def home():
if request.method == 'GET':
session['csrf_token'] = str(uuid.uuid4())
# print(session['csrf_token'])
if request.method == 'POST':
# if request.form['csrf_token'] == session['csrf_token']:
# Using the instructor's solution
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
# print("(" + request.form['grade'] + ")")
g.save()
# else:
# print("""test not passed with session['csrf_token'] being {}
# and request.form['csrf_token'] being {}""".format(session['csrf_token'],
# request.form['csrf_token']))
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
<input type="hidden" name="csrf_token" value={}>
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def create_grades():
"""Add the list of grade levels for use in a child questionnaire form."""
grades = ["Preschool", "Kindergarten", "1st grade", "2nd grade", "3rd grade", "4th grade", "5th grade", "6th grade", "7th grade", "8th grade", "9th grade", "10th grade", "11th trade", "12th grade"]
for grade in grades:
grade_name = grade
#print("Gr name:", grade_name)
gr = Grade(grade_name=grade_name)
db.session.add(gr)
db.session.commit()
def home():
#Added
if 'csrf_token' not in session:
letters = string.ascii_lowercase
key = ''.join(random.choice(letters) for i in range(10))
session['csrf_token'] = key
if request.method == 'POST':
if request.form.get('csrf_token',
None) == session['csrf_token']: #Added
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}">
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token']) #Added
#SHOWING
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
# If the session does not include a CSRF token, then add one.
if 'csrf_token' not in session:
session['csrf_token'] = str(random.randint(10000000, 99999999))
if request.method == 'POST':
# Only save the grade if the form submission includes a CSRF token,
# and it matches the token in the session.
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}"> <!-- Include the CSRF token in the form -->
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token']) # <--
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def home():
#Creates the csrf token for the session.
if 'csrf_token' not in session:
session['csrf_token'] = str(random.randint(1000000, 9999999))
if request.method == 'POST':
if request.form.get('csrf_token', None) == session['csrf_token']:
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="hidden" name="csrf_token" value="{}">
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrf_token'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def save( self ):
# get the assignment values from the ui
index = self.view.get_index()
name = self.view.get_name()
due = float(self.view.get_due())
max = float(self.view.get_max())
rcv = float(self.view.get_received())
grade = Grade(max,rcv)
notes = self.view.get_notes()
# store the new values in the assignment variable
assignment = Assignment(-1,self.criteria,index,name,due,grade,notes)
# save the changes into the db
BGModelController.add_assignment( assignment )
def assignment_grades_update(assignment_pk):
assignment = Assignment.get(pk=assignment_pk)
students = Student.all()
grades = assignment.get_grades()
# We decorate the student's with their grades.
# Ideally, this would be done with a select_related type thing in the
# model. At the SQL level. TODO
g_by_student_pk = dict([(grade.student_pk, grade) for grade in grades])
for s in students:
s.grade = g_by_student_pk.get(s.pk)
if request.method == 'GET':
return render_template("assignment_grades_update.html",
assignment=assignment,
students=students)
# TODO: This POSt method seems cumbersome. Can it be fixed?
if request.method == 'POST':
for student in students:
# These keys are first generated in the template as input tag
# name attributes.
points_key = "student_{0}_points".format(student.pk)
comment_key = "student_{0}_comment".format(student.pk)
try:
points = request.form[points_key].strip()
comment = request.form[comment_key].strip()
except KeyError:
# This will prevent a 400 status code from being returned if we
# try to get data from the form about a student that didn't
# exist when the form was created.
continue
try:
points = int(points.strip())
except ValueError:
points = None
comment = comment.strip()
if student.grade is None:
student.grade = Grade(student_pk=student.pk,
assignment_pk=assignment.pk,
points=points,
comment=comment)
else:
student.grade.points = points
student.grade.comment = comment
student.grade.save()
return redirect(url_for('assignment_view',
assignment_pk=assignment_pk))
def home():
if 'csrftoken' not in session:
session['csrftoken'] = app.secret_key
if request.method == 'POST':
if str(request.form.get('_csrf_token', None)) == str(app.secret_key):
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<input name=_csrf_token type="hidden" value="{}">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
""".format(session['csrftoken'])
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
def save( self ):
# get the assignment values from the ui
index = self.view.get_index()
name = self.view.get_name()
due = float(self.view.get_due())
max = float(self.view.get_max())
rcv = float(self.view.get_received())
notes = self.view.get_notes()
# store the new values in the assignment variable
self.assignment.index(index)
self.assignment.name(name)
self.assignment.due(due)
self.assignment.notes(notes)
self.assignment.grade(Grade(max,rcv))
# save the changes into the db
BGModelController.set_assignment( self.assignment )
def home():
if request.method == 'POST':
g = Grade(
student=request.form['student'],
assignment=request.form['assignment'],
grade=request.form['grade'],
)
#print("(" + request.form['grade'] + ")")
g.save()
body = """
<html>
<body>
<h1>Enter Grades</h1>
<h2>Enter a Grade</h2>
<form method="POST">
<label for="student">Student</label>
<input type="text" name="student"><br>
<label for="assignment">Assignment</label>
<input type="text" name="assignment"><br>
<label for="grade">Grade</label>
<input type="text" name="grade"><br>
<input type="submit" value="Submit">
</form>
<h2>Existing Grades</h2>
"""
for g in Grade.select():
body += """
<div class="grade">
{}, {}: {}
</div>
""".format(g.student, g.assignment, g.grade)
return body
