def delete(request):
"""Handles the "/users/{uid}/delete" URL, providing the form and backend
functionality for deleting a :class:`~wte.models.User`. Also deletes all
the data that is linked to that :class:`~wte.models.User`.
"""
dbsession = DBSession()
user = dbsession.query(User).filter(
User.id == request.matchdict['uid']).first()
if user:
if user.allow('delete', request.current_user):
if request.method == 'POST':
try:
CSRFSchema().to_python(request.params,
State(request=request))
with transaction.manager:
dbsession.delete(user)
request.session.flash('The account has been deleted',
queue='info')
if request.current_user.has_permission('admin.users.view'):
raise HTTPSeeOther(request.route_url('users'))
else:
raise HTTPSeeOther(request.route_url('root'))
except Invalid as e:
return {
'errors':
e.error_dict,
'user':
user,
'crumbs':
create_user_crumbs(
request,
[{
'title': user.display_name,
'url': request.route_url('user.view',
uid=user.id)
}, {
'title':
'Delete',
'url':
request.route_url('user.delete', uid=user.id)
}])
}
return {
'user':
user,
'crumbs':
create_user_crumbs(
request,
[{
'title': user.display_name,
'url': request.route_url('user.view', uid=user.id)
}, {
'title': 'Delete',
'url': request.route_url('user.delete', uid=user.id)
}])
}
else:
unauthorised_redirect(request)
else:
raise HTTPNotFound()
def logout(request):
"""Handles the "user.logout" URL and deletes the current session,
thus logging the user out.
Redirects to the "user.logout" redirection route.
"""
if request.method == 'POST':
try:
CSRFSchema().to_python(request.params, State(request=request))
request.current_user.logged_in = False
request.session.delete()
redirect(request, 'user.logout')
except Invalid as e:
return {
'errors':
e.error_dict,
'crumbs': [{
'title': 'Logout',
'url': request.route_url('user.logout'),
'current': True
}]
}
return {
'crumbs': [{
'title': 'Logout',
'url': request.route_url('user.logout'),
'current': True
}]
}
def delete_part_task(request):
"""Handles the ``parts/{pid}/timed-tasks/{tid}/delete`` URL, providing the UI
and backend for deleting an existing :class:`~wte.models.TimedTask` that
belongs to a :class:`~wte.models.Part`.
Requires that the user has "edit" rights on the
:class:`~wte.models.Part`.
"""
dbsession = DBSession()
part = dbsession.query(Part).filter(
Part.id == request.matchdict['pid']).first()
task = dbsession.query(TimedTask).filter(
TimedTask.id == request.matchdict['tid']).first()
if part and task:
if part.allow('edit', request.current_user):
crumbs = create_part_crumbs(
request, part,
[{
'title': 'Timed Actions',
'url': request.route_url('part.timed_task', pid=part.id)
}, {
'title': 'Delete',
'url': request.current_route_url
}])
if request.method == 'POST':
try:
CSRFSchema().to_python(request.params,
State(request=request))
dbsession = DBSession()
with transaction.manager:
dbsession.delete(task)
dbsession.add(part)
raise HTTPSeeOther(
request.route_url('part.timed_task', pid=part.id))
except formencode.Invalid as e:
return {
'errors': e.error_dict,
'part': part,
'task': task,
'crumbs': crumbs,
'include_footer': True,
'help': ['user', 'teacher', 'timed_actions.html']
}
return {
'part': part,
'task': task,
'crumbs': crumbs,
'include_footer': True,
'help': ['user', 'teacher', 'timed_actions.html']
}
else:
unauthorised_redirect(request)
else:
raise HTTPNotFound()
def delete(request):
"""Handles the ``/parts/{pid}/assets/{aid}/delete`` URL,
providing the UI and backend for deleting :class:`~wte.models.Asset`.
Requires that the user has "edit" rights on the current :class:`~wte.models.Part`.
"""
dbsession = DBSession()
part = dbsession.query(Part).filter(
Part.id == request.matchdict['pid']).first()
asset = dbsession.query(Asset).join(Part.all_assets).\
filter(and_(Asset.id == request.matchdict['aid'],
Part.id == request.matchdict['pid'])).first()
if part and asset:
if part.allow('edit', request.current_user):
crumbs = create_part_crumbs(request, part, {
'title': 'Delete Asset',
'url': request.current_route_url()
})
if request.method == 'POST':
try:
CSRFSchema().to_python(request.params,
State(request=request))
dbsession = DBSession()
with transaction.manager:
dbsession.add(asset)
asset.parts = []
dbsession.delete(asset)
dbsession.add(part)
raise HTTPSeeOther(
request.route_url('part.view', pid=part.id))
except formencode.Invalid as e:
return {
'errors': e.error_dict,
'part': part,
'asset': asset,
'crumbs': crumbs,
'help': ['user', 'teacher', 'asset', 'delete.html']
}
return {
'part': part,
'asset': asset,
'crumbs': crumbs,
'help': ['user', 'teacher', 'asset', 'delete.html']
}
else:
unauthorised_redirect(request)
else:
raise HTTPNotFound()
def export(request):
dbsession = DBSession()
experiment = dbsession.query(Experiment).filter(Experiment.id == request.matchdict['eid']).first()
page = dbsession.query(Page).filter(and_(Page.id == request.matchdict['pid'],
Page.experiment_id == request.matchdict['eid'])).first()
if experiment and page:
try:
CSRFSchema().to_python(request.params, State(request=request))
request.response.headers['Content-Disposition'] = 'attachment; filename="%s.json"' % page.name
return PageIOSchema(include_data=('questions', 'questions.q_type', 'questions.q_type.parent',
'questions.q_type.q_type_group', 'questions.q_type.q_type_group.parent',
'questions.q_type.parent.q_type_group',
'questions.q_type.parent.q_type_group.parent')).dump(page).data
except formencode.Invalid:
raise HTTPFound(request.route_url('experiment.page.edit', eid=experiment.id, pid=page.id))
else:
raise HTTPNotFound()
def data_delete(request):
mode = 'latinsquare' if 'latinsquare' in request.matched_route.name else 'dataset'
dbsession = DBSession()
experiment = dbsession.query(Experiment).filter(
Experiment.id == request.matchdict['eid']).first()
data_set = dbsession.query(DataSet).filter(
and_(DataSet.id == request.matchdict['did'],
DataSet.experiment_id == request.matchdict['eid'],
DataSet.type == mode)).first()
if experiment and data_set:
try:
CSRFSchema().to_python(request.params, State(request=request))
with transaction.manager:
dbsession.delete(data_set)
dbsession.add(experiment)
raise HTTPFound(
request.route_url('experiment.%s' % mode, eid=experiment.id))
except formencode.Invalid:
raise HTTPFound(
request.route_url('experiment.%s.view' % mode,
eid=experiment.id,
did=data_set.id))
else:
raise HTTPNotFound()
def permissions(request):
"""Handles the "/users/{uid}/permissions" URL, providing the form and
backend functionality for setting the :class:`~wte.models.Permission` and
:class:`~wte.models.PermissionGroup` that the :class:`~wte.models.User`
belongs to.
"""
dbsession = DBSession()
user = dbsession.query(User).filter(
User.id == request.matchdict['uid']).first()
if user:
permission_groups = dbsession.query(PermissionGroup).order_by(
PermissionGroup.title)
permissions = dbsession.query(Permission).order_by(Permission.title)
if request.method == 'POST':
try:
CSRFSchema(allow_extra_fields=True).to_python(
request.params, State(request=request))
with transaction.manager:
dbsession.add(user)
ids = request.params.getall('permission_group')
if ids:
user.permission_groups = dbsession.query(PermissionGroup).\
filter(PermissionGroup.id.in_(ids)).all()
else:
user.permission_groups = []
ids = request.params.getall('permission')
if ids:
user.permissions = dbsession.query(Permission).filter(
Permission.id.in_(ids)).all()
else:
user.permissions = []
dbsession.add(user)
dbsession.add(request.current_user)
if request.current_user.has_permission('admin.users.view'):
raise HTTPSeeOther(request.route_url('users'))
else:
raise HTTPSeeOther(
request.route_url('user.view', uid=user.id))
except Invalid as e:
return {
'errors':
e.error_dict,
'user':
user,
'permission_groups':
permission_groups,
'permissions':
permissions,
'crumbs':
create_user_crumbs(
request,
[{
'title': user.display_name,
'url': request.route_url('user.view', uid=user.id)
}, {
'title':
'Permissions',
'url':
request.route_url('user.permissions', uid=user.id)
}])
}
return {
'user':
user,
'permission_groups':
permission_groups,
'permissions':
permissions,
'crumbs':
create_user_crumbs(
request,
[{
'title': user.display_name,
'url': request.route_url('user.view', uid=user.id)
}, {
'title': 'Permissions',
'url': request.route_url('user.permissions', uid=user.id)
}])
}
else:
raise HTTPNotFound()
def actions_export(request):
dbsession = DBSession()
experiment = dbsession.query(Experiment).filter(
Experiment.id == request.matchdict['eid']).first()
if experiment:
if request.method == 'POST':
try:
CSRFSchema().to_python(request.params, State(request=request))
request.response.headers[
'Content-Disposition'] = 'attachment; filename="%s.json"' % experiment.title
request.override_renderer = 'json'
return ExperimentIOSchema(include_schemas=[s for s in all_io_schemas if s != ExperimentIOSchema]).\
dump(experiment).data
except formencode.Invalid:
return {
'experiment':
experiment,
'crumbs': [{
'title': 'Experiments',
'url': request.route_url('dashboard')
}, {
'title':
experiment.title,
'url':
request.route_url('experiment.view', eid=experiment.id)
}, {
'title':
'Actions',
'url':
request.route_url('experiment.actions',
eid=experiment.id)
}, {
'title':
'Export',
'url':
request.route_url('experiment.actions.export',
eid=experiment.id)
}]
}
return {
'experiment':
experiment,
'crumbs': [{
'title': 'Experiments',
'url': request.route_url('dashboard')
}, {
'title':
experiment.title,
'url':
request.route_url('experiment.view', eid=experiment.id)
}, {
'title':
'Actions',
'url':
request.route_url('experiment.actions', eid=experiment.id)
}, {
'title':
'Export',
'url':
request.route_url('experiment.actions.export',
eid=experiment.id)
}]
}
else:
raise HTTPNotFound()
def update(request):
"""Handles the ``parts/{pid}/users`` URL, applying the changes select when the
user views :func:`~wte.views.user_role.action`.
Requires that the user has "users" rights on the
:class:`~wte.models.Part`.
"""
dbsession = DBSession()
dbsession.add(request.current_user)
part = dbsession.query(Part).filter(Part.id == request.matchdict['pid']).first()
if part:
if part.allow('users', request.current_user):
query_params = []
for param in ['q', 'role', 'start']:
if param in request.params and request.params[param]:
query_params.append((param, request.params[param]))
try:
crumbs = create_part_crumbs(request,
part,
[{'title': 'Users',
'url': request.route_url('part.users', pid=part.id)},
{'title': 'Update',
'url': request.current_route_url()}])
users = []
params = {}
params = ActionSchema().to_python(request.params,
State(request=request))
users = dbsession.query(UserPartRole).filter(UserPartRole.id.in_(params['role_id'])).all()
if params['action'] == 'change_role':
params = ChangeRoleSchema().to_python(request.params, State(request=request))
with transaction.manager:
for role in users:
dbsession.add(role)
role.role = params['role']
raise HTTPSeeOther(request.route_url('part.users', pid=request.matchdict['pid'],
_query=query_params))
elif params['action'] == 'remove':
schema = CSRFSchema()
schema.allow_extra_fields = True
schema.to_python(request.params, State(request=request))
with transaction.manager:
dbsession.add(part)
parts = get_all_parts(part)
for role in users:
dbsession.add(role)
for child_part in parts:
progress = dbsession.query(UserPartProgress).\
filter(and_(UserPartProgress.part_id == child_part.id,
UserPartProgress.user_id == role.user.id)).first()
if progress:
dbsession.delete(progress)
dbsession.delete(role)
raise HTTPSeeOther(request.route_url('part.users', pid=request.matchdict['pid'],
_query=query_params))
elif params['action'] == 'block':
schema = CSRFSchema()
schema.allow_extra_fields = True
schema.to_python(request.params, State(request=request))
with transaction.manager:
for role in users:
dbsession.add(role)
role.role = 'block'
raise HTTPSeeOther(request.route_url('part.users', pid=request.matchdict['pid'],
_query=query_params))
except formencode.api.Invalid as e:
return {'errors': e.error_dict,
'values': request.params,
'part': part,
'params': params,
'query_params': query_params,
'users': users,
'crumbs': crumbs,
'help': ['user', 'teacher', 'module', 'users.html']}
return {'part': part,
'params': params,
'query_params': query_params,
'users': users,
'crumbs': crumbs,
'help': ['user', 'teacher', 'module', 'users.html']}
else:
unauthorised_redirect(request)
else:
raise HTTPNotFound()