def post(self, request, *args, **kwargs): collection_id = kwargs['collection_id'] exc = get_object_or_404(ExternalCollection, id=collection_id) special = getattr(settings, 'SERVER_ADMIN_SECRETKEYS', {}) if exc.url not in special.keys(): raise Http404("The uploader does not exist.") username = request.user.username as_user = request.POST.get('as', None) if (as_user and in_course(request.user.username, request.course) and (request.user.is_staff or request.user.has_perm('assetmgr.can_upload_for'))): username = as_user url = reverse('course_detail', args=[self.request.course.id]) redirect_back = '{}?msg=upload'.format(request.build_absolute_uri(url)) nonce = '%smthc' % datetime.datetime.now().isoformat() digest = hmac.new( smart_bytes(special[exc.url]), smart_bytes('{}:{}:{}'.format(username, redirect_back, nonce)), hashlib.sha1).hexdigest() url = ("%s?set_course=%s&as=%s&redirect_url=%s" "&nonce=%s&hmac=%s&audio=%s&folder=%s") % ( exc.url, request.course.group.name, username, quote(redirect_back), nonce, digest, request.POST.get('audio', ''), self.get_upload_folder()) return HttpResponseRedirect(url)
def post(self, request, *args, **kwargs): collection_id = kwargs['collection_id'] exc = get_object_or_404(ExternalCollection, id=collection_id) special = getattr(settings, 'SERVER_ADMIN_SECRETKEYS', {}) if exc.url not in special.keys(): raise Http404("The uploader does not exist.") username = request.user.username as_user = request.POST.get('as', None) if (as_user and in_course(request.user.username, request.course) and (request.user.is_staff or request.user.has_perm('assetmgr.can_upload_for'))): username = as_user redirect_back = "%s?msg=upload" % (request.build_absolute_uri('/')) nonce = '%smthc' % datetime.datetime.now().isoformat() digest = hmac.new(special[exc.url], '%s:%s:%s' % (username, redirect_back, nonce), hashlib.sha1).hexdigest() url = ("%s?set_course=%s&as=%s&redirect_url=%s" "&nonce=%s&hmac=%s&audio=%s&folder=%s") % ( exc.url, request.course.group.name, username, urllib.quote(redirect_back), nonce, digest, request.POST.get('audio', ''), self.get_upload_folder()) return HttpResponseRedirect(url)
def browse_sources(request): c = request.course user = request.user archives = [] upload_archive = None for a in c.asset_set.archives().order_by('title'): archive = a.sources['archive'] thumb = a.sources.get('thumb',None) description = a.metadata().get('description','') uploader = a.metadata().get('upload', 0) archive_context = { "id":a.id, "title":a.title, "thumb":(None if not thumb else {"id":thumb.id, "url":thumb.url}), "archive":{"id":archive.id, "url":archive.url}, #is description a list or a string? "metadata": (description[0] if hasattr(description,'append') else description) } if (uploader[0] if hasattr(uploader,'append') else uploader): upload_archive = archive_context else: archives.append(archive_context) archives.sort(key=operator.itemgetter('title')) owners = [] if in_course(user.username, request.course) and (user.is_staff or user.has_perm('assetmgr.can_upload_for')): owners = [{ 'username': m.username, 'public_name': get_public_name(m, request) } for m in request.course.members] rv = {"archives":archives, "upload_archive": upload_archive, "is_faculty":c.is_faculty(user), "space_viewer":user, 'newsrc':request.GET.get('newsrc', ''), 'can_upload': course_details.can_upload(request.user, request.course), 'upload_service': getattr(settings,'UPLOAD_SERVICE',None), "help_browse_sources": UserSetting.get_setting(user, "help_browse_sources", True), "help_no_sources": UserSetting.get_setting(user, "help_no_sources", True), 'msg': request.GET.get('msg', ''), 'owners': owners, } if not rv['archives']: rv['faculty_assets'] = [a for a in Asset.objects.filter(c.faculty_filter).order_by('added') if a not in rv['archives'] ] if getattr(settings,'DJANGOSHERD_FLICKR_APIKEY',None): # MUST only contain string values for now!! # (see templates/assetmgr/bookmarklet.js to see why or fix) rv['bookmarklet_vars'] = {'flickr_apikey':settings.DJANGOSHERD_FLICKR_APIKEY } return rv
def test_func(self): # Because this is a mixin in a class-based view, its not neccessary to # to raise a 404 response here, hence this pattern. try: course_pk = self.kwargs.get('pk') course = Course.objects.get(pk=course_pk) except Course.DoesNotExist: return False return ( in_course(self.request.user.username, course) or course.is_true_faculty(self.request.user) )
def project_sort(request): if not in_course(request.user, request.course) or not request.course.is_faculty(request.user): return HttpResponseForbidden("forbidden") ids = request.POST.getlist("project") for idx, project_id in enumerate(ids): project = Project.objects.get(id=project_id) if idx != project.ordinality: project.ordinality = idx project.save() data = {"sorted": "true"} return HttpResponse(simplejson.dumps(data, indent=2), mimetype="application/json")
def has_object_permission(self, request, view, obj): user = request.user if user.is_anonymous: return False # has_permission should prevent a POST from reaching this point if request.method == 'POST': return False if request.method not in permissions.SAFE_METHODS: return obj.course.is_faculty(request.user) return (obj.course.is_faculty(request.user) or (in_course(request.user.username, obj.course) and hasattr(obj, 'activity')))
def project_sort(request): if (not in_course(request.user, request.course) or not request.course.is_faculty(request.user)): return HttpResponseForbidden("forbidden") ids = request.POST.getlist("project") for idx, project_id in enumerate(ids): project = Project.objects.get(id=project_id) if idx != project.ordinality: project.ordinality = idx project.save() data = {'sorted': 'true'} return HttpResponse(simplejson.dumps(data, indent=2), mimetype='application/json')
def triple_homepage(request): if not request.course: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) course = request.course collections = ExternalCollection.objects.filter( course=request.course, uploader=False).order_by('title') uploader = ExternalCollection.objects.filter(course=request.course, uploader=True).first() owners = [] if (in_course(logged_in_user.username, request.course) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) context = { 'classwork_owner': classwork_owner, "information_title": course_information_title(course), 'faculty_feed': Project.objects.faculty_compositions(course, logged_in_user), 'is_faculty': course.is_faculty(logged_in_user), 'discussions': get_course_discussions(course), 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'collections': collections, 'uploader': uploader, 'can_upload': course_details.can_upload(request.user, request.course), 'owners': owners } if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None): # MUST only contain string values for now!! # (see templates/assetmgr/bookmarklet.js to see why or fix) context['bookmarklet_vars'] = { 'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY } return context
def post(self, request, course_pk): from_course_id = request.POST.get('fromCourse', None) from_course = get_object_or_404(Course, id=from_course_id) faculty = [user.id for user in from_course.faculty.all()] include_tags = request.POST.get('include_tags', 'false') == 'true' include_notes = request.POST.get('include_notes', 'false') == 'true' # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not cached_course_is_faculty(request.course, owner)): json_stream = json.dumps({ 'success': False, 'message': '%s is not a course member or faculty member' }) return HttpResponse(json_stream, content_type='application/json') if 'asset_ids[]' in request.POST: asset_ids = request.POST.getlist('asset_ids[]') assets = Asset.objects.filter(id__in=asset_ids) object_map = Asset.objects.migrate(assets, request.course, owner, faculty, object_map, include_tags, include_notes) if 'project_ids[]' in request.POST: project_ids = request.POST.getlist('project_ids[]') projects = Project.objects.filter(id__in=project_ids) object_map = Project.objects.migrate(projects, request.course, owner, object_map, include_tags, include_notes) json_stream = json.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': len(object_map['notes']) }) return HttpResponse(json_stream, content_type='application/json')
def post(self, request): from_course_id = request.POST.get('fromCourse', None) from_course = get_object_or_404(Course, id=from_course_id) faculty = [user.id for user in from_course.faculty.all()] include_tags = request.POST.get('include_tags', 'false') == 'true' include_notes = request.POST.get('include_notes', 'false') == 'true' # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not cached_course_is_faculty(request.course, owner)): json_stream = json.dumps({ 'success': False, 'message': '%s is not a course member or faculty member'}) return HttpResponse(json_stream, content_type='application/json') if 'asset_ids[]' in request.POST: asset_ids = request.POST.getlist('asset_ids[]') assets = Asset.objects.filter(id__in=asset_ids) object_map = Asset.objects.migrate( assets, request.course, owner, faculty, object_map, include_tags, include_notes) if 'project_ids[]' in request.POST: project_ids = request.POST.getlist('project_ids[]') projects = Project.objects.filter(id__in=project_ids) object_map = Project.objects.migrate( projects, request.course, owner, object_map, include_tags, include_notes) json_stream = json.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': len(object_map['notes'])}) return HttpResponse(json_stream, content_type='application/json')
def project_sort(request): if (not in_course(request.user, request.course) or not request.course.is_faculty(request.user)): return HttpResponseForbidden("forbidden") ids = request.POST.getlist("project") for idx, project_id in enumerate(ids): project = Project.objects.get(id=project_id) if idx != project.ordinality: project.ordinality = idx project.save() data = {'sorted': 'true'} return HttpResponse(json.dumps(data, indent=2), mimetype='application/json') json_stream = json.dumps(data, indent=2) return HttpResponse(json_stream, mimetype='application/json')
def assets_by_user(request, record_owner_name): """ An ajax-only request to retrieve a specified user's assets Example: /asset/json/user/sld2131/ """ course = request.course if (request.user.is_staff and request.user.username == record_owner_name and not in_course(request.user.username, request.course)): return assets_by_course(request) in_course_or_404(record_owner_name, course) record_owner = get_object_or_404(User, username=record_owner_name) assets = Asset.objects.annotated_by(course, record_owner, include_archives=True) return render_assets(request, record_owner, assets)
def your_records(request, record_owner_name): """ An ajax-only request to retrieve a specified user's projects, assignment responses and selections """ if not request.is_ajax(): raise Http404() course = request.course if (request.user.username == record_owner_name and request.user.is_staff and not in_course(request.user.username, request.course)): return all_records(request) in_course_or_404(record_owner_name, course) record_owner = get_object_or_404(User, username=record_owner_name) assets = annotated_by(Asset.objects.filter(course=course), record_owner, include_archives=False) return get_records(request, record_owner, assets)
def source_specialauth(request, url, key): nonce = '%smthc' % datetime.datetime.now().isoformat() redirect_back = "%s?msg=upload" % (request.build_absolute_uri('/')) username = request.user.username if ('as' in request.REQUEST and in_course(request.user.username, request.course) and (request.user.is_staff or request.user.has_perm('assetmgr.can_upload_for'))): username = request.REQUEST['as'] return ("%s?set_course=%s&as=%s&redirect_url=%s" "&nonce=%s&hmac=%s&audio=%s&audio2=%s") % \ (url, request.course.group.name, username, urllib.quote(redirect_back), nonce, hmac.new(key, '%s:%s:%s' % (username, redirect_back, nonce), hashlib.sha1).hexdigest(), request.POST.get('audio', ''), request.POST.get('audio2', ''))
def test_in_course(self): self.assertTrue(in_course(self.student, self.c)) self.assertTrue(in_course(self.student, self.student_group)) self.assertFalse(in_course(self.faculty, self.student_group))
def triple_homepage(request): if not request.course: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) c = request.course archives = [] upload_archive = None for a in c.asset_set.archives().order_by('title'): archive = a.sources['archive'] thumb = a.sources.get('thumb', None) description = a.metadata().get('description', '') uploader = a.metadata().get('upload', 0) archive_context = { "id": a.id, "title": a.title, "thumb": (None if not thumb else {"id": thumb.id, "url": thumb.url}), "archive": {"id": archive.id, "url": archive.url}, "metadata": (description[0] if hasattr(description, 'append') else description) } if (uploader[0] if hasattr(uploader, 'append') else uploader): upload_archive = archive_context else: archives.append(archive_context) archives.sort(key=operator.itemgetter('title')) show_tour = should_show_tour(request, c, logged_in_user) owners = [] if (in_course(logged_in_user.username, request.course) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) discussions = get_course_discussions(c) context = { 'classwork_owner': classwork_owner, 'help_homepage_instructor_column': False, 'help_homepage_classwork_column': False, 'faculty_feed': get_prof_feed(c, request), 'is_faculty': c.is_faculty(logged_in_user), 'discussions': discussions, 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'archives': archives, 'upload_archive': upload_archive, 'can_upload': course_details.can_upload(request.user, request.course), 'show_tour': show_tour, 'owners': owners } if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None): # MUST only contain string values for now!! # (see templates/assetmgr/bookmarklet.js to see why or fix) context['bookmarklet_vars'] = { 'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY } return context
def migrate(request): if request.method == "GET": # Only show courses for which the user is an instructor available_courses = available_courses_query(request.user) courses = [] if request.user.is_superuser: courses = available_courses else: for c in available_courses: if c.is_faculty(request.user): courses.append(c) # Only send down the real faculty. Not all us staff members faculty = [] for u in request.course.faculty.all(): if u in request.course.members: faculty.append(u) return { "current_course_faculty": faculty, "available_courses": courses, "help_migrate_materials": False } elif request.method == "POST": # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'note_count': 0, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not request.course.is_faculty(owner)): json_stream = simplejson.dumps({ 'success': False, 'message': '%s is not a course member or faculty member'}) return HttpResponse(json_stream, mimetype='application/json') if 'asset_set' in request.POST: asset_set = simplejson.loads(request.POST.get('asset_set')) object_map = Asset.objects.migrate(asset_set, request.course, owner, object_map) if 'project_set' in request.POST: project_set = simplejson.loads(request.POST.get('project_set')) object_map = Project.objects.migrate(project_set, request.course, owner, object_map) json_stream = simplejson.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': object_map['note_count']}) return HttpResponse(json_stream, mimetype='application/json')
def test_in_course(self): assert in_course(self.student, self.c) assert in_course(self.student, self.student_group) assert not in_course(self.faculty, self.student_group)
def triple_homepage(request): if not request.course: return HttpResponseRedirect('/accounts/login/') logged_in_user = request.user classwork_owner = request.user # Viewing your own work by default if 'username' in request.GET: user_name = request.GET['username'] in_course_or_404(user_name, request.course) classwork_owner = get_object_or_404(User, username=user_name) course = request.course archives = [] upload_archive = None for item in course.asset_set.archives().order_by('title'): archive = item.sources['archive'] thumb = item.sources.get('thumb', None) description = item.metadata().get('description', '') uploader = item.metadata().get('upload', 0) archive_context = { "id": item.id, "title": item.title, "thumb": (None if not thumb else {"id": thumb.id, "url": thumb.url}), "archive": {"id": archive.id, "url": archive.url}, "metadata": (description[0] if hasattr(description, 'append') else description) } if (uploader[0] if hasattr(uploader, 'append') else uploader): upload_archive = archive_context else: archives.append(archive_context) archives.sort(key=operator.itemgetter('title')) owners = [] if (in_course(logged_in_user.username, request.course) and (logged_in_user.is_staff or logged_in_user.has_perm('assetmgr.can_upload_for'))): owners = UserResource().render_list(request, request.course.members) context = { 'classwork_owner': classwork_owner, 'help_homepage_instructor_column': False, 'help_homepage_classwork_column': False, 'faculty_feed': get_prof_feed(course, request), 'is_faculty': course.is_faculty(logged_in_user), 'discussions': get_course_discussions(course), 'msg': request.GET.get('msg', ''), 'view': request.GET.get('view', ''), 'archives': archives, 'upload_archive': upload_archive, 'can_upload': course_details.can_upload(request.user, request.course), 'show_tour': should_show_tour(request, course, logged_in_user), 'owners': owners } if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None): # MUST only contain string values for now!! # (see templates/assetmgr/bookmarklet.js to see why or fix) context['bookmarklet_vars'] = { 'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY } return context
def migrate(request): if request.method == "GET": # Only show courses for which the user is an instructor available_courses = available_courses_query(request.user) courses = [] if request.user.is_superuser: courses = available_courses else: for course in available_courses: if course.is_faculty(request.user): courses.append(course) # Only send down the real faculty. Not all us staff members faculty = [] for user in request.course.faculty.all(): if user in request.course.members: faculty.append(user) # Only send down the real faculty. Not all us staff members faculty = [] for fac in request.course.faculty.all(): if fac in request.course.members: faculty.append(fac) return { "current_course_faculty": faculty, "available_courses": courses, "help_migrate_materials": False } elif request.method == "POST": # maps old ids to new objects object_map = {'assets': {}, 'notes': {}, 'note_count': 0, 'projects': {}} owner = request.user if 'on_behalf_of' in request.POST: owner = User.objects.get(id=request.POST.get('on_behalf_of')) if (not in_course(owner.username, request.course) or not request.course.is_faculty(owner)): json_stream = simplejson.dumps({ 'success': False, 'message': '%s is not a course member or faculty member'}) return HttpResponse(json_stream, mimetype='application/json') if 'asset_set' in request.POST: asset_set = simplejson.loads(request.POST.get('asset_set')) object_map = Asset.objects.migrate(asset_set, request.course, owner, object_map) if 'project_set' in request.POST: project_set = simplejson.loads(request.POST.get('project_set')) object_map = Project.objects.migrate(project_set, request.course, owner, object_map) json_stream = simplejson.dumps({ 'success': True, 'asset_count': len(object_map['assets']), 'project_count': len(object_map['projects']), 'note_count': object_map['note_count']}) return HttpResponse(json_stream, mimetype='application/json')
def has_object_permission(self, request, view, obj): if request.user.is_superuser: return True return (in_course(request.user.username, obj.course) or obj.course.is_faculty(request.user))