def tasklist():
if g.user["admin"] != 1:
raise Exception('admin access required')
db = get_db()
if request.method == 'POST':
form = request.form.to_dict(flat=True)
print(form)
for taskid in form:
grade = form[taskid]
db.execute('UPDATE t2u SET grade = ? WHERE id = ?',
(grade, taskid))
db.commit()
return redirect(url_for('task.tasklist'))
else:
task_list = db.execute(
'SELECT t2u.id, t.name, u.username, u.repository '
'FROM user u '
'LEFT JOIN task t '
'JOIN t2u ON t2u.task = t.id AND t2u.user = u.id '
'WHERE IFNULL(LENGTH(t2u.grade), 0) = 0 '
'GROUP BY t2u.id'
).fetchall()
return render_template('other/tasklist.html', tasks=task_list)
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
repository = request.form['repository']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif not repository:
error = 'Repository is required.'
elif db.execute(
'SELECT id FROM user WHERE username = ?', (username,)
).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
db.execute(
'INSERT INTO user (username, password, repository) VALUES (?, ?, ?)',
(username, generate_password_hash(password), repository)
)
db.commit()
return redirect(url_for('server.login'))
flash(error)
return render_template("auth/register.html")
def search():
db = get_db()
results = db.execute(
"SELECT * FROM elo_group WHERE name LIKE :name ORDER BY LENGTH(name) - INSTR(name, REPLACE(:name, '%', '')) LIMIT 20",
("%" + request.args.get("q") + "%", )).fetchall()
return render_template("search/index.html",
results=results,
q=request.args.get("q"))
def load_logged_in_user():
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute(
'SELECT *, IFNULL(is_admin, 0) AS admin FROM user WHERE id = ?', (user_id,)
).fetchone()
def index():
limit = int(os.environ.get('RATING_LIST_MAX_ELEMENTS', 5))
db = get_db()
students = db.execute(
'SELECT u.username, IFNULL(SUM(t2u.grade), 0) grade '
'FROM user u '
'LEFT JOIN t2u ON u.id = t2u.user '
'WHERE IFNULL(u.is_admin, 0) = 0 '
'GROUP BY u.username '
'ORDER BY grade DESC, SUM(t2u.id)').fetchall()
if g.user is None or not g.user['admin']:
students = [s for i, s in enumerate(students) if
g.user is not None and s["username"] == g.user["username"] or i < limit and s["grade"] != 0]
return render_template('index.html', students=students, limit=limit)
def user_lectures():
db = get_db()
if request.method == 'POST':
if 'lecture' in request.form:
lecture_id = request.form['lecture']
db.execute('INSERT INTO t2u (task, user) VALUES (?, ?)',
(lecture_id, g.user["id"]))
db.commit()
return redirect(url_for('lectures.lectures'))
else:
lectures_list = db.execute(
'SELECT t.id, t.name, t.description, t2u.user, t2u.grade, t.pass_from, t.pass_to, '
' CASE WHEN current_timestamp >= datetime(pass_from, \'unixepoch\') AND '
'current_timestamp <= datetime(pass_to, \'unixepoch\') THEN 1 ELSE 0 END AS available '
'FROM task t '
'LEFT JOIN t2u ON t2u.task = t.id AND t2u.user = ? '
'GROUP BY t.id', (g.user["id"], )).fetchall()
return render_template('other/lectures.html', lectures=lectures_list)
def usertasks():
if g.user["admin"] != 1:
raise Exception('admin access required')
db = get_db()
if request.method == 'POST':
form = request.form.to_dict(flat=True)
print(form)
for taskid in form:
grade = form[taskid]
task2user = db.execute(
'SELECT * '
'FROM t2u '
'WHERE task = ? AND user = ?',
(taskid, request.args.get('userid'))).fetchone()
if task2user:
db.execute(
'UPDATE t2u SET grade = ? WHERE task = ? AND user = ?',
(grade, taskid, request.args.get('userid')))
else:
db.execute(
'INSERT INTO t2u (task, user, grade) VALUES (?, ?, ?)',
(taskid, request.args.get('userid'), grade))
db.commit()
return redirect(
url_for('user.usertasks') + '?userid=' +
request.args.get('userid'))
else:
userid = request.args.get('userid')
print(userid)
task_list = db.execute(
'SELECT t.id, t.name, t2u.grade, t2u.user '
'FROM user u '
'LEFT JOIN task t '
'LEFT JOIN t2u ON t2u.task = t.id AND t2u.user = u.id '
'WHERE u.id = ? '
'GROUP BY t.id', (userid, )).fetchall()
user = db.execute('SELECT * '
'FROM user '
'WHERE id = ?', (userid, )).fetchone()
return render_template('other/usertasks.html',
tasks=task_list,
user=user)
def userlist():
if g.user["admin"] != 1:
raise Exception('admin access required')
db = get_db()
if request.method == 'POST':
form = request.form.to_dict(flat=False)
db.execute('UPDATE user SET is_admin = 0')
if 'admin' in form:
for value in form['admin']:
db.execute('UPDATE user SET is_admin = 1 WHERE id = ?',
(value, ))
db.commit()
return redirect(url_for('user.userlist'))
else:
users_list = db.execute(
'SELECT u.id, u.username, u.repository, IFNULL(u.is_admin, 0) AS admin '
'FROM user u').fetchall()
return render_template('other/users.html', users=users_list)
def create_group():
error = None
if request.method == "POST":
db = get_db()
name = request.form["name"]
description = request.form["description"]
if name == "":
error = "Please enter a name for the group."
elif db.execute("SELECT name FROM elo_group WHERE name = ?",
(name, )).fetchone() is not None:
error = "A group named \"{}\" has already been created.".format(
name)
if error is None:
db.execute(
"INSERT INTO elo_group (name, description) VALUES (?, ?)",
(name, description))
db.commit()
return redirect(url_for("home.index"))
flash(error)
return render_template("create/index.html", error=error)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute(
'SELECT * FROM user WHERE username = ?', (username,)
).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
session.clear()
session['user_id'] = user['id']
return redirect(url_for('server.index'))
flash(error)
return render_template('auth/login.html')