def add_user_to_shared_collection(request, secret_share_key=''): """ Decrypt the encrypted URL and add the user to the appropriate collection with the appropriate role """ decrypted_info = base64.urlsafe_b64decode( secret_share_key.encode("ascii", "ignore")) (random_id, collection_id, expired_in, random_id) = decrypted_info.split('!!') # NOTE: hard coding the role as LEARNER (i.e. student) instead of passing # the role via the share URL as before. That's insecure without encryption # and proper validation that the URL hasn't been tampered with. The main purpose # of the sharing functionality is to give other students access to the collection, # so this accomplishes that. role = Users_Collections.LEARNER if not collection_id.isdigit(): return HttpResponseBadRequest('Invalid share URL [C]') if not Users_Collections.is_valid_role(role): return HttpResponseBadRequest('Invalid share URL [R]') try: expired_in = datetime.datetime.strptime(expired_in, "%Y-%m-%d") current_time = datetime.datetime.now() if expired_in <= current_time: return HttpResponseBadRequest( 'This share URL has **expired** and is no longer valid.') except ValueError: return HttpResponseBadRequest('Invalid share URL [E]') if not Collection.objects.filter(id=int(collection_id)): return HttpResponseBadRequest('Invalid share URL [CC]') collection = Collection.objects.get(id=int(collection_id)) uc_kwargs = { 'user': request.user, 'collection': collection, 'role': Users_Collections.OBSERVER } if not Users_Collections.objects.exclude(**uc_kwargs): uc_kwargs['role'] = role uc_kwargs['date_joined'] = datetime.date.today() Users_Collections(**uc_kwargs).save() log.info('User added to the collection %s as a learner.' % collection_id, extra={'user': request.user}) return HttpResponseRedirect("/")
def handle_custom_file(uploaded_file, course_name, user, is_teacher=False): """Handles an uploaded custom deck file.""" cached_file_contents = uploaded_file.read() mappings = None try: [file_contents, zfile, file_names, path_to_excel] = extract_from_zip(uploaded_file) is_zip = True except zipfile.BadZipfile: file_contents = cached_file_contents is_zip = False if not utils.correct_custom_format(file_contents): raise Exception, "Incorrect format of the spreadsheet." card_template_fields = utils.get_card_template(file_contents) card_template = CardTemplate(title=course_name, owner=user) card_template.save() for template_field in card_template_fields: label = template_field['label'] side = template_field['side'] sort_order = template_field['sort_order'] if side == 'Front': display = True else: display = False type = template_field['type'][0] field = Field(label=label, field_type=type, show_label=True, display=display, sort_order=sort_order) field.save() card_template_field = CardTemplates_Fields(card_template=card_template, field=field) card_template_field.save() collection = Collection(title=course_name, card_template=card_template, published=not is_teacher) collection.save() user_collection = Users_Collections(user=user, date_joined=date.today(), collection=collection, role=Users_Collections.ADMINISTRATOR) user_collection.save() deck = create_deck(collection_id=collection.id, deck_title='Untitled Deck') if is_zip: [file_contents, mappings] = get_mappings_from_zip(deck, file_contents, file_names, zfile, path_to_excel, custom=True) try: parsed_cards = utils.parse_deck_template_file(deck.collection.card_template, file_contents, mappings, custom=True) except: raise Exception, "Uploaded file type not supported." add_cards_to_deck(deck, parsed_cards) return deck
def get_or_update_role_bucket(request, collection_id = None, role = None): """ Get, create, and/or update the user's role_bucket. Returns the uptodate role_bucket dictionary. """ role_bucket = request.session.get('role_bucket',{}) if role_bucket and collection_id: if not role or not role_bucket.has_key(role): raise Exception("Invalid role provided. %s does not exist" % role) role_bucket[role].append(collection_id) else: role_bucket = Users_Collections.get_role_buckets(request.user) request.session['role_bucket'] = role_bucket return role_bucket
def get_or_update_role_bucket(request, collection_id=None, role=None): """ Get, create, and/or update the user's role_bucket. Returns the uptodate role_bucket dictionary. """ role_bucket = request.session.get('role_bucket', {}) if role_bucket and collection_id: if not role or not role_bucket.has_key(role): raise Exception("Invalid role provided. %s does not exist" % role) role_bucket[role].append(collection_id) else: role_bucket = Users_Collections.get_role_buckets(request.user) request.session['role_bucket'] = role_bucket return role_bucket
def add_user_to_shared_collection(request, secret_share_key=''): """ Decrypt the encrypted URL and add the user to the appropriate collection with the appropriate role """ decrypted_info = base64.urlsafe_b64decode(secret_share_key.encode("ascii", "ignore")) (random_id, collection_id, expired_in, random_id) = decrypted_info.split('!!') # NOTE: hard coding the role as LEARNER (i.e. student) instead of passing # the role via the share URL as before. That's insecure without encryption # and proper validation that the URL hasn't been tampered with. The main purpose # of the sharing functionality is to give other students access to the collection, # so this accomplishes that. role = Users_Collections.LEARNER if not collection_id.isdigit(): return HttpResponseBadRequest('Invalid share URL [C]') if not Users_Collections.is_valid_role(role): return HttpResponseBadRequest('Invalid share URL [R]') try: expired_in = datetime.datetime.strptime(expired_in,"%Y-%m-%d") current_time = datetime.datetime.now() if expired_in <= current_time: return HttpResponseBadRequest('This share URL has **expired** and is no longer valid.') except ValueError: return HttpResponseBadRequest('Invalid share URL [E]') if not Collection.objects.filter(id=int(collection_id)): return HttpResponseBadRequest('Invalid share URL [CC]') collection = Collection.objects.get(id=int(collection_id)) uc_kwargs = {'user':request.user,'collection':collection,'role':Users_Collections.OBSERVER} if not Users_Collections.objects.exclude(**uc_kwargs): uc_kwargs['role'] = role uc_kwargs['date_joined'] = datetime.date.today() Users_Collections(**uc_kwargs).save() log.info('User added to the collection %s as a learner.' %collection_id, extra={'user': request.user}) return HttpResponseRedirect("/")
def handle_custom_file(uploaded_file, course_name, user, is_teacher=False): """Handles an uploaded custom deck file.""" cached_file_contents = uploaded_file.read() mappings = None try: [file_contents, zfile, file_names, path_to_excel] = extract_from_zip(uploaded_file) is_zip = True except zipfile.BadZipfile: file_contents = cached_file_contents is_zip = False if not utils.correct_custom_format(file_contents): raise Exception, "Incorrect format of the spreadsheet." card_template_fields = utils.get_card_template(file_contents) card_template = CardTemplate(title=course_name, owner=user) card_template.save() for template_field in card_template_fields: label = template_field['label'] side = template_field['side'] sort_order = template_field['sort_order'] if side == 'Front': display = True else: display = False type = template_field['type'][0] field = Field(label=label, field_type=type, show_label=True, display=display, sort_order=sort_order) field.save() card_template_field = CardTemplates_Fields(card_template=card_template, field=field) card_template_field.save() collection = Collection(title=course_name, card_template=card_template, published=not is_teacher) collection.save() user_collection = Users_Collections(user=user, date_joined=date.today(), collection=collection, role=Users_Collections.ADMINISTRATOR) user_collection.save() deck = create_deck(collection_id=collection.id, deck_title='Untitled Deck') if is_zip: [file_contents, mappings] = get_mappings_from_zip(deck, file_contents, file_names, zfile, path_to_excel, custom=True) try: parsed_cards = utils.parse_deck_template_file( deck.collection.card_template, file_contents, mappings, custom=True) except: raise Exception, "Uploaded file type not supported." add_cards_to_deck(deck, parsed_cards) return deck