Ejemplo n.º 1
0
def create_course():
    db.connect()
    curr_year = datetime.now().year
    num_terms = queries.get_terms_per_year(curr_year)
    course = {'offerings': [False for _ in range(num_terms)]}
    try:
        res = get_fields(request.form,
                         ['title', 'code', 'description', 'year'], ['year'])
        for i in range(num_terms):
            if str(i + 1) in request.form:
                course['offerings'][i] = True
    except ValueError as e:
        db.close()
        return e.args[0]

    course['title'] = res[0]
    course['code'] = res[1]
    course['description'] = res[2]

    if not re.match(config.COURSE_CODE_FORMAT, course['code']):
        db.close()
        return error("Invalid course code", 'code')

    course['year'] = int(res[3])
    if curr_year > course['year']:
        db.close()
        return error(f"Year must be at least {curr_year}")

    if True not in course['offerings']:
        db.close()
        return error('You must select at least one term offering')

    sessions = queries.get_course_sessions(course['code'])
    sessions = filter(lambda s: s[0] == course['year'], sessions)
    for year, term in sessions:
        if course['offerings'][term - 1]:
            db.close()
            return error(f"{course['code']} already offered in {year} T{term}")

    db.insert_single('courses',
                     [course['code'], course['title'], course['description']],
                     ['code', 'name', 'description'])
    res = db.select_columns('courses', ['id'], ['code'], [course['code']])
    course['id'] = res[0][0]

    query = []
    for i in range(len(course['offerings'])):
        if not course['offerings'][i]:
            continue
        res = db.select_columns('sessions', ['id'], ['year', 'term'],
                                [course['year'], i + 1])
        session_id = res[0][0]
        query.append(('course_offerings', [course['id'],
                                           session_id], ['course', 'session']))
    db.insert_multiple(query)
    db.close()
    return jsonify({'status': 'ok'})
def request_new_topic():
    if session['acc_type'] != 'student':
        # only students are allowed to request topics
        # disallow ALL other users from requesting
        return error('You must be a student to request a topic!')
    try:
        fields = ['topic', 'message']
        topic, message = get_fields(request.form, fields)
    except ValueError as e:
        return e.args[0]
    db.connect()

    res = db.select_columns('topics', ['id', 'name', 'supervisor', 'visible'],
                            ['id'], [topic])
    topic_name = res[0][1]
    supervisor = res[0][2]

    if not len(res):
        db.close()
        return error('No such topic exists!')
    if not int(res[0][3]):
        db.close()
        return error('This topic is not available to request!')

    res = db.select_columns('request_statuses', ['id'], ['name'], ['pending'])

    user_id = session['id']
    now = datetime.now().timestamp()
    try:
        db.insert_single(
            'topic_requests', [user_id, topic, res[0][0], now, message],
            ['student', 'topic', 'status', 'date_created', 'text'])
    except sqlite3.IntegrityError:
        db.close()
        return error('You have already requested this topic!')

    res = db.select_columns('users', ['name', 'email'], ['id'], [supervisor])
    hr_tag = '<hr style="border: 1px dashed;">'
    send_email(to=res[0][1],
               name=res[0][0],
               subject='New Topic Request',
               messages=[
                   'A student has requested a thesis topic on offer by you.',
                   f'The topic is titled "{topic_name}".',
                   f'A message from the student is attached below:{hr_tag}',
                   message.replace('\n', '<br>'),
                   f'{hr_tag}You can approve or reject the topic request ' +
                   f'<a href="{config.SITE_HOME}">here</a>.'
               ])

    db.close()
    return jsonify({'status': 'ok'})
Ejemplo n.º 3
0
def login():
    if 'user' in session:
        # if already logged in, redirect to home page
        return redirect(url_for('home.dashboard'))
    if request.method == 'GET':
        return render_template('login.html', title='Login', hide_navbar=True)

    try:
        email, password = get_fields(request.form, ['email', 'password'])
    except ValueError as e:
        return e.args[0]

    db.connect()
    res = db.select_columns('users',
                            ['password', 'account_type',
                             'id', 'name', 'confirm_code'],
                            ['email'],
                            [email])

    if not len(res):
        db.close()
        return error('Unknown email!', 'email')
    hashed_password = res[0]
    if not bcrypt.checkpw(password.encode('utf-8'), hashed_password[0]):
        db.close()
        return error('Incorrect password!', 'password')
    if res[0][4] != '':
        db.close()
        return error('You must first confirm your account!')

    # get the current user's account type
    acc_type = db.select_columns('account_types',
                                 ['name'],
                                 ['id'],
                                 [res[0][1]])[0][0]

    session['user'] = email
    session['name'] = res[0][3]
    session['id'] = res[0][2]
    session['acc_type'] = acc_type
    db.close()
    return jsonify({'status': 'ok'})
def reset_request():

    try:
        fields = ['email_reset']
        email = get_fields(request.form, fields)
        email = email[0]
    except ValueError as e:
        return e.args[0]

    if not re.match(config.EMAIL_FORMAT, email):
        return error(f'Invalid email format!<br>{config.EMAIL_FORMAT_ERROR}')

    db.connect()

    res = db.select_columns('users', ['name', 'id'], ['email'], [email])
    if len(res) == 0:
        db.close()
        return jsonify({'status': 'ok'})

    reset_id = str(uuid.uuid1())

    db.update_rows('users', [reset_id], ['reset_code'], ['id'], [res[0][1]])

    reset_link = url_for('.reset',
                         user=res[0][1],
                         resetID=reset_id,
                         _external=True)
    send_email(
        to=email,
        name=res[0][0],
        subject='Reset Password',
        messages=[
            'You have submitted a request ' + 'to reset your password on TMS.',
            f'Your account is {email}.',
            f'Click <a href="{reset_link}">here</a>' +
            ' to reset your password.'
        ])
    db.close()
    return jsonify({'status': 'ok'})
def change_user_password():

    try:
        fields = ['new-password', 'new-confirm-password']
        password, confirm_pass = get_fields(request.form, fields)
    except ValueError as e:
        return e.args[0]

    if len(password) < 8:

        return error('Password must be at least 8 characters long!',
                     'new-password')

    if password != confirm_pass:

        return error('Passwords do not match!', 'new-confirm-password')

    acc_id = session['id']
    hash_pass = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())

    db.connect()
    db.update_rows('users', [hash_pass], ['password'], ['id'], [acc_id])
    db.close()
    return jsonify({'status': 'ok'})
def respond_request():
    data = get_fields(request.form, ['response', 'student-id', 'topic'])
    db.connect()

    req_status = 'approved' if data[0] == 'accept' else 'rejected'
    if req_status == 'approved':
        if 'assessor' not in request.form:
            db.close()
            return error('You must specify an assessor')
        db.delete_rows('student_topic', ['student'], [data[1]])
        db.insert_single('student_topic',
                         [data[1], data[2], request.form['assessor']],
                         ['student', 'topic', 'assessor'])

    queries.respond_topic(data[1], data[2], req_status,
                          datetime.now().timestamp())
    res = db.select_columns('users', ['email', 'name'], ['id'], [data[1]])[0]
    student = {'email': res[0], 'name': res[1]}
    topic = db.select_columns('topics', ['name'], ['id'], [data[2]])[0][0]
    db.close()

    send_email(student['email'], student['name'], 'Topic Reply',
               [f'Your topic request for "{topic}" has been {req_status}.'])
    return jsonify({'status': 'ok'})
Ejemplo n.º 7
0
def upload_material():
    try:
        fields = [
            'file-label', 'file-name', 'course-offering', 'old-material-id',
            'delete-old-file'
        ]
        file_label, file_name, course_offering, old_material_id, \
            delete_old_file = \
            get_fields(request.form, fields,
                       optional=['word-limit', 'file-name'],
                       ints=['course-offering'])
    except ValueError as e:
        return e.args[0]

    try:
        old_material_id = int(old_material_id)
    except ValueError as e:
        old_material_id = None

    # check if no file when there should be one
    if file_name == '' and \
            (delete_old_file == 'true' or old_material_id is None):
        return error('File is required!')
    db.connect()
    # check if course offering is valid
    res = db.select_columns('course_offerings', ['id'], ['id'],
                            [course_offering])
    if not len(res):
        db.close()
        return error('Cannot attach material to unknown course offering')

    # check if material with same label exists in course
    res = db.select_columns('materials', ['id'], ['name', 'course_offering'],
                            [file_label, course_offering])
    if len(res) and old_material_id != res[0][0]:
        db.close()
        return error('An item with that label already exists in this course')

    # otherwise, we can insert the material into the course
    if len(file_name):
        try:
            sent_file = FileUpload(req=request)
        except KeyError:
            db.close()
            return error('Could not find a file to upload')
        res = db.select_columns('file_types', ['name'])
        file_types = list(map(lambda x: x[0], res))
        if sent_file.get_extention() not in file_types:
            db.close()
            accept_files = ', '.join(file_types)
            return error(f'Accepted file types are: {accept_files}')
        if sent_file.get_size() > config.MAX_FILE_SIZE:
            sent_file.remove_file()
            db.close()
            return error(
                f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
        sent_file.commit()

    if delete_old_file == 'true':
        old = db.select_columns('material_attachments', ['path'], ['material'],
                                [old_material_id])
        if old:
            db.delete_rows('material_attachments', ['material'],
                           [old_material_id])
            try:
                prev_submission = FileUpload(filename=old[0][0])
                prev_submission.remove_file()
            except LookupError:
                # If the file doesn't exists don't worry as we are deleting
                # the attachment anyway
                pass

    if old_material_id is not None:
        # update existing material entries
        db.update_rows('materials', [file_label], ['name'], ['id'],
                       [old_material_id])
        db.update_rows('materials', [file_label], ['name'], ['id'],
                       [old_material_id])
        if delete_old_file == 'true':
            db.insert_single(
                'material_attachments',
                [old_material_id, sent_file.get_name()], ['material', 'path'])
    else:
        # add material and file path to db
        db.insert_single('materials', [course_offering, file_label, 0],
                         ['course_offering', 'name', 'visible'])
        res = db.select_columns('materials', ['id'],
                                ['name', 'course_offering'],
                                [file_label, course_offering])
        db.insert_single('material_attachments',
                         [res[0][0], sent_file.get_name()],
                         ['material', 'path'])
    db.close()
    return jsonify({'status': 'ok'})
def create():
    course_id = request.args.get('course_offering_id', None, type=int)
    if request.method == 'GET':
        if course_id is None:
            abort(400)
        db.connect()
        res = db.select_columns('course_offerings', ['id'], ['id'],
                                [course_id])
        if not len(res):
            db.close()
            abort(404)
        file_types = db.select_columns('file_types', ['name'])
        file_types = list(map(lambda x: x[0], file_types))
        allowed_file_types = ','.join(file_types)

        heading = 'Create Task'
        default_fields = {
            'task-name': '',
            'deadline': '',
            'task-description': '',
            'submission-type': 'text',
            'word-limit': '',
            'maximum-file-size': '',
            'accepted-file-type': '',
            'marking-method': 'accept',
            'criteria': [],
            'task_attachments': []
        }

        # if updating old task then load old task data
        old_task_id = request.args.get('update', None, type=int)
        if old_task_id is not None:
            res = queries.get_past_task_data(old_task_id)
            if res is not None:
                res = res[0]
                heading = 'Edit Task'

                # basic task details
                default_fields['task-name'] = res[0]
                time_format = '%d/%m/%Y %H:%M'
                due_date = datetime.fromtimestamp(res[1])
                default_fields['deadline'] = due_date.strftime(time_format)
                default_fields['task-description'] = res[2]

                attachments = db.select_columns('task_attachments', ['path'],
                                                ['task'], [old_task_id])
                for r in attachments:
                    file = [FileUpload(filename=r[0])]
                    default_fields['task_attachments'] = file

                # submission method specific
                if res[3] == 'text submission':
                    default_fields['word-limit'] = res[4]
                else:
                    default_fields['submission-type'] = 'file'
                    default_fields['maximum-file-size'] = int(res[5])
                    default_fields['accepted-file-type'] = res[6]

                # marking method specifics
                if res[7] == 'requires mark':
                    default_fields['marking-method'] = 'criteria'
                    crit = db.select_columns('task_criteria',
                                             ['name, max_mark'], ['task'],
                                             [old_task_id])
                    if crit is not None:
                        default_fields['criteria'] = crit

        db.close()
        if default_fields['maximum-file-size'] == '':
            default_fields['maximum-file-size'] = 5
        if default_fields['accepted-file-type'] == '':
            default_fields['accepted-file-type'] = '.pdf'
        return render_template('create_task.html',
                               heading=heading,
                               title=heading,
                               file_types=file_types,
                               course_id=course_id,
                               max_file_size=config.MAX_FILE_SIZE,
                               max_word_limit=config.MAX_WORD_LIMIT,
                               accepted_file_types=allowed_file_types,
                               old_task_id=old_task_id,
                               default_fields=default_fields)

    try:
        fields = [
            'task-name', 'deadline', 'task-description', 'submission-type',
            'word-limit', 'maximum-file-size', 'accepted-file-type',
            'marking-method', 'num-criteria', 'course-id', 'file-name',
            'old_task_id', 'delete_old_attachment'
        ]
        task_name, deadline, task_description, submission_type, \
            word_limit, max_file_size, accepted_ftype, marking_method, \
            num_criteria, course_id, file_name, old_task_id, \
            delete_old_attachment = \
            get_fields(request.form, fields,
                       optional=['word-limit', 'file-name'],
                       ints=['maximum-file-size', 'num-criteria',
                             'word-limit', 'course-id',
                             'delete_old_attachment'])
    except ValueError as e:
        return e.args[0]

    try:
        old_task_id = int(old_task_id)
    except ValueError as e:
        old_task_id = None

    try:
        deadline = datetime.strptime(deadline, '%d/%m/%Y %H:%M').timestamp()
    except ValueError:
        return error('Invalid date format for deadline!')

    if submission_type == 'file':
        max_size = config.MAX_FILE_SIZE
        if not (1 <= max_file_size <= max_size):
            return error(
                f'Maximum file size must be between 1 and {max_size}!')
    elif submission_type == 'text':
        try:
            word_limit = get_fields(request.form, ['word-limit'],
                                    ints=['word-limit'])[0]
        except ValueError as e:
            return e.args[0]
        max_word_limit = config.MAX_WORD_LIMIT
        if not (1 <= word_limit <= max_word_limit):
            return error(f'Word limit must be between 1 and {max_word_limit}!')
    else:
        return error('Unknown submission type!')

    if marking_method == 'criteria':
        if num_criteria < 1:
            return error('At least one marking criterion is required!')
        else:
            criteria = [f'criteria-{i}' for i in range(1, num_criteria + 1)]
            marks = [f'maximum-mark-{i}' for i in range(1, num_criteria + 1)]
            try:
                criteria = get_fields(request.form, criteria)
                marks = get_fields(request.form, marks, ints=marks)
            except ValueError as e:
                return e.args[0]

        if sum([mark for mark in marks]) != 100:
            return error('Marks must add to 100!')
    elif marking_method != 'accept':
        return error('Unknown marking method!')

    db.connect()
    res = db.select_columns('course_offerings', ['id'], ['id'], [course_id])
    if not len(res):
        db.close()
        return error('Cannot create task for unknown course!')
    res = db.select_columns('tasks', ['id', 'name'],
                            ['name', 'course_offering'],
                            [task_name, course_id])
    if len(res) and res[0][0] != old_task_id:
        db.close()
        return error('A task with that name already exists in this course!')

    # retrieve some foreign keys for insertion
    res = db.select_columns('file_types', ['id'], ['name'], [accepted_ftype])
    if not len(res):
        db.close()
        return error('Invalid or unsupported file type!')
    file_type_id = res[0][0]

    # upload file if present
    sent_file = None
    if len(file_name):
        try:
            sent_file = FileUpload(req=request)
        except KeyError:
            db.close()
            return error('Could not find a file to upload')

        res = db.select_columns('file_types', ['name'])
        file_types = list(map(lambda x: x[0], res))
        if sent_file.get_extention() not in file_types:
            db.close()
            accept_files = ', '.join(file_types)
            return error(f'Accepted file types are: {accept_files}')
        if sent_file.get_size() > config.MAX_FILE_SIZE:
            sent_file.remove_file()
            db.close()
            return error(
                f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
        sent_file.commit()

    if (len(file_name) and old_task_id is not None) or delete_old_attachment:
        old = db.select_columns('task_attachments', ['path'], ['task'],
                                [old_task_id])
        if old:
            db.delete_rows('task_attachments', ['task'], [old_task_id])
            try:
                prev_submission = FileUpload(filename=old[0][0])
                prev_submission.remove_file()
            except LookupError:
                # If the file doesn't exists don't worry as we are deleting
                # the attachment anyway
                pass

    res = db.select_columns('submission_methods', ['id'], ['name'],
                            ['{} submission'.format(submission_type)])
    submission_method_id = res[0][0]
    marking_method = 'approval' if marking_method == 'accept' else 'mark'
    res = db.select_columns('marking_methods', ['id'], ['name'],
                            ['requires {}'.format(marking_method)])
    mark_method_id = res[0][0]

    # commit task
    if old_task_id is not None:
        # update an existing task
        db.update_rows('tasks', [
            task_name, course_id, deadline, task_description, max_file_size,
            submission_method_id, mark_method_id, word_limit
        ], [
            'name', 'course_offering', 'deadline', 'description', 'size_limit',
            'submission_method', 'marking_method', 'word_limit'
        ], ['id'], [old_task_id])
    else:
        # add a new task`
        db.insert_single('tasks', [
            task_name, course_id, deadline, task_description, max_file_size, 0,
            submission_method_id, mark_method_id, word_limit
        ], [
            'name', 'course_offering', 'deadline', 'description', 'size_limit',
            'visible', 'submission_method', 'marking_method', 'word_limit'
        ])

    res = db.select_columns('tasks', ['id'], ['name', 'course_offering'],
                            [task_name, course_id])
    task_id = res[0][0]

    if sent_file:
        db.insert_single('task_attachments',
                         [task_id, sent_file.get_name()], ['task', 'path'])

    # delete old entries in other tables
    if old_task_id is not None:
        db.delete_rows('submission_types', ['task'], [old_task_id])

        res = db.select_columns('task_criteria', ['id'], ['task'],
                                [old_task_id])
        for r in res:
            db.delete_rows('marks', ['criteria'], [r[0]])
        db.delete_rows('task_criteria', ['task'], [old_task_id])

    # commit accepted file type
    db.insert_single('submission_types', [file_type_id, task_id],
                     ['file_type', 'task'])

    # commit marking criteria
    marking_criteria = []
    if marking_method == 'approval':
        marking_criteria.append(
            ('task_criteria', [task_id, 'Approval',
                               100], ['task', 'name', 'max_mark']))
    else:
        for i in range(len(criteria)):
            marking_criteria.append(
                ('task_criteria', [task_id, criteria[i],
                                   marks[i]], ['task', 'name', 'max_mark']))
    db.insert_multiple(marking_criteria)

    db.close()
    return jsonify({'status': 'ok'})
Ejemplo n.º 9
0
def register():
    if request.method == 'GET':
        return render_template('register.html',
                               title='Register', hide_navbar=True)

    try:
        fields = ['email', 'password', 'confirm-password']
        email, password, confirm = get_fields(request.form, fields)
    except ValueError as e:
        return e.args[0]

    if not re.match(config.EMAIL_FORMAT, email):
        return error(
            f'Invalid email format!<br>{config.EMAIL_FORMAT_ERROR}', 'email')

    db.connect()
    res = db.select_columns('users', ['email', 'date_created', 'confirm_code'],
                            ['email'], [email])

    now = datetime.now().timestamp()
    if len(res):
        if res[0][2] != '' and res[0][1] + config.ACCOUNT_EXPIRY < now:
            # expire unactivated accounts every 24 hours
            db.delete_rows('users', ['email'], [email])
        else:
            db.close()
            return error('This email has already been registered!', 'email')

    if len(password) < 8:
        msg = 'Password must be at least 8 characters long!'
        db.close()
        return error(msg, 'password')

    if password != confirm:
        db.close()
        return error('Passwords do not match!', 'confirm-password')

    hashed_pass = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
    name = email.split('@')[0]

    # get the id for a public account
    acc_type = db.select_columns('account_types',
                                 ['id'], ['name'], ['public'])

    confirm_code = uuid.uuid1()
    activation_link = url_for('.confirm', user=name,
                              confirm_code=confirm_code, _external=True)
    send_email(to=email, name=email, subject='Confirm Account Registration',
               messages=[
                   'You recently registered for an account on TMS.',
                   'To activiate your account, click ' +
                   f'<a href="{activation_link}">here</a>.',
                   'This link will expire in 24 hours.'
               ])

    db.insert_single(
        'users',
        [name, hashed_pass, email, acc_type[0][0], str(confirm_code), now],
        ['name', 'password', 'email', 'account_type', 'confirm_code',
         'date_created']
    )
    db.close()
    return jsonify({'status': 'ok'})