Skip to content

feat: add feedback feature for students and teachers#488

Open
weiwei-gitch wants to merge 1 commit into
meswaramuthu:mainfrom
weiwei-gitch:main
Open

feat: add feedback feature for students and teachers#488
weiwei-gitch wants to merge 1 commit into
meswaramuthu:mainfrom
weiwei-gitch:main

Conversation

@weiwei-gitch

@weiwei-gitch weiwei-gitch commented May 24, 2026

Copy link
Copy Markdown

Which issue does this PR close?

Rationale for this change

The platform had no way for students or teachers to share thoughts, report issues, or suggest improvements from within the platform. This PR adds a dedicated Feedback feature to make the platform more community-driven and help maintainers identify pain points faster.

What changes are included in this PR?

  • Added feedback table to the database via init_db() in app.py
  • Added /feedback route (GET/POST) for submitting feedback
  • Added /admin/feedback route with correct session["logged_in"] auth check for admins to view all submissions
  • Created templates/feedback.html — feedback form with role selector (Student/Teacher), name, email, feedback type dropdown, message textarea, and star rating (1–5)
  • Created templates/admin_feedback.html — standalone admin page (matching admin layout style) showing all feedback submissions in a table
  • Added Feedback link to the navbar in base.html

Are these changes tested?

  • Yes, tested locally by submitting feedback as a student and verifying it saves and displays correctly. Admin feedback page uses the correct session key logged_in consistent with the rest of the admin auth system.

Are there any user-facing changes?

  • Yes, a new Feedback page is accessible via the navbar for both students and teachers. No breaking changes to existing functionality.

@vercel

vercel Bot commented May 24, 2026

Copy link
Copy Markdown

@weiwei-gitch is attempting to deploy a commit to the 007's projects Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions

github-actions Bot commented May 24, 2026

Copy link
Copy Markdown

Thanks for creating a PR for your Issue! ☺️

We'll review it as soon as possible.
In the meantime, please double-check the file changes and ensure that all commits are accurate.

If there are any unresolved review comments, feel free to resolve them. 🙌🏼

entelligence-ai-pr-reviews[bot]
entelligence-ai-pr-reviews Bot reviewed May 24, 2026
View reviewed changes
Comment thread app.py

@app.route("/admin/feedback")
def admin_feedback():
if session.get("admin_logged_in") != True:

@entelligence-ai-pr-reviews entelligence-ai-pr-reviews Bot May 24, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MAJOR AUTH Admin feedback page always redirects due to nonexistent session key

admin_logged_in is never set anywhere in the codebase; every other admin route checks session.get("logged_in") and session.get("admin_id"), so legitimate admins are always bounced to the login page.

Suggested change
if session.get("admin_logged_in") != True:
if not session.get("logged_in") or not session.get("admin_id"):
Prompt to fix with AI

Copy this prompt into your AI coding assistant to fix this issue.

In `app.py` at line 1658, the condition `if session.get("admin_logged_in") != True:` uses a session key that is never set anywhere in the application. Fix it to match the existing admin auth pattern used throughout the codebase: replace line 1658 with `if not session.get("logged_in") or not session.get("admin_id"):`. This makes the admin feedback page consistent with every other admin-only route (e.g. lines 286, 342) and allows authenticated admins to actually access the page.

@entelligence-ai-pr-reviews

entelligence-ai-pr-reviews Bot commented May 24, 2026

Copy link
Copy Markdown
Contributor

Confidence Score: 2/5 - Changes Needed

Not safe to merge — the admin feedback page in app.py contains a critical authentication bypass where the session key admin_logged_in is checked but never set anywhere in the codebase, meaning every admin attempting to access the feedback feature will be unconditionally redirected, effectively making the feature non-functional for administrators. This PR introduces a meaningful feedback feature for students and teachers, but the admin-side implementation is broken at the authentication layer before any business logic is reached. This must be resolved — either by setting admin_logged_in during the admin login flow or by aligning with whatever session key the rest of the admin routes actually use.

Key Findings:

  • In app.py, the admin feedback route checks session.get('admin_logged_in') but this key is never written to the session anywhere in the codebase; every admin request to this route will fail the auth check and redirect, making the admin feedback page completely inaccessible.
  • Other admin routes in the application use a different session key for authentication — the inconsistency suggests admin_logged_in is a typo or copy-paste error that diverges from the established auth pattern, making this a logic correctness bug rather than just a missing feature.
  • The student/teacher-facing feedback paths may function correctly if they rely on different session keys that are properly set, but the admin path is dead code as shipped.
Files requiring special attention
  • app.py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@entelligence-ai-pr-reviews entelligence-ai-pr-reviews[bot] entelligence-ai-pr-reviews[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@weiwei-gitch