def create_course():
db.connect()
curr_year = datetime.now().year
num_terms = queries.get_terms_per_year(curr_year)
course = {'offerings': [False for _ in range(num_terms)]}
try:
res = get_fields(request.form,
['title', 'code', 'description', 'year'], ['year'])
for i in range(num_terms):
if str(i + 1) in request.form:
course['offerings'][i] = True
except ValueError as e:
db.close()
return e.args[0]
course['title'] = res[0]
course['code'] = res[1]
course['description'] = res[2]
if not re.match(config.COURSE_CODE_FORMAT, course['code']):
db.close()
return error("Invalid course code", 'code')
course['year'] = int(res[3])
if curr_year > course['year']:
db.close()
return error(f"Year must be at least {curr_year}")
if True not in course['offerings']:
db.close()
return error('You must select at least one term offering')
sessions = queries.get_course_sessions(course['code'])
sessions = filter(lambda s: s[0] == course['year'], sessions)
for year, term in sessions:
if course['offerings'][term - 1]:
db.close()
return error(f"{course['code']} already offered in {year} T{term}")
db.insert_single('courses',
[course['code'], course['title'], course['description']],
['code', 'name', 'description'])
res = db.select_columns('courses', ['id'], ['code'], [course['code']])
course['id'] = res[0][0]
query = []
for i in range(len(course['offerings'])):
if not course['offerings'][i]:
continue
res = db.select_columns('sessions', ['id'], ['year', 'term'],
[course['year'], i + 1])
session_id = res[0][0]
query.append(('course_offerings', [course['id'],
session_id], ['course', 'session']))
db.insert_multiple(query)
db.close()
return jsonify({'status': 'ok'})
def request_new_topic():
if session['acc_type'] != 'student':
# only students are allowed to request topics
# disallow ALL other users from requesting
return error('You must be a student to request a topic!')
try:
fields = ['topic', 'message']
topic, message = get_fields(request.form, fields)
except ValueError as e:
return e.args[0]
db.connect()
res = db.select_columns('topics', ['id', 'name', 'supervisor', 'visible'],
['id'], [topic])
topic_name = res[0][1]
supervisor = res[0][2]
if not len(res):
db.close()
return error('No such topic exists!')
if not int(res[0][3]):
db.close()
return error('This topic is not available to request!')
res = db.select_columns('request_statuses', ['id'], ['name'], ['pending'])
user_id = session['id']
now = datetime.now().timestamp()
try:
db.insert_single(
'topic_requests', [user_id, topic, res[0][0], now, message],
['student', 'topic', 'status', 'date_created', 'text'])
except sqlite3.IntegrityError:
db.close()
return error('You have already requested this topic!')
res = db.select_columns('users', ['name', 'email'], ['id'], [supervisor])
hr_tag = '<hr style="border: 1px dashed;">'
send_email(to=res[0][1],
name=res[0][0],
subject='New Topic Request',
messages=[
'A student has requested a thesis topic on offer by you.',
f'The topic is titled "{topic_name}".',
f'A message from the student is attached below:{hr_tag}',
message.replace('\n', '<br>'),
f'{hr_tag}You can approve or reject the topic request ' +
f'<a href="{config.SITE_HOME}">here</a>.'
])
db.close()
return jsonify({'status': 'ok'})
def login():
if 'user' in session:
# if already logged in, redirect to home page
return redirect(url_for('home.dashboard'))
if request.method == 'GET':
return render_template('login.html', title='Login', hide_navbar=True)
try:
email, password = get_fields(request.form, ['email', 'password'])
except ValueError as e:
return e.args[0]
db.connect()
res = db.select_columns('users',
['password', 'account_type',
'id', 'name', 'confirm_code'],
['email'],
[email])
if not len(res):
db.close()
return error('Unknown email!', 'email')
hashed_password = res[0]
if not bcrypt.checkpw(password.encode('utf-8'), hashed_password[0]):
db.close()
return error('Incorrect password!', 'password')
if res[0][4] != '':
db.close()
return error('You must first confirm your account!')
# get the current user's account type
acc_type = db.select_columns('account_types',
['name'],
['id'],
[res[0][1]])[0][0]
session['user'] = email
session['name'] = res[0][3]
session['id'] = res[0][2]
session['acc_type'] = acc_type
db.close()
return jsonify({'status': 'ok'})
def reset_request():
try:
fields = ['email_reset']
email = get_fields(request.form, fields)
email = email[0]
except ValueError as e:
return e.args[0]
if not re.match(config.EMAIL_FORMAT, email):
return error(f'Invalid email format!<br>{config.EMAIL_FORMAT_ERROR}')
db.connect()
res = db.select_columns('users', ['name', 'id'], ['email'], [email])
if len(res) == 0:
db.close()
return jsonify({'status': 'ok'})
reset_id = str(uuid.uuid1())
db.update_rows('users', [reset_id], ['reset_code'], ['id'], [res[0][1]])
reset_link = url_for('.reset',
user=res[0][1],
resetID=reset_id,
_external=True)
send_email(
to=email,
name=res[0][0],
subject='Reset Password',
messages=[
'You have submitted a request ' + 'to reset your password on TMS.',
f'Your account is {email}.',
f'Click <a href="{reset_link}">here</a>' +
' to reset your password.'
])
db.close()
return jsonify({'status': 'ok'})
def change_user_password():
try:
fields = ['new-password', 'new-confirm-password']
password, confirm_pass = get_fields(request.form, fields)
except ValueError as e:
return e.args[0]
if len(password) < 8:
return error('Password must be at least 8 characters long!',
'new-password')
if password != confirm_pass:
return error('Passwords do not match!', 'new-confirm-password')
acc_id = session['id']
hash_pass = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
db.connect()
db.update_rows('users', [hash_pass], ['password'], ['id'], [acc_id])
db.close()
return jsonify({'status': 'ok'})
def respond_request():
data = get_fields(request.form, ['response', 'student-id', 'topic'])
db.connect()
req_status = 'approved' if data[0] == 'accept' else 'rejected'
if req_status == 'approved':
if 'assessor' not in request.form:
db.close()
return error('You must specify an assessor')
db.delete_rows('student_topic', ['student'], [data[1]])
db.insert_single('student_topic',
[data[1], data[2], request.form['assessor']],
['student', 'topic', 'assessor'])
queries.respond_topic(data[1], data[2], req_status,
datetime.now().timestamp())
res = db.select_columns('users', ['email', 'name'], ['id'], [data[1]])[0]
student = {'email': res[0], 'name': res[1]}
topic = db.select_columns('topics', ['name'], ['id'], [data[2]])[0][0]
db.close()
send_email(student['email'], student['name'], 'Topic Reply',
[f'Your topic request for "{topic}" has been {req_status}.'])
return jsonify({'status': 'ok'})
def upload_material():
try:
fields = [
'file-label', 'file-name', 'course-offering', 'old-material-id',
'delete-old-file'
]
file_label, file_name, course_offering, old_material_id, \
delete_old_file = \
get_fields(request.form, fields,
optional=['word-limit', 'file-name'],
ints=['course-offering'])
except ValueError as e:
return e.args[0]
try:
old_material_id = int(old_material_id)
except ValueError as e:
old_material_id = None
# check if no file when there should be one
if file_name == '' and \
(delete_old_file == 'true' or old_material_id is None):
return error('File is required!')
db.connect()
# check if course offering is valid
res = db.select_columns('course_offerings', ['id'], ['id'],
[course_offering])
if not len(res):
db.close()
return error('Cannot attach material to unknown course offering')
# check if material with same label exists in course
res = db.select_columns('materials', ['id'], ['name', 'course_offering'],
[file_label, course_offering])
if len(res) and old_material_id != res[0][0]:
db.close()
return error('An item with that label already exists in this course')
# otherwise, we can insert the material into the course
if len(file_name):
try:
sent_file = FileUpload(req=request)
except KeyError:
db.close()
return error('Could not find a file to upload')
res = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], res))
if sent_file.get_extention() not in file_types:
db.close()
accept_files = ', '.join(file_types)
return error(f'Accepted file types are: {accept_files}')
if sent_file.get_size() > config.MAX_FILE_SIZE:
sent_file.remove_file()
db.close()
return error(
f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
sent_file.commit()
if delete_old_file == 'true':
old = db.select_columns('material_attachments', ['path'], ['material'],
[old_material_id])
if old:
db.delete_rows('material_attachments', ['material'],
[old_material_id])
try:
prev_submission = FileUpload(filename=old[0][0])
prev_submission.remove_file()
except LookupError:
# If the file doesn't exists don't worry as we are deleting
# the attachment anyway
pass
if old_material_id is not None:
# update existing material entries
db.update_rows('materials', [file_label], ['name'], ['id'],
[old_material_id])
db.update_rows('materials', [file_label], ['name'], ['id'],
[old_material_id])
if delete_old_file == 'true':
db.insert_single(
'material_attachments',
[old_material_id, sent_file.get_name()], ['material', 'path'])
else:
# add material and file path to db
db.insert_single('materials', [course_offering, file_label, 0],
['course_offering', 'name', 'visible'])
res = db.select_columns('materials', ['id'],
['name', 'course_offering'],
[file_label, course_offering])
db.insert_single('material_attachments',
[res[0][0], sent_file.get_name()],
['material', 'path'])
db.close()
return jsonify({'status': 'ok'})
def create():
course_id = request.args.get('course_offering_id', None, type=int)
if request.method == 'GET':
if course_id is None:
abort(400)
db.connect()
res = db.select_columns('course_offerings', ['id'], ['id'],
[course_id])
if not len(res):
db.close()
abort(404)
file_types = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], file_types))
allowed_file_types = ','.join(file_types)
heading = 'Create Task'
default_fields = {
'task-name': '',
'deadline': '',
'task-description': '',
'submission-type': 'text',
'word-limit': '',
'maximum-file-size': '',
'accepted-file-type': '',
'marking-method': 'accept',
'criteria': [],
'task_attachments': []
}
# if updating old task then load old task data
old_task_id = request.args.get('update', None, type=int)
if old_task_id is not None:
res = queries.get_past_task_data(old_task_id)
if res is not None:
res = res[0]
heading = 'Edit Task'
# basic task details
default_fields['task-name'] = res[0]
time_format = '%d/%m/%Y %H:%M'
due_date = datetime.fromtimestamp(res[1])
default_fields['deadline'] = due_date.strftime(time_format)
default_fields['task-description'] = res[2]
attachments = db.select_columns('task_attachments', ['path'],
['task'], [old_task_id])
for r in attachments:
file = [FileUpload(filename=r[0])]
default_fields['task_attachments'] = file
# submission method specific
if res[3] == 'text submission':
default_fields['word-limit'] = res[4]
else:
default_fields['submission-type'] = 'file'
default_fields['maximum-file-size'] = int(res[5])
default_fields['accepted-file-type'] = res[6]
# marking method specifics
if res[7] == 'requires mark':
default_fields['marking-method'] = 'criteria'
crit = db.select_columns('task_criteria',
['name, max_mark'], ['task'],
[old_task_id])
if crit is not None:
default_fields['criteria'] = crit
db.close()
if default_fields['maximum-file-size'] == '':
default_fields['maximum-file-size'] = 5
if default_fields['accepted-file-type'] == '':
default_fields['accepted-file-type'] = '.pdf'
return render_template('create_task.html',
heading=heading,
title=heading,
file_types=file_types,
course_id=course_id,
max_file_size=config.MAX_FILE_SIZE,
max_word_limit=config.MAX_WORD_LIMIT,
accepted_file_types=allowed_file_types,
old_task_id=old_task_id,
default_fields=default_fields)
try:
fields = [
'task-name', 'deadline', 'task-description', 'submission-type',
'word-limit', 'maximum-file-size', 'accepted-file-type',
'marking-method', 'num-criteria', 'course-id', 'file-name',
'old_task_id', 'delete_old_attachment'
]
task_name, deadline, task_description, submission_type, \
word_limit, max_file_size, accepted_ftype, marking_method, \
num_criteria, course_id, file_name, old_task_id, \
delete_old_attachment = \
get_fields(request.form, fields,
optional=['word-limit', 'file-name'],
ints=['maximum-file-size', 'num-criteria',
'word-limit', 'course-id',
'delete_old_attachment'])
except ValueError as e:
return e.args[0]
try:
old_task_id = int(old_task_id)
except ValueError as e:
old_task_id = None
try:
deadline = datetime.strptime(deadline, '%d/%m/%Y %H:%M').timestamp()
except ValueError:
return error('Invalid date format for deadline!')
if submission_type == 'file':
max_size = config.MAX_FILE_SIZE
if not (1 <= max_file_size <= max_size):
return error(
f'Maximum file size must be between 1 and {max_size}!')
elif submission_type == 'text':
try:
word_limit = get_fields(request.form, ['word-limit'],
ints=['word-limit'])[0]
except ValueError as e:
return e.args[0]
max_word_limit = config.MAX_WORD_LIMIT
if not (1 <= word_limit <= max_word_limit):
return error(f'Word limit must be between 1 and {max_word_limit}!')
else:
return error('Unknown submission type!')
if marking_method == 'criteria':
if num_criteria < 1:
return error('At least one marking criterion is required!')
else:
criteria = [f'criteria-{i}' for i in range(1, num_criteria + 1)]
marks = [f'maximum-mark-{i}' for i in range(1, num_criteria + 1)]
try:
criteria = get_fields(request.form, criteria)
marks = get_fields(request.form, marks, ints=marks)
except ValueError as e:
return e.args[0]
if sum([mark for mark in marks]) != 100:
return error('Marks must add to 100!')
elif marking_method != 'accept':
return error('Unknown marking method!')
db.connect()
res = db.select_columns('course_offerings', ['id'], ['id'], [course_id])
if not len(res):
db.close()
return error('Cannot create task for unknown course!')
res = db.select_columns('tasks', ['id', 'name'],
['name', 'course_offering'],
[task_name, course_id])
if len(res) and res[0][0] != old_task_id:
db.close()
return error('A task with that name already exists in this course!')
# retrieve some foreign keys for insertion
res = db.select_columns('file_types', ['id'], ['name'], [accepted_ftype])
if not len(res):
db.close()
return error('Invalid or unsupported file type!')
file_type_id = res[0][0]
# upload file if present
sent_file = None
if len(file_name):
try:
sent_file = FileUpload(req=request)
except KeyError:
db.close()
return error('Could not find a file to upload')
res = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], res))
if sent_file.get_extention() not in file_types:
db.close()
accept_files = ', '.join(file_types)
return error(f'Accepted file types are: {accept_files}')
if sent_file.get_size() > config.MAX_FILE_SIZE:
sent_file.remove_file()
db.close()
return error(
f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
sent_file.commit()
if (len(file_name) and old_task_id is not None) or delete_old_attachment:
old = db.select_columns('task_attachments', ['path'], ['task'],
[old_task_id])
if old:
db.delete_rows('task_attachments', ['task'], [old_task_id])
try:
prev_submission = FileUpload(filename=old[0][0])
prev_submission.remove_file()
except LookupError:
# If the file doesn't exists don't worry as we are deleting
# the attachment anyway
pass
res = db.select_columns('submission_methods', ['id'], ['name'],
['{} submission'.format(submission_type)])
submission_method_id = res[0][0]
marking_method = 'approval' if marking_method == 'accept' else 'mark'
res = db.select_columns('marking_methods', ['id'], ['name'],
['requires {}'.format(marking_method)])
mark_method_id = res[0][0]
# commit task
if old_task_id is not None:
# update an existing task
db.update_rows('tasks', [
task_name, course_id, deadline, task_description, max_file_size,
submission_method_id, mark_method_id, word_limit
], [
'name', 'course_offering', 'deadline', 'description', 'size_limit',
'submission_method', 'marking_method', 'word_limit'
], ['id'], [old_task_id])
else:
# add a new task`
db.insert_single('tasks', [
task_name, course_id, deadline, task_description, max_file_size, 0,
submission_method_id, mark_method_id, word_limit
], [
'name', 'course_offering', 'deadline', 'description', 'size_limit',
'visible', 'submission_method', 'marking_method', 'word_limit'
])
res = db.select_columns('tasks', ['id'], ['name', 'course_offering'],
[task_name, course_id])
task_id = res[0][0]
if sent_file:
db.insert_single('task_attachments',
[task_id, sent_file.get_name()], ['task', 'path'])
# delete old entries in other tables
if old_task_id is not None:
db.delete_rows('submission_types', ['task'], [old_task_id])
res = db.select_columns('task_criteria', ['id'], ['task'],
[old_task_id])
for r in res:
db.delete_rows('marks', ['criteria'], [r[0]])
db.delete_rows('task_criteria', ['task'], [old_task_id])
# commit accepted file type
db.insert_single('submission_types', [file_type_id, task_id],
['file_type', 'task'])
# commit marking criteria
marking_criteria = []
if marking_method == 'approval':
marking_criteria.append(
('task_criteria', [task_id, 'Approval',
100], ['task', 'name', 'max_mark']))
else:
for i in range(len(criteria)):
marking_criteria.append(
('task_criteria', [task_id, criteria[i],
marks[i]], ['task', 'name', 'max_mark']))
db.insert_multiple(marking_criteria)
db.close()
return jsonify({'status': 'ok'})
def register():
if request.method == 'GET':
return render_template('register.html',
title='Register', hide_navbar=True)
try:
fields = ['email', 'password', 'confirm-password']
email, password, confirm = get_fields(request.form, fields)
except ValueError as e:
return e.args[0]
if not re.match(config.EMAIL_FORMAT, email):
return error(
f'Invalid email format!<br>{config.EMAIL_FORMAT_ERROR}', 'email')
db.connect()
res = db.select_columns('users', ['email', 'date_created', 'confirm_code'],
['email'], [email])
now = datetime.now().timestamp()
if len(res):
if res[0][2] != '' and res[0][1] + config.ACCOUNT_EXPIRY < now:
# expire unactivated accounts every 24 hours
db.delete_rows('users', ['email'], [email])
else:
db.close()
return error('This email has already been registered!', 'email')
if len(password) < 8:
msg = 'Password must be at least 8 characters long!'
db.close()
return error(msg, 'password')
if password != confirm:
db.close()
return error('Passwords do not match!', 'confirm-password')
hashed_pass = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
name = email.split('@')[0]
# get the id for a public account
acc_type = db.select_columns('account_types',
['id'], ['name'], ['public'])
confirm_code = uuid.uuid1()
activation_link = url_for('.confirm', user=name,
confirm_code=confirm_code, _external=True)
send_email(to=email, name=email, subject='Confirm Account Registration',
messages=[
'You recently registered for an account on TMS.',
'To activiate your account, click ' +
f'<a href="{activation_link}">here</a>.',
'This link will expire in 24 hours.'
])
db.insert_single(
'users',
[name, hashed_pass, email, acc_type[0][0], str(confirm_code), now],
['name', 'password', 'email', 'account_type', 'confirm_code',
'date_created']
)
db.close()
return jsonify({'status': 'ok'})