def get_course_professors(course_id):
course = m.Course.objects.with_id(course_id)
if not course:
raise api_util.ApiNotFoundError('Course %s not found. :(' % course_id)
current_user = view_helpers.get_current_user()
professors = m.Professor.get_full_professors_for_course(
course, current_user)
return api_util.jsonify({'professors': professors})
def delete_gcm_course_alert(alert_id):
alert = m.GcmCourseAlert.objects.with_id(alert_id)
if not alert:
raise api_util.ApiNotFoundError(
'No GCM course alert with id %s found.' % alert_id)
alert.delete()
return api_util.jsonify({
'gcm_course_alert': alert.to_dict(),
})
def get_course(course_id):
course = m.Course.objects.with_id(course_id)
if not course:
raise api_util.ApiNotFoundError('Course %s not found. :(' % course_id)
current_user = view_helpers.get_current_user()
course_reviews = course.get_reviews(current_user)
# TODO(david): Implement HATEOAS (URLs of other course info endpoints).
return api_util.jsonify(dict(course.to_dict(), **{
'reviews': course_reviews,
}))
def login_email():
"""Attempt to log in a user with the credentials encoded in the POST body.
Expects the following form data:
email: E.g. '*****@*****.**'
password: E.g. 'iknewyouweretrouble'
Responds with the session cookie via the `set-cookie` header on success.
Send the associated cookie for all subsequent API requests that accept
user authentication.
"""
# Prevent a CSRF attack from replacing a logged-in user's account with the
# attacker's.
current_user = view_helpers.get_current_user()
if current_user:
return api_util.jsonify({'message': 'A user is already logged in.'})
params = flask.request.form.copy()
# Don't log the password
password = params.pop('password', None)
rmclogger.log_event(
rmclogger.LOG_CATEGORY_API,
rmclogger.LOG_EVENT_LOGIN,
{
'params': params,
'type': rmclogger.LOGIN_TYPE_STRING_EMAIL,
},
)
email = params.get('email')
if not email:
raise api_util.ApiBadRequestError('Must provide email.')
if not password:
raise api_util.ApiBadRequestError('Must provide password.')
user = m.User.auth_user(email, password)
if not user:
raise api_util.ApiNotFoundError('Incorrect email or password.')
view_helpers.login_as_user(user)
return api_util.jsonify({'message': 'Logged in user %s' % user.name})
def get_course_users(course_id):
"""Get users who are taking, have taken, or plan to take the given course.
Restricts to only users that current user is allowed to know (is FB friends
with). Also returns which terms users took the course.
Example:
{
"users": [
{
"num_points": 2710,
"first_name": "David",
"last_name": "Hu",
"name": "David Hu",
"course_ids": [],
"fbid": "541400376",
"profile_pic_urls": {
'default':
'https://graph.facebook.com/541400376/picture',
'large':
'https://graph.facebook.com/541400376/picture?type=large',
'square':
'https://graph.facebook.com/541400376/picture?type=square'
}
"num_invites": 0,
"friend_ids": [],
"program_name": "Software Engineering",
"course_history": [],
"id": "50a532518aedf423ac645891"
}
],
"term_users": [
{
"term_id": "2013_01",
"user_ids": [ "50a532518aedf423ac645891" ],
"term_name": "Winter 2013"
}
]
}
"""
course = m.Course.objects.with_id(course_id)
if not course:
raise api_util.ApiNotFoundError('Course %s not found. :(' % course_id)
current_user = view_helpers.get_current_user()
course_dict_list, user_course_dict_list, user_course_list = (
m.Course.get_course_and_user_course_dicts([course],
current_user,
include_friends=True))
user_ids = set(ucd['user_id'] for ucd in user_course_dict_list)
users = m.User.objects(id__in=list(user_ids)).only(
*(m.User.CORE_FIELDS + ['num_points', 'num_invites', 'program_name']))
term_users_map = collections.defaultdict(list)
for ucd in user_course_dict_list:
term_users_map[ucd['term_id']].append(ucd['user_id'])
term_users = []
for term_id, user_ids in term_users_map.iteritems():
term_users.append({
'term_id': term_id,
'term_name': m.Term.name_from_id(term_id),
'user_ids': user_ids,
})
return api_util.jsonify({
'users': [user.to_dict(extended=False) for user in users],
'term_users':
term_users,
})
