def remove_student_from_curated_cohort(curated_cohort_id, sid):
curated_cohort = CuratedCohort.find_by_id(curated_cohort_id)
if not curated_cohort:
raise ResourceNotFoundError(
f'No cohort found with id: {curated_cohort_id}')
if curated_cohort.owner_id != current_user.id:
raise ForbiddenRequestError(
f'Current user, {current_user.uid}, does not own cohort {curated_cohort.id}'
)
CuratedCohort.remove_student(curated_cohort_id, sid)
return tolerant_jsonify({
'message':
f'SID {sid} has been removed from cohort {curated_cohort_id}'
}), 200
def rename_note_template():
params = request.get_json()
note_template_id = params.get('id', None)
title = params.get('title', None)
if not title:
raise BadRequestError('Requires \'title\'')
note_template = NoteTemplate.find_by_id(note_template_id=note_template_id)
if not note_template:
raise ResourceNotFoundError('Template not found')
if note_template.creator_id != current_user.get_id():
raise ForbiddenRequestError('Template not available.')
note_template = NoteTemplate.rename(note_template_id=note_template_id,
title=title)
return tolerant_jsonify(note_template.to_api_json())
def download_csv(curated_group_id):
benchmark = get_benchmarker(
f'curated group {curated_group_id} download_csv')
benchmark('begin')
curated_group = CuratedGroup.find_by_id(curated_group_id)
if not curated_group:
raise ResourceNotFoundError(
f'No curated group found with id: {curated_group_id}')
if curated_group.owner_id != current_user.get_id():
raise ForbiddenRequestError(
f'Current user, {current_user.get_uid()}, does not own curated group {curated_group.id}'
)
return response_with_students_csv_download(
sids=CuratedGroup.get_all_sids(curated_group_id), benchmark=benchmark)
def get_section(term_id, section_id):
offset = util.get(request.args, 'offset', None)
if offset:
offset = int(offset)
limit = util.get(request.args, 'limit', None)
if limit:
limit = int(limit)
section = get_sis_section(term_id, section_id)
if not section:
raise ResourceNotFoundError(f'No section {section_id} in term {term_id}')
student_profiles = get_course_student_profiles(term_id, section_id, offset=offset, limit=limit)
section.update(student_profiles)
Alert.include_alert_counts_for_students(viewer_uid=current_user.uid, cohort=student_profiles)
return tolerant_jsonify(section)
def delete_unit_requirement(unit_requirement_id):
unit_requirement = DegreeProgressUnitRequirement.find_by_id(
unit_requirement_id)
if unit_requirement:
DegreeProgressUnitRequirement.delete(unit_requirement_id)
# Update updated_at date of top-level record
DegreeProgressTemplate.refresh_updated_at(unit_requirement.template_id,
current_user.get_id())
return tolerant_jsonify(
{'message':
f'Unit requirement {unit_requirement_id} deleted'}), 200
else:
raise ResourceNotFoundError(
f'No unit_requirement found with id={unit_requirement_id}.')
def get_curated_cohort(curated_cohort_id):
cohort = CuratedCohort.find_by_id(curated_cohort_id)
if not cohort:
raise ResourceNotFoundError(
f'Sorry, no cohort found with id {curated_cohort_id}.')
if cohort.owner_id != current_user.id:
raise ForbiddenRequestError(
f'Current user, {current_user.uid}, does not own cohort {cohort.id}'
)
cohort = cohort.to_api_json(sids_only=True)
sids = [s['sid'] for s in cohort['students']]
cohort['students'] = get_summary_student_profiles(sids)
cohort['students'] = api_util.sort_students_by_name(cohort['students'])
Alert.include_alert_counts_for_students(viewer_uid=current_user.uid,
cohort=cohort)
return tolerant_jsonify(cohort)
def get_section(term_id, section_id):
if not current_user.can_access_canvas_data:
raise ForbiddenRequestError('Unauthorized to view course data')
offset = util.get(request.args, 'offset', None)
if offset:
offset = int(offset)
limit = util.get(request.args, 'limit', None)
if limit:
limit = int(limit)
featured = util.get(request.args, 'featured', None)
section = get_sis_section(term_id, section_id)
if not section:
raise ResourceNotFoundError(f'No section {section_id} in term {term_id}')
student_profiles = get_course_student_profiles(term_id, section_id, offset=offset, limit=limit, featured=featured)
section.update(student_profiles)
Alert.include_alert_counts_for_students(viewer_user_id=current_user.get_id(), group=student_profiles)
return tolerant_jsonify(section)
def appointment_check_in(appointment_id):
appointment = Appointment.find_by_id(appointment_id)
if not appointment:
raise ResourceNotFoundError('Unknown path')
if appointment.dept_code not in _dept_codes_with_scheduler_privilege():
raise ForbiddenRequestError(f'You are unauthorized to manage {appointment.dept_code} appointments.')
if not appointment.status_change_available():
raise BadRequestError(appointment.to_api_json(current_user.get_id()))
params = request.get_json()
advisor_attrs = _advisor_attrs_for_uid(params.get('advisorUid'))
if not advisor_attrs:
raise BadRequestError('Appointment reservation requires valid "advisorUid"')
Appointment.check_in(
appointment_id=appointment_id,
checked_in_by=current_user.get_id(),
advisor_attrs=advisor_attrs,
)
return Response(status=200)
def download_csv(curated_group_id):
benchmark = get_benchmarker(
f'curated group {curated_group_id} download_csv')
benchmark('begin')
curated_group = CuratedGroup.find_by_id(curated_group_id)
params = request.get_json()
fieldnames = get_param(params, 'csvColumnsSelected', [])
if not curated_group:
raise ResourceNotFoundError(
f'No curated group found with id: {curated_group_id}')
if not _can_current_user_view_curated_group(curated_group):
raise ForbiddenRequestError(
f'Current user, {current_user.get_uid()}, cannot view curated group {curated_group.id}'
)
return response_with_students_csv_download(
sids=CuratedGroup.get_all_sids(curated_group_id),
fieldnames=fieldnames,
benchmark=benchmark)
def reserve_appointment(appointment_id):
appointment = Appointment.find_by_id(appointment_id)
if not appointment:
raise ResourceNotFoundError('Unknown path')
has_privilege = current_user.is_admin or appointment.dept_code in _dept_codes_with_scheduler_privilege(
)
if has_privilege and appointment.status in ('reserved', 'waiting'):
appointment = Appointment.reserve(
appointment_id=appointment_id,
reserved_by=current_user.get_id(),
)
api_json = appointment.to_api_json(current_user.get_id())
_put_student_profile_per_appointment([api_json])
return tolerant_jsonify(api_json)
else:
raise ForbiddenRequestError(
f'You are unauthorized to manage appointment {appointment_id}.')
def add_students_to_curated_cohort():
params = request.get_json()
curated_cohort_id = params.get('curatedCohortId')
sids = params.get('sids')
if not curated_cohort_id or not len(sids):
raise BadRequestError(
'The required parameters are \'curatedCohortId\' and \'sids\'.')
curated_cohort = CuratedCohort.find_by_id(curated_cohort_id)
if not curated_cohort:
raise ResourceNotFoundError(
f'No cohort found where id={curated_cohort_id}')
if curated_cohort.owner_id != current_user.id:
raise ForbiddenRequestError(
f'Current user, {current_user.uid}, does not own cohort {curated_cohort.id}'
)
curated_cohort = CuratedCohort.add_students(
curated_cohort_id=curated_cohort_id, sids=sids)
return tolerant_jsonify(curated_cohort.to_api_json())
def get_degree_checks(uid):
sid = get_sid_by_uid(uid)
if sid:
degrees = DegreeProgressTemplate.find_by_sid(student_sid=sid)
uids = list(
set([d['createdByUid']
for d in degrees] + [d['updatedByUid'] for d in degrees]))
calnet_users_by_uid = calnet.get_calnet_users_for_uids(app, uids)
for degree in degrees:
def _get_name(uid):
return calnet_users_by_uid[uid][
'name'] if uid in calnet_users_by_uid else None
degree['createdByName'] = _get_name(degree['createdByUid'])
degree['updatedByName'] = _get_name(degree['updatedByUid'])
return tolerant_jsonify(degrees)
else:
raise ResourceNotFoundError('Student not found')
def cancel_appointment(appointment_id):
appointment = Appointment.find_by_id(appointment_id)
if not appointment:
raise ResourceNotFoundError('Unknown path')
has_privilege = current_user.is_admin or appointment.dept_code in _dept_codes_with_scheduler_privilege()
if not has_privilege:
raise ForbiddenRequestError(f'You are unauthorized to manage {appointment.dept_code} appointments.')
if not appointment.status_change_available():
raise BadRequestError(appointment.to_api_json(current_user.get_id()))
params = request.get_json()
cancel_reason = params.get('cancelReason', None)
cancel_reason_explained = params.get('cancelReasonExplained', None)
Appointment.cancel(
appointment_id=appointment_id,
cancelled_by=current_user.get_id(),
cancel_reason=cancel_reason,
cancel_reason_explained=cancel_reason_explained,
)
return Response(status=200)
def _curated_group_with_complete_student_profiles(
curated_group_id,
order_by='last_name',
term_id=None,
offset=0,
limit=50,
):
benchmark = get_benchmarker(
f'curated group {curated_group_id} with student profiles')
benchmark('begin')
curated_group = CuratedGroup.find_by_id(curated_group_id)
if not curated_group:
raise ResourceNotFoundError(
f'Sorry, no curated group found with id {curated_group_id}.')
if not _can_current_user_view_curated_group(curated_group):
raise ForbiddenRequestError(
f'Current user, {current_user.get_uid()}, cannot view curated group {curated_group.id}'
)
api_json = curated_group.to_api_json(include_students=True,
limit=limit,
offset=offset,
order_by=order_by)
sids = [s['sid'] for s in api_json['students']]
benchmark('begin profile query')
if curated_group.domain == 'admitted_students':
api_json['students'] = get_admitted_students_by_sids(
limit=limit,
offset=0,
order_by=order_by,
sids=sids,
)
else:
api_json['students'] = get_student_profile_summaries(sids,
term_id=term_id)
Alert.include_alert_counts_for_students(
benchmark=benchmark,
viewer_user_id=current_user.get_id(),
group=api_json)
benchmark('begin get_referencing_cohort_ids')
api_json[
'referencingCohortIds'] = curated_group.get_referencing_cohort_ids()
benchmark('end')
return api_json
def dev_login():
if app.config['DEVELOPER_AUTH_ENABLED']:
logger = app.logger
params = request.get_json()
if params['password'] != app.config['DEVELOPER_AUTH_PASSWORD']:
logger.error('Wrong password entered in Developer Auth')
raise ForbiddenRequestError('Wrong credentials')
user_id = params['uid']
user = app.login_manager.user_callback(user_id)
if user is None:
logger.error(
'Unauthorized user ID {} entered in Developer Auth'.format(
user_id))
raise ForbiddenRequestError('Unknown account')
logger.info('Developer Auth used to log in as UID {}'.format(user_id))
login_user(user)
flash('Logged in successfully.')
return redirect('/')
else:
raise ResourceNotFoundError('Unknown path')
def get_today_scheduled_appointments(dept_code):
def _is_current_user_authorized():
return current_user.is_admin or dept_code in _dept_codes_with_scheduler_privilege()
dept_code = dept_code.upper()
if dept_code not in BERKELEY_DEPT_CODE_TO_NAME:
raise ResourceNotFoundError(f'Unrecognized department code: {dept_code}')
elif _is_current_user_authorized():
local_today = localize_datetime(utc_now())
advisor_uid = request.args.get('advisorUid')
scheduled_for_today = Appointment.get_scheduled(dept_code, local_today, advisor_uid)
appointments = [a.to_api_json(current_user.get_id()) for a in scheduled_for_today]
openings = AppointmentAvailability.get_openings(dept_code, local_today, appointments)
_put_student_profile_per_appointment(appointments)
return tolerant_jsonify({
'appointments': appointments,
'openings': openings,
})
else:
raise ForbiddenRequestError(f'You are unauthorized to manage {dept_code} appointments.')
def create_appointment():
params = request.get_json()
dept_code = params.get('deptCode', None)
sid = params.get('sid', None)
appointment_type = params.get('appointmentType', None)
topics = params.get('topics', None)
if not dept_code or not sid or not appointment_type or not len(topics):
raise BadRequestError('Appointment creation: required parameters were not provided')
dept_code = dept_code.upper()
if dept_code not in BERKELEY_DEPT_CODE_TO_NAME:
raise ResourceNotFoundError(f'Unrecognized department code: {dept_code}')
if dept_code not in _dept_codes_with_scheduler_privilege():
raise ForbiddenRequestError(f'You are unauthorized to manage {dept_code} appointments.')
advisor_attrs = None
advisor_uid = params.get('advisorUid')
if advisor_uid:
advisor_attrs = _advisor_attrs_for_uid(advisor_uid)
if not advisor_attrs:
raise BadRequestError('Invalid "advisorUid"')
details = params.get('details', None)
scheduled_time = params.get('scheduledTime', None)
if scheduled_time:
scheduled_time = localized_timestamp_to_utc(scheduled_time)
student_contact_info = params.get('studentContactInfo', None)
student_contact_type = params.get('studentContactType', None)
appointment = Appointment.create(
advisor_attrs=advisor_attrs,
appointment_type=appointment_type,
created_by=current_user.get_id(),
dept_code=dept_code,
details=process_input_from_rich_text_editor(details),
scheduled_time=scheduled_time,
student_contact_info=student_contact_info,
student_contact_type=student_contact_type,
student_sid=sid,
topics=topics,
)
AppointmentRead.find_or_create(current_user.get_id(), appointment.id)
api_json = appointment.to_api_json(current_user.get_id())
_put_student_profile_per_appointment([api_json])
return tolerant_jsonify(api_json)
def get_users_report(dept_code):
dept_code = dept_code.upper()
dept_name = BERKELEY_DEPT_CODE_TO_NAME.get(dept_code)
if dept_name:
if current_user.is_admin or _current_user_is_director_of(dept_code):
users, total_user_count = AuthorizedUser.get_users(
deleted=False, dept_code=dept_code)
users = authorized_users_api_feed(users, sort_by='lastName')
note_count_per_user = get_note_count_per_user(dept_code)
for user in users:
user['notesCreated'] = note_count_per_user.get(user['uid'], 0)
return tolerant_jsonify({
'users': users,
'totalUserCount': total_user_count,
})
else:
raise ForbiddenRequestError(
f'You are unauthorized to view {dept_name} reports')
else:
raise ResourceNotFoundError(
f'Unrecognized department code {dept_code}')
def _dev_login(uid, password):
if app.config['DEVELOPER_AUTH_ENABLED']:
logger = app.logger
if password != app.config['DEVELOPER_AUTH_PASSWORD']:
logger.error('Dev-auth: Wrong password')
raise ForbiddenRequestError('Invalid credentials')
user = app.login_manager.user_callback(uid)
if user is None:
logger.error(f'Dev-auth: No user found with UID {uid}.')
raise ForbiddenRequestError(
f'Sorry, user with UID {uid} is unauthorized or does not exist.'
)
if not is_authorized_to_use_boac(user):
logger.error(f'Dev-auth: UID {uid} is not authorized to use BOAC.')
raise ForbiddenRequestError(
f'Sorry, user with UID {uid} is not authorized to use BOAC.')
logger.info(f'Dev-auth used to log in as UID {uid}')
login_user(user)
flash('Logged in successfully.')
else:
raise ResourceNotFoundError('Unknown path')
def download_cohort_csv():
benchmark = get_benchmarker('cohort download_csv')
benchmark('begin')
params = request.get_json()
cohort_id = int(get_param(params, 'cohortId'))
cohort = CohortFilter.find_by_id(
cohort_id,
offset=0,
limit=None,
include_profiles=False,
include_sids=True,
include_students=False,
)
if cohort and _can_current_user_view_cohort(cohort):
fieldnames = get_param(params, 'csvColumnsSelected', [])
sids = CohortFilter.get_sids(cohort['id'])
return _response_with_csv_download(benchmark, cohort['domain'],
fieldnames, sids)
else:
raise ResourceNotFoundError(
f'No cohort found with identifier: {cohort_id}')
def cancel_appointment(appointment_id):
appointment = Appointment.find_by_id(appointment_id)
if not appointment:
raise ResourceNotFoundError('Unknown path')
if current_user.is_admin or appointment.dept_code in _dept_codes_with_scheduler_privilege(
):
params = request.get_json()
cancel_reason = params.get('cancelReason', None)
cancel_reason_explained = params.get('cancelReasonExplained', None)
appointment = Appointment.cancel(
appointment_id=appointment_id,
canceled_by=current_user.get_id(),
cancel_reason=cancel_reason,
cancel_reason_explained=cancel_reason_explained,
)
api_json = appointment.to_api_json(current_user.get_id())
_put_student_profile_per_appointment([api_json])
return tolerant_jsonify(api_json)
else:
raise ForbiddenRequestError(
f'You are unauthorized to manage {appointment.dept_code} appointments.'
)
def get_students(template_id):
params = request.get_json()
sids = get_param(params, 'sids')
if not sids:
raise BadRequestError('sids is required.')
template = DegreeProgressTemplate.find_by_id(template_id)
if not template:
raise ResourceNotFoundError('Degree template not found')
degree_checks = DegreeProgressTemplate.get_student_degree_checks_by_parent_template_id(
template_id, sids)
sids = [d.student_sid for d in degree_checks]
students = get_basic_student_data(sids)
def _to_api_json(student):
return {
'sid': student['sid'],
'uid': student['uid'],
'firstName': student['first_name'],
'lastName': student['last_name'],
}
return tolerant_jsonify([_to_api_json(student) for student in students])
def get_notes_report_by_dept(dept_code):
dept_code = dept_code.upper()
dept_name = BERKELEY_DEPT_CODE_TO_NAME.get(dept_code)
if dept_name:
if current_user.is_admin or _current_user_is_director_of(dept_code):
total_note_count = get_note_count()
return tolerant_jsonify({
'asc': get_asc_advising_note_count(),
'ei': get_e_and_i_advising_note_count(),
'sis': get_sis_advising_note_count(),
'boa': {
'total': total_note_count,
'authors': get_note_author_count(),
'withAttachments': get_note_with_attachments_count(),
'withTopics': get_note_with_topics_count(),
},
})
else:
raise ForbiddenRequestError(
f'You are unauthorized to view {dept_name} reports')
else:
raise ResourceNotFoundError(
f'Unrecognized department code {dept_code}')
def get_cohort_events(cohort_id):
cohort = CohortFilter.find_by_id(cohort_id, include_students=False)
if not cohort or not _can_current_user_view_cohort(cohort):
raise ResourceNotFoundError(
f'No cohort found with identifier: {cohort_id}')
if cohort['domain'] != 'default':
raise BadRequestError(
f"Cohort events are not supported in domain {cohort['domain']}")
offset = get_param(request.args, 'offset', 0)
limit = get_param(request.args, 'limit', 50)
results = CohortFilterEvent.events_for_cohort(cohort_id, offset, limit)
count = results['count']
events = results['events']
event_sids = [e.sid for e in events]
event_profiles_by_sid = {
e['sid']: e
for e in get_summary_student_profiles(event_sids,
include_historical=True)
}
def _event_feed(event):
profile = event_profiles_by_sid.get(event.sid, {})
return {
'createdAt': event.created_at.isoformat(),
'eventType': event.event_type,
'firstName': profile.get('firstName'),
'lastName': profile.get('lastName'),
'sid': event.sid,
'uid': profile.get('uid'),
}
feed = {
'count': count,
'events': [_event_feed(e) for e in events],
}
return tolerant_jsonify(feed)
def delete_course(course_id):
course = DegreeProgressCourse.find_by_id(course_id)
if course:
# Verify that course is a copy
matches = DegreeProgressCourse.get_courses(
degree_check_id=course.degree_check_id,
manually_created_at=course.manually_created_at,
manually_created_by=course.manually_created_by,
section_id=course.section_id,
sid=course.sid,
term_id=course.term_id,
)
def _delete_course(c):
category = DegreeProgressCategory.find_by_id(c.category_id)
DegreeProgressCourseUnitRequirement.delete(c.id)
DegreeProgressCourse.delete(c)
if category and 'Placeholder' in category.category_type:
DegreeProgressCategory.delete(category_id=category.id)
matches = sorted(matches, key=lambda c: c.created_at)
if matches[0].id == course.id:
if course.manually_created_by:
for match in matches:
_delete_course(match)
else:
raise BadRequestError('Only copied courses can be deleted.')
else:
_delete_course(course)
# Update updated_at date of top-level record
DegreeProgressTemplate.refresh_updated_at(course.degree_check_id,
current_user.get_id())
return tolerant_jsonify({'message':
f'Course {course_id} deleted'}), 200
else:
raise ResourceNotFoundError('Course not found.')
def add_students_to_curated_group():
params = request.get_json()
curated_group_id = params.get('curatedGroupId')
return_student_profiles = params.get('returnStudentProfiles')
sids = [sid for sid in set(params.get('sids')) if sid.isdigit()]
if not curated_group_id or not len(sids):
raise BadRequestError(
'The required parameters are \'curatedGroupId\' and \'sids\'.')
curated_group = CuratedGroup.find_by_id(curated_group_id)
if not curated_group:
raise ResourceNotFoundError(
f'No curated group found where id={curated_group_id}')
if curated_group.owner_id != current_user.get_id():
raise ForbiddenRequestError(
f'Current user, {current_user.get_uid()}, does not own curated group {curated_group.id}'
)
CuratedGroup.add_students(curated_group_id=curated_group_id, sids=sids)
if return_student_profiles:
return tolerant_jsonify(
_curated_group_with_complete_student_profiles(
curated_group_id=curated_group_id))
else:
group = CuratedGroup.find_by_id(curated_group_id)
return tolerant_jsonify(group.to_api_json(include_students=False))
def unreserve_appointment(appointment_id):
appointment = Appointment.find_by_id(appointment_id)
if not appointment:
raise ResourceNotFoundError('Unknown path')
has_privilege = current_user.is_admin or appointment.dept_code in _dept_codes_with_scheduler_privilege(
)
if has_privilege and appointment.status == 'reserved':
event = AppointmentEvent.get_most_recent_per_type(
appointment.id, 'reserved')
if event.user_id == current_user.get_id():
appointment = Appointment.unreserve(
appointment_id=appointment_id,
unreserved_by=current_user.get_id(),
)
api_json = appointment.to_api_json(current_user.get_id())
_put_student_profile_per_appointment([api_json])
return tolerant_jsonify(api_json)
else:
raise ForbiddenRequestError(
f'You did not reserve appointment {appointment_id}.')
else:
raise ForbiddenRequestError(
f'You are unauthorized to manage appointment {appointment_id}.')
def get_waitlist(dept_code):
def _is_current_user_authorized():
return current_user.is_admin or dept_code in _dept_codes_with_scheduler_privilege(
)
dept_code = dept_code.upper()
if dept_code not in BERKELEY_DEPT_CODE_TO_NAME:
raise ResourceNotFoundError(
f'Unrecognized department code: {dept_code}')
elif _is_current_user_authorized():
statuses = appointment_event_type.enums if current_user.is_drop_in_advisor else [
'reserved', 'waiting'
]
my_reserved = []
others = []
canceled = []
for appointment in Appointment.get_waitlist(dept_code, statuses):
a = appointment.to_api_json(current_user.get_id())
if a['status'] == 'canceled':
canceled.append(a)
elif a['status'] == 'reserved' and a['statusBy'][
'id'] == current_user.get_id():
my_reserved.append(a)
else:
others.append(a)
waitlist = my_reserved + others + canceled
_put_student_profile_per_appointment(waitlist)
return tolerant_jsonify({
'advisors':
drop_in_advisors_for_dept_code(dept_code),
'waitlist':
waitlist,
})
else:
raise ForbiddenRequestError(
f'You are unauthorized to manage {dept_code} appointments.')
def fetch_degree_template(template_id):
template = DegreeProgressTemplate.find_by_id(template_id)
if not template:
raise ResourceNotFoundError(
f'No template found with id={template_id}.')
return template
def get_all_team_groups():
if not is_asc_authorized():
raise ResourceNotFoundError('Unknown path')
return tolerant_jsonify(athletics.all_team_groups())
