiz creation, I have form that is only accessible by users that have admin privileges. In this form, I have a text box for quiz title and a text area for quiz questions and answers. This data is sent to the server which tries to write them to a text file using the info in this link (https://anvil.works/docs/media/files_on_disk.html). Below are some of the things that I have tried.

@anvil.server.callable
def writeQuizToFile(fileName, contents):
  media_object = anvil.BlobMedia("text/plain", contents, name=fileName + ".txt")
  with open(fileName + ".txt", "w+") as f:
    f.write(media_object.get_bytes().decode())

@anvil.server.callable
def writeQuizToFile1(fileName, contents):
  f = open("quizzes/" + fileName + ".txt", "w")

@anvil.server.callable
def read_a_media_object(fileName):
  f = open("/dev/" + fileName + ".txt", "r")
  return f.read()

I keep getting the following error.

FileNotFoundError: [Errno 2] No such file or directory: ‘chapter1Quiz.txt’
at ServerModule1, line 30
called from addQuiz, line 21

stefano.menci · January 16, 2020, 5:03am

Anvil allows you to write to text files, and you can do it if you need to work with a library that works with files, but the files are temporary and can disappear between two server calls. Even worse: the same server function called twice might be executed in two different servers.

If you want data to persist between calls you need to store in a table.

jcrowson · January 16, 2020, 2:15pm

I have started over from scratch. What I have going so far I think is a lot better. I will post an update in the next few days. I appreciate your input.