User should not be able to read the app source file from a code window

[vnijs]

In the learnr example linked below, readLines can be used to see the content of the Rmd file that generated the app (including hints etc.). My plan is to use code testing and show solutions after submit but if a students can pretty easily read the solution, you can't really setup a meaningful quiz-for-a-grade.

One way around this might be to temporarily revoke read privileges right before the call to execute the user's code and reinstate the read privileges right after. This should be possible with RAppArmor and sub-profiles. I tried to make this work (see issue below) but got stuck. If you have suggestions or else alternatives to address this concerns please let me know.

https://github.com/jeroen/RAppArmor/issues/25

https://learnr-examples.shinyapps.io/ex-data-filter/#section-exercises

readLines("/srv/connect/apps/ex-data-filter/ex-data-filter.Rmd")

[ColinFay]

This should indeed be the default behaviour (no reading of any kind on the server), probably with an opt-in "allow read" option or sthg like that.

This is doable today by using the tutorial.exercise.evaluator.onstart options, but default behaviour should probably be more restrictive than how it is now, instead of having to actively set this, given that it requires a little bit of knowledge about linux permissions and things like that.

https://rstudio.github.io/learnr/publishing.html#Exercise_Execution