def wrap(*args, **kwargs): """Used to figure out whether to return the function or json""" teacher_id = request.teacher_id course_id = request.view_args["course_id"] query = """ SELECT * FROM courses WHERE course_id = %s """ courses = db.query(query, (course_id)) if not courses: return not_found() query = """ SELECT * FROM courses WHERE course_id = %s AND course_teacher_id = %s """ courses = db.query(query, (course_id, teacher_id)) if not courses: return forbidden() return func(*args, **kwargs)
def create_token(): """ Creates the teachers login token """ token = uuid.uuid4().hex query = """ SELECT teacher_token FROM teachers WHERE teacher_token = %s """ query2 = """ SELECT student_token FROM students WHERE student_token = %s """ rows = db.query(query, (token)) rows2 = db.query(query2, (token)) if rows or rows2: return create_token() return token
def wrap(*args, **kwargs): """Used to figure out whether to return the function or json""" if "Teacher-Authorization" in request.headers: query = """ SELECT teacher_id FROM teachers WHERE teacher_token = %s """ rows = db.query(query, (request.headers["Teacher-Authorization"])) if not rows: return unauthorized() request.teacher_id = rows[0]["teacher_id"] return func(*args, **kwargs) elif "Student-Authorization" in request.headers: query = """ SELECT student_id FROM students WHERE student_token = %s """ rows = db.query(query, (request.headers["Student-Authorization"])) if not rows: return unauthorized() request.student_id = rows[0]["student_id"] return func(*args, **kwargs) else: return unauthorized()
def wrap(*args, **kwargs): """ Checks if the user is signed in as either a student or a teacher """ if "Teacher-Authorization" in request.headers: query = """ SELECT teacher_id FROM teachers WHERE teacher_token = %s """ rows = db.query(query, (request.headers["Teacher-Authorization"])) if rows: request.teacher_id = rows[0]["teacher_id"] elif "Student-Authorization" in request.headers: query = """ SELECT student_id FROM students WHERE student_token = %s """ rows = db.query(query, (request.headers["Student-Authorization"])) if rows: request.student_id = rows[0]["student_id"] # If no user is authenticated, then go to next middleware return func(*args, **kwargs)
def wrap(*args, **kwargs): """ Checks to see if either a student or unauthorized user can access the quiz. If the quiz is a free quiz, the let everyone through If not and if the user is a student, check whether student is an a course that is part of the quiz instance. """ quiz_id = request.view_args["qc_id"] # Check that the quiz exists query = """ SELECT quizzes_courses.qc_id,qc_start_date * 1000 AS quiz_start_date, qc_end_date * 1000 AS quiz_end_date, quizzes_courses.qc_course_id , quizzes_courses.qc_quiz_id FROM quizzes_courses WHERE qc_id = %s """ quizzes = db.query(query, (quiz_id)) if not quizzes: return not_found() # Set the quiz_id in the context so that controllers can use it request.quiz_id = quizzes[0]["qc_quiz_id"] # IMPORTANT: If the course_id is null for the quiz, that means anyone can view the quiz if not quizzes[0]["qc_course_id"]: request.is_free_quiz = True return func(*args, **kwargs) if hasattr(request, "student_id"): student_id = request.student_id # If the quiz hasn't started yet, then don't let student access current_time = int(time.time() * 1000) print(current_time) print(quizzes[0]["quiz_start_date"]) if current_time < quizzes[0]["quiz_start_date"]: return forbidden() # Check that students teacher owns the quiz query = """ SELECT students_classes.sc_student_id FROM quizzes_courses INNER JOIN classes_courses ON quizzes_courses.qc_course_id = classes_courses.cc_course_id INNER JOIN courses ON classes_courses.cc_course_id = courses.course_id INNER JOIN students_classes ON classes_courses.cc_class_id = students_classes.sc_class_id WHERE students_classes.sc_student_id = %s AND quizzes_courses.qc_id = %s """ rows = db.query(query, (student_id, quiz_id)) if not rows: return forbidden() return func(*args, **kwargs) return unauthorized()
def delete_students(class_id): """ Deletes all students in a class """ query = """ DELETE FROM students_classes WHERE sc_class_id = %s """ db.query(query, (class_id)) return
def delete_class(class_id): """ Deletes a class """ query = """ DELETE FROM classes WHERE class_id = %s """ db.query(query, (class_id)) return
def insert_test_cases(test_case_results, attempt_id): """ Inserts a users test cases into answers table """ query = """ INSERT INTO answers VALUES (DEFAULT, %s, %s, %s) """ for test_case in test_case_results: db.query(query, (test_case["output"], test_case["test_id"], attempt_id))
def save_hash(student_hash, activate_token): """ Saves the students hash in the db """ query = """ UPDATE students SET student_hash = %s WHERE student_activate_token = %s """ db.query(query, (student_hash, activate_token))
def delete_unique(): """ Deletes student emails that are already taken by a teacher """ query = """ DELETE FROM students WHERE student_email IN (SELECT teacher_email FROM teachers) """ db.query(query) return
def change_class(class_id, name): """ Changes the information of a class """ query = """ UPDATE classes SET class_name = %s WHERE class_id = %s """ db.query(query, (name, class_id)) return
def delete_student(class_id, student_id): """ Deletes a student from a class """ query = """ DELETE FROM students_classes WHERE sc_class_id = %s AND sc_student_id = %s """ db.query(query, (class_id, student_id)) return
def change_course(course_id, name): """ Changes the name of a course """ query = """ UPDATE courses SET course_name = %s WHERE course_id = %s """ db.query(query, (name, course_id)) return
def delete_class(course_id, class_id): """ Deletes a class from a course """ query = """ DELETE FROM classes_courses WHERE class_id = %s AND course_id = %s """ db.query(query, (class_id, course_id)) return
def create_free_quiz(quiz_name, quiz_language_id, quiz_short_desc): """ Checks for errors and creates a free quiz if no errors found """ # Check for errors if not quiz_name or not quiz_language_id or not quiz_short_desc: raise ValueError("Property in body is empty") # Check types if type(quiz_name) != str or type(quiz_language_id) != int or type( quiz_short_desc) != str: raise ValueError("Types in body are incorrect") if len(quiz_name) > 20 or len(quiz_short_desc) > 20: raise ValueError("One field in body is too long") # Also check that the language_id actually exists query = """ SELECT language_id FROM languages WHERE language_id = %s """ languages = db.query(query, (quiz_language_id)) if not languages: raise ValueError("Language ID does not exist") query = """ INSERT INTO quizzes (quiz_name, quiz_language_id, quiz_short_desc) VALUES (%s, %s, %s) """ db.insert_query(query, (quiz_name, quiz_language_id, quiz_short_desc))
def delete_course(course_id): """ Deletes a course """ query = """ DELETE FROM questions WHERE question_quiz_id IN ( SELECT quiz_id FROM quizzes WHERE quiz_course_id = %s ) """ db.query(query, (course_id)) return
def taken_email(email): """ Checks if the email is taken in the teacher or student table """ query = """ SELECT teacher_id FROM teachers WHERE teacher_email = %s """ query2 = """ SELECT student_id FROM students WHERE student_email = %s """ taken = db.query(query, (email)) taken2 = db.query(query2, (email)) return taken or taken2
def save_token(token, user_id, is_teacher): """ Saves the teachers or students token """ if is_teacher: query = """ UPDATE teachers SET teacher_token = %s WHERE teacher_id = %s """ else: query = """ UPDATE students SET student_token = %s WHERE student_id = %s """ db.query(query, (token, user_id))
def edit_quiz(quiz_id, name, start_date, end_date, description, language): """ Edits a quiz """ query = """ UPDATE quizzes SET quiz_name = %s, quiz_start_date = %s, quiz_end_date = %s, quiz_short_desc = %s, quiz_language_id = %s WHERE quiz_id = %s """ db.query(query, (name, start_date, end_date, description, language, quiz_id)) return
def remove_token(user_id, is_teacher): """ Sets a teachers or students token to null in the database """ if is_teacher: query = """ UPDATE teachers SET teacher_token = %s WHERE teacher_id = %s """ else: query = """ UPDATE students SET student_token = %s WHERE student_id = %s """ db.query(query, (None, user_id))
def id_from_credentials(email, password): """ Gets the teacher_id or student-id from their credentials. If their credentials don't match, then None will be returned """ query = """ SELECT teacher_id, teacher_hash FROM teachers WHERE teacher_email = %s """ rows = db.query(query, (email)) if rows: teacher_hash = rows[0]["teacher_hash"] teacher_id = rows[0]["teacher_id"] # Compared hashed password from request to hashed password in db if bcrypt.hashpw(password.encode(), teacher_hash.encode()) == teacher_hash.encode(): return teacher_id, True else: query = """ SELECT student_id, student_hash FROM students WHERE student_email = %s """ rows = db.query(query, (email)) if rows: student_hash = rows[0]["student_hash"] student_id = rows[0]["student_id"] # Compared hashed password from request to hashed password in db if bcrypt.hashpw(password.encode(), student_hash.encode()) == student_hash.encode(): return student_id, False return None, None
def wrap(*args, **kwargs): """ NOTE: This middleware is NOT stateless, depends on teacher_logged_in Checks to see if teacher actually owns the quiz, or if a teacher is an admin and the quiz is a free quiz """ quiz_id = request.view_args["quiz_id"] # Checks if the quiz does not exist query = """ SELECT qc_id , qc_course_id FROM quizzes_courses WHERE qc_id = %s """ quizzes = db.query(query, (quiz_id)) if not quizzes: return not_found() # If the quiz is a free quiz and the teacher is an admin if not quizzes[0]["qc_course_id"] and hasattr(request, "teacher_is_admin"): return func(*args, **kwargs) # Check that teacher owns the course query = """ SELECT qc_id FROM quizzes_courses INNER JOIN courses ON quizzes_courses.qc_course_id = courses.course_id INNER JOIN teachers ON courses.course_teacher_id = teachers.teacher_id WHERE quizzes_courses.qc_id = %s AND teachers.teacher_id = %s """ quizzes = db.query(query, (quiz_id, request.teacher_id)) if not quizzes: return forbidden() return func(*args, **kwargs)
def get_name(course_id): """ Gets information on one course """ query = """ SELECT course_name FROM courses WHERE course_id = %s """ course = db.query(query, (course_id)) return course[0]["course_name"]
def get_courses(teacher_id): """ Gets all of a teachers courses """ query = """ SELECT course_id, course_name FROM courses WHERE course_teacher_id = %s """ courses = db.query(query, (teacher_id)) return courses
def class_exists(teacher_id, class_id): """ Checks if the class exists or if it matches the course """ query = """ SELECT * FROM classes WHERE class_teacher_id = %s AND class_id = %s """ classes = db.query(query, (teacher_id, class_id)) return classes
def get_languages(): """ Gets all supported programming languages """ query = """ SELECT * FROM languages """ languages = db.query(query, ()) return languages
def get_classes(teacher_id): """ Gets all of a teachers classes """ query = """ SELECT class_id, class_name FROM classes WHERE class_teacher_id = %s """ classes = db.query(query, (teacher_id)) return classes
def insert_into_class(class_id, emails): """ Adds students into students_classes """ query = """ INSERT IGNORE INTO students_classes (sc_student_id, sc_class_id) SELECT student_id, %s FROM students WHERE student_email IN %s """ student_list = db.query(query, (class_id, emails)) return student_list
def check_student(class_id, student_id): """ Checks if a student exists or if he matches a class """ query = """ SELECT * FROM students_classes WHERE sc_class_id = %s AND sc_student_id = %s """ student = db.query(query, (class_id, student_id)) return student
def get_quizzes(course_id): """ Gets all of a courses quizzes """ query = """ SELECT quizzes_courses.qc_id, quizzes_courses.qc_start_date, quizzes_courses.qc_end_date, quizzes.quiz_id, quizzes.quiz_short_desc, quizzes.quiz_language_id FROM quizzes_courses INNER JOIN quizzes ON quizzes_courses.qc_quiz_id = quizzes.quiz_id WHERE quizzes_courses.qc_course_id = %s """ quizzes = db.query(query, (course_id)) return quizzes