def login(request):
"""
Login form and handler
"""
login_url = request.route_url('login')
referrer = request.url
if referrer == login_url:
referrer = '/' # never use the login form itself as came_from
came_from = request.params.get('came_from', referrer)
message = ''
login = ''
password = ''
if 'form.submitted' in request.params:
login = request.params['login']
password = request.params['password']
user = get_user(request, login)
if user and (user.password == password):
headers = remember(request, login)
return HTTPFound(location = came_from,
headers = headers)
message = 'Failed login'
return dict(
message = message,
url = request.application_url + '/login',
came_from = came_from,
login = login,
password = password,
)
def staffHome():
if (not has_access(request.remote_addr, Staff)):
return redirect("/login/Staff/@2FstaffHome")
update(request.remote_addr)
user = get_user(request.remote_addr)
all_review_surveys = get_surveys(state = 0)
review_surveys = []
for survey in all_review_surveys:
if (user.is_enrolled_in(survey.course)):
review_surveys.append(survey)
all_active_surveys = get_surveys(state = 1)
active_surveys = []
for survey in all_active_surveys:
if (user.is_enrolled_in(survey.course)):
active_surveys.append(survey)
all_closed_surveys = get_surveys(state = 2)
closed_surveys = []
for survey in all_closed_surveys:
if (user.is_enrolled_in(survey.course)):
closed_surveys.append(survey)
root = request.url_root
return render_template("staffHome.html", review_surveys = review_surveys, active_surveys = active_surveys,
closed_surveys = closed_surveys, root = root)
def get_user_todos(request: Request):
user = security.get_user(request)
if not user:
raise HTTPException(status_code=403,
detail="Unable to find your username.")
tasks = db.select_query(
f"select * from tasks where username = '******'username']}'")
return tasks
def test_student_login(self):
user = login_user('z100', 'student228', 'localhost')
self.assertNotEqual(user, None)
self.assertEqual(type(user), Student)
self.assertEqual(user, get_user('localhost'))
self.assertEqual(has_access('localhost', Student), True)
def test_staff_login(self):
user = login_user('z50', 'staff670', 'localhost')
self.assertNotEqual(user, None)
self.assertEqual(type(user), Staff)
self.assertEqual(user, get_user('localhost'))
self.assertEqual(has_access('localhost', Staff), True)
def test_admin_login(self):
user = login_user('z1', 'adminPass', 'localhost')
self.assertNotEqual(user, None)
self.assertEqual(type(user), Admin)
self.assertEqual(user, get_user('localhost'))
self.assertEqual(has_access('localhost', Admin), True)
def studentHome():
if (not has_access(request.remote_addr, Student)):
return redirect("/login/Student/@2FstudentHome")
update(request.remote_addr)
user = get_user(request.remote_addr)
all_active_surveys = get_surveys(state = 1)
active_surveys = []
for survey in all_active_surveys:
if user.is_enrolled_in(survey.course) and not user.has_responded_to(DATABASE_FILENAME, survey):
active_surveys.append(survey)
return render_template("studentHome.html", active_surveys = active_surveys)
def studentResults():
if (not has_access(request.remote_addr, Student)):
return redirect("/login/Student/@2FstudentResults")
update(request.remote_addr)
user = get_user(request.remote_addr)
all_closed_surveys = get_surveys(state = 2)
closed_surveys = []
for survey in all_closed_surveys:
if user.is_enrolled_in(survey.course):
closed_surveys.append(survey)
return render_template("studentResults.html", closed_surveys = closed_surveys)
def create_todo(request: Request, todo: ToDo):
if not security.user_has_role(request, "CREATE_TODO"):
raise HTTPException(
status_code=403,
detail="You don't have permission to create ToDo's")
user = security.get_user(request)
sql = f'''
insert into tasks (task, complete, username)
values('{todo.task}', '{todo.complete}', '{user["username"]}')
'''
result = db.execute_sql(sql)
if (result == 0):
return "OK"
else:
return result
def view_survey(course, semester):
if (not has_access(request.remote_addr, Student)):
return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester)
user = get_user(request.remote_addr)
survey = Survey()
survey = survey.load_course_from_db(DATABASE_FILENAME, course, semester)
if (not user.is_enrolled_in(survey.course)):
return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester)
if (user.has_responded_to(DATABASE_FILENAME, survey)):
return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester)
update(request.remote_addr)
if request.method == "POST":
return save_response(DATABASE_FILENAME, survey, request)
numQuestions = len(survey.questions)
if survey == None:
return render_template("surveyFail.html")
return render_template("survey.html", survey = survey, numQuestions = numQuestions)
def save_response(filename, survey, request):
user = get_user(request.remote_addr)
try:
write_id = max([
int(x[0]) for x in db_select(filename, "SELECT ID FROM RESPONSES")
]) + 1
except ValueError:
write_id = 1
for question in survey.questions:
if question.get_type() == 'text':
response = request.form.get('TextBox' + str(question.get_id()))
db_execute(
filename,
"""INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID)
VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format(
write_id, user.zID, response, question.get_id(),
survey.id))
write_id += 1
elif question.get_type() == 'single':
response = request.form.get('Q' + str(question.get_id()))
db_execute(
filename,
"""INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID)
VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format(
write_id, user.zID, response, question.get_id(),
survey.id))
write_id += 1
else:
for response in request.form.getlist('Q' + str(question.get_id())):
db_execute(
filename,
"""INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID)
VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format(
write_id, user.zID, response, question.get_id(),
survey.id))
write_id += 1
return redirect('/login')
def test_student_logout(self):
logout('localhost')
self.assertEqual(get_user('localhost'), None)
self.assertEqual(has_access('localhost', Student), False)
def test_admin_logout(self):
logout('localhost')
self.assertEqual(get_user('localhost'), None)
self.assertEqual(has_access('localhost', Admin), False)
def user(self):
dbconn = self.registry.settings['db']
userid = unauthenticated_userid(self)
if userid is not None:
return get_user(self, userid)
