def create_token(username):
token_id = uuid.uuid4().hex
# tokens[token_id] = username
currentUser = get_user(username)
db.session.add(Token(token_id, currentUser))
db.session.commit()
return token_id
def admin(mongodb):
user = helper.get_user(mongodb)
if not user or "admin" not in user.get("roles", []):
redirect("/")
return helper.template("admin/admin", user=user)
def post_login( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
username = request.forms.get('username')
password = request.forms.get('password')
errors = []
user = mongodb['users'].find_one( { 'name': username } )
#Show same error for both: username does not exist AND incorrect password
if not user or user['password'] != bcrypt.hashpw( password, user['password'] ):
errors.append( "badpass" )
if len( errors ) > 0:
return helper.template( 'user/login', errors=errors, form=request.forms, errorMap=loginErrors )
session_key = binascii.hexlify( os.urandom( 32 ) )
mongodb['users'].update(
{ "name": username },
{
"$set": { "session_key": session_key }
}
)
helper.c_set( "session_key", session_key )
redirect( "/" )
def create_session(username):
session_id = uuid.uuid4().hex
# sessions[session_id] = username
currentUser = get_user(username)
db.session.add(Session(session_id, currentUser))
db.session.commit()
return session_id
def profile( mongodb ): user = helper.get_user( mongodb ) if not user: redirect( "/" ) return helper.template( 'user/profile', user=user )
def resend_email( mongodb ): user = helper.get_user( mongodb ) email = request.query.get( 'email' ) if not user or not email: redirect( "/" ) if user: helper.send_verification_email( mongodb, user['name'], email ) return redirect( "/profile" )
def list_assignments(db, course_id):
'''
GET /api/assignments/<course_id>
List all assignments for a course (students+instructors)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_user(db, course, user)
assignments = course.assignments
return json_success(assignments=list(map(lambda x: x.id, assignments)))
def change_read_status():
# Delete a message.
message_id = request.form.get('message_id')
message = Message.query.get(message_id)
message.delete_message()
user = get_user()
new_messages = get_new_messages(session['user_id'])
return jsonify(new_messages=new_messages)
def download_assignment(db, course_id, assignment_id):
'''
GET /api/assignment/<course_id>/<assignment_id>
Download a copy of an assignment (students+instructors)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_user(db, course, user)
assignment = find_assignment(db, course, assignment_id)
list_only = request.args.get('list_only', 'false') == 'true'
return json_success(files=json_files_pack(assignment.files, list_only))
def list_courses(db):
'''
GET /api/courses
List all available courses the user is taking or teaching (anyone)
'''
user = get_user(db)
courses = set()
for i in user.teaching:
courses.add(i.id)
for i in user.taking:
courses.add(i.id)
return json_success(courses=sorted(courses))
def add_course(db, course_id):
'''
POST /api/course/<course_id>
Add a course (anyone)
'''
user = get_user(db)
if db.query(Course).filter(Course.id == course_id).one_or_none():
raise JsonError('Course already exists')
course = Course(course_id, user)
db.add(course)
db.commit()
return json_success()
def admin_users(mongodb, search="", index=0, count=10):
user = helper.get_user(mongodb)
if not user or "admin" not in user.get("roles", []):
redirect("/")
if len(search) == 0:
users = mongodb["users"].find().skip(index).limit(count)
else:
users = mongodb["users"].find({"name": search}).skip(index).limit(count)
return helper.template("admin/admin", user=user, main=template("admin/users", users=users))
def templates( mongodb, search="", index=0, count=10 ):
user = helper.get_user( mongodb )
if not user:
redirect("/")
if len( search ) == 0:
templates = mongodb['templates'].find( { "owner": user['_id'] }).skip( index ).limit( count )
else:
templates = mongodb['templates'].find( { "owner": user['_id'], "name": { "$regex": search } } ).skip( index ).limit( count )
return helper.template( 'templates/templates', user=user, templates=templates )
def submit_assignment(db, course_id, assignment_id):
'''
POST /api/submission/<course_id>/<assignment_id>
Submit a copy of an assignment (students+instructors)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_user(db, course, user)
assignment = find_assignment(db, course, assignment_id)
submission = Submission(user, assignment)
json_files_unpack(request.form.get('files'), submission.files)
db.commit()
return json_success()
def addemail( mongodb ): user = helper.get_user( mongodb ) email = request.forms.get( 'email' ) if not user: redirect( "/" ) for uemail in user.get( 'emails', [] ): if uemail['address'] == email: redirect( "/profile" ) helper.add_email( mongodb, user['name'], email ) helper.send_verification_email( mongodb, user['name'], email ) redirect( "/profile" )
def food_info(food_id):
# Display information about a specific food listing.
if check_login('Please login to view listing details.') == 'not_logged_in':
return redirect('/login')
else:
# get specific listing from db.
food_listing = Food.query.get(food_id)
user = get_user()
new_messages = get_new_messages(session['user_id'])
return render_template('food_info.html',
food_listing=food_listing,
user=user,
new_messages=new_messages)
def release_assignment(db, course_id, assignment_id):
'''
POST /api/assignment/<course_id>/<assignment_id>
Release an assignment (instructors only)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_instructor(db, course, user)
if db.query(Assignment).filter(Assignment.id == assignment_id,
Assignment.course == course).one_or_none():
raise JsonError('Assignment already exists')
assignment = Assignment(assignment_id, course)
json_files_unpack(request.form.get('files'), assignment.files)
db.commit()
return json_success()
def download_submission(db, course_id, assignment_id, student_id):
'''
GET /api/submission/<course_id>/<assignment_id>/<student_id>
Download a student's submitted assignment (instructors only)
TODO: maybe allow student to see their own submissions?
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_instructor(db, course, user)
assignment = find_assignment(db, course, assignment_id)
student = find_course_user(db, course, student_id)
submission = find_student_latest_submission(db, assignment, student)
list_only = request.args.get('list_only', 'false') == 'true'
return json_success(files=json_files_pack(submission.files, list_only),
timestamp=strftime(submission.timestamp))
def listings():
# Lists all the food listings, putting the user's friends'
# listings first.
if check_login('Please login to view listings.') == 'not_logged_in':
return redirect('/login')
else:
user = get_user()
new_messages = get_new_messages(session['user_id'])
user_friends = user.friendships
if user_friends:
friend_ids = [friend.friend_id for friend in user_friends]
# get all their friend's listings
friends_listings = Food.query.filter_by(active=True
).filter(
Food.user_id.in_(friend_ids)
).order_by(
desc('post_date')
).all()
# get the food ids so they can be filtered out
friends_food_ids = [food.food_id for food in friends_listings]
# get all the other active listings
other_listings = Food.query.filter_by(active=True
).filter(~Food.food_id.in_(
friends_food_ids)
).order_by(desc('post_date')
).all()
# combine listings so that the friends listings come first
foods = friends_listings + other_listings
else:
foods = Food.query.filter_by(active=True).order_by(desc
('post_date')
).all()
API_KEY = google_api
return render_template('listings.html',
foods=foods,
user=user,
new_messages=new_messages,
API_KEY=API_KEY)
def edit_food(food_id):
# Display information about a specific food listing
# allow the user to edit listing.
if check_login('Please login to edit your listings.') == 'not_logged_in':
return redirect('/login')
else:
# show user listing and allow them to make changes.
user = get_user()
new_messages = get_new_messages(session['user_id'])
food_listing = Food.query.get(food_id)
return render_template('editfood.html',
food_listing=food_listing,
user=user,
new_messages=new_messages)
def post_signup( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
username = request.forms.get('username')
password1 = request.forms.get('password1')
password2 = request.forms.get('password2')
email = request.forms.get('email')
errors = []
if len( username ) == 0:
errors.append( "usernameblank" )
if len( password1 ) == 0:
errors.append( "password1blank" )
if len( password2 ) == 0:
errors.append( "password2blank" )
if options.email_required and len( email ) == 0:
errors.append( "emailblank" )
if mongodb['users'].find( { "name": username } ).count() > 0:
errors.append( "nametaken" )
if password1 != password2:
errors.append( "nomatch" )
if len( errors ) > 0:
return helper.template( 'user/signup', errors=errors, form=request.forms, errorMap=signupErrors )
salt = bcrypt.gensalt()
hash = bcrypt.hashpw( password1, salt )
user_obj = {
'name': username,
'password': hash
}
mongodb['users'].insert( user_obj )
if email and len(email) > 0:
helper.add_email( mongodb, username, email )
helper.send_verification_email( mongodb, username, email )
redirect( "/login" )
def list_submissions(db, course_id, assignment_id):
'''
GET /api/submissions/<course_id>/<assignment_id>
List all submissions for an assignment from all students
(instructors only)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_instructor(db, course, user)
assignment = find_assignment(db, course, assignment_id)
submissions = []
for submission in assignment.submissions:
submissions.append({
'student_id': submission.student.id,
'timestamp': strftime(submission.timestamp),
# TODO: "notebooks": [],
})
return json_success(submissions=submissions)
def editor( mongodb, filename=None ):
user = helper.get_user( mongodb )
if not user:
redirect( '/' )
if filename:
template = mongodb['templates'].find_one( { "owner": user['_id'], "name": filename } )
else:
template = helper.new_template( user )
return helper.template(
"templates/editor",
user=user,
template=template,
js=['markdown','codemirror.min','jquery.ba-dotimeout.min', 'render','plugins/basic'],
css=['codemirror','document']
)
def user_info(food_user_id):
# Displays a specific user's active listings.
if check_login("Please login to view\
this user's listings.") == 'not_logged_in':
return redirect('/login')
else:
# get specific listing from db.
user = get_user()
new_messages = get_new_messages(session['user_id'])
this_user = User.query.get(food_user_id)
food_listings = Food.query.filter_by(user_id=food_user_id)
return render_template('user_info.html',
this_user=this_user,
food_listings=food_listings,
user=user,
new_messages=new_messages)
def editor( mongodb, template_name=None, document_name=None ):
user = helper.get_user( mongodb )
if not user:
redirect("/")
if template_name:
template = mongodb['templates'].find_one( { "owner": user['_id'], "name": template_name } )
if not template:
redirect( "/documents" )
document = { "raw": template['raw'], "name": "", "form": {} }
elif document_name:
document = mongodb['document'].find_one( { "owner": user['_id'], "name": document_name } )
if not document:
redirect( "/documents" )
else:
redirect( "/documents" )
return helper.template( 'documents/editor', user=user, document=document, js=['jquery.ba-dotimeout.min','markdown','render','plugins/basic'] )
def upload_feedback(db, course_id, assignment_id, student_id):
'''
POST /api/feedback/<course_id>/<assignment_id>/<student_id>
Upload feedback on a student's assignment (instructors only)
'''
user = get_user(db)
course = find_course(db, course_id)
check_course_instructor(db, course, user)
assignment = find_assignment(db, course, assignment_id)
student = find_course_user(db, course, student_id)
if 'timestamp' not in request.form:
raise JsonError('Please supply timestamp')
timestamp = strptime(request.form.get('timestamp'))
submission = find_student_submission(db, assignment, student, timestamp)
submission.feedbacks.clear()
# TODO: does this automatically remove the files?
json_files_unpack(request.form.get('files'), submission.feedbacks)
db.commit()
return json_success()
def download_feedback(db, course_id, assignment_id, student_id):
'''
GET /api/feedback/<course_id>/<assignment_id>/<student_id>
Download feedback on a student's assignment
(instructors+students, students restricted to their own submissions)
'''
user = get_user(db)
course = find_course(db, course_id)
if user.id != student_id:
check_course_instructor(db, course, user)
assignment = find_assignment(db, course, assignment_id)
student = find_course_user(db, course, student_id)
if 'timestamp' not in request.args:
raise JsonError('Please supply timestamp')
timestamp = strptime(request.args.get('timestamp'))
submission = find_student_submission(db, assignment, student, timestamp)
list_only = request.args.get('list_only', 'false') == 'true'
return json_success(files=json_files_pack(submission.feedbacks, list_only),
timestamp=strftime(submission.timestamp))
def list_student_submission(db, course_id, assignment_id, student_id):
'''
GET /api/submissions/<course_id>/<assignment_id>/<student_id>
List all submissions for an assignment from a particular student
(instructors+students, students restricted to their own submissions)
'''
user = get_user(db)
course = find_course(db, course_id)
if user.id != student_id:
check_course_instructor(db, course, user)
assignment = find_assignment(db, course, assignment_id)
student = find_course_user(db, course, student_id)
submissions = []
for submission in find_student_submissions(db, assignment, student):
submissions.append({
'student_id': submission.student.id,
'timestamp': strftime(submission.timestamp),
# TODO: "notebooks": [],
})
return json_success(submissions=submissions)
def save( mongodb ):
user = helper.get_user( mongodb )
if not user:
return json.dumps( { "error": "not logged in" } )
filename = request.forms.get( "name" )
raw = request.forms.get( "raw" )
mongodb['templates'].update(
{ "owner": user['_id'], "name": filename },
{
"owner": user['_id'],
"name": filename,
"raw": raw
},
upsert=True
)
return json.dumps( { "success": "File saved successfully" } )
def messages():
# Displays messages for that specific user.
if check_login("Please login to view your messages.") == 'not_logged_in':
return redirect('/login')
else:
# Get the messages for that particular user.
user = get_user()
new_messages = get_new_messages(session['user_id'])
unread_messages = get_messages(session['user_id'], False)
read_messages = get_messages(session['user_id'], True)
all_messages = unread_messages + read_messages
return render_template('messages.html',
all_messages=all_messages,
unread_messages=unread_messages,
read_messages=read_messages,
user=user,
new_messages=new_messages)
def get(self):
logging.debug('GET')
self.response.headers['Content-Type'] = 'text/html'
# check whether user is logged in
if helper.is_user_logged_in():
# if myuser object is None --> No user with key found --> new user --> make new user in datastore
if not helper.user_exists():
helper.add_new_user(helper.get_user())
self.navigate()
# get all directoriesin the current path
directories_in_current_path = helper.get_directories_in_current_path(
)
files_in_current_path = helper.get_files_in_current_path()
# extract directory names from the key list for showing only the names to display
directories_in_current_path = helper.get_names_from_list(
directories_in_current_path)
files_in_current_path = helper.get_names_from_list(
files_in_current_path)
duplicate_files_in_current_path = helper.get_duplicate_names_from_list(
files_in_current_path)
duplicate_files_in_dropox = helper.get_duplicate_names_from_dropbox(
)
error_message = helper.get_error().error
renderhtml.render_main(self, helper.get_logout_url(self),
directories_in_current_path,
files_in_current_path,
helper.get_current_directory_object().path,
helper.is_in_root_directory(),
blobstore.create_upload_url('/upload'),
error_message,
duplicate_files_in_current_path,
duplicate_files_in_dropox)
# no login
else:
renderhtml.render_login(self, helper.get_login_url(self))
def user_listings():
# Shows a list of all of that particular user's listings.
if check_login('Please login to view your listings.') == 'not_logged_in':
return redirect('/login')
else:
# show user's listings.
user = get_user()
new_messages = get_new_messages(session['user_id'])
user_id = session['user_id']
question = Food.query
user_listings = question.filter(Food.user_id == user_id,
Food.active == True
).order_by(desc('post_date')).all()
old_listings = question.filter(Food.user_id == user_id,
Food.active == False
).order_by(desc('post_date')).all()
return render_template('mylistings.html',
user_listings=user_listings,
old_listings=old_listings,
user=user,
new_messages=new_messages)
def login( mongodb ):
if helper.get_user( mongodb ):
redirect( "/" )
return helper.template('user/login')
from helper import get_user, interface_with_user
while True:
user = get_user()
interface_with_user(user)
def home( mongodb ):
return helper.template('home', user=helper.get_user(mongodb) )
def signup( mongodb ): if helper.get_user( mongodb ): redirect( "/" ) return helper.template( 'user/signup' )
def valid_credentials(username, password):
currentUser = get_user(username)
if currentUser:
return bcrypt.check_password_hash(currentUser.password_hash, password)
def home():
# homepage
if check_login('Please login.') == 'not_logged_in':
return redirect('/login')
else:
user = get_user()
new_messages = get_new_messages(session['user_id'])
user_friends = user.friendships
if user_friends:
# get this user's friend ids
friend_ids = [friend.friend_id for friend in user_friends]
friends_fb_ids = db.session.query(User.user_id,
User.fb_id).filter(
User.user_id.in_(friend_ids)
).all()
# get all their friend's listings
friends_listings = []
for friend in friend_ids:
listing = Food.query.filter_by(active=True
).filter(
Food.user_id == friend
).order_by(desc('post_date')
).first()
if listing:
friends_listings.append(listing)
# get the food ids so they can be filtered out
friends_food_ids = [food.food_id for food in friends_listings]
user_id = session['user_id']
# get all the other active listings,
# leaving out friend and user listings
other_listings = Food.query.filter_by(active=True
).filter(
(~Food.user_id.in_(friend_ids)),
(~(Food.user_id == user_id))
).order_by(desc('post_date')
).all()
# combine listings so that the friends listings come first
this_users_listings = friends_listings + other_listings
short_list = this_users_listings[:5]
else:
short_list = Food.query.filter_by(active=True
).order_by(desc('post_date')
).limit(5).all()
friends_fb_ids = None
current_date = datetime.now()
current_date = current_date.strftime("%Y-%m-%d")
return render_template('index.html',
user_listings=short_list,
current_date=current_date,
user=user,
new_messages=new_messages,
user_friends=user_friends,
friends_fb_ids=friends_fb_ids)
