def submit_essay(request, essay_id):
# Check essay if valid
essay = get_record_by_id(essay_id, Essay, check_school_id=False)
if essay.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
top_level_expected_keys = ["content"]
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
# Validate lesson
lesson = get_record_by_id(essay.lesson.id, Lesson)
if g.user.id not in [t.id for t in lesson.students]:
raise UnauthorizedError()
submission = EssaySubmission(
essay.id,
g.user.id,
datetime.datetime.now(), # TODO: Deal with timezones
json_data['content'])
db.session.add(submission)
db.session.commit()
return jsonify({'success': True}), 201
def lesson_update(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
json_data = json_from_request(request)
if "name" in json_data.keys():
if json_data['name'] != lesson.name:
validate_lesson_name(name=json_data['name'],
school_id=g.user.school_id)
lesson.name = json_data['name']
if "subject_id" in json_data.keys():
subject = get_record_by_id(json_data['subject_id'],
Subject,
custom_not_found_error=CustomError(
409, message="Invalid subject_id."))
lesson.subject_id = subject.id
if "teacher_ids" in json_data.keys():
lesson.teachers = []
add_teachers(json_data['teacher_ids'], lesson)
if "student_ids" in json_data.keys():
lesson.students = []
add_students(json_data['student_ids'], lesson)
db.session.add(lesson)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def quiz_detail(request, quiz_id):
# Check essay if valid
quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False)
if quiz.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
return jsonify({'success': True, 'quiz': quiz.to_dict()})
def essay_detail(request, essay_id):
# Check essay if valid
essay = get_record_by_id(essay_id, Essay, check_school_id=False)
if essay.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
return jsonify({'success': True, 'essay': essay.to_dict()})
def remove_permission(request):
data = json_from_request(request)
expected_keys = ["user_id"]
check_keys(expected_keys, data)
if "permission_id" not in data.keys() and "all" not in data.keys():
raise MissingKeyError("permission_id or all")
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id."))
if "all" in data.keys() and data['all'] is True:
user.permissions = []
else:
# Check the permission specified is in the correct school
permission = get_permission_by_id(data['permission_id'], CustomError(409, message="Invalid permission_id."))
# Check the user has the permission
if permission.id not in [p.id for p in user.permissions]:
raise CustomError(
409,
message="User with id: {} does not have permission with id: {}".format(data['user_id'],
data['permission_id'])
)
user.permissions.remove(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 200
def comment_create_view(request):
"""Creates a Comment object from a HTTP request."""
# Keys which need to in JSON from request
top_level_expected_keys = [
"submission_id",
"text",
]
# Get JSON from request and check keys are present
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
# Fetch submission
submission = get_record_by_id(json_data['submission_id'],
Submission,
check_school_id=False)
# Check user teaches the lesson that submission they are commenting on
if g.user.id not in [t.id for t in submission.homework.lesson.teachers]:
raise UnauthorizedError()
# Create comment
comment = Comment(submission.id, json_data['text'], g.user.id)
db.session.add(comment)
db.session.commit()
return jsonify({"success": True, "comment": comment.to_dict()}), 201
def comment_delete_view(request, comment_id):
"""Delete Comment based on id."""
comment = get_record_by_id(comment_id, Comment, check_school_id=False)
if comment.user.school_id != g.user.school_id:
raise UnauthorizedError()
db.session.delete(comment)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def subject_delete_view(request, subject_id):
subject = get_record_by_id(subject_id, Subject)
# Check if subject still has lessons
lesson = Lesson.query.filter_by(subject_id=subject.id).first()
if lesson is not None:
return jsonify({'error': True, 'message': 'Please delete all lessons which are part of this subject'}), 409
db.session.delete(subject)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def comment_detail_view(request, comment_id):
"""Fetch Comment based on id from request."""
comment = get_record_by_id(comment_id, Comment, check_school_id=False)
if comment.user.school_id != g.user.school_id:
raise UnauthorizedError()
return jsonify({
'success': True,
'comment': comment.to_dict(nest_user=True)
})
def add_students(student_ids, lesson):
for student_id in student_ids:
user = get_record_by_id(
student_id,
User,
custom_not_found_error=CustomError(
409,
message="Invalid id in student_ids: {}".format(student_id)))
# TODO: Add role checking
lesson.students.append(user)
def add_teachers(teacher_ids, lesson):
for teacher_id in teacher_ids:
user = get_record_by_id(
teacher_id,
User,
custom_not_found_error=CustomError(
409,
message="Invalid id in teacher_ids: {}".format(teacher_id)))
# TODO: Add role checking
lesson.teachers.append(user)
def list_submissions(homework_id):
homework = get_record_by_id(homework_id, Homework, check_school_id=False)
if homework.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
submissions = Submission.query.filter_by(homework_id=homework.id).all()
return jsonify({
'success':
True,
'submissions': [s.to_dict(nest_user=True) for s in submissions]
})
def user_update(request, user_id):
data = json_from_request(request)
user = get_record_by_id(user_id, User)
possible_keys = [
"first_name", "last_name", "password", "username", "email", "form_id"
]
check_values_not_blank(data.keys(), data)
if "first_name" in data.keys():
user.first_name = data['first_name']
if "last_name" in data.keys():
user.first_name = data['first_name']
if "password" in data.keys():
user.password = user.generate_password_hash(data['password'])
if "email" in data.keys():
if User.query.filter_by(email=data['email']).first() is not None:
raise FieldInUseError("email")
user.email = data['email']
if "username" in data.keys():
if User.query.filter_by(
username=data['username'],
school_id=g.user.school_id).first() is not None:
raise FieldInUseError("username")
user.username = data['username']
if "form_id" in data.keys():
# Validate form id
form = get_record_by_id(data["form_id"],
Form,
custom_not_found_error=CustomError(
409, message="Invalid form_id."))
user.form_id = form.id
db.session.add(user)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def lesson_delete(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
# # lessons = db.session.query(lesson_teacher).filter(lesson_teacher.c.lesson_id==lesson.id).all()
# lessons = db.session.query(lesson_student).filter(lesson_student.c.lesson_id == lesson.id).all()
# print(lessons)
# # lesson = Lesson.query.filter_by(id=lesson_id)
# l = db.session.query(Lesson).filter(Lesson.id == lesson_id).first()
# print(l)
db.session.delete(lesson)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def submit_quiz(request, quiz_id):
# Check quiz is valid
quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False)
if quiz.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
json_data = json_from_request(request)
expected_top_keys = ['answers']
expected_inner_keys = ['question_id', 'answer']
check_keys(expected_top_keys, json_data)
# Validate lesson
lesson = get_record_by_id(quiz.lesson.id, Lesson)
if g.user.id not in [t.id for t in lesson.students]:
raise UnauthorizedError()
question_ids = [question.id for question in quiz.questions]
submission = QuizSubmission(
homework_id=quiz.id,
user_id=g.user.id,
datetime_submitted=datetime.datetime.now() # TODO: Deal with timezones
)
for answer in json_data['answers']:
check_keys(expected_inner_keys, answer)
question = get_record_by_id(answer['question_id'],
Question,
check_school_id=False)
if question.id not in question_ids:
raise UnauthorizedError()
answer = QuizAnswer(answer['answer'], submission.id, question.id)
submission.answers.append(answer)
submission.mark()
db.session.add(submission)
db.session.commit()
return jsonify({'score': submission.total_score})
def edit_form(request, form_id):
data = json_from_request(request)
form = get_record_by_id(form_id, Form)
if "name" in data.keys():
# Validate name
if Form.query.filter_by(name=data['name']).first() is not None:
raise FieldInUseError("name")
form.name = data['name']
db.session.add(form)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def user_detail(request, user_id):
user = get_record_by_id(user_id, User)
nest_roles = get_boolean_query_param(request, 'nest-roles')
nest_role_permissions = get_boolean_query_param(request,
'nest-role-permissions')
nest_permissions = get_boolean_query_param(request, 'nest-permissions')
return jsonify({
'success':
True,
"user":
user.to_dict(nest_roles=nest_roles,
nest_role_permissions=nest_role_permissions,
nest_permissions=nest_permissions)
})
def lesson_detail(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
nest_teachers = get_boolean_query_param(request, 'nest-teachers')
nest_students = get_boolean_query_param(request, 'nest-students')
nest_subject = get_boolean_query_param(request, 'nest-subject')
nest_homework = get_boolean_query_param(request, 'nest-homework')
return jsonify({
'success':
True,
'lesson':
lesson.to_dict(nest_homework=nest_homework,
nest_teachers=nest_teachers,
nest_students=nest_students,
nest_subject=nest_subject)
})
def subject_update_view(request, subject_id):
# Get subject
subject = get_record_by_id(subject_id, Subject)
# Get JSON data
data = json_from_request(request)
# If name in data, then update the name
if 'name' in data.keys():
if subject_name_in_use(data['name'], school_id=subject.school_id):
raise FieldInUseError("name")
subject.name = data['name']
db.session.add(subject)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def create_quiz(request):
top_level_expected_keys = [
"lesson_id", "title", "description", "date_due", "questions"
]
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
# Validate lesson
lesson = get_record_by_id(json_data['lesson_id'], Lesson)
if g.user.id not in [t.id for t in lesson.teachers]:
raise UnauthorizedError()
# Validate date
date_due_string = json_data['date_due']
try:
date_due = datetime.datetime.strptime(date_due_string,
"%d/%m/%Y").date()
except ValueError:
raise CustomError(409,
message="Invalid date_due: {}.".format(
json_data['date_due']))
quiz = Quiz(lesson_id=json_data['lesson_id'],
title=json_data['title'],
description=json_data['description'],
date_due=date_due,
number_of_questions=len(json_data['questions']))
db.session.add(quiz)
db.session.commit()
for question_object in json_data['questions']:
if 'answer' and 'question_text' not in question_object.keys():
raise CustomError(
409,
message=
"Invalid object in questions array. Make sure it has a question and a answer."
)
question = Question(quiz.id, question_object['question_text'],
question_object['answer'])
db.session.add(question)
quiz.questions.append(question)
db.session.add(quiz)
db.session.commit()
return jsonify(quiz.to_dict()), 201
def view_quiz_submission(submission_id):
if not (g.user.has_permissions({'Teacher'})
or g.user.has_permissions({'Student'})):
raise UnauthorizedError()
submission = get_record_by_id(submission_id,
QuizSubmission,
check_school_id=False)
if submission.homework.lesson.school_id != g.user.school_id:
raise UnauthorizedError()
return jsonify({
'success':
True,
'submission':
submission.to_dict(nest_user=True,
nest_homework=True,
nest_comments=True)
})
def comment_update_view(request, comment_id):
"""Update Comment based on id."""
# Get comment
comment = get_record_by_id(comment_id, Comment)
# Validate that user has permission
if comment.user_id != g.user.id:
raise UnauthorizedError()
# Get JSON data
data = json_from_request(request)
# If text in data, then update the text
if 'text' in data.keys():
comment.name = data['text']
db.session.add(comment)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def create_essay(request):
"""Function to create an essay from request."""
# List of keys needed to create an Essay
top_level_expected_keys = [
"lesson_id",
"title",
"description",
"date_due",
]
# Extract JSON from request and check keys are present
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
# Validate lesson
lesson = get_record_by_id(json_data['lesson_id'], Lesson)
if g.user.id not in [t.id for t in lesson.teachers]:
raise UnauthorizedError()
# Validate date
date_due_string = json_data['date_due']
try:
date_due = datetime.datetime.strptime(date_due_string,
"%d/%m/%Y").date()
except ValueError:
raise CustomError(409,
message="Invalid date_due: {}.".format(
json_data['date_due']))
# Create Essay
essay = Essay(
lesson_id=json_data['lesson_id'],
title=json_data['title'],
description=json_data['description'],
date_due=date_due,
)
db.session.add(essay)
db.session.commit()
return jsonify(essay.to_dict()), 201
def lesson_create(request):
# Parse JSON from request
data = json_from_request(request)
# Check JSON has keys needed
expected_keys = ['name', 'subject_id']
check_keys(expected_keys=expected_keys, data=data)
# Validate subject_id
subject = get_record_by_id(data['subject_id'],
Subject,
custom_not_found_error=CustomError(
409, message="Invalid subject_id."))
# Validate name
validate_lesson_name(data['name'], g.user.school_id)
# Create lesson
lesson = Lesson(name=data['name'],
school_id=g.user.school_id,
subject_id=subject.id)
# Add teachers (if supplied)
if 'teacher_ids' in data.keys():
add_teachers(data['teacher_ids'], lesson)
# Add students (if supplied)
if 'student_ids' in data.keys():
add_students(data['student_ids'], lesson)
db.session.add(lesson)
db.session.commit()
return jsonify({
'success':
True,
'lesson':
lesson.to_dict(nest_teachers=True, nest_students=True)
}), 201
def user_create(request):
# Decode the JSON data
data = json_from_request(request)
# Validate data
expected_keys = [
"first_name", "last_name", "password", "username", "email"
]
check_keys(expected_keys, data)
check_values_not_blank(expected_keys, data)
if User.query.filter_by(email=data['email']).first() is not None:
raise FieldInUseError("email")
if User.query.filter_by(username=data['username'],
school_id=g.user.school_id).first() is not None:
raise FieldInUseError("username")
# Create user
user = User(first_name=data['first_name'],
last_name=data['last_name'],
email=data['email'],
password=data['password'],
username=data['username'],
school_id=g.user.school_id)
if "form_id" in data.keys():
# Validate form id
form = get_record_by_id(data["form_id"],
Form,
custom_not_found_error=CustomError(
409, message="Invalid form_id."))
user.form_id = form.id
db.session.add(user)
db.session.commit()
return jsonify({"success": True, "user": user.to_dict()}), 201
def grant_permission(request):
data = json_from_request(request)
expected_keys = ["user_id", "permission_id"]
check_keys(expected_keys, data)
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id."))
# Check the permission specified is in the correct school
permission = get_permission_by_id(data['permission_id'], CustomError(409, message="Invalid permission_id."))
# Check user does not have the permission
for p in user.permissions:
if p.id == data['permission_id']:
raise CustomError(409, message="User with id: {} already has permission with id: {}".format(
data['user_id'], data['permission_id']))
user.permissions.append(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 201
def delete_form(request, form_id):
form = get_record_by_id(form_id, Form)
db.session.delete(form)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def subject_detail_view(request, subject_id):
subject = get_record_by_id(subject_id, Subject)
return jsonify({'success': True, 'subject': subject.to_dict()})
def user_delete(request, user_id):
user = get_record_by_id(user_id, User)
db.session.delete(user)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def form_detail(request, form_id):
form = get_record_by_id(form_id, Form)
return jsonify({'success': True, 'form': form.to_dict()})
