def update(request, subm_id): # Submission should only be editable by their creators submission = get_object_or_404(Submission, pk=subm_id) # Somebody may bypass the template check by sending direct POST form data if not submission.can_reupload(): raise SuspiciousOperation("Update of submission %s is not allowed at this time." % str(subm_id)) if request.user not in submission.authors.all(): return redirect('dashboard') if request.POST: updateForm = SubmissionFileUpdateForm(request.POST, request.FILES) if updateForm.is_valid(): new_file = SubmissionFile(attachment=updateForm.files['attachment']) new_file.save() # fix status of old uploaded file submission.file_upload.replaced_by = new_file submission.file_upload.save() # store new file for submissions submission.file_upload = new_file submission.state = submission.get_initial_state() submission.notes = updateForm.data['notes'] submission.save() messages.info(request, 'Submission files successfully updated.') return redirect('dashboard') else: updateForm = SubmissionFileUpdateForm(instance=submission) return render(request, 'update.html', {'submissionFileUpdateForm': updateForm, 'submission': submission})
def update(request, subm_id): # Submission should only be editable by their creators submission = get_object_or_404(Submission, pk=subm_id) # Somebody may bypass the template check by sending direct POST form data if not submission.can_reupload(): raise SuspiciousOperation( "Update of submission %s is not allowed at this time." % str(subm_id)) if request.user not in submission.authors.all(): return redirect('dashboard') if request.POST: updateForm = SubmissionFileUpdateForm(request.POST, request.FILES) if updateForm.is_valid(): new_file = SubmissionFile( attachment=updateForm.files['attachment']) new_file.save() # fix status of old uploaded file submission.file_upload.replaced_by = new_file submission.file_upload.save() # store new file for submissions submission.file_upload = new_file submission.state = submission.get_initial_state() submission.notes = updateForm.data['notes'] submission.save() messages.info(request, 'Submission files successfully updated.') return redirect('dashboard') else: updateForm = SubmissionFileUpdateForm(instance=submission) return render(request, 'update.html', { 'submissionFileUpdateForm': updateForm, 'submission': submission })
def update(request, subm_id): # Submission should only be editable by their creators submission = get_object_or_404(Submission, pk=subm_id) # Somebody may bypass the template check by sending direct POST form data. # This check also fails when the student performs a simple reload on the /update page # without form submission after the deadline. # In practice, the latter happens all the time, so we skip the Exception raising here, # which lead to endless mails for the admin user in the past. if not submission.can_reupload(): return redirect('dashboard') #raise SuspiciousOperation("Update of submission %s is not allowed at this time." % str(subm_id)) if request.user not in submission.authors.all(): return redirect('dashboard') if request.POST: updateForm = SubmissionFileUpdateForm(request.POST, request.FILES) if updateForm.is_valid(): new_file = SubmissionFile( attachment=updateForm.files['attachment']) new_file.save() # fix status of old uploaded file submission.file_upload.replaced_by = new_file submission.file_upload.save() # store new file for submissions submission.file_upload = new_file submission.state = submission.get_initial_state() submission.notes = updateForm.data['notes'] submission.save() messages.info(request, 'Submission files successfully updated.') return redirect('dashboard') else: updateForm = SubmissionFileUpdateForm(instance=submission) return render(request, 'update.html', { 'submissionFileUpdateForm': updateForm, 'submission': submission })
def new(request, ass_id): ass = get_object_or_404(Assignment, pk=ass_id) if not ass.is_visible(user=request.user): raise Http404() # Check whether submissions are allowed. if not ass.can_create_submission(user=request.user): raise PermissionDenied( "You are not allowed to create a submission for this assignment") # get submission form according to the assignment type SubmissionForm = getSubmissionForm(ass) # Analyze submission data if request.POST: if 'authors' in request.POST: authors = map(lambda s: User.objects.get(pk=int(s)), request.POST['authors'].split(',')) if not ass.authors_valid(authors): raise PermissionDenied( "The given list of co-authors is invalid!") # we need to fill all forms here, so that they can be rendered on validation errors submissionForm = SubmissionForm(request.user, ass, request.POST, request.FILES) if submissionForm.is_valid(): submission = submissionForm.save( commit=False) # commit=False to set submitter in the instance submission.submitter = request.user submission.assignment = ass submission.state = submission.get_initial_state() # take uploaded file from extra field if ass.has_attachment: submissionFile = SubmissionFile( attachment=submissionForm.cleaned_data['attachment']) submissionFile.save() submission.file_upload = submissionFile submission.save() submissionForm.save_m2m( ) # because of commit=False, we first need to add the form-given authors submission.save() messages.info(request, "New submission saved.") if submission.state == Submission.SUBMITTED: inform_course_owner(request, submission) return redirect('dashboard') else: messages.error(request, "Please correct your submission information.") else: submissionForm = SubmissionForm(request.user, ass) return render(request, 'new.html', { 'submissionForm': submissionForm, 'assignment': ass })
def new(request, ass_id): ass = get_object_or_404(Assignment, pk=ass_id) if not ass.is_visible(user=request.user): raise Http404() # Check whether submissions are allowed. if not ass.can_create_submission(user=request.user): raise PermissionDenied("You are not allowed to create a submission for this assignment") # get submission form according to the assignment type SubmissionForm = getSubmissionForm(ass) # Analyze submission data if request.POST: if 'authors' in request.POST: authors = map(lambda s: User.objects.get(pk=int(s)), request.POST['authors'].split(',')) if not ass.authors_valid(authors): raise PermissionDenied("The given list of co-authors is invalid!") # we need to fill all forms here, so that they can be rendered on validation errors submissionForm = SubmissionForm(request.user, ass, request.POST, request.FILES) if submissionForm.is_valid(): submission = submissionForm.save(commit=False) # commit=False to set submitter in the instance submission.submitter = request.user submission.assignment = ass submission.state = submission.get_initial_state() # take uploaded file from extra field if ass.has_attachment: submissionFile = SubmissionFile(attachment=submissionForm.cleaned_data['attachment']) submissionFile.save() submission.file_upload = submissionFile submission.save() submissionForm.save_m2m() # because of commit=False, we first need to add the form-given authors submission.save() messages.info(request, "New submission saved.") if submission.state == Submission.SUBMITTED: inform_course_owner(request, submission) return redirect('dashboard') else: messages.error(request, "Please correct your submission information.") else: submissionForm = SubmissionForm(request.user, ass) return render(request, 'new.html', {'submissionForm': submissionForm, 'assignment': ass})