def process_request(self, request, override_view=None):
request.course = None # must be present to be a caching key
if is_anonymous_path(request.path) or \
(
not request.user.is_authenticated() and
not CourseAccess.allowed(request)
):
return None
if 'unset_course' in request.GET and SESSION_KEY in request.session:
del request.session[SESSION_KEY]
set_course = request.POST.get('set_course',
request.GET.get('set_course', None))
if set_course is not None:
course = get_object_or_404(
Course,
group__name=set_course)
if request.user.is_staff or \
CourseAccess.allowed(request) or \
(request.user in course.members):
request.session[SESSION_KEY] = course
self.decorate_request(request, course)
if 'next' in request.GET:
return HttpResponseRedirect(request.GET['next'])
return None
if SESSION_KEY in request.session:
course = request.session[SESSION_KEY]
self.decorate_request(request, course)
return None
available_courses = Course.objects.filter(group__user=request.user)
chosen_course = None
try:
requested_view, view_args, view_kwargs = resolve(
request.get_full_path())
except Resolver404:
requested_view = None
# Staff and instructors should always get the opportunity to
# pick a course.
if requested_view in AUTO_COURSE_SELECT:
chosen_course = AUTO_COURSE_SELECT[requested_view](
*view_args, **view_kwargs)
elif (available_courses.count() == 1 and
not request.user.is_staff and
not is_faculty(request.user)):
chosen_course = available_courses.first()
if chosen_course and \
(chosen_course in available_courses or request.user.is_staff):
request.session[SESSION_KEY] = chosen_course
self.decorate_request(request, chosen_course)
return None
return self.course_list_view(request, override_view)
def test_courseaccess(self):
""" what is this? """
# respond() should do nothing
CourseAccess.respond("foo")
class StubRequest(object):
REQUEST = dict()
self.assertFalse(CourseAccess.allowed(StubRequest()))
def post(self, request, *args, **kwargs):
if not CourseAccess.allowed(request):
return HttpResponseForbidden()
try:
arg = self.request.POST.get('asset-url', None)
asset = Asset.objects.get(id=self.get_asset_id(arg))
except (TypeError, Asset.DoesNotExist):
return HttpResponseNotFound()
for key, value in request.POST.items():
# replace primary source completely. the labels will differ
if key in Asset.primary_labels:
if len(value) < 1:
# don't empty out a primary source
msg = 'Invalid primary source for {}'.format(key)
return HttpResponseBadRequest(msg)
asset.update_primary(key, value)
else:
# update a secondary source based on label
sources = asset.source_set.filter(label=key)
sources.update(url=value)
return HttpResponse('updated')
def parse_user(self, request):
user = request.user
args = request.POST if request.method == 'POST' else request.GET
if ((user.is_staff or CourseAccess.allowed(request)) and 'as' in args):
as_user = args['as']
user = get_object_or_404(User, username=as_user)
return user
def parse_user(self, request):
user = request.user
if ((user.is_staff or CourseAccess.allowed(request)) and
'as' in request.REQUEST):
as_user = request.REQUEST['as']
user = get_object_or_404(User, username=as_user)
return user
def parse_user(self, request):
user = request.user
args = request.POST if request.method == 'POST' else request.GET
if ((user.is_staff or CourseAccess.allowed(request)) and 'as' in args):
as_user = args['as']
user = get_object_or_404(User, username=as_user)
return user
def _parse_user(request):
user = request.user
if ((user.is_staff or CourseAccess.allowed(request)) and
'as' in request.REQUEST):
as_user = request.REQUEST['as']
user = get_object_or_404(User, username=as_user)
if not request.course or not request.course.is_true_member(user):
return HttpResponseForbidden("You must be a member of the course to \
add assets.")
return user
def _parse_user(request):
user = request.user
if ((user.is_staff or CourseAccess.allowed(request))
and 'as' in request.REQUEST):
as_user = request.REQUEST['as']
user = get_object_or_404(User, username=as_user)
if not request.course or not request.course.is_true_member(user):
return HttpResponseForbidden("You must be a member of the course to \
add assets.")
return user
def course_list_query(request):
if not CourseAccess.allowed(request):
return HttpResponseForbidden('{"error":"server not whitelisted"}')
user = get_object_or_404(
User, username=request.REQUEST.get('user', 'none'))
courses = available_courses_query(user)
data = {'courses': dict(
[(c.group.name, {'title': c.title, })
for c in courses]
)}
return HttpResponse(
simplejson.dumps(data, indent=2),
mimetype='application/json')
def course_list_query(request):
if not CourseAccess.allowed(request):
return HttpResponseForbidden('{"error":"server not whitelisted"}')
username = request.POST.get('user', request.GET.get('user', 'none'))
user = get_object_or_404(User, username=username)
courses = get_courses_for_user(user)
data = {'courses': dict(
[(c.group.name, {'title': c.title, })
for c in courses]
)}
return HttpResponse(
json.dumps(data, indent=2),
content_type='application/json')
def post(self, request, *args, **kwargs):
if not CourseAccess.allowed(request):
return HttpResponseForbidden()
wid = self.request.POST.get('metadata-wardenclyffe-id', None)
if not wid:
return HttpResponseNotFound()
qs = self.get_matching_assets(wid)
if qs.count() == 0:
return HttpResponseNotFound()
for asset in self.get_matching_assets(wid):
items = request.POST.items()
if not self.update_asset(asset, items):
return HttpResponseBadRequest()
return HttpResponse('updated')
def asset_create(request):
"""
We'd like to support basically the Delicious URL API as much as possible
/save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes}
But also thumb={url}&stream={url}&...
Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=)
"""
# XXX TODO: the error case here should be 401/403, not 404
user = request.user
if (user.is_staff or CourseAccess.allowed(request)) and request.REQUEST.has_key('as'):
as_user = request.REQUEST['as']
if as_user == 'faculty':
as_user = request.course.faculty[0].username
user = get_object_or_404(User,username=as_user)
if not request.course or not request.course.is_true_member(user):
extra = ''
if user.is_staff:
extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse('admin:courseaffils_course_change', args=[request.course.id])
return HttpResponseForbidden("""You must be a member of the course to add assets.
This is to prevent unintentional participation.%s""" % extra)
asset = None
req_dict = getattr(request,request.method)
metadata = {}
for key in req_dict:
if key.startswith('metadata-'):
metadata[key[len('metadata-'):]] = req_dict.getlist(key)
title = req_dict.get('title','')
asset = Asset.objects.get_by_args(req_dict, asset__course=request.course)
if asset is False:
raise AssertionError("no arguments were supplied to make an asset")
if asset is None:
try:
asset = Asset(title=title[:1020], #max title length
course=request.course,
author=user)
asset.save()
for source in sources_from_args(request, asset).values():
if len(source.url) <= 4096:
source.save()
if "tag" in metadata:
for t in metadata["tag"]:
asset.save_tag(user, t)
if len(metadata):
asset.metadata_blob = simplejson.dumps(metadata)
asset.save()
except:
#we'll make it here if someone doesn't submit
#any primary_labels as arguments
# @todo verify the above comment.
raise AssertionError("no primary source provided")
# create a global annotation
global_annotation = asset.global_annotation(user, True)
asset_url = reverse('asset-view', args=[asset.id])
source = request.POST.get('asset-source', "")
if source == 'bookmarklet':
asset_url += "?level=item"
#for bookmarklet mass-adding
if request.REQUEST.get('noui','').startswith('postMessage'):
return render_to_response('assetmgr/interface_iframe.html',
{'message': '%s|%s' % (request.build_absolute_uri(asset_url),
request.REQUEST['noui']),
})
elif request.is_ajax():
return HttpResponse(serializers.serialize('json', asset),
mimetype="application/json")
elif "archive" == asset.primary.label:
redirect_url = request.POST.get('redirect-url',
reverse('class-add-source'))
url = "%s?newsrc=%s" % (redirect_url, asset.title)
return HttpResponseRedirect(url)
else:
return HttpResponseRedirect(asset_url)
def process_request(self, request):
request.course = None # must be present to be a caching key
path = urlquote(request.get_full_path())
if is_anonymous_path(request.path):
return None
if (not request.user.is_authenticated()
and not CourseAccess.allowed(request)):
return None
if 'unset_course' in request.GET:
if SESSION_KEY in request.session:
del request.session[SESSION_KEY]
def decorate_request(request, course):
request.course = course
request.coursename = course.title
# these will show up in Error emails as part of WSGI object
request.environ['django_username'] = request.user.username
request.environ['django_course'] = course.title
if Collaboration: # if structuredcollaboration app is installed
(request.collaboration_context,
created) = Collaboration.objects.get_or_create(
content_type=ContentType.objects.get_for_model(Course),
object_pk=str(course.pk))
if created or request.collaboration_context.slug is None:
request.collaboration_context.title = course.title
request.collaboration_context.group = course.group
for i in range(2):
slug_try = course.slug(attempt=i)
if Collaboration.objects.filter(
slug=slug_try).count() == 0:
request.collaboration_context.slug = slug_try
break
request.collaboration_context.save()
if 'set_course' in request.REQUEST:
course = Course.objects.get(
group__name=request.REQUEST['set_course'])
if (request.user.is_staff
or CourseAccess.allowed(request)
or (request.user in course.members)):
request.session[SESSION_KEY] = course
decorate_request(request, course)
if 'next' in request.GET:
return HttpResponseRedirect(request.GET['next'])
return None
if SESSION_KEY in request.session:
course = request.session[SESSION_KEY]
decorate_request(request, course)
return None
available_courses = Course.objects.filter(group__user=request.user)
chosen_course = None
try:
requested_view, view_args, view_kwargs = resolve(
request.get_full_path())
except Resolver404:
requested_view = None
#staff should always get the opportunity to pick a course
if requested_view in AUTO_COURSE_SELECT:
chosen_course = AUTO_COURSE_SELECT[requested_view](
*view_args, **view_kwargs)
elif len(available_courses) == 1 and not request.user.is_staff:
chosen_course = available_courses[0]
if (chosen_course
and (chosen_course in available_courses
or request.user.is_staff)):
request.session[SESSION_KEY] = chosen_course
decorate_request(request, chosen_course)
return None
return select_course(request)
def asset_create(request):
"""
We'd like to support basically the Delicious URL API as much as possible
/save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes}
But also thumb={url}&stream={url}&...
Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=)
"""
# XXX TODO: the error case here should be 401/403, not 404
user = request.user
if (user.is_staff or
CourseAccess.allowed(request)) and request.REQUEST.has_key('as'):
as_user = request.REQUEST['as']
if as_user == 'faculty':
as_user = request.course.faculty[0].username
user = get_object_or_404(User, username=as_user)
if not request.course or not request.course.is_true_member(user):
extra = ''
if user.is_staff:
extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse(
'admin:courseaffils_course_change', args=[request.course.id])
return HttpResponseForbidden(
"""You must be a member of the course to add assets.
This is to prevent unintentional participation.%s""" % extra)
asset = None
req_dict = getattr(request, request.method)
metadata = {}
for key in req_dict:
if key.startswith('metadata-'):
metadata[key[len('metadata-'):]] = req_dict.getlist(key)
title = req_dict.get('title', '')
asset = Asset.objects.get_by_args(req_dict, asset__course=request.course)
if asset is False:
raise AssertionError("no arguments were supplied to make an asset")
if asset is None:
try:
asset = Asset(
title=title[:1020], #max title length
course=request.course,
author=user)
asset.save()
for source in sources_from_args(request, asset).values():
if len(source.url) <= 4096:
source.save()
if "tag" in metadata:
for t in metadata["tag"]:
asset.save_tag(user, t)
if len(metadata):
asset.metadata_blob = simplejson.dumps(metadata)
asset.save()
except:
#we'll make it here if someone doesn't submit
#any primary_labels as arguments
# @todo verify the above comment.
raise AssertionError("no primary source provided")
# create a global annotation
global_annotation = asset.global_annotation(user, True)
asset_url = reverse('asset-view', args=[asset.id])
source = request.POST.get('asset-source', "")
if source == 'bookmarklet':
asset_url += "?level=item"
#for bookmarklet mass-adding
if request.REQUEST.get('noui', '').startswith('postMessage'):
return render_to_response(
'assetmgr/interface_iframe.html', {
'message':
'%s|%s' % (request.build_absolute_uri(asset_url),
request.REQUEST['noui']),
})
elif request.is_ajax():
return HttpResponse(serializers.serialize('json', asset),
mimetype="application/json")
elif "archive" == asset.primary.label:
redirect_url = request.POST.get('redirect-url',
reverse('class-add-source'))
url = "%s?newsrc=%s" % (redirect_url, asset.title)
return HttpResponseRedirect(url)
else:
return HttpResponseRedirect(asset_url)
def add_asset(request):
"""
We'd like to support basically the Delicious URL API as much as possible
/save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes}
But also thumb={url}&stream={url}&...
Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=)
"""
# XXX TODO: the error case here should be 401/403, not 404
user = request.user
if (user.is_staff or CourseAccess.allowed(request)) and request.REQUEST.has_key('as'):
as_user = request.REQUEST['as']
if as_user == 'faculty':
as_user = request.course.faculty[0].username
user = get_object_or_404(User,username=as_user)
if not request.course or not request.course.is_true_member(user):
extra = ''
if user.is_staff:
extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse('admin:courseaffils_course_change', args=[request.course.id])
return HttpResponseForbidden("""You must be a member of the course to add assets.
This is to prevent unintentional participation.%s""" % extra)
asset = None
req_dict = getattr(request,request.method)
metadata = {}
for key in req_dict:
if key.startswith('metadata-'):
metadata[key[len('metadata-'):]] = req_dict.getlist(key)
title = req_dict.get('title','')
asset = Asset.objects.get_by_args(req_dict, asset__course=request.course)
if asset is False:
raise AssertionError("no arguments were supplied to make an asset")
if asset is None:
try:
asset = Asset(title=title[:1020], #max title length
course=request.course,
author=user)
asset.save()
for source in sources_from_args(request, asset).values():
source.save()
transaction.commit()
if len(metadata):
asset.metadata_blob = simplejson.dumps(metadata)
asset.save()
transaction.commit()
except:
transaction.rollback()
raise
# if we got here from an attempt to annotate the mock asset
# we'll save that annotation now that the asset exists
if asset:
if request.POST.has_key('save-global-annotation'):
# if the user is saving a global annotation
# we need to create it first and then edit it
global_annotation = asset.global_annotation(user)
annotationview(request, asset.pk, global_annotation.pk)
transaction.commit()
elif request.POST.has_key('save-clip-annotation'):
annotationcontainerview(request, asset.pk)
transaction.commit()
asset_url = reverse('asset-view', args=[asset.id])
#for bookmarklet mass-adding
if request.REQUEST.get('noui','').startswith('postMessage'):
return render_to_response('assetmgr/interface_iframe.html',
{'message': '%s|%s' % (request.build_absolute_uri(asset_url),
request.REQUEST['noui']),
})
elif not request.is_ajax():
return HttpResponseRedirect(asset_url)
else:
return HttpResponse(serializers.serialize('json',asset),
mimetype="application/json")
else:
#we'll make it here if someone doesn't submit
#any primary_labels as arguments
raise AssertionError("something didn't work")
