def search_students(): params = request.get_json() if is_unauthorized_search(params): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) search_phrase = util.get(params, 'searchPhrase', '').strip() if not len(search_phrase): raise BadRequestError('Invalid or empty search input') results = search_for_students( include_profiles=True, search_phrase=search_phrase.replace(',', ' '), is_active_asc=_convert_asc_inactive_arg( util.get(params, 'isInactiveAsc')), order_by=util.get(params, 'orderBy', None), offset=util.get(params, 'offset', 0), limit=util.get(params, 'limit', 50), ) alert_counts = Alert.current_alert_counts_for_viewer(current_user.id) students = results['students'] add_alert_counts(alert_counts, students) return tolerant_jsonify({ 'students': students, 'totalStudentCount': results['totalStudentCount'], })
def create_cohort(): params = request.get_json() if is_unauthorized_search(params): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) label = util.get(params, 'label', None) if not label: raise BadRequestError('Cohort creation requires \'label\'') cohort = CohortFilter.create( advisor_ldap_uids=util.get(params, 'advisorLdapUids'), coe_prep_statuses=util.get(params, 'coePrepStatuses'), ethnicities=util.get(params, 'ethnicities'), genders=util.get(params, 'genders'), gpa_ranges=util.get(params, 'gpaRanges'), group_codes=util.get(params, 'groupCodes'), in_intensive_cohort=util.to_bool_or_none( params.get('inIntensiveCohort')), is_inactive_asc=util.to_bool_or_none(params.get('isInactiveAsc')), label=label, last_name_range=util.get(params, 'lastNameRange'), levels=util.get(params, 'levels'), majors=util.get(params, 'majors'), uid=current_user.get_id(), underrepresented=util.get(params, 'underrepresented'), unit_ranges=util.get(params, 'unitRanges'), ) return tolerant_jsonify(decorate_cohort(cohort))
def get_cohort(cohort_id): if is_unauthorized_search(request.args): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) include_students = util.to_bool_or_none( util.get(request.args, 'includeStudents')) include_students = True if include_students is None else include_students order_by = util.get(request.args, 'orderBy', None) offset = util.get(request.args, 'offset', 0) limit = util.get(request.args, 'limit', 50) cohort = CohortFilter.find_by_id(int(cohort_id)) if cohort and can_view_cohort(current_user, cohort): cohort = decorate_cohort( cohort, order_by=order_by, offset=int(offset), limit=int(limit), include_alerts_for_uid=current_user.uid, include_profiles=True, include_students=include_students, ) return tolerant_jsonify(cohort) else: raise ResourceNotFoundError( f'No cohort found with identifier: {cohort_id}')
def get_cohort_per_filters(): benchmark = get_benchmarker('cohort get_students_per_filters') benchmark('begin') params = request.get_json() filters = get_param(params, 'filters', []) if not filters: raise BadRequestError('API requires \'filters\'') include_students = to_bool(get_param(params, 'includeStudents')) include_students = True if include_students is None else include_students order_by = get_param(params, 'orderBy', None) offset = get_param(params, 'offset', 0) limit = get_param(params, 'limit', 50) filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys, order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) benchmark('begin phantom cohort query') cohort = _construct_phantom_cohort( filters=filters, order_by=order_by, offset=int(offset), limit=int(limit), include_alerts_for_user_id=current_user.get_id(), include_profiles=True, include_students=include_students, ) _decorate_cohort(cohort) benchmark('end') return tolerant_jsonify(cohort)
def update_cohort(): params = request.get_json() cohort_id = int(params.get('id')) name = params.get('name') filters = params.get('filters') # Validation if not name and not filters: raise BadRequestError('Invalid request') if not CohortFilter.is_cohort_owned_by(cohort_id, current_user.get_id()): raise ForbiddenRequestError(f'Invalid or unauthorized request') filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) filter_criteria = _translate_filters_to_cohort_criteria(filters) updated = CohortFilter.update( cohort_id=cohort_id, name=name, filter_criteria=filter_criteria, include_students=False, include_alerts_for_user_id=current_user.get_id(), ) _decorate_cohort(updated) return tolerant_jsonify(updated)
def create_cohort(): params = request.get_json() domain = get_param(params, 'domain', 'default') if is_unauthorized_domain(domain): raise ForbiddenRequestError( f'You are unauthorized to query the \'{domain}\' domain') name = get_param(params, 'name', None) filters = get_param(params, 'filters', None) order_by = params.get('orderBy') # Authorization check filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys, order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) filter_criteria = _translate_filters_to_cohort_criteria(filters, domain) if not name or not filter_criteria: raise BadRequestError( 'Cohort creation requires \'name\' and \'filters\'') cohort = CohortFilter.create( uid=current_user.get_uid(), name=name, filter_criteria=filter_criteria, domain=domain, order_by=order_by, include_alerts_for_user_id=current_user.get_id(), ) _decorate_cohort(cohort) return tolerant_jsonify(cohort)
def get_cohort(cohort_id): benchmark = get_benchmarker(f'cohort {cohort_id} get_cohort') benchmark('begin') filter_keys = list(request.args.keys()) order_by = get_param(request.args, 'orderBy', None) if is_unauthorized_search(filter_keys, order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) include_students = to_bool(get_param(request.args, 'includeStudents')) include_students = True if include_students is None else include_students offset = get_param(request.args, 'offset', 0) limit = get_param(request.args, 'limit', 50) benchmark('begin cohort filter query') cohort = CohortFilter.find_by_id( int(cohort_id), order_by=order_by, offset=int(offset), limit=int(limit), include_alerts_for_user_id=current_user.get_id(), include_profiles=True, include_students=include_students, ) if cohort and _can_current_user_view_cohort(cohort): _decorate_cohort(cohort) benchmark('end') return tolerant_jsonify(cohort) else: raise ResourceNotFoundError( f'No cohort found with identifier: {cohort_id}')
def download_csv_per_filters(): benchmark = get_benchmarker('cohort download_csv_per_filters') benchmark('begin') params = request.get_json() filters = get_param(params, 'filters', []) fieldnames = get_param(params, 'csvColumnsSelected', []) domain = get_param(params, 'domain', 'default') if (domain == 'default' and not filters) or filters is None: raise BadRequestError('API requires \'filters\'') filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) domain = get_param(params, 'domain', 'default') if is_unauthorized_domain(domain): raise ForbiddenRequestError( f'You are unauthorized to query the \'{domain}\' domain') cohort = _construct_phantom_cohort( domain=domain, filters=filters, offset=0, limit=None, include_profiles=False, include_sids=True, include_students=False, ) return _response_with_csv_download(benchmark, domain, fieldnames, cohort['sids'])
def search(): params = util.remove_none_values(request.get_json()) order_by = util.get(params, 'orderBy', None) if is_unauthorized_search(list(params.keys()), order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) search_phrase = util.get(params, 'searchPhrase', '').strip() domain = { 'students': util.get(params, 'students'), 'courses': util.get(params, 'courses'), 'notes': util.get(params, 'notes'), } if not domain['students'] and not domain['courses'] and not domain['notes']: raise BadRequestError('No search domain specified') if not len(search_phrase) and not domain['notes']: raise BadRequestError('Invalid or empty search input') feed = {} if len(search_phrase) and domain['students']: feed.update(_student_search(search_phrase, params, order_by)) if len(search_phrase) and domain['courses']: feed.update(_course_search(search_phrase, params, order_by)) if domain['notes']: feed.update(_notes_search(search_phrase, params)) return tolerant_jsonify(feed)
def _filters_to_filter_criteria(filters, order_by=None): filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys, order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) return CohortFilter.translate_filters_to_cohort_criteria(filters)
def download_csv_per_filters(): benchmark = get_benchmarker('cohort download_csv_per_filters') benchmark('begin') filters = get_param(request.get_json(), 'filters', []) if not filters: raise BadRequestError('API requires \'filters\'') filter_keys = list(map(lambda f: f['key'], filters)) if is_unauthorized_search(filter_keys): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) cohort = CohortFilter.construct_phantom_cohort( filters=filters, offset=0, limit=None, include_profiles=False, include_sids=True, include_students=False, ) return response_with_students_csv_download(sids=cohort['sids'], benchmark=benchmark)
def get_students(): params = request.get_json() if is_unauthorized_search(params): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) results = query_students( advisor_ldap_uids=util.get(params, 'advisorLdapUids'), coe_prep_statuses=util.get(params, 'coePrepStatuses'), ethnicities=util.get(params, 'ethnicities'), genders=util.get(params, 'genders'), gpa_ranges=util.get(params, 'gpaRanges'), group_codes=util.get(params, 'groupCodes'), include_profiles=True, is_active_asc=_convert_asc_inactive_arg( util.get(params, 'isInactiveAsc')), in_intensive_cohort=util.to_bool_or_none( util.get(params, 'inIntensiveCohort')), last_name_range=_get_name_range_boundaries( util.get(params, 'lastNameRange')), levels=util.get(params, 'levels'), limit=util.get(params, 'limit', 50), majors=util.get(params, 'majors'), offset=util.get(params, 'offset', 0), order_by=util.get(params, 'orderBy', None), underrepresented=util.get(params, 'underrepresented'), unit_ranges=util.get(params, 'unitRanges'), ) if results is None: raise BadRequestError('Invalid search criteria') alert_counts = Alert.current_alert_counts_for_viewer(current_user.id) students = results['students'] if results else [] add_alert_counts(alert_counts, students) return tolerant_jsonify({ 'students': students, 'totalStudentCount': results['totalStudentCount'] if results else 0, })
def search(): params = util.remove_none_values(request.get_json()) order_by = util.get(params, 'orderBy', None) if is_unauthorized_search(list(params.keys()), order_by): raise ForbiddenRequestError( 'You are unauthorized to access student data managed by other departments' ) search_phrase = util.get(params, 'searchPhrase', '').strip() domain = { 'appointments': util.get(params, 'appointments'), 'students': util.get(params, 'students'), 'courses': util.get(params, 'courses'), 'notes': util.get(params, 'notes'), } if not domain['students'] and not domain['courses'] and not ( domain['notes'] or domain['appointments']): raise BadRequestError('No search domain specified') if not len(search_phrase) and not (domain['notes'] or domain['appointments']): raise BadRequestError('Invalid or empty search input') if domain['courses'] and not current_user.can_access_canvas_data: raise ForbiddenRequestError('Unauthorized to search courses') feed = {} if domain['appointments'] and app.config[ 'FEATURE_FLAG_ADVISOR_APPOINTMENTS']: feed.update(_appointments_search(search_phrase, params)) if len(search_phrase) and domain['students']: feed.update(_student_search(search_phrase, params, order_by)) if len(search_phrase) and domain['courses']: feed.update(_course_search(search_phrase, params, order_by)) if domain['notes']: feed.update(_notes_search(search_phrase, params)) return tolerant_jsonify(feed)