def wrap(*args, **kwargs):
"""Used to figure out whether to return the function or json"""
teacher_id = request.teacher_id
course_id = request.view_args["course_id"]
query = """
SELECT * FROM courses
WHERE course_id = %s
"""
courses = db.query(query, (course_id))
if not courses:
return not_found()
query = """
SELECT * FROM courses
WHERE course_id = %s
AND course_teacher_id = %s
"""
courses = db.query(query, (course_id, teacher_id))
if not courses:
return forbidden()
return func(*args, **kwargs)
def create_token():
"""
Creates the teachers login token
"""
token = uuid.uuid4().hex
query = """
SELECT teacher_token
FROM teachers
WHERE teacher_token = %s
"""
query2 = """
SELECT student_token
FROM students
WHERE student_token = %s
"""
rows = db.query(query, (token))
rows2 = db.query(query2, (token))
if rows or rows2:
return create_token()
return token
def wrap(*args, **kwargs):
"""Used to figure out whether to return the function or json"""
if "Teacher-Authorization" in request.headers:
query = """
SELECT teacher_id
FROM teachers
WHERE teacher_token = %s
"""
rows = db.query(query, (request.headers["Teacher-Authorization"]))
if not rows:
return unauthorized()
request.teacher_id = rows[0]["teacher_id"]
return func(*args, **kwargs)
elif "Student-Authorization" in request.headers:
query = """
SELECT student_id
FROM students
WHERE student_token = %s
"""
rows = db.query(query, (request.headers["Student-Authorization"]))
if not rows:
return unauthorized()
request.student_id = rows[0]["student_id"]
return func(*args, **kwargs)
else:
return unauthorized()
def wrap(*args, **kwargs):
"""
Checks if the user is signed in as either a student or a teacher
"""
if "Teacher-Authorization" in request.headers:
query = """
SELECT teacher_id
FROM teachers
WHERE teacher_token = %s
"""
rows = db.query(query, (request.headers["Teacher-Authorization"]))
if rows:
request.teacher_id = rows[0]["teacher_id"]
elif "Student-Authorization" in request.headers:
query = """
SELECT student_id
FROM students
WHERE student_token = %s
"""
rows = db.query(query, (request.headers["Student-Authorization"]))
if rows:
request.student_id = rows[0]["student_id"]
# If no user is authenticated, then go to next middleware
return func(*args, **kwargs)
def wrap(*args, **kwargs):
"""
Checks to see if either a student or unauthorized user can access the quiz.
If the quiz is a free quiz, the let everyone through
If not and if the user is a student, check whether student is an a course
that is part of the quiz instance.
"""
quiz_id = request.view_args["qc_id"]
# Check that the quiz exists
query = """
SELECT quizzes_courses.qc_id,qc_start_date * 1000 AS quiz_start_date, qc_end_date * 1000 AS quiz_end_date, quizzes_courses.qc_course_id , quizzes_courses.qc_quiz_id
FROM quizzes_courses
WHERE qc_id = %s
"""
quizzes = db.query(query, (quiz_id))
if not quizzes:
return not_found()
# Set the quiz_id in the context so that controllers can use it
request.quiz_id = quizzes[0]["qc_quiz_id"]
# IMPORTANT: If the course_id is null for the quiz, that means anyone can view the quiz
if not quizzes[0]["qc_course_id"]:
request.is_free_quiz = True
return func(*args, **kwargs)
if hasattr(request, "student_id"):
student_id = request.student_id
# If the quiz hasn't started yet, then don't let student access
current_time = int(time.time() * 1000)
print(current_time)
print(quizzes[0]["quiz_start_date"])
if current_time < quizzes[0]["quiz_start_date"]:
return forbidden()
# Check that students teacher owns the quiz
query = """
SELECT students_classes.sc_student_id
FROM quizzes_courses
INNER JOIN classes_courses ON quizzes_courses.qc_course_id = classes_courses.cc_course_id
INNER JOIN courses ON classes_courses.cc_course_id = courses.course_id
INNER JOIN students_classes ON classes_courses.cc_class_id = students_classes.sc_class_id
WHERE students_classes.sc_student_id = %s AND quizzes_courses.qc_id = %s
"""
rows = db.query(query, (student_id, quiz_id))
if not rows:
return forbidden()
return func(*args, **kwargs)
return unauthorized()
def delete_students(class_id):
"""
Deletes all students in a class
"""
query = """
DELETE FROM students_classes
WHERE sc_class_id = %s
"""
db.query(query, (class_id))
return
def delete_class(class_id):
"""
Deletes a class
"""
query = """
DELETE FROM classes
WHERE class_id = %s
"""
db.query(query, (class_id))
return
def insert_test_cases(test_case_results, attempt_id):
"""
Inserts a users test cases into answers table
"""
query = """
INSERT INTO answers
VALUES (DEFAULT, %s, %s, %s)
"""
for test_case in test_case_results:
db.query(query,
(test_case["output"], test_case["test_id"], attempt_id))
def save_hash(student_hash, activate_token):
"""
Saves the students hash in the db
"""
query = """
UPDATE students
SET student_hash = %s
WHERE student_activate_token = %s
"""
db.query(query, (student_hash, activate_token))
def delete_unique():
"""
Deletes student emails that are already taken by a teacher
"""
query = """
DELETE FROM students
WHERE student_email IN
(SELECT teacher_email FROM teachers)
"""
db.query(query)
return
def change_class(class_id, name):
"""
Changes the information of a class
"""
query = """
UPDATE classes
SET class_name = %s
WHERE class_id = %s
"""
db.query(query, (name, class_id))
return
def delete_student(class_id, student_id):
"""
Deletes a student from a class
"""
query = """
DELETE FROM students_classes
WHERE sc_class_id = %s
AND sc_student_id = %s
"""
db.query(query, (class_id, student_id))
return
def change_course(course_id, name):
"""
Changes the name of a course
"""
query = """
UPDATE courses
SET course_name = %s
WHERE course_id = %s
"""
db.query(query, (name, course_id))
return
def delete_class(course_id, class_id):
"""
Deletes a class from a course
"""
query = """
DELETE FROM classes_courses
WHERE class_id = %s
AND course_id = %s
"""
db.query(query, (class_id, course_id))
return
def create_free_quiz(quiz_name, quiz_language_id, quiz_short_desc):
"""
Checks for errors and creates a free quiz if no errors found
"""
# Check for errors
if not quiz_name or not quiz_language_id or not quiz_short_desc:
raise ValueError("Property in body is empty")
# Check types
if type(quiz_name) != str or type(quiz_language_id) != int or type(
quiz_short_desc) != str:
raise ValueError("Types in body are incorrect")
if len(quiz_name) > 20 or len(quiz_short_desc) > 20:
raise ValueError("One field in body is too long")
# Also check that the language_id actually exists
query = """
SELECT language_id
FROM languages
WHERE language_id = %s
"""
languages = db.query(query, (quiz_language_id))
if not languages:
raise ValueError("Language ID does not exist")
query = """
INSERT INTO quizzes (quiz_name, quiz_language_id, quiz_short_desc)
VALUES (%s, %s, %s)
"""
db.insert_query(query, (quiz_name, quiz_language_id, quiz_short_desc))
def delete_course(course_id):
"""
Deletes a course
"""
query = """
DELETE FROM questions
WHERE question_quiz_id IN (
SELECT quiz_id
FROM quizzes
WHERE quiz_course_id = %s
)
"""
db.query(query, (course_id))
return
def taken_email(email):
"""
Checks if the email is taken in the teacher or student table
"""
query = """
SELECT teacher_id FROM teachers
WHERE teacher_email = %s
"""
query2 = """
SELECT student_id FROM students
WHERE student_email = %s
"""
taken = db.query(query, (email))
taken2 = db.query(query2, (email))
return taken or taken2
def save_token(token, user_id, is_teacher):
"""
Saves the teachers or students token
"""
if is_teacher:
query = """
UPDATE teachers
SET teacher_token = %s
WHERE teacher_id = %s
"""
else:
query = """
UPDATE students
SET student_token = %s
WHERE student_id = %s
"""
db.query(query, (token, user_id))
def edit_quiz(quiz_id, name, start_date, end_date, description, language):
"""
Edits a quiz
"""
query = """
UPDATE quizzes
SET
quiz_name = %s,
quiz_start_date = %s,
quiz_end_date = %s,
quiz_short_desc = %s,
quiz_language_id = %s
WHERE quiz_id = %s
"""
db.query(query,
(name, start_date, end_date, description, language, quiz_id))
return
def remove_token(user_id, is_teacher):
"""
Sets a teachers or students token to null in the database
"""
if is_teacher:
query = """
UPDATE teachers
SET teacher_token = %s
WHERE teacher_id = %s
"""
else:
query = """
UPDATE students
SET student_token = %s
WHERE student_id = %s
"""
db.query(query, (None, user_id))
def id_from_credentials(email, password):
"""
Gets the teacher_id or student-id from their credentials. If their credentials
don't match, then None will be returned
"""
query = """
SELECT teacher_id, teacher_hash
FROM teachers
WHERE teacher_email = %s
"""
rows = db.query(query, (email))
if rows:
teacher_hash = rows[0]["teacher_hash"]
teacher_id = rows[0]["teacher_id"]
# Compared hashed password from request to hashed password in db
if bcrypt.hashpw(password.encode(),
teacher_hash.encode()) == teacher_hash.encode():
return teacher_id, True
else:
query = """
SELECT student_id, student_hash
FROM students
WHERE student_email = %s
"""
rows = db.query(query, (email))
if rows:
student_hash = rows[0]["student_hash"]
student_id = rows[0]["student_id"]
# Compared hashed password from request to hashed password in db
if bcrypt.hashpw(password.encode(),
student_hash.encode()) == student_hash.encode():
return student_id, False
return None, None
def wrap(*args, **kwargs):
"""
NOTE: This middleware is NOT stateless, depends on teacher_logged_in
Checks to see if teacher actually owns the quiz, or if
a teacher is an admin and the quiz is a free quiz
"""
quiz_id = request.view_args["quiz_id"]
# Checks if the quiz does not exist
query = """
SELECT qc_id , qc_course_id
FROM quizzes_courses
WHERE qc_id = %s
"""
quizzes = db.query(query, (quiz_id))
if not quizzes:
return not_found()
# If the quiz is a free quiz and the teacher is an admin
if not quizzes[0]["qc_course_id"] and hasattr(request,
"teacher_is_admin"):
return func(*args, **kwargs)
# Check that teacher owns the course
query = """
SELECT qc_id
FROM quizzes_courses
INNER JOIN courses ON quizzes_courses.qc_course_id = courses.course_id
INNER JOIN teachers ON courses.course_teacher_id = teachers.teacher_id
WHERE quizzes_courses.qc_id = %s
AND teachers.teacher_id = %s
"""
quizzes = db.query(query, (quiz_id, request.teacher_id))
if not quizzes:
return forbidden()
return func(*args, **kwargs)
def get_name(course_id):
"""
Gets information on one course
"""
query = """
SELECT course_name FROM courses
WHERE course_id = %s
"""
course = db.query(query, (course_id))
return course[0]["course_name"]
def get_courses(teacher_id):
"""
Gets all of a teachers courses
"""
query = """
SELECT course_id, course_name
FROM courses
WHERE course_teacher_id = %s
"""
courses = db.query(query, (teacher_id))
return courses
def class_exists(teacher_id, class_id):
"""
Checks if the class exists or if it matches the course
"""
query = """
SELECT * FROM classes
WHERE class_teacher_id = %s
AND class_id = %s
"""
classes = db.query(query, (teacher_id, class_id))
return classes
def get_languages():
"""
Gets all supported programming languages
"""
query = """
SELECT *
FROM languages
"""
languages = db.query(query, ())
return languages
def get_classes(teacher_id):
"""
Gets all of a teachers classes
"""
query = """
SELECT class_id, class_name
FROM classes
WHERE class_teacher_id = %s
"""
classes = db.query(query, (teacher_id))
return classes
def insert_into_class(class_id, emails):
"""
Adds students into students_classes
"""
query = """
INSERT IGNORE INTO students_classes (sc_student_id, sc_class_id)
SELECT student_id, %s
FROM students
WHERE student_email IN %s
"""
student_list = db.query(query, (class_id, emails))
return student_list
def check_student(class_id, student_id):
"""
Checks if a student exists or if he matches a class
"""
query = """
SELECT * FROM students_classes
WHERE sc_class_id = %s
AND sc_student_id = %s
"""
student = db.query(query, (class_id, student_id))
return student
def get_quizzes(course_id):
"""
Gets all of a courses quizzes
"""
query = """
SELECT quizzes_courses.qc_id, quizzes_courses.qc_start_date, quizzes_courses.qc_end_date, quizzes.quiz_id, quizzes.quiz_short_desc, quizzes.quiz_language_id
FROM quizzes_courses
INNER JOIN quizzes ON quizzes_courses.qc_quiz_id = quizzes.quiz_id
WHERE quizzes_courses.qc_course_id = %s
"""
quizzes = db.query(query, (course_id))
return quizzes
