def show_appointment_participants(request, app_id):
"""
This view displays a list of all participants associated with\n
the selected appointment.\n
\n*login required*\n
For security reasons we check the user's group association once more\n
and redirect if necessary.\n
:param request: the incoming request
:param app_id: database id of the selected appointment
:return: rendered page or HttpResponseRedirect()
"""
# <SECURITY_BLOCK>
# check user groups for Tutor or Organizer membership (in hierarchical order)
if not request.user or not request.user.is_active:
logout(request)
return HttpResponseRedirect(reverse('cmanagement:index'))
elif request.user.groups.filter(name="Organizers").count() is not 0:
# redirect to organizer view
return HttpResponseRedirect(reverse('cmanagement:exec'))
elif request.user.groups.filter(name="Tutors").count() is not 0:
# everything is fine, proceed to tutor's view
pass
else:
# strange membership, redirect to login page
logout(request)
return HttpResponseRedirect(reverse('cmanagement:index'))
# <SECURITY_BLOCK>
try:
app = get_object_or_404(Appointment, pk=app_id)
except Http404:
return HttpResponseRedirect(reverse('cmanagement:tut'))
else:
pass
if app is None:
return HttpResponseRedirect(reverse('cmanagement:tut'))
course = app.my_course
other_tutors_list = make_other_tutors_list(request)
my_courses_list = make_courses_list(request)
# This variable is unused???
course_apps = compile_course_apps(course)
part_list = app.my_participants.all()
context = {'course': course,
'app': app,
'part_list': part_list,
'tutors_list': other_tutors_list,
'my_courses_list': my_courses_list,
'logged_in_user': request.user}
return render(request, 'cmanagement/tutor_show_participants.html', context)
def edit_appointment_location(request, app_id):
"""
This view provides an interface for tutors to change\n
the selected appointments location.\n
It shows the "change appointment location" form.\n
:param request: the incoming request
:param app_id: database id of the selected appointment
:return: HttpResponseRedirect()
"""
# <SECURITY_BLOCK>
# check user groups for Tutor or Organizer membership (in hierarchical order)
if not request.user or not request.user.is_active:
logout(request)
return HttpResponseRedirect(reverse('cmanagement:index'))
elif request.user.groups.filter(name="Organizers").count() is not 0:
# redirect to organizer view
return HttpResponseRedirect(reverse('cmanagement:exec'))
elif request.user.groups.filter(name="Tutors").count() is not 0:
# everything is fine, proceed to tutor's view
pass
else:
# strange membership, redirect to login page
logout(request)
return HttpResponseRedirect(reverse('cmanagement:index'))
# <SECURITY_BLOCK>
try:
app = get_object_or_404(Appointment, pk=app_id)
except Http404:
return HttpResponseRedirect(reverse('cmanagement:tut'))
else:
pass
if app is None:
return HttpResponseRedirect(reverse('cmanagement:tut'))
course = app.my_course
other_tutors_list = make_other_tutors_list(request)
my_courses_list = make_courses_list(request)
# this is unused???
course_apps = compile_course_apps(course)
part_list = app.my_participants.all()
context = {'course': course,
'app': app,
'part_list': part_list,
'tutors_list': other_tutors_list,
'my_courses_list': my_courses_list,
'logged_in_user': request.user}
return render(request, 'cmanagement/tutor_appointment_changeloc.html', context)
