def add_user_to_shared_collection(request, secret_share_key=''):
"""
Decrypt the encrypted URL and add the user to the appropriate
collection with the appropriate role
"""
decrypted_info = base64.urlsafe_b64decode(
secret_share_key.encode("ascii", "ignore"))
(random_id, collection_id, expired_in,
random_id) = decrypted_info.split('!!')
# NOTE: hard coding the role as LEARNER (i.e. student) instead of passing
# the role via the share URL as before. That's insecure without encryption
# and proper validation that the URL hasn't been tampered with. The main purpose
# of the sharing functionality is to give other students access to the collection,
# so this accomplishes that.
role = Users_Collections.LEARNER
if not collection_id.isdigit():
return HttpResponseBadRequest('Invalid share URL [C]')
if not Users_Collections.is_valid_role(role):
return HttpResponseBadRequest('Invalid share URL [R]')
try:
expired_in = datetime.datetime.strptime(expired_in, "%Y-%m-%d")
current_time = datetime.datetime.now()
if expired_in <= current_time:
return HttpResponseBadRequest(
'This share URL has **expired** and is no longer valid.')
except ValueError:
return HttpResponseBadRequest('Invalid share URL [E]')
if not Collection.objects.filter(id=int(collection_id)):
return HttpResponseBadRequest('Invalid share URL [CC]')
collection = Collection.objects.get(id=int(collection_id))
uc_kwargs = {
'user': request.user,
'collection': collection,
'role': Users_Collections.OBSERVER
}
if not Users_Collections.objects.exclude(**uc_kwargs):
uc_kwargs['role'] = role
uc_kwargs['date_joined'] = datetime.date.today()
Users_Collections(**uc_kwargs).save()
log.info('User added to the collection %s as a learner.' % collection_id,
extra={'user': request.user})
return HttpResponseRedirect("/")
def handle_custom_file(uploaded_file, course_name, user, is_teacher=False):
"""Handles an uploaded custom deck file."""
cached_file_contents = uploaded_file.read()
mappings = None
try:
[file_contents, zfile, file_names,
path_to_excel] = extract_from_zip(uploaded_file)
is_zip = True
except zipfile.BadZipfile:
file_contents = cached_file_contents
is_zip = False
if not utils.correct_custom_format(file_contents):
raise Exception, "Incorrect format of the spreadsheet."
card_template_fields = utils.get_card_template(file_contents)
card_template = CardTemplate(title=course_name, owner=user)
card_template.save()
for template_field in card_template_fields:
label = template_field['label']
side = template_field['side']
sort_order = template_field['sort_order']
if side == 'Front':
display = True
else:
display = False
type = template_field['type'][0]
field = Field(label=label,
field_type=type,
show_label=True,
display=display,
sort_order=sort_order)
field.save()
card_template_field = CardTemplates_Fields(card_template=card_template,
field=field)
card_template_field.save()
collection = Collection(title=course_name,
card_template=card_template,
published=not is_teacher)
collection.save()
user_collection = Users_Collections(user=user,
date_joined=date.today(),
collection=collection,
role=Users_Collections.ADMINISTRATOR)
user_collection.save()
deck = create_deck(collection_id=collection.id, deck_title='Untitled Deck')
if is_zip:
[file_contents, mappings] = get_mappings_from_zip(deck,
file_contents,
file_names,
zfile,
path_to_excel,
custom=True)
try:
parsed_cards = utils.parse_deck_template_file(
deck.collection.card_template,
file_contents,
mappings,
custom=True)
except:
raise Exception, "Uploaded file type not supported."
add_cards_to_deck(deck, parsed_cards)
return deck