def post(self, request, *args, **kwargs):
collection_id = kwargs['collection_id']
exc = get_object_or_404(ExternalCollection, id=collection_id)
special = getattr(settings, 'SERVER_ADMIN_SECRETKEYS', {})
if exc.url not in special.keys():
raise Http404("The uploader does not exist.")
username = request.user.username
as_user = request.POST.get('as', None)
if (as_user and in_course(request.user.username, request.course)
and (request.user.is_staff
or request.user.has_perm('assetmgr.can_upload_for'))):
username = as_user
url = reverse('course_detail', args=[self.request.course.id])
redirect_back = '{}?msg=upload'.format(request.build_absolute_uri(url))
nonce = '%smthc' % datetime.datetime.now().isoformat()
digest = hmac.new(
smart_bytes(special[exc.url]),
smart_bytes('{}:{}:{}'.format(username, redirect_back, nonce)),
hashlib.sha1).hexdigest()
url = ("%s?set_course=%s&as=%s&redirect_url=%s"
"&nonce=%s&hmac=%s&audio=%s&folder=%s") % (
exc.url, request.course.group.name, username,
quote(redirect_back), nonce, digest,
request.POST.get('audio', ''), self.get_upload_folder())
return HttpResponseRedirect(url)
def post(self, request, *args, **kwargs):
collection_id = kwargs['collection_id']
exc = get_object_or_404(ExternalCollection, id=collection_id)
special = getattr(settings, 'SERVER_ADMIN_SECRETKEYS', {})
if exc.url not in special.keys():
raise Http404("The uploader does not exist.")
username = request.user.username
as_user = request.POST.get('as', None)
if (as_user and in_course(request.user.username, request.course) and
(request.user.is_staff or
request.user.has_perm('assetmgr.can_upload_for'))):
username = as_user
redirect_back = "%s?msg=upload" % (request.build_absolute_uri('/'))
nonce = '%smthc' % datetime.datetime.now().isoformat()
digest = hmac.new(special[exc.url],
'%s:%s:%s' % (username, redirect_back, nonce),
hashlib.sha1).hexdigest()
url = ("%s?set_course=%s&as=%s&redirect_url=%s"
"&nonce=%s&hmac=%s&audio=%s&folder=%s") % (
exc.url, request.course.group.name, username,
urllib.quote(redirect_back), nonce, digest,
request.POST.get('audio', ''), self.get_upload_folder())
return HttpResponseRedirect(url)
def browse_sources(request):
c = request.course
user = request.user
archives = []
upload_archive = None
for a in c.asset_set.archives().order_by('title'):
archive = a.sources['archive']
thumb = a.sources.get('thumb',None)
description = a.metadata().get('description','')
uploader = a.metadata().get('upload', 0)
archive_context = {
"id":a.id,
"title":a.title,
"thumb":(None if not thumb else {"id":thumb.id, "url":thumb.url}),
"archive":{"id":archive.id, "url":archive.url},
#is description a list or a string?
"metadata": (description[0] if hasattr(description,'append') else description)
}
if (uploader[0] if hasattr(uploader,'append') else uploader):
upload_archive = archive_context
else:
archives.append(archive_context)
archives.sort(key=operator.itemgetter('title'))
owners = []
if in_course(user.username, request.course) and (user.is_staff or user.has_perm('assetmgr.can_upload_for')):
owners = [{ 'username': m.username, 'public_name': get_public_name(m, request) } for m in request.course.members]
rv = {"archives":archives,
"upload_archive": upload_archive,
"is_faculty":c.is_faculty(user),
"space_viewer":user,
'newsrc':request.GET.get('newsrc', ''),
'can_upload': course_details.can_upload(request.user, request.course),
'upload_service': getattr(settings,'UPLOAD_SERVICE',None),
"help_browse_sources": UserSetting.get_setting(user, "help_browse_sources", True),
"help_no_sources": UserSetting.get_setting(user, "help_no_sources", True),
'msg': request.GET.get('msg', ''),
'owners': owners,
}
if not rv['archives']:
rv['faculty_assets'] = [a for a in Asset.objects.filter(c.faculty_filter).order_by('added')
if a not in rv['archives'] ]
if getattr(settings,'DJANGOSHERD_FLICKR_APIKEY',None):
# MUST only contain string values for now!!
# (see templates/assetmgr/bookmarklet.js to see why or fix)
rv['bookmarklet_vars'] = {'flickr_apikey':settings.DJANGOSHERD_FLICKR_APIKEY }
return rv
def test_func(self):
# Because this is a mixin in a class-based view, its not neccessary to
# to raise a 404 response here, hence this pattern.
try:
course_pk = self.kwargs.get('pk')
course = Course.objects.get(pk=course_pk)
except Course.DoesNotExist:
return False
return (
in_course(self.request.user.username, course) or
course.is_true_faculty(self.request.user)
)
def project_sort(request):
if not in_course(request.user, request.course) or not request.course.is_faculty(request.user):
return HttpResponseForbidden("forbidden")
ids = request.POST.getlist("project")
for idx, project_id in enumerate(ids):
project = Project.objects.get(id=project_id)
if idx != project.ordinality:
project.ordinality = idx
project.save()
data = {"sorted": "true"}
return HttpResponse(simplejson.dumps(data, indent=2), mimetype="application/json")
def has_object_permission(self, request, view, obj):
user = request.user
if user.is_anonymous:
return False
# has_permission should prevent a POST from reaching this point
if request.method == 'POST':
return False
if request.method not in permissions.SAFE_METHODS:
return obj.course.is_faculty(request.user)
return (obj.course.is_faculty(request.user)
or (in_course(request.user.username, obj.course)
and hasattr(obj, 'activity')))
def project_sort(request):
if (not in_course(request.user, request.course) or
not request.course.is_faculty(request.user)):
return HttpResponseForbidden("forbidden")
ids = request.POST.getlist("project")
for idx, project_id in enumerate(ids):
project = Project.objects.get(id=project_id)
if idx != project.ordinality:
project.ordinality = idx
project.save()
data = {'sorted': 'true'}
return HttpResponse(simplejson.dumps(data, indent=2),
mimetype='application/json')
def triple_homepage(request):
if not request.course:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
course = request.course
collections = ExternalCollection.objects.filter(
course=request.course, uploader=False).order_by('title')
uploader = ExternalCollection.objects.filter(course=request.course,
uploader=True).first()
owners = []
if (in_course(logged_in_user.username, request.course) and
(logged_in_user.is_staff or
logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
context = {
'classwork_owner': classwork_owner,
"information_title": course_information_title(course),
'faculty_feed': Project.objects.faculty_compositions(course,
logged_in_user),
'is_faculty': course.is_faculty(logged_in_user),
'discussions': get_course_discussions(course),
'msg': request.GET.get('msg', ''),
'view': request.GET.get('view', ''),
'collections': collections,
'uploader': uploader,
'can_upload': course_details.can_upload(request.user, request.course),
'owners': owners
}
if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None):
# MUST only contain string values for now!!
# (see templates/assetmgr/bookmarklet.js to see why or fix)
context['bookmarklet_vars'] = {
'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY
}
return context
def post(self, request, course_pk):
from_course_id = request.POST.get('fromCourse', None)
from_course = get_object_or_404(Course, id=from_course_id)
faculty = [user.id for user in from_course.faculty.all()]
include_tags = request.POST.get('include_tags', 'false') == 'true'
include_notes = request.POST.get('include_notes', 'false') == 'true'
# maps old ids to new objects
object_map = {'assets': {}, 'notes': {}, 'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course)
or not cached_course_is_faculty(request.course, owner)):
json_stream = json.dumps({
'success':
False,
'message':
'%s is not a course member or faculty member'
})
return HttpResponse(json_stream, content_type='application/json')
if 'asset_ids[]' in request.POST:
asset_ids = request.POST.getlist('asset_ids[]')
assets = Asset.objects.filter(id__in=asset_ids)
object_map = Asset.objects.migrate(assets, request.course, owner,
faculty, object_map,
include_tags, include_notes)
if 'project_ids[]' in request.POST:
project_ids = request.POST.getlist('project_ids[]')
projects = Project.objects.filter(id__in=project_ids)
object_map = Project.objects.migrate(projects, request.course,
owner, object_map,
include_tags, include_notes)
json_stream = json.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': len(object_map['notes'])
})
return HttpResponse(json_stream, content_type='application/json')
def post(self, request):
from_course_id = request.POST.get('fromCourse', None)
from_course = get_object_or_404(Course, id=from_course_id)
faculty = [user.id for user in from_course.faculty.all()]
include_tags = request.POST.get('include_tags', 'false') == 'true'
include_notes = request.POST.get('include_notes', 'false') == 'true'
# maps old ids to new objects
object_map = {'assets': {},
'notes': {},
'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course) or
not cached_course_is_faculty(request.course, owner)):
json_stream = json.dumps({
'success': False,
'message': '%s is not a course member or faculty member'})
return HttpResponse(json_stream, content_type='application/json')
if 'asset_ids[]' in request.POST:
asset_ids = request.POST.getlist('asset_ids[]')
assets = Asset.objects.filter(id__in=asset_ids)
object_map = Asset.objects.migrate(
assets, request.course, owner, faculty, object_map,
include_tags, include_notes)
if 'project_ids[]' in request.POST:
project_ids = request.POST.getlist('project_ids[]')
projects = Project.objects.filter(id__in=project_ids)
object_map = Project.objects.migrate(
projects, request.course, owner, object_map,
include_tags, include_notes)
json_stream = json.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': len(object_map['notes'])})
return HttpResponse(json_stream, content_type='application/json')
def project_sort(request):
if (not in_course(request.user, request.course) or
not request.course.is_faculty(request.user)):
return HttpResponseForbidden("forbidden")
ids = request.POST.getlist("project")
for idx, project_id in enumerate(ids):
project = Project.objects.get(id=project_id)
if idx != project.ordinality:
project.ordinality = idx
project.save()
data = {'sorted': 'true'}
return HttpResponse(json.dumps(data, indent=2),
mimetype='application/json')
json_stream = json.dumps(data, indent=2)
return HttpResponse(json_stream, mimetype='application/json')
def assets_by_user(request, record_owner_name):
"""
An ajax-only request to retrieve a specified user's assets
Example:
/asset/json/user/sld2131/
"""
course = request.course
if (request.user.is_staff and request.user.username == record_owner_name
and not in_course(request.user.username, request.course)):
return assets_by_course(request)
in_course_or_404(record_owner_name, course)
record_owner = get_object_or_404(User, username=record_owner_name)
assets = Asset.objects.annotated_by(course,
record_owner,
include_archives=True)
return render_assets(request, record_owner, assets)
def assets_by_user(request, record_owner_name):
"""
An ajax-only request to retrieve a specified user's assets
Example:
/asset/json/user/sld2131/
"""
course = request.course
if (request.user.is_staff and
request.user.username == record_owner_name and
not in_course(request.user.username, request.course)):
return assets_by_course(request)
in_course_or_404(record_owner_name, course)
record_owner = get_object_or_404(User, username=record_owner_name)
assets = Asset.objects.annotated_by(course,
record_owner,
include_archives=True)
return render_assets(request, record_owner, assets)
def your_records(request, record_owner_name):
"""
An ajax-only request to retrieve a specified user's projects,
assignment responses and selections
"""
if not request.is_ajax():
raise Http404()
course = request.course
if (request.user.username == record_owner_name and
request.user.is_staff and not in_course(request.user.username,
request.course)):
return all_records(request)
in_course_or_404(record_owner_name, course)
record_owner = get_object_or_404(User, username=record_owner_name)
assets = annotated_by(Asset.objects.filter(course=course),
record_owner,
include_archives=False)
return get_records(request, record_owner, assets)
def source_specialauth(request, url, key):
nonce = '%smthc' % datetime.datetime.now().isoformat()
redirect_back = "%s?msg=upload" % (request.build_absolute_uri('/'))
username = request.user.username
if ('as' in request.REQUEST and
in_course(request.user.username, request.course) and
(request.user.is_staff or
request.user.has_perm('assetmgr.can_upload_for'))):
username = request.REQUEST['as']
return ("%s?set_course=%s&as=%s&redirect_url=%s"
"&nonce=%s&hmac=%s&audio=%s&audio2=%s") % \
(url,
request.course.group.name,
username,
urllib.quote(redirect_back),
nonce,
hmac.new(key,
'%s:%s:%s' % (username, redirect_back, nonce),
hashlib.sha1).hexdigest(),
request.POST.get('audio', ''),
request.POST.get('audio2', ''))
def source_specialauth(request, url, key):
nonce = '%smthc' % datetime.datetime.now().isoformat()
redirect_back = "%s?msg=upload" % (request.build_absolute_uri('/'))
username = request.user.username
if ('as' in request.REQUEST
and in_course(request.user.username, request.course)
and (request.user.is_staff
or request.user.has_perm('assetmgr.can_upload_for'))):
username = request.REQUEST['as']
return ("%s?set_course=%s&as=%s&redirect_url=%s"
"&nonce=%s&hmac=%s&audio=%s&audio2=%s") % \
(url,
request.course.group.name,
username,
urllib.quote(redirect_back),
nonce,
hmac.new(key,
'%s:%s:%s' % (username, redirect_back, nonce),
hashlib.sha1).hexdigest(),
request.POST.get('audio', ''),
request.POST.get('audio2', ''))
def test_in_course(self):
self.assertTrue(in_course(self.student, self.c))
self.assertTrue(in_course(self.student, self.student_group))
self.assertFalse(in_course(self.faculty, self.student_group))
def triple_homepage(request):
if not request.course:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
c = request.course
archives = []
upload_archive = None
for a in c.asset_set.archives().order_by('title'):
archive = a.sources['archive']
thumb = a.sources.get('thumb', None)
description = a.metadata().get('description', '')
uploader = a.metadata().get('upload', 0)
archive_context = {
"id": a.id,
"title": a.title,
"thumb": (None if not thumb else {"id": thumb.id,
"url": thumb.url}),
"archive": {"id": archive.id, "url": archive.url},
"metadata": (description[0]
if hasattr(description, 'append') else description)
}
if (uploader[0] if hasattr(uploader, 'append') else uploader):
upload_archive = archive_context
else:
archives.append(archive_context)
archives.sort(key=operator.itemgetter('title'))
show_tour = should_show_tour(request, c, logged_in_user)
owners = []
if (in_course(logged_in_user.username, request.course) and
(logged_in_user.is_staff or
logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
discussions = get_course_discussions(c)
context = {
'classwork_owner': classwork_owner,
'help_homepage_instructor_column': False,
'help_homepage_classwork_column': False,
'faculty_feed': get_prof_feed(c, request),
'is_faculty': c.is_faculty(logged_in_user),
'discussions': discussions,
'msg': request.GET.get('msg', ''),
'view': request.GET.get('view', ''),
'archives': archives,
'upload_archive': upload_archive,
'can_upload': course_details.can_upload(request.user, request.course),
'show_tour': show_tour,
'owners': owners
}
if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None):
# MUST only contain string values for now!!
# (see templates/assetmgr/bookmarklet.js to see why or fix)
context['bookmarklet_vars'] = {
'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY
}
return context
def migrate(request):
if request.method == "GET":
# Only show courses for which the user is an instructor
available_courses = available_courses_query(request.user)
courses = []
if request.user.is_superuser:
courses = available_courses
else:
for c in available_courses:
if c.is_faculty(request.user):
courses.append(c)
# Only send down the real faculty. Not all us staff members
faculty = []
for u in request.course.faculty.all():
if u in request.course.members:
faculty.append(u)
return {
"current_course_faculty": faculty,
"available_courses": courses,
"help_migrate_materials": False
}
elif request.method == "POST":
# maps old ids to new objects
object_map = {'assets': {},
'notes': {},
'note_count': 0,
'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course) or
not request.course.is_faculty(owner)):
json_stream = simplejson.dumps({
'success': False,
'message': '%s is not a course member or faculty member'})
return HttpResponse(json_stream, mimetype='application/json')
if 'asset_set' in request.POST:
asset_set = simplejson.loads(request.POST.get('asset_set'))
object_map = Asset.objects.migrate(asset_set,
request.course,
owner,
object_map)
if 'project_set' in request.POST:
project_set = simplejson.loads(request.POST.get('project_set'))
object_map = Project.objects.migrate(project_set,
request.course,
owner,
object_map)
json_stream = simplejson.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': object_map['note_count']})
return HttpResponse(json_stream, mimetype='application/json')
def test_in_course(self):
assert in_course(self.student, self.c)
assert in_course(self.student, self.student_group)
assert not in_course(self.faculty, self.student_group)
def triple_homepage(request):
if not request.course:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
course = request.course
archives = []
upload_archive = None
for item in course.asset_set.archives().order_by('title'):
archive = item.sources['archive']
thumb = item.sources.get('thumb', None)
description = item.metadata().get('description', '')
uploader = item.metadata().get('upload', 0)
archive_context = {
"id": item.id,
"title": item.title,
"thumb": (None if not thumb else {"id": thumb.id,
"url": thumb.url}),
"archive": {"id": archive.id, "url": archive.url},
"metadata": (description[0]
if hasattr(description, 'append') else description)
}
if (uploader[0] if hasattr(uploader, 'append') else uploader):
upload_archive = archive_context
else:
archives.append(archive_context)
archives.sort(key=operator.itemgetter('title'))
owners = []
if (in_course(logged_in_user.username, request.course) and
(logged_in_user.is_staff or
logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
context = {
'classwork_owner': classwork_owner,
'help_homepage_instructor_column': False,
'help_homepage_classwork_column': False,
'faculty_feed': get_prof_feed(course, request),
'is_faculty': course.is_faculty(logged_in_user),
'discussions': get_course_discussions(course),
'msg': request.GET.get('msg', ''),
'view': request.GET.get('view', ''),
'archives': archives,
'upload_archive': upload_archive,
'can_upload': course_details.can_upload(request.user, request.course),
'show_tour': should_show_tour(request, course, logged_in_user),
'owners': owners
}
if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None):
# MUST only contain string values for now!!
# (see templates/assetmgr/bookmarklet.js to see why or fix)
context['bookmarklet_vars'] = {
'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY
}
return context
def migrate(request):
if request.method == "GET":
# Only show courses for which the user is an instructor
available_courses = available_courses_query(request.user)
courses = []
if request.user.is_superuser:
courses = available_courses
else:
for course in available_courses:
if course.is_faculty(request.user):
courses.append(course)
# Only send down the real faculty. Not all us staff members
faculty = []
for user in request.course.faculty.all():
if user in request.course.members:
faculty.append(user)
# Only send down the real faculty. Not all us staff members
faculty = []
for fac in request.course.faculty.all():
if fac in request.course.members:
faculty.append(fac)
return {
"current_course_faculty": faculty,
"available_courses": courses,
"help_migrate_materials": False
}
elif request.method == "POST":
# maps old ids to new objects
object_map = {'assets': {},
'notes': {},
'note_count': 0,
'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course) or
not request.course.is_faculty(owner)):
json_stream = simplejson.dumps({
'success': False,
'message': '%s is not a course member or faculty member'})
return HttpResponse(json_stream, mimetype='application/json')
if 'asset_set' in request.POST:
asset_set = simplejson.loads(request.POST.get('asset_set'))
object_map = Asset.objects.migrate(asset_set,
request.course,
owner,
object_map)
if 'project_set' in request.POST:
project_set = simplejson.loads(request.POST.get('project_set'))
object_map = Project.objects.migrate(project_set,
request.course,
owner,
object_map)
json_stream = simplejson.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': object_map['note_count']})
return HttpResponse(json_stream, mimetype='application/json')
def has_object_permission(self, request, view, obj):
if request.user.is_superuser:
return True
return (in_course(request.user.username, obj.course)
or obj.course.is_faculty(request.user))
