def change_email_request():
'''auth.change_email_request()'''
form = ChangeEmailForm()
if form.validate_on_submit():
if current_user.verify_password(form.password.data):
new_email = form.email.data.strip().lower()
token = current_user.generate_email_change_token(new_email)
send_email(
recipient=new_email,
subject='确认您的邮箱账户',
template='auth/mail/change_email',
user=current_user._get_current_object(),
token=token
)
flash('一封确认邮件已经发送至您的邮箱', category='info')
add_user_log(
user=current_user._get_current_object(),
event='请求修改邮箱为:{}'.format(new_email),
category='auth'
)
return redirect(url_for('auth.change_email_request'))
flash('无效的用户名或密码', category='error')
return redirect(url_for('auth.change_email_request'))
return minify(render_template(
'auth/change_email.html',
form=form
))
def rating(id):
'''profile.rating(id)'''
tab = 'rating'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
form = UserRatingForm()
if form.validate_on_submit() and strip_html_tags(form.body.data):
user_rating = UserRating(
body_html=sanitize_html(form.body.data),
author_id=current_user.id,
user_id=user.id
)
db.session.add(user_rating)
db.session.commit()
flash('已给“{}”添加用户评价'.format(user.name_email), category='success')
add_user_log(
user=current_user._get_current_object(),
event='给“{}”添加用户评价:{}'.format(
user.name_email,
strip_html_tags(user_rating.body_html)
),
category='manage'
)
return redirect(url_for('profile.rating', id=user.id))
return minify(render_template(
'profile/rating.html',
profile_tab=tab,
form=form,
user=user
))
def punch(id):
'''study.punch(id)'''
csrf.protect()
video = Video.query.get_or_404(id)
if not current_user.can_play(video=video):
abort(403)
if request.json is None:
abort(500)
if not current_user.punched(video=video):
add_user_log(user=current_user._get_current_object(),
event='视频研修:{}'.format(video.name),
category='study')
current_user.punch(video=video, play_time=request.json.get('play_time'))
db.session.commit()
if video.lesson.type.name in ['VB', 'Y-GRE', 'Y-GRE AW']:
# synchronize study progress with Y-System
punch = current_user.get_punch(video=video)
if punch.sync_required:
data = y_system_api_request(api='punch',
token_data={
'user_id': current_user.id,
'section': video.section,
})
if verify_data_keys(data=data, keys=['success']):
punch.set_synchronized()
add_user_log(user=current_user._get_current_object(),
event='同步研修进度至Y-System:{}'.format(video.section),
category='study')
db.session.commit()
return jsonify({
'progress': current_user.video_progress(video=video),
})
def logout():
'''auth.logout()'''
add_user_log(user=current_user._get_current_object(),
event='登出系统',
category='auth')
db.session.commit()
logout_user()
return redirect(url_for('auth.login'))
def migrate_user(token):
'''api.migrate_user(token)'''
data = load_y_vod_token(token=token)
if verify_data_keys(data=data, keys=['user_id']):
user = User.query.get_or_404(data.get('user_id'))
add_user_log(user=user, event='导出用户信息到Y-VOD', category='auth')
return jsonify(user.y_vod_user_json)
return jsonify({'error': '用户信息无效'})
def login_user(token):
'''api.login_user(token)'''
data = load_y_vod_token(token=token)
if verify_data_keys(data=data, keys=['email', 'password', 'device']):
user = User.query.filter_by(
email=data.get('email'),
created=True,
deleted=False
).first()
if user is not None:
if not user.activated:
return jsonify({'error': '您的账户尚未激活'})
if not user.confirmed:
return jsonify({'error': '您的邮箱尚未确认'})
if user.is_suspended:
return jsonify({'error': '您的账户已被挂起'})
if not user.locked:
if user.verify_password(data.get('password')):
user.reset_invalid_login_count()
db.session.commit()
if user.plays('协管员'):
send_email(
user.email,
'Y-VOD登录提醒',
'auth/mail/y_vod/login',
user=user,
device=data.get('device'),
timestamp=datetime_now(utc_offset=current_app.config['UTC_OFFSET'])
)
add_user_log(
user=user,
event='登录Y-VOD(来源:{})'.format(data.get('device')),
category='access'
)
return jsonify(user.y_vod_user_json)
user.increase_invalid_login_count()
db.session.commit()
if user.locked:
send_emails(
recipients=[staff.email for staff in User.all_can('管理用户').all() \
if staff.has_inner_domain_email],
subject='锁定用户:{}'.format(user.name_email),
template='auth/mail/y_vod/lock_user',
user=user,
device=data.get('device'),
)
add_user_log(user=user, event='登录失败:密码错误(第{}次,来源:{})'.format(
user.invalid_login_count,
data.get('device')
), category='access')
return jsonify({'error': '密码错误(第{}次,来源:{})'.format(
user.invalid_login_count,
data.get('device')
)})
return jsonify({'error': '您的账户已被锁定'})
return jsonify({'error': '无效的用户名或密码'})
return jsonify({'error': '用户信息无效'})
def login():
'''auth.login()'''
if current_user.is_authenticated:
return redirect(request.args.get('next') or current_user.index_url)
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(
email=form.email.data.strip().lower(),
created=True,
activated=True,
deleted=False
).first()
if user is not None:
if not user.locked:
if user.verify_password(form.password.data):
user.reset_invalid_login_count()
db.session.commit()
login_user(user, remember=form.remember_me.data)
if user.plays('协管员'):
send_email(
recipient=user.email,
subject='登录提醒',
template='auth/mail/login',
user=user,
timestamp=datetime_now(utc_offset=current_app.config['UTC_OFFSET'])
)
get_announcements(type_name='登录通知', flash_first=True)
add_user_log(user=user, event='登录系统', category='access')
return redirect(request.args.get('next') or user.index_url)
user.increase_invalid_login_count()
db.session.commit()
if user.locked:
send_emails(
recipients=[staff.email for staff in User.all_can('管理用户').all() \
if staff.has_inner_domain_email],
subject='锁定用户:{}'.format(user.name_email),
template='auth/mail/lock_user',
user=user
)
flash('登录失败:密码错误(第{}次)'.format(user.invalid_login_count), category='error')
add_user_log(user=user, event='登录失败:密码错误(第{}次,来源:{})'.format(
user.invalid_login_count,
get_geo_info(
ip_address=request.headers.get('X-Forwarded-For', request.remote_addr),
show_ip=True
)
), category='access')
return redirect(url_for('auth.login'))
flash('登录失败:您的账户已被锁定', category='error')
return redirect(url_for('auth.login'))
flash('登录失败:无效的用户名或密码', category='error')
return minify(render_template(
'auth/login.html',
form=form
))
def message(id):
'''profile.message(id)'''
tab = 'message'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
form = MessageForm()
if user.id != current_user.id and form.validate_on_submit():
message = Message(
title=form.title.data,
body_html=sanitize_html(form.body.data),
modified_by_id=current_user.id
)
db.session.add(message)
db.session.commit()
message.send_to(user=user)
db.session.commit()
flash('已向“{}”发送站内信:{}'.format(user.name_email, message.title), category='success')
add_user_log(
user=current_user._get_current_object(),
event='向“{}”发送站内信:{}'.format(user.name_email, message.title),
category='manage'
)
return redirect(url_for(
'profile.message',
id=user.id,
page=request.args.get('page', 1, type=int)
))
if user.is_staff or user.is_suspended_staff:
query = Message.query\
.filter(Message.modified_by_id == user.id)\
.filter(Message.deleted == False)\
.order_by(Message.modified_at.desc())
else:
query = UserMessage.query\
.join(Message, Message.id == UserMessage.message_id)\
.filter(UserMessage.user_id == user.id)\
.filter(Message.deleted == False)\
.order_by(Message.modified_at.desc())
page = request.args.get('page', 1, type=int)
pagination = query.paginate(page, per_page=current_app.config['RECORD_PER_PAGE'], error_out=False)
items = pagination.items
return minify(render_template(
'profile/message.html',
profile_tab=tab,
form=form,
pagination=pagination,
items=items,
user=user
))
def delete_device(id):
'''manage.delete_device(id)'''
device = Device.query.get_or_404(id)
if device.category == 'development' and not current_user.is_developer:
abort(403)
device.remove_all_lesson_types()
db.session.delete(device)
flash('已删除设备:{}'.format(device.alias_serial), category='success')
add_user_log(user=current_user._get_current_object(),
event='删除设备:{}'.format(device.alias_serial),
category='manage')
db.session.commit()
return redirect(request.args.get('next') or url_for('manage.device'))
def change_email(token):
'''auth.change_email(token)'''
if current_user.change_email(token):
db.session.commit()
flash('修改邮箱成功', category='success')
add_user_log(
user=current_user._get_current_object(),
event='修改邮箱为:{}'.format(current_user.email),
category='auth'
)
else:
flash('请求无效', category='error')
return redirect(current_user.index_url)
def before_request():
'''auth.before_request()'''
if current_user.is_authenticated:
current_user.ping()
mac_address = get_mac_address_from_ip(ip_address=request.headers\
.get('X-Forwarded-For', request.remote_addr))
if mac_address is not None and mac_address != current_user.last_seen_mac:
current_user.update_mac(mac_address=mac_address)
add_user_log(user=current_user._get_current_object(),
event='请求访问(来源:{})'.format(
get_device_info(mac_address=mac_address,
show_mac=True)),
category='access')
db.session.commit()
def confirm(token):
'''auth.confirm(token)'''
if current_user.confirmed:
return redirect(current_user.index_url)
if current_user.confirm(token):
db.session.commit()
flash('您的邮箱账户确认成功!', category='success')
add_user_log(
user=current_user._get_current_object(),
event='确认邮箱为:{}'.format(current_user.email),
category='auth'
)
return redirect(current_user.index_url)
flash('确认链接无效或者已经过期', category='error')
return redirect(url_for('auth.unconfirmed'))
def resend_confirmation():
'''auth.resend_confirmation()'''
token = current_user.generate_confirmation_token()
send_email(
recipient=current_user.email,
subject='确认您的邮箱账户',
template='auth/mail/confirm',
user=current_user._get_current_object(),
token=token
)
flash('一封新的确认邮件已经发送至您的邮箱', category='info')
add_user_log(
user=current_user._get_current_object(),
event='请求重发邮箱确认邮件至:{}'.format(current_user.email),
category='auth'
)
return redirect(url_for('auth.unconfirmed'))
def change_password():
'''auth.change_password()'''
form = ChangePasswordForm()
if form.validate_on_submit():
if current_user.verify_password(form.old_password.data):
current_user.password = form.password.data
db.session.add(current_user)
db.session.commit()
flash('修改密码成功', category='success')
add_user_log(user=current_user._get_current_object(), event='修改密码', category='auth')
return redirect(current_user.index_url)
flash('密码有误', category='error')
return redirect(url_for('auth.change_password'))
return minify(render_template(
'auth/change_password.html',
form=form
))
def edit_device(id):
'''manage.edit_device(id)'''
device = Device.query.get_or_404(id)
if device.category == 'development' and not current_user.is_developer:
abort(403)
form = DeviceForm(is_developer=current_user.is_developer)
if form.validate_on_submit():
serial = form.serial.data.upper()
if Device.query\
.filter(Device.id != device.id)\
.filter(Device.serial == serial)\
.first() is not None:
flash('已存在序列号为“{}”的设备'.format(serial), category='error')
return redirect(
request.args.get('next') or url_for('manage.device'))
device.serial = serial
device.alias = form.alias.data
device.type_id = int(form.device_type.data)
device.room_id = (None
if int(form.room.data) == 0 else int(form.room.data))
device.mac_address = (None if form.mac_address.data == '' else
form.mac_address.data)
device.category = ('development' if form.development_machine.data and \
current_user.is_developer else 'production')
db.session.add(device)
device.remove_all_lesson_types()
for lesson_type_id in form.lesson_types.data:
device.add_lesson_type(
lesson_type=LessonType.query.get(int(lesson_type_id)))
db.session.commit()
flash('已更新设备信息:{}'.format(device.alias_serial), category='success')
add_user_log(user=current_user._get_current_object(),
event='更新设备信息:{}'.format(device.alias_serial),
category='manage')
db.session.commit()
return redirect(request.args.get('next') or url_for('manage.device'))
form.alias.data = device.alias
form.serial.data = device.serial
form.device_type.data = str(device.type_id)
form.room.data = ('0' if device.room_id == None else str(device.room_id))
form.mac_address.data = device.mac_address
form.lesson_types.data = [str(item.lesson_type_id) \
for item in device.lesson_type_authorizations]
form.development_machine.data = (device.category == 'development')
return minify(
render_template('manage/edit_device.html', device=device, form=form))
def before_request():
'''auth.before_request()'''
if current_user.is_authenticated:
current_user.ping()
db.session.commit()
ip_address = request.headers.get('X-Forwarded-For', request.remote_addr)
if ip_address != current_user.last_seen_ip:
current_user.update_ip(ip_address=ip_address)
db.session.commit()
add_user_log(
user=current_user._get_current_object(),
event='请求访问(来源:{})'.format(get_geo_info(ip_address=ip_address, show_ip=True)),
category='access'
)
if not current_user.confirmed and \
not request.endpoint.startswith('auth.') and \
request.endpoint != 'static':
return redirect(url_for('auth.unconfirmed'))
def archive(id):
'''profile.archive(id)'''
tab = 'archive'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
add_user_log(
user=current_user._get_current_object(),
event='查看“{}”的资料'.format(user.name_email),
category='access'
)
return minify(render_template(
'profile/archive.html',
profile_tab=tab,
user=user
))
def toggle_device_obsolete(id):
'''manage.toggle_device_obsolete(id)'''
device = Device.query.get_or_404(id)
if device.category == 'development' and not current_user.is_developer:
abort(403)
device.toggle_obsolete(modified_by=current_user._get_current_object())
if device.obsolete:
flash('已标记报废设备:{}'.format(device.alias_serial), category='success')
add_user_log(user=current_user._get_current_object(),
event='标记报废设备:{}'.format(device.alias_serial),
category='manage')
else:
flash('已恢复使用设备:{}'.format(device.alias_serial), category='success')
add_user_log(user=current_user._get_current_object(),
event='恢复使用设备:{}'.format(device.alias_serial),
category='manage')
db.session.commit()
return redirect(request.args.get('next') or url_for('manage.device'))
def apply_extension():
'''profile.apply_extension()'''
if current_user.is_staff:
abort(403)
if current_user.is_suspended:
flash('您目前处于挂起状态', category='error')
return redirect(request.args.get('next') or current_user.index_url)
if current_user.remaining_time.days > current_app.config['EXTENSION_TRIGGER_DAYS']:
flash('有效期少于{}天才可以申请延期'.format(
current_app.config['EXTENSION_TRIGGER_DAYS']
), category='error')
return redirect(request.args.get('next') or current_user.index_url)
if current_user.net_credits < current_app.config['EXTENSION_REQUIRED_CREDITS']:
flash('您的积分余额不足({} 积分),请先申请获得积分后再申请延期'.format(
current_app.config['EXTENSION_REQUIRED_CREDITS']
), category='error')
return redirect(request.args.get('next') or current_user.index_url)
if current_user.is_applying_extension:
flash('您已提交过延期申请,请联系工作人员进行处理', category='warning')
return redirect(request.args.get('next') or current_user.index_url)
form = ApplyExtensionForm()
if form.validate_on_submit():
extension = Extension(
user_id=current_user.id,
type_id=int(form.extension_type.data),
months=int(form.months.data),
remark=form.remark.data,
approved=False,
modified_by_id=current_user.id
)
db.session.add(extension)
db.session.commit()
flash('您的延期申请已提交', category='success')
add_user_log(
user=current_user._get_current_object(),
event='申请延长研修有效期',
category='duetime'
)
return redirect(request.args.get('next') or current_user.index_url)
form.remark.data = '示例:因YYYY年MM月DD日至YYYY年MM月DD日出国交换,但忘记挂起研修资格,可用研修时间已不足,申请延长X个月有效期。'
return minify(render_template(
'profile/apply_extension.html',
form=form
))
def restore_user(id):
'''manage.restore_user(id)'''
user = User.query.get_or_404(id)
if not current_user.can_manage(user=user):
abort(403)
if not user.suspended:
flash('“{}”未处于挂起状态'.format(user.name_with_role), category='warning')
return redirect(
request.args.get('next')
or url_for('profile.overview', id=user.id))
user.restore()
flash('已恢复用户:{}'.format(user.name_with_role), category='success')
add_user_log(user=user, event='用户被恢复', category='auth')
add_user_log(user=current_user._get_current_object(),
event='恢复用户:{}'.format(user.name_with_role),
category='manage')
db.session.commit()
return redirect(
request.args.get('next') or url_for('profile.overview', id=user.id))
def apply_suspension():
'''profile.apply_suspension()'''
if current_user.is_staff:
abort(403)
if current_user.is_suspended:
flash('您已经处于挂起状态', category='error')
return redirect(request.args.get('next') or current_user.index_url)
if current_user.last_suspension is not None and not current_user.last_suspension.cooled_down:
flash('您的恢复研修冷却时间不足', category='error')
return redirect(request.args.get('next') or current_user.index_url)
form = ApplySuspensionForm()
if form.validate_on_submit():
suspension = Suspension(
user_id=current_user.id,
original_role_id=current_user.role_id,
type_id=int(form.suspension_type.data),
current=True,
self_suspended=True,
remark=form.remark.data,
modified_by_id=current_user.id
)
if current_user.overdue:
suspension.start_time = current_user.due_time
db.session.add(suspension)
user = current_user._get_current_object()
user.role_id = Role.query.filter_by(name='挂起').first().id
db.session.add(user)
db.session.commit()
flash('您的挂起申请已提交', category='success')
add_user_log(
user=current_user._get_current_object(),
event='申请挂起研修资格',
category='duetime'
)
return redirect(request.args.get('next') or current_user.index_url)
form.remark.data = '示例:因YYYY年MM月DD日至YYYY年MM月DD日出国交换,申请挂起研修资格。'
return minify(render_template(
'profile/apply_suspension.html',
form=form
))
def activate():
'''auth.activate()'''
if current_user.is_authenticated and current_user.confirmed:
return redirect(request.args.get('next') or current_user.index_url)
form = ActivationForm()
if form.validate_on_submit():
user = User.query.filter_by(
email=form.email.data.strip().lower(),
created=True,
activated=False,
deleted=False
).first()
if user is not None and user.verify_password(form.activation_code.data):
user.activate(new_password=form.password.data)
db.session.commit()
token = user.generate_confirmation_token()
send_email(
recipient=user.email,
subject='确认您的邮箱账户',
template='auth/mail/confirm',
user=user,
token=token
)
login_user(user, remember=False)
flash('激活成功!', category='success')
flash('一封确认邮件已经发送至您的邮箱', category='info')
send_emails(
recipients=[staff.email for staff in User.all_can('管理用户').all() \
if staff.has_inner_domain_email],
subject='新用户:{}'.format(user.name),
template='auth/mail/new_user',
user=user
)
add_user_log(user=user, event='激活账户', category='auth')
return redirect(url_for('auth.unconfirmed'))
flash('激活信息有误,或账户已处于激活状态', category='error')
return minify(render_template(
'auth/activate.html',
form=form
))
def end_suspension():
'''profile.end_suspension()'''
if current_user.is_staff:
abort(403)
if not current_user.is_suspended:
flash('您尚未处于挂起状态', category='error')
return redirect(request.args.get('next') or current_user.index_url)
if not current_user.is_self_suspended:
flash('您的研修资格不可自助恢复', category='error')
return redirect(request.args.get('next') or current_user.index_url)
if not current_user.current_suspension.cooled_down:
flash('您的挂起申请冷却时间不足', category='error')
return redirect(request.args.get('next') or current_user.index_url)
current_user.end_suspension(modified_by=current_user._get_current_object())
db.session.commit()
flash('您的研修资格已恢复', category='success')
add_user_log(
user=current_user._get_current_object(),
event='自助恢复研修资格',
category='duetime'
)
return redirect(request.args.get('next') or current_user.index_url)
def group(id):
'''profile.group(id)'''
tab = 'group'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
form = GroupForm()
if form.validate_on_submit():
if user.organized_groups.count():
flash('“{}”已经发起过团报'.format(user.name_email), category='error')
return redirect(url_for('manage.group', page=request.args.get('page', 1, type=int)))
if user.registered_groups.count():
flash('“{}”已经参加过“{}”发起的团报'.format(
user.name_email,
user.registered_groups.first().organizer.name_email
), category='error')
return redirect(url_for('manage.group', page=request.args.get('page', 1, type=int)))
user.register_group(
organizer=user,
alumnus=form.alumnus.data,
modified_by=current_user._get_current_object()
)
db.session.commit()
flash('“{}”已成功发起团报'.format(user.name_email), category='success')
add_user_log(user=user, event='发起团报', category='group')
add_user_log(
user=current_user._get_current_object(),
event='记录“{}”发起团报'.format(user.name_email),
category='manage'
)
return redirect(url_for('profile.group', id=user.id))
return minify(render_template(
'profile/group.html',
profile_tab=tab,
form=form,
user=user
))
def reset_password(token):
'''auth.reset_password(token)'''
if current_user.is_authenticated:
return redirect(current_user.index_url)
form = ResetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.strip().lower()).first()
if user is None or not user.created or not user.activated or user.deleted:
flash('用户邮箱错误', category='error')
return redirect(url_for('auth.reset_password_request'))
if user.reset_password(token, form.password.data):
db.session.commit()
flash('重置密码成功', category='success')
add_user_log(user=user, event='重置密码', category='auth')
return redirect(url_for('auth.login'))
flash('重置密码失败', category='error')
return redirect(url_for('auth.reset_password_request'))
return minify(render_template(
'auth/reset_password.html',
form=form,
token=token
))
def y_gre_practice_set_download(id):
'''resource.y_gre_practice_set_download(id)'''
practice_set = PracticeSet.query.get_or_404(id)
if not current_user.can_download_y_gre_practice_set_pdf(practice_set=practice_set):
abort(403)
cached_pdf_file = os.path.join(current_app.config['CACHE_DIR'], 'user_{}'.format(current_user.id), 'y_gre', 'practice_sets', '{}.pdf'.format(practice_set.id))
if os.path.exists(cached_pdf_file):
encrypted_pdf_file = cached_pdf_file
else:
raw_pdf_file = os.path.join(current_app.config['RESOURCE_DIR'], 'y_gre', 'practice_sets', '{}.pdf'.format(practice_set.id))
if current_user.id_number:
pdf_password = current_user.id_number[-6:]
else:
pdf_password = current_app.config['ADMIN_PASSWORD']
encrypted_pdf_file = encrypt_pdf(
raw_pdf_file=raw_pdf_file,
cached_pdf_file=cached_pdf_file,
password=pdf_password
)
if encrypted_pdf_file is None:
abort(404)
add_user_log(
user=current_user._get_current_object(),
event='获取文件“{}.pdf”'.format(practice_set.name),
category='resource'
)
if current_app.config['X_ACCEL_ENABLE']:
return nginx_send_file(
filename=encrypted_pdf_file,
mimetype='application/pdf',
attachment_filename='{}.pdf'.format(practice_set.name)
)
return send_file(
encrypted_pdf_file,
mimetype='application/pdf',
as_attachment=True,
attachment_filename='{}.pdf'.format(practice_set.name)
)
def reset_password_request():
'''auth.reset_password_request()'''
if current_user.is_authenticated:
return redirect(request.args.get('next') or current_user.index_url)
form = ResetPasswordRequestForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.strip().lower()).first()
if user is not None and user.created and user.activated and not user.deleted:
token = user.generate_reset_token()
send_email(
recipient=user.email,
subject='重置您的密码',
template='auth/mail/reset_password',
user=user,
token=token,
next=request.args.get('next')
)
flash('一封用于重置密码的邮件已经发送至您的邮箱', category='info')
add_user_log(user=user, event='请求重置密码', category='auth')
return redirect(url_for('auth.reset_password_request'))
return minify(render_template(
'auth/reset_password_request.html',
form=form
))
def device():
'''manage.device()'''
form = DeviceForm(is_developer=current_user.is_developer)
if form.validate_on_submit():
serial = form.serial.data.upper()
if Device.query.filter_by(serial=serial).first() is not None:
flash('已存在序列号为“{}”的设备'.format(serial), category='error')
return redirect(url_for('manage.device'))
device = Device(
serial=serial,
alias=form.alias.data,
type_id=int(form.device_type.data),
room_id=(None if int(form.room.data) == 0 else int(form.room.data)),
mac_address=(None if form.mac_address.data == '' else form.mac_address.data),
category=('development' if form.development_machine.data and \
current_user.is_developer else 'production'),
modified_by_id=current_user.id
)
db.session.add(device)
db.session.commit()
for lesson_type_id in form.lesson_types.data:
device.add_lesson_type(
lesson_type=LessonType.query.get(int(lesson_type_id)))
db.session.commit()
flash('已添加设备:{} [{}]'.format(device.alias, device.serial),
category='success')
add_user_log(user=current_user._get_current_object(),
event='添加设备:{} [{}]'.format(device.alias, device.serial),
category='manage')
db.session.commit()
return redirect(url_for('manage.device'))
show_tablet_devices = True
show_desktop_devices = False
show_mobile_devices = False
show_development_devices = False
show_obsolete_devices = False
if current_user.is_authenticated:
show_tablet_devices = bool(
request.cookies.get('show_tablet_devices', '1'))
show_desktop_devices = bool(
request.cookies.get('show_desktop_devices', ''))
show_mobile_devices = bool(
request.cookies.get('show_mobile_devices', ''))
show_development_devices = bool(
request.cookies.get('show_development_devices', ''))
show_obsolete_devices = bool(
request.cookies.get('show_obsolete_devices', ''))
if show_tablet_devices:
header = '平板设备'
query = Device.query\
.join(DeviceType, DeviceType.id == Device.type_id)\
.filter(DeviceType.name == 'Tablet')\
.filter(Device.category == 'production')\
.filter(Device.obsolete == False)\
.order_by(Device.alias.asc())
if show_desktop_devices:
header = '桌面设备'
query = Device.query\
.join(DeviceType, DeviceType.id == Device.type_id)\
.filter(DeviceType.name == 'Desktop')\
.filter(Device.category == 'production')\
.filter(Device.obsolete == False)\
.order_by(Device.alias.asc())
if show_mobile_devices:
header = '移动设备'
query = Device.query\
.join(DeviceType, DeviceType.id == Device.type_id)\
.filter(DeviceType.name == 'Mobile')\
.filter(Device.category == 'production')\
.filter(Device.obsolete == False)\
.order_by(Device.alias.asc())
if show_development_devices:
if current_user.is_developer:
header = '开发设备'
query = Device.query\
.filter(Device.category == 'development')\
.filter(Device.obsolete == False)\
.order_by(Device.alias.asc())
else:
return redirect(url_for('manage.tablet_devices'))
if show_obsolete_devices:
header = '报废设备'
if current_user.is_developer:
query = Device.query\
.filter(Device.obsolete == True)\
.order_by(Device.alias.asc())
else:
query = Device.query\
.filter(Device.category == 'production')\
.filter(Device.obsolete == True)\
.order_by(Device.alias.asc())
page = request.args.get('page', 1, type=int)
try:
pagination = query.paginate(
page,
per_page=current_app.config['RECORD_PER_PAGE'],
error_out=False)
except NameError:
return redirect(url_for('manage.tablet_devices'))
devices = pagination.items
return minify(
render_template('manage/device.html',
header=header,
form=form,
show_tablet_devices=show_tablet_devices,
show_desktop_devices=show_desktop_devices,
show_mobile_devices=show_mobile_devices,
show_development_devices=show_development_devices,
show_obsolete_devices=show_obsolete_devices,
pagination=pagination,
devices=devices))
def login():
'''auth.login()'''
if current_user.is_authenticated:
return redirect(request.args.get('next') or current_user.index_url)
form = LoginForm()
if form.validate_on_submit():
mac_address = get_mac_address_from_ip(ip_address=request.headers\
.get('X-Forwarded-For', request.remote_addr))
if mac_address is None:
flash('无法获取设备信息', category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
device = Device.query.filter_by(mac_address=mac_address).first()
if device is None:
flash('设备未授权(MAC地址:{})'.format(mac_address), category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
# authenticate user via Y-System
data = y_system_api_request(api='login-user',
token_data={
'email':
form.email.data.strip().lower(),
'password': form.password.data,
'device': device.alias,
})
if data is None:
flash('网络通信故障', category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
if verify_data_keys(data=data, keys=['error']):
flash('登录失败:{}'.format(data.get('error')), category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
if not verify_data_keys(data=data, keys=['user_id']):
flash('登录失败:用户信息无效', category='error')
flash('初次登录时,请确认Y-System账号已经激活。', category='info')
return redirect(
url_for('auth.login', next=request.args.get('next')))
user = User.query.get(data.get('user_id'))
if user is None:
# migrate user from Y-System
data = y_system_api_request(api='migrate-user',
token_data={
'user_id': data.get('user_id'),
})
if data is None:
flash('网络通信故障', category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
if verify_data_keys(data=data, keys=['error']):
flash('登录失败:{}'.format(data.get('error')), category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
if not verify_data_keys(data=data,
keys=['user_id', 'role', 'name']):
flash('登录失败:用户信息无效', category='error')
flash('初次登录时,请确认Y-System账号已经激活。', category='info')
return redirect(
url_for('auth.login', next=request.args.get('next')))
role = Role.query.filter_by(name=data.get('role')).first()
if role is None:
flash('登录失败:无效的用户角色“{}”'.format(data.get('role')),
category='error')
return redirect(
url_for('auth.login', next=request.args.get('next')))
user = User(id=data.get('user_id'),
role_id=role.id,
name=data.get('name'))
db.session.add(user)
db.session.commit()
add_user_log(user=user, event='从Y-System导入用户信息', category='auth')
if verify_data_keys(data=data, keys=['role', 'name']):
if data.get('role') != user.role.name:
role = Role.query.filter_by(name=data.get('role')).first()
if role is not None:
user.role_id = role.id
db.session.add(user)
if data.get('name') != user.name:
user.name = data.get('name')
db.session.add(user)
if data.get('vb_progress') is not None:
user.sync_punch(section=data.get('vb_progress'))
if data.get('y_gre_progress') is not None:
user.sync_punch(section=data.get('y_gre_progress'))
if data.get('y_gre_aw_progress') is not None:
user.sync_punch(section=data.get('y_gre_aw_progress'))
login_user(user, remember=current_app.config['AUTH_REMEMBER_LOGIN'])
add_user_log(user=user, event='登录系统', category='auth')
db.session.commit()
return redirect(request.args.get('next') or user.index_url)
return minify(render_template('auth/login.html', form=form))
def credit(id):
'''profile.credit(id)'''
tab = 'credit'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
if user.id == current_user.id:
form = ApplyCreditForm()
if form.validate_on_submit():
credit = Credit.query.get_or_404(int(form.credit.data))
credit_record = UserCredit(
user_id=user.id,
credit_id=credit.id,
granter_id=current_user.id,
remark=form.remark.data
)
db.session.add(credit_record)
db.session.commit()
flash('已申请积分项目:{}'.format(credit.name_value), category='success')
add_user_log(
user=current_user._get_current_object(),
event='申请积分项目:{}'.format(credit.name_value),
category='credit'
)
else:
form = CreditRecordForm()
if form.validate_on_submit() and current_user.can('管理积分'):
credit = Credit.query.get_or_404(int(form.credit.data))
credit_record = UserCredit(
user_id=user.id,
credit_id=credit.id,
quantity=form.quantity.data,
approved=form.approved.data,
granter_id=current_user.id,
remark=form.remark.data
)
db.session.add(credit_record)
db.session.commit()
flash('已给“{}”添加积分项目:{}'.format(
user.name_email,
credit.name_value
), category='success')
add_user_log(
user=user,
event='获得积分:{}'.format(credit.name_value),
category='credit'
)
add_user_log(
user=current_user._get_current_object(),
event='给“{}”添加积分项目:{}'.format(user.name_email, credit.name_value),
category='manage'
)
page = request.args.get('page', 1, type=int)
pagination = UserCredit.query\
.filter(UserCredit.user_id == user.id)\
.order_by(UserCredit.timestamp.desc())\
.paginate(page, per_page=current_app.config['RECORD_PER_PAGE'], error_out=False)
credit_records = pagination.items
return minify(render_template(
'profile/credit.html',
profile_tab=tab,
form=form,
pagination=pagination,
credit_records=credit_records,
user=user
))
def register(creator_id, token):
'''auth.register(creator_id, token)'''
if current_user.is_authenticated:
logout_user()
creator = User.query.get_or_404(creator_id)
if not creator.created or creator.deleted or not creator.register_user(token):
flash('用户注册页面已过期', category='error')
return redirect(request.args.get('next') or url_for('manage.student'))
form = RegistrationForm()
if form.validate_on_submit() and creator.register_user(token):
user = User(
email=form.email.data.strip().lower(),
role_id=int(form.role.data),
password=form.id_number.data.strip().upper()[-6:],
name=form.name.data.strip(),
id_type_id=int(form.id_type.data),
id_number=form.id_number.data.strip().upper(),
gender_id=int(form.gender.data),
birthdate=form.birthdate.data,
mobile=form.mobile.data,
wechat=form.wechat.data,
qq=form.qq.data,
address=form.address.data,
emergency_contact_name=form.emergency_contact_name.data,
emergency_contact_relationship_id=int(form.emergency_contact_relationship.data),
emergency_contact_mobile=form.emergency_contact_mobile.data,
worked_in_same_field=form.worked_in_same_field.data,
deformity=form.deformity.data,
application_specialty=form.application_specialty.data,
application_degree=form.application_degree.data,
application_country=form.application_country.data,
application_rank=form.application_rank.data,
application_agency=form.application_agency.data
)
db.session.add(user)
db.session.commit()
# education
if form.high_school.data:
user.add_education_record(
education_type=EducationType.query.filter_by(name='高中').first(),
school=form.high_school.data,
year=form.high_school_year.data
)
if form.bachelor_school.data and form.bachelor_school.data != '无':
user.add_education_record(
education_type=EducationType.query.filter_by(name='本科').first(),
school=form.bachelor_school.data,
major=form.bachelor_major.data,
gpa=form.bachelor_gpa.data,
full_gpa=form.bachelor_full_gpa.data,
year=form.bachelor_year.data
)
if '北京大学' in form.bachelor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北大').first())
elif '清华' in form.bachelor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='清华').first())
elif '北京邮电大学' in form.bachelor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北邮').first())
if form.bachelor_full_gpa.data and \
form.bachelor_gpa.data and \
float(form.bachelor_full_gpa.data) == 100 and \
float(form.bachelor_gpa.data) >= 90:
user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first())
if form.master_school.data:
user.add_education_record(
education_type=EducationType.query.filter_by(name='硕士').first(),
school=form.master_school.data,
major=form.master_major.data,
gpa=form.master_gpa.data,
full_gpa=form.master_full_gpa.data,
year=form.master_year.data
)
if '北京大学' in form.master_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北大').first())
elif '清华' in form.master_school.data:
user.add_tag(tag=Tag.query.filter_by(name='清华').first())
elif '北京邮电大学' in form.master_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北邮').first())
if form.master_full_gpa.data and \
form.master_gpa.data and \
float(form.master_full_gpa.data) == 100 and \
float(form.master_gpa.data) >= 90:
user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first())
if form.doctor_school.data:
user.add_education_record(
education_type=EducationType.query.filter_by(name='博士').first(),
school=form.doctor_school.data,
major=form.doctor_major.data,
gpa=form.doctor_gpa.data,
full_gpa=form.doctor_full_gpa.data,
year=form.doctor_year.data
)
if '北京大学' in form.doctor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北大').first())
elif '清华' in form.doctor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='清华').first())
elif '北京邮电大学' in form.doctor_school.data:
user.add_tag(tag=Tag.query.filter_by(name='北邮').first())
if form.doctor_full_gpa.data and \
form.doctor_gpa.data and \
float(form.doctor_full_gpa.data) == 100 and \
float(form.doctor_gpa.data) >= 90:
user.add_tag(tag=Tag.query.filter_by(name='GPA90+').first())
# employment
if form.employer_1.data:
user.add_employment_record(
employer=form.employer_1.data,
position=form.position_1.data,
year=form.job_year_1.data
)
if form.employer_2.data:
user.add_employment_record(
employer=form.employer_2.data,
position=form.position_2.data,
year=form.job_year_2.data
)
# scores
if form.cee_total.data and int(form.cee_total.data):
user.add_score_record(
score_type=ScoreType.query.filter_by(name='高考总分').first(),
score=form.cee_total.data,
full_score=form.cee_total_full.data
)
if form.cee_math.data and int(form.cee_math.data):
user.add_score_record(
score_type=ScoreType.query.filter_by(name='高考数学').first(),
score=form.cee_math.data,
full_score=form.cee_math_full.data
)
if int(form.cee_math_full.data) == 150 and int(form.cee_math.data) >= 135:
user.add_tag(tag=Tag.query.filter_by(name='高考数学135+').first())
if form.cee_english.data and int(form.cee_english.data):
user.add_score_record(
score_type=ScoreType.query.filter_by(name='高考英语').first(),
score=form.cee_english.data,
full_score=form.cee_english_full.data
)
if form.cet_4.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='大学英语四级').first(),
score=form.cet_4.data
)
if form.cet_6.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='大学英语六级').first(),
score=form.cet_6.data
)
if int(form.cet_6.data) >= 600:
user.add_tag(tag=Tag.query.filter_by(name='六级600+').first())
if form.tem_4.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='专业英语四级').first(),
score=form.tem_4.data
)
if form.tem_8.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='专业英语八级').first(),
score=form.tem_8.data
)
# competition scores
has_competition_score = False
if form.math_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='数学竞赛').first(),
remark=form.math_competition.data
)
has_competition_score = True
if form.physics_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='物理竞赛').first(),
remark=form.physics_competition.data
)
has_competition_score = True
if form.chemistry_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='化学竞赛').first(),
remark=form.chemistry_competition.data
)
has_competition_score = True
if form.biology_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='生物竞赛').first(),
remark=form.biology_competition.data
)
has_competition_score = True
if form.computer_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='计算机竞赛').first(),
remark=form.computer_competition.data
)
has_competition_score = True
if form.science_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='科技竞赛').first(),
remark=form.science_competition.data
)
has_competition_score = True
if form.english_competition.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='英语竞赛').first(),
remark=form.english_competition.data
)
has_competition_score = True
if has_competition_score:
user.add_tag(tag=Tag.query.filter_by(name='竞赛').first())
# other score
if form.other_score.data:
user.add_score_record(
score_type=ScoreType.query.filter_by(name='其它').first(),
remark=form.other_score.data
)
# TOEFL score
if form.toefl_total.data:
test_id = None
if form.toefl_test_date.data and int(form.toefl_test_date.data):
test_id = int(form.toefl_test_date.data)
toefl_test_score = TOEFLTestScore(
user_id=user.id,
test_id=test_id,
label_id=ScoreLabel.query.filter_by(name='TOEFL 初始').first().id,
total_score=form.toefl_total.data,
reading_score=form.toefl_reading.data,
listening_score=form.toefl_listening.data,
speaking_score=form.toefl_speaking.data,
writing_score=form.toefl_writing.data,
registered=True,
modified_by_id=creator.id
)
db.session.add(toefl_test_score)
# registration
for purpose_type_id in form.purposes.data:
user.add_purpose(purpose_type=PurposeType.query.get(int(purpose_type_id)))
if form.other_purpose.data:
user.add_purpose(
purpose_type=PurposeType.query.filter_by(name='其它').first(),
remark=form.other_purpose.data
)
for referrer_type_id in form.referrers.data:
user.add_referrer(referrer_type=ReferrerType.query.get(int(referrer_type_id)))
if form.other_referrer.data:
user.add_referrer(
referrer_type=ReferrerType.query.filter_by(name='其它').first(),
remark=form.other_referrer.data
)
if form.inviter_email.data:
inviter = User.query.filter_by(
email=form.inviter_email.data.strip().lower(),
created=True,
deleted=False
).first()
if inviter is not None:
inviter.invite_user(user=user, grant_credit=True)
else:
flash('需联系工作人员进行核对云社区推荐人邮箱:{}'\
.format(form.inviter_email.data.strip().lower()), category='error')
if form.partner.data:
partner = Partner.query.filter_by(name=form.partner.data).first()
if partner is not None:
partner.refer_user(user=user, commission=partner.default_commission)
db.session.commit()
flash('完成注册,请联系工作人员进行资料审核', category='success')
add_user_log(user=user, event='注册账户', category='auth')
return redirect(url_for(
'manage.confirm_user_registration',
id=user.id,
next=request.args.get('next')
))
return minify(render_template(
'auth/register.html',
form=form,
creator=creator,
token=token
))
def y_gre_practice_set_check_answer(id):
'''resource.y_gre_practice_set_check_answer(id)'''
block = QuestionBlock.query.get_or_404(id)
if not current_user.can_access_y_gre_practice_set_answer(practice_set=block.practice_set):
flash('您尚未学习对应课程', category='error')
return redirect(request.args.get('next') or \
url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id))
if current_user.is_staff:
flash('员工用户可直接查看该习题答案', category='warning')
return redirect(request.args.get('next') or \
url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id))
if current_user.answered_question_block(block=block):
flash('您已经核对过该习题答案:{}'.format(block.name), category='warning')
return redirect(request.args.get('next') or \
url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id))
# dynamic check answer form composition
class CheckAnswerForm(FlaskForm):
'''resource.CheckAnswerForm(FlaskForm)'''
submit = SubmitField('提交')
for question in block.questions.all():
if question.category == '1-text':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()]))
elif question.category == '2-text':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()]))
elif question.category == '3-text':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), StringField('填空3', validators=[InputRequired()]))
elif question.category == '4-text':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), StringField(question.abbr, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), StringField('填空2', validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), StringField('填空3', validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_4'.format(question.id), StringField('填空4', validators=[InputRequired()]))
elif question.category == '1-select':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C'), ('D', 'D'), ('E', 'E')], coerce=str, validators=[InputRequired()]))
elif question.category == '1-select-2':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectMultipleField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()]))
elif question.category == '2-select':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C')], coerce=str, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), SelectField('选项2', choices=[('', '选择选项'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()]))
elif question.category == '3-select':
setattr(CheckAnswerForm, 'question_{}_blank_1'.format(question.id), SelectField(question.abbr, choices=[('', '选择选项'), ('A', 'A'), ('B', 'B'), ('C', 'C')], coerce=str, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_2'.format(question.id), SelectField('选项2', choices=[('', '选择选项'), ('D', 'D'), ('E', 'E'), ('F', 'F')], coerce=str, validators=[InputRequired()]))
setattr(CheckAnswerForm, 'question_{}_blank_3'.format(question.id), SelectField('选项3', choices=[('', '选择选项'), ('G', 'G'), ('H', 'H'), ('I', 'I')], coerce=str, validators=[InputRequired()]))
form = CheckAnswerForm()
if form.validate_on_submit():
try:
for question in block.questions.all():
if question.category in ['1-text', '1-select']:
blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data
user_answer = UserAnswer(
user_id=current_user.id,
question_id=question.id,
blank_1=blank_1,
correct=(blank_1 == question.blank_1)
)
elif question.category in ['2-text', '2-select']:
blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data
blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data
user_answer = UserAnswer(
user_id=current_user.id,
question_id=question.id,
blank_1=blank_1,
blank_2=blank_2,
correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2)
)
elif question.category in ['3-text', '3-select']:
blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data
blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data
blank_3 = getattr(form, 'question_{}_blank_3'.format(question.id)).data
user_answer = UserAnswer(
user_id=current_user.id,
question_id=question.id,
blank_1=blank_1,
blank_2=blank_2,
blank_3=blank_3,
correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2 and blank_3 == question.blank_3)
)
elif question.category == '4-text':
blank_1 = getattr(form, 'question_{}_blank_1'.format(question.id)).data
blank_2 = getattr(form, 'question_{}_blank_2'.format(question.id)).data
blank_3 = getattr(form, 'question_{}_blank_3'.format(question.id)).data
blank_4 = getattr(form, 'question_{}_blank_4'.format(question.id)).data
user_answer = UserAnswer(
user_id=current_user.id,
question_id=question.id,
blank_1=blank_1,
blank_2=blank_2,
blank_3=blank_3,
blank_4=blank_4,
correct=(blank_1 == question.blank_1 and blank_2 == question.blank_2 and blank_3 == question.blank_3 and blank_4 == question.blank_4)
)
elif question.category == '1-select-2':
blank_1 = ''.join(sorted(getattr(form, 'question_{}_blank_1'.format(question.id)).data))
user_answer = UserAnswer(
user_id=current_user.id,
question_id=question.id,
blank_1=blank_1,
correct=(blank_1 == question.blank_1)
)
db.session.add(user_answer)
db.session.flush()
except SQLAlchemyError:
db.session.rollback()
flash('系统异常,请稍后重试。', category='error')
else:
db.session.commit()
flash('您已完成“{}”的答案核对'.format(block.name), category='success')
add_user_log(
user=current_user._get_current_object(),
event='核对答案:{}'.format(block.name),
category='resource'
)
return redirect(request.args.get('next') or \
url_for('resource.y_gre_practice_set_part', practice_set_id=block.practice_set_id, part_id=block.part_id))
return minify(render_template(
'resource/y_gre/practice_set_check_answer.html',
block=block,
form=form
))
def logout():
'''auth.logout()'''
add_user_log(user=current_user._get_current_object(), event='登出系统', category='access')
logout_user()
return redirect(url_for('auth.login'))
def score(id):
'''profile.score(id)'''
tab = 'score'
user = User.query.get_or_404(id)
if not user.created or user.deleted:
abort(404)
if not current_user.can_access_profile(user=user):
abort(403)
if not (user.is_student or user.is_suspended_student):
return redirect(url_for('profile.overview', id=user.id))
assignment_score_form = AssignmentScoreForm(prefix='assignment_score')
if assignment_score_form.validate_on_submit():
score = AssignmentScore(
user_id=user.id,
assignment_id=int(assignment_score_form.assignment.data),
grade_id=int(assignment_score_form.grade.data),
remark_html=sanitize_html(assignment_score_form.remark.data),
feedback=assignment_score_form.feedback.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加作业记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加作业记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for('profile.score', id=user.id))
vb_test_score_form = VBTestScoreForm(prefix='vb_test_score')
if vb_test_score_form.submit.data and vb_test_score_form.validate_on_submit():
vb_score = None
if vb_test_score_form.score.data:
vb_score = float(vb_test_score_form.score.data)
score = VBTestScore(
user_id=user.id,
test_id=int(vb_test_score_form.test.data),
score=vb_score,
remark_html=sanitize_html(vb_test_score_form.remark.data),
retrieved=vb_test_score_form.retrieved.data,
retake=vb_test_score_form.retake.data,
skip=vb_test_score_form.skip.data,
feedback=vb_test_score_form.feedback.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加VB考试记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加VB考试记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for('profile.score', id=user.id))
y_gre_test_score_form = YGRETestScoreForm(prefix='y_gre_test_score')
if y_gre_test_score_form.submit.data and y_gre_test_score_form.validate_on_submit():
v_score = None
if y_gre_test_score_form.v_score.data:
v_score = int(y_gre_test_score_form.v_score.data)
q_score = None
if y_gre_test_score_form.q_score.data:
q_score = int(y_gre_test_score_form.q_score.data)
aw_score = None
if y_gre_test_score_form.aw_score.data:
aw_score = int(y_gre_test_score_form.aw_score.data)
score = YGRETestScore(
user_id=user.id,
test_id=int(y_gre_test_score_form.test.data),
v_score=v_score,
q_score=q_score,
aw_score_id=aw_score,
remark_html=sanitize_html(y_gre_test_score_form.remark.data),
retrieved=y_gre_test_score_form.retrieved.data,
retake=y_gre_test_score_form.retake.data,
skip=y_gre_test_score_form.skip.data,
feedback=y_gre_test_score_form.feedback.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加Y-GRE考试记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加Y-GRE考试记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for('profile.score', id=user.id))
gre_test_score_form = GRETestScoreForm(prefix='gre_test_score')
if gre_test_score_form.submit.data and gre_test_score_form.validate_on_submit():
label_id = None
if int(gre_test_score_form.score_label.data) > 0:
label_id = int(gre_test_score_form.score_label.data)
if user.gre_test_scores.filter_by(label_id=label_id).first() is not None:
flash('“{}”已经拥有“{}”成绩'.format(
user.name_email,
ScoreLabel.query.get(label_id).name
), category='error')
return redirect(url_for('profile.score', id=user.id))
aw_score_id = None
if gre_test_score_form.aw_score.data:
aw_score_id = int(gre_test_score_form.aw_score.data)
score = GRETestScore(
user_id=user.id,
test_id=int(gre_test_score_form.test_date.data),
label_id=label_id,
v_score=gre_test_score_form.v_score.data,
q_score=gre_test_score_form.q_score.data,
aw_score_id=aw_score_id,
remark_html=sanitize_html(gre_test_score_form.remark.data),
registered=gre_test_score_form.registered.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加GRE考试记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加GRE考试记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for('profile.score', id=user.id))
gmat_test_score_form = GMATTestScoreForm(prefix='gmat_test_score')
if gmat_test_score_form.submit.data and gmat_test_score_form.validate_on_submit():
label_id = None
if int(gmat_test_score_form.score_label.data) > 0:
label_id = int(gmat_test_score_form.score_label.data)
if user.gmat_test_scores.filter_by(label_id=label_id).first() is not None:
flash('“{}”已经拥有“{}”成绩'.format(
user.name_email,
ScoreLabel.query.get(label_id).name
), category='error')
return redirect(url_for('profile.score', id=user.id))
aw_score_id = None
if gmat_test_score_form.aw_score.data:
aw_score_id = int(gmat_test_score_form.aw_score.data)
score = GMATTestScore(
user_id=user.id,
test_id=int(gmat_test_score_form.test_date.data),
label_id=label_id,
ir_score=gmat_test_score_form.ir_score.data,
q_score=gmat_test_score_form.q_score.data,
v_score=gmat_test_score_form.v_score.data,
total_score=gmat_test_score_form.total_score.data,
aw_score_id=aw_score_id,
remark_html=sanitize_html(gmat_test_score_form.remark.data),
registered=gmat_test_score_form.registered.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加GMAT考试记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加GMAT考试记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for('profile.score', id=user.id))
toefl_test_score_form = TOEFLTestScoreForm(prefix='toefl_test_score')
if toefl_test_score_form.submit.data and toefl_test_score_form.validate_on_submit():
label_id = None
if int(toefl_test_score_form.score_label.data) > 0:
label_id = int(toefl_test_score_form.score_label.data)
if user.toefl_test_scores.filter_by(label_id=label_id).first() is not None:
flash('“{}”已经拥有“{}”成绩'.format(
user.name_email,
ScoreLabel.query.get(label_id).name
), category='error')
return redirect(url_for('profile.score', id=user.id))
score = TOEFLTestScore(
user_id=user.id,
test_id=int(toefl_test_score_form.test_date.data),
label_id=label_id,
total_score=toefl_test_score_form.total.data,
reading_score=toefl_test_score_form.reading.data,
listening_score=toefl_test_score_form.listening.data,
speaking_score=toefl_test_score_form.speaking.data,
writing_score=toefl_test_score_form.writing.data,
remark_html=sanitize_html(toefl_test_score_form.remark.data),
registered=toefl_test_score_form.registered.data,
modified_by_id=current_user.id
)
db.session.add(score)
db.session.commit()
flash('已添加TOEFL考试记录:{}'.format(score.summary), category='success')
add_user_log(
user=current_user._get_current_object(),
event='添加TOEFL考试记录:{}'.format(score.summary),
category='manage'
)
return redirect(url_for(
'profile.score',
id=user.id,
page=request.args.get('page', 1, type=int)
))
return minify(render_template(
'profile/score.html',
profile_tab=tab,
assignment_score_form=assignment_score_form,
vb_test_score_form=vb_test_score_form,
y_gre_test_score_form=y_gre_test_score_form,
gre_test_score_form=gre_test_score_form,
gmat_test_score_form=gmat_test_score_form,
toefl_test_score_form=toefl_test_score_form,
user=user
))
