def delete_secret(app_name, secret_name):
if not is_admin(get_user()["email"], "cs61a"):
return login()
with connect_db() as db:
db("DELETE FROM secrets WHERE app=%s AND name=%s",
[app_name, secret_name])
return redirect(url_for("index"))
def full_json(self):
attendances = (Attendance.query.filter_by(student_id=self.id).options(
joinedload(Attendance.session, innerjoin=True).joinedload(
Session.section).joinedload(Section.staff)).all())
return {
**self.json,
"isAdmin":
is_admin(self.email),
"attendanceHistory": [
attendance.full_json for attendance in sorted(
attendances,
key=lambda attendance: attendance.session.start_time)
],
}
def wrapped(*args, access_token=None, course="cs61a", **kwargs):
token_good = access_token and is_admin_token(access_token=access_token,
course=course)
cookie_good = is_staff(course=course) and is_admin(
email=get_user()["email"], course=course)
if token_good or cookie_good:
try:
return func(*args, **kwargs, course=course)
except PermissionError:
pass
if access_token:
raise PermissionError
else:
return login()
def view_course(course=None):
if not course:
course = request.form["course"]
return redirect(url_for("canonical_view_course", course=course))
if not is_logged_in():
return login()
email = get_user()["email"]
if not is_admin(email, course):
abort(403)
with connect_db() as db:
apps = db(
"SELECT domain, app, status FROM hosted_apps WHERE course=(%s)",
[course]).fetchall()
return html(f"""
<h2>Hosted Apps for {format_coursecode(course)}</h2>
{"<p>".join(f"<code>{domain}</code> ({app}) - {status}" for domain, app, status in apps)}
""")
def wrapped(**kwargs):
if not is_admin(current_user.email):
raise Failure("Only course admins can perform this action.")
return func(**kwargs)
