def show_appointment_participants(request, app_id): """ This view displays a list of all participants associated with\n the selected appointment.\n \n*login required*\n For security reasons we check the user's group association once more\n and redirect if necessary.\n :param request: the incoming request :param app_id: database id of the selected appointment :return: rendered page or HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: app = get_object_or_404(Appointment, pk=app_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass if app is None: return HttpResponseRedirect(reverse('cmanagement:tut')) course = app.my_course other_tutors_list = make_other_tutors_list(request) my_courses_list = make_courses_list(request) # This variable is unused??? course_apps = compile_course_apps(course) part_list = app.my_participants.all() context = {'course': course, 'app': app, 'part_list': part_list, 'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user} return render(request, 'cmanagement/tutor_show_participants.html', context)
def edit_appointment_location(request, app_id): """ This view provides an interface for tutors to change\n the selected appointments location.\n It shows the "change appointment location" form.\n :param request: the incoming request :param app_id: database id of the selected appointment :return: HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: app = get_object_or_404(Appointment, pk=app_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass if app is None: return HttpResponseRedirect(reverse('cmanagement:tut')) course = app.my_course other_tutors_list = make_other_tutors_list(request) my_courses_list = make_courses_list(request) # this is unused??? course_apps = compile_course_apps(course) part_list = app.my_participants.all() context = {'course': course, 'app': app, 'part_list': part_list, 'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user} return render(request, 'cmanagement/tutor_appointment_changeloc.html', context)