def android_client_get_semester(identifier):
"""android client get a student or teacher's semesters
"""
from flask import current_app as app, jsonify
from everyclass.server.utils.rpc import HttpRpc
with elasticapm.capture_span('rpc_search'):
rpc_result = HttpRpc.call_with_handle_message('{}/v1/search/{}'.format(
app.config['API_SERVER_BASE_URL'], identifier))
if isinstance(rpc_result, tuple):
return rpc_result
api_response = rpc_result
if len(api_response['student']) == 1:
return jsonify({
'type':
'student',
'sid':
api_response['student'][0]['sid'],
'semesters':
sorted(api_response['student'][0]['semester'])
})
if len(api_response['teacher']) == 1:
return jsonify({
'type':
'teacher',
'tid':
api_response['teacher'][0]['tid'],
'semesters':
sorted(api_response['teacher'][0]['semester'])
})
return "Bad request (got multiple people)", 400
def android_client_get_ics(resource_type, identifier, semester):
"""
android client get a student or teacher's ics file
If the student does not have privacy mode, anyone can use student number to subscribe his calendar.
If the privacy mode is on and there is no HTTP basic authentication, return a 401(unauthorized)
status code and the Android client ask user for password to try again.
"""
from flask import current_app as app, redirect, url_for, request
from everyclass.server.utils.rpc import HttpRpc
from everyclass.server.db.dao import PrivacySettingsDAO, CalendarTokenDAO, UserDAO
if resource_type not in ('student', 'teacher'):
return "Unknown resource type", 400
with elasticapm.capture_span('rpc_search'):
rpc_result = HttpRpc.call_with_handle_message('{}/v1/{}/{}/{}'.format(
app.config['API_SERVER_BASE_URL'], resource_type, identifier,
semester))
if isinstance(rpc_result, tuple):
return rpc_result
api_response = rpc_result
if resource_type == 'teacher':
cal_token = CalendarTokenDAO.get_or_set_calendar_token(
resource_type=resource_type,
identifier=rpc_result["sid"],
semester=semester)
return redirect(
url_for('calendar.ics_download', calendar_token=cal_token))
else:
# student
with elasticapm.capture_span('get_privacy_settings'):
privacy_level = PrivacySettingsDAO.get_level(api_response['sid'])
# get authorization from HTTP header and verify password if privacy is on
if privacy_level != 0:
if not request.authorization:
return "Unauthorized (privacy on)", 401
username, password = request.authorization
if not UserDAO.check_password(username, password):
return "Unauthorized (password wrong)", 401
if api_response['sid'] != username:
return "Unauthorized (username mismatch)", 401
cal_token = CalendarTokenDAO.get_or_set_calendar_token(
resource_type=resource_type,
identifier=rpc_result["sid"],
semester=semester)
return redirect(
url_for('calendar.ics_download', calendar_token=cal_token))