def GetTimetable():
if 'X-App-Token' in request.headers and ApiSession.isValid(request):
userId, userType = ApiSession.getUserId_req(request)
else:
return JsonResponse.unauthorized({
'message':
'invalid_session',
'nice_message':
'Invalid session. Did you login?'
})
if userType == 'student':
return JsonResponse.ok({
'events':
Timetable.getStudentTimetable(userId, 1050194809, 1950194809)
})
elif userType == 'teacher':
return JsonResponse.ok({
'events':
Timetable.getTeacherTimetable(userId, 1050194809, 1950194809)
})
return JsonResponse.internalServerError({
'message':
'unexpected_user_type',
'nice_message':
'Unexpected user type. Contact system administrator.'
})
def DeleteTerm(term_id):
""" Creates a new Campus """
# Authenticate user
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
if not term_id:
return JsonResponse.badRequest({
'message': 'bad_request',
'nice_message': 'Please enter the term'
})
term = TermModel.findById(term_id)
if not term:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Term not found.'
})
term.delete()
return JsonResponse.ok()
def Update(campus_id, building_id, room_id):
""" Update a given campus building room. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('building_admin', 'fire_officer')):
return JsonResponse.unauthorized({'message': 'no_access', 'nice_message': 'You do not have accdss to this page. Contact system administrator.'})
# Get room object
room = CampusBuildingRoomModel.findById(room_id)
if not room:
return JsonResponse.notFound({'message': 'room_missing', 'nice_message': 'Room not found.'})
# Save new values to database
name = request.form.get('room_name')
floor = request.form.get('floor')
capacity = request.form.get('capacity')
if not name and not floor and not capacity:
return JsonResponse.badRequest({'message': 'missing_parameters', 'nice_message': 'Please enter a floor, capacity or name.'})
if name:
room.setIdentifier(name)
if floor:
room.setBuildingFloor(floor)
if capacity:
room.setCapacity(capacity)
room.save()
return JsonResponse.ok()
def Create(student_id):
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this page. Contact system administrator.'
})
module_id = request.form.get('module')
if not module_id or not student_id:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Missing student or module.'
})
newEnrolment = StudentModuleModel()
dateNow = int(time.time())
newEnrolment.setEnrolmentDate(dateNow)
newEnrolment.setStudent(student_id)
newEnrolment.setModule(module_id)
newEnrolment.save()
return JsonResponse.ok()
def Update(id):
""" Updates information for a Campus """
if not Authorization.canAccess(session.get('user'), ('building_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
name = request.form.get('campus_name')
if not name:
return JsonResponse.badRequest({
'message': 'name_missing',
'nice_message': 'Missing campus name.'
})
campus = CampusModel.findById(id)
if not campus:
return JsonResponse.notFound({
'message':
'not_found',
'nice_message':
'Campus could not be found.'
})
campus.setName(name) \
.save()
return JsonResponse.ok()
def Create(campus_id):
""" Creates new campus building """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('building_admin', )):
return JsonResponse.unauthorized()
# Ensure campus exists
campus = CampusModel.findById(campus_id)
if not campus:
return JsonResponse.notFound()
# Parse and validate request body
name = request.form.get('building_name')
floorCount = request.form.get('floor_count')
if not name or not floorCount:
return JsonResponse.badRequest()
# Save new data to database
building = CampusBuildingModel()
building.setName(name) \
.setFloorCount(floorCount) \
.setCampus(campus_id) \
.save()
return JsonResponse.ok()
def Create():
""" Creates a new Campus """
# Authenticate user
if not Authorization.canAccess(session.get('user'), ('building_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
name = request.form.get('campus_name')
if not name:
return JsonResponse.badRequest({
'message': 'name_missing',
'nice_message': 'Missing Campus Name'
})
campus = CampusModel()
campus.setName(name) \
.save()
return JsonResponse.ok()
def Delete(student_id, module_id):
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
if not student_id or not module_id:
return JsonResponse.badRequest({
'message': 'missing_parameters',
'nice_message': 'Missing parameter.'
})
enrolments = StudentModuleModel.findBy('student', student_id)
for enrolment in enrolments:
if enrolment.getModule() == int(module_id):
enrolment.delete()
return JsonResponse.ok()
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Enrolment does not exist.'
})
def Create(campus_id, building_id):
""" Create a room in a given campus building. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('building_admin')):
return JsonResponse.unauthorized({'message': 'no_acces', 'nice_message': 'You do not have acess to this page. Contact system administrator.'})
# Get building object
building = CampusBuildingModel.findById(building_id)
if not building:
return JsonResponse.notFound({'message': 'not_found', 'nice_message': 'Building not found.'})
# Parse and validate request body
name = request.form.get('room_name')
floor = request.form.get('floor')
capacity = request.form.get('capacity')
if not name or not floor or not capacity:
return JsonResponse.badRequest({'message': 'bad_request', 'nice_message': 'Please enter a capacity, name and floor.'})
# Save new data to database
room = CampusBuildingRoomModel()
room.setIdentifier(name) \
.setBuildingFloor(floor) \
.setBuilding(building_id) \
.setCapacity(capacity) \
.save()
return JsonResponse.ok()
def Update(id):
""" Updates teachers information """
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
if not first_name and not last_name and not email and not mobile_phone and not password:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter details for the teacher.'
})
teachers = TeacherModel.findById(id)
if not teachers:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
if first_name:
teachers.setFirstName(first_name)
if last_name:
teachers.setLastName(last_name)
if email:
teachers.setEmail(email)
if mobile_phone:
teachers.setMobile(mobile_phone)
if password:
salt = teachers.getSalt()
hashedPassword = Security.hashPassword(password, salt)
teachers.setPassword(hashedPassword)
try:
teachers.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Update(module_id, session_id):
""" Updates a module session. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
# Get session object
session = ModuleSessionModel.findById(session_id)
if not session:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Session not found.'
})
# Save new values to database
teacher = request.form.get('teacher')
sessionType = request.form.get('type')
if not teacher and not sessionType:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter a teacher and session type.'
})
if teacher:
if not TeacherModel.findById(teacher):
return JsonResponse.badRequest({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
session.setStaff(teacher)
if sessionType:
if not ModuleSessionModel.findById(sessionType):
return JsonResponse.badRequest({
'message':
'not_found',
'nice_message':
'Session type not found.'
})
session.setType(sessionType)
session.save()
return JsonResponse.ok()
def route():
""" Example route, show information about system and current session. """
userId = -1
if 'X-App-Token' in request.headers:
userId = ApiSession.getUserId(request.headers['X-App-Token'])
return JsonResponse.ok({
'application': 'A4Scheduler',
'environment': Config.getValue('ENVIRONMENT'),
'userId': userId
})
def Update(id):
"""POST /staff/[id] - Updates staff information (JSON) (Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
#Auth
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
role = request.form.get('role')
if not first_name and not last_name and not email and not mobile_phone and not password and not role:
#Bad request
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Pleaase enter new details for the staff member'
})
staff = StaffModel.findById(id)
#Not sure on method names
if first_name:
staff.setFirstName(first_name)
if last_name:
staff.setLastName(last_name)
if email:
staff.setEmail(email)
if mobile_phone:
staff.setMobile(mobile_phone)
if role:
staff.setRole(role)
#Password hashed here
if password:
salt = staff.getSalt()
hashedPassword = Security.hashPassword(password, salt)
staff.setPassword(hashedPassword)
try:
staff.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Delete(campus_id, building_id, room_id):
""" Deletes a given campus building room. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('building_admin')):
return JsonResponse.unauthorized({'message': 'no_access', 'nice_message': 'You do not have access to this function. Contact system administrator.'})
# Get room object
room = CampusBuildingRoomModel.findById(room_id)
# Delete from database
room.delete()
return JsonResponse.ok()
def UpdateTerm(term_id):
""" Creates a new Campus """
# Authenticate user
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
term = request.form.get('term')
term_start = request.form.get('term_start')
term_end = request.form.get('term_end')
if not term or not term_start or not term_end:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter a new term number, start date or end date.'
})
if term not in ('1', '2', '3', 1, 2, 3):
return JsonResponse.badRequest({
'message':
'bad_request',
'nice_message':
'Please select a term between 1 and 3.'
})
termObj = TermModel.findById(term_id)
if not termObj:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Term not found.'
})
if term:
termObj.setTerm(term)
if term_start:
termObj.setStartDate(yyyyMmDdToTimestamp(term_start))
if term_end:
termObj.setEndDate(yyyyMmDdToTimestamp(term_end))
termObj.save()
return JsonResponse.ok()
def Create(module_id):
""" Creates a new module session. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this page. Contact system administrator.'
})
# Get module object
module = ModuleModel.findById(module_id)
if not module:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Module not found.'
})
# Parse and validate request body
teacher = request.form.get('teacher')
sessionType = request.form.get('type')
if not TeacherModel.findById(teacher):
return JsonResponse.badRequest({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
if not ModuleSessionTypeModel.findById(sessionType):
return JsonResponse.badRequest({
'message':
'not_found',
'nice_message':
'Module session not found.'
})
# Save new data to database
moduleSession = ModuleSessionModel()
moduleSession.setModule(module.getId()) \
.setStaff(teacher) \
.setType(sessionType) \
.save()
return JsonResponse.ok()
def Update(id):
""" Updates a given module. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this page. Contact system administrator.'
})
# Get module object
module = ModuleModel.findById(id)
if not module:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Module not found.'
})
# Save new values to database
name = request.form.get('module_name')
leader = request.form.get('leader')
if not name and not leader:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter a new name or module leader.'
})
if name:
module.setName(name)
if leader:
if not TeacherModel.findById(leader):
return JsonResponse.badRequest({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
module.setLeader(leader)
module.save()
return JsonResponse.ok()
def Update(id):
"""Updates student information """
"""(JSON) (Post variables: first_name, last_name, email, mobile_phone, password)"""
#Auth
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized()
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
if not first_name and not last_name and not email and not mobile_phone and not password:
#Bad request
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please fill out new information for the student.'
})
student = StudentModel.findById(id)
#Not sure on method names
if first_name:
student.setFirstName(first_name)
if last_name:
student.setLastName(last_name)
if email:
student.setEmail(email)
if mobile_phone:
student.setMobile(mobile_phone)
#Password hashed here
if password:
salt = student.getSalt()
hashedPassword = Security.hashPassword(password, salt)
student.setPassword(hashedPassword)
try:
student.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def CreateTerm():
""" Creates a new Campus """
# Authenticate user
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this page. Contact system administrator.'
})
term = request.form.get('term')
term_start = request.form.get('term_start')
term_end = request.form.get('term_end')
if not term or not term_start or not term_end:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter term number, term start date and term end date.'
})
if term not in ('1', '2', '3', 1, 2, 3):
return JsonResponse.badRequest({
'message':
'bad_request',
'nice_message':
'Please select a term number between 1 and 3.'
})
term_start = yyyyMmDdToTimestamp(term_start)
term_end = yyyyMmDdToTimestamp(term_end)
termObj = TermModel()
termObj.setTerm(int(term)) \
.setStartDate(term_start) \
.setEndDate(term_end) \
.save()
return JsonResponse.ok()
def Create():
"""Creates a new student (JSON) (Post variables: first_name, last_name, email, mobile_phone)"""
#Change who is authorised
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
student = StudentModel()
if not first_name or not last_name or not email or not mobile_phone or not password:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please fill all fields for the new student.'
})
student.setFirstName(first_name)
student.setLastName(last_name)
student.setEmail(email)
student.setMobile(mobile_phone)
student.setPassword(hashedPassword)
student.setSalt(salt)
try:
student.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Update(campus_id, building_id):
""" Update information for given building """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('building_admin', )):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
# Get building object
building = CampusBuildingModel.findById(building_id)
if not building:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Building not found.'
})
# Save new values to database
name = request.form.get('building_name')
floorCount = request.form.get('floor_count')
if not name and not floorCount:
return JsonResponse.badRequest({
'message':
'missing_parameter',
'nice_message':
'Please enter a new name or floor count.'
})
if name:
building.setName(name)
if floorCount:
building.setFloorCount(floorCount)
building.save()
return JsonResponse.ok()
def Delete(id):
""" Deletes teacher """
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator'
})
teachers = TeacherModel.findById(id)
if not teachers:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
modules = ModuleModel.findBy('leader', id)
if len(modules) != 0:
return JsonResponse.badRequest({
'message':
'bad_request',
'nice_message':
'Modules exist with this teacher as module leader.'
})
sessions = ModuleSessionModel.findBy('staff', id)
if len(sessions) != 0:
return JsonResponse.badRequest({
'message':
'bad_request',
'nice_message':
'Sessions exist for this teacher.'
})
teachers.delete()
return JsonResponse.ok()
def DeleteBooking(module_id, session_id, booking_id):
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator'
})
theBooking = RoomBookingModel.findById(booking_id)
if not theBooking:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Booking not found.'
})
theBooking.delete()
return JsonResponse.ok()
def Create():
""" Creates a new teacher """
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
teachers = TeacherModel()
if not teachers:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
teachers.setFirstName(first_name)
teachers.setLastName(last_name)
teachers.setEmail(email)
teachers.setMobile(mobile_phone)
teachers.setPassword(hashedPassword)
teachers.setSalt(salt)
try:
teachers.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Create():
"""POST /staff - Creates a new staff member (JSON)
(Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
role = request.form.get('role')
password = request.form.get('password')
#password = '******' #generatePassword()
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
staff = StaffModel()
staff.setFirstName(first_name)
staff.setLastName(last_name)
staff.setEmail(email)
staff.setMobile(mobile_phone)
staff.setRole(role)
staff.setPassword(hashedPassword)
staff.setSalt(salt)
try:
staff.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Delete(id):
"""Deletes a Student"""
#Authorise (Change who is authorised)
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'not_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
#Find student and check they exist
student = StudentModel.findById(id)
if not student:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Student not found.'
})
#Delete record of student
student.delete()
return JsonResponse.ok()
def Delete(id):
"""DELETE /staff/[id] - Deletes a staff member. (JSON)"""
#Authorise
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
#Find student and check they exist
staff = StaffModel.findById(id)
if not staff:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Staff member not found.'
})
#Delete record of student
staff.delete()
return JsonResponse.ok()
def Delete(id):
""" Deletes a Campus """
if not Authorization.canAccess(session.get('user'), ('building_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
campus = CampusModel.findById(id)
if not campus:
return JsonResponse.notFound({
'message':
'not_found',
'nice_message':
'Campus could not be found.'
})
campus.delete()
return JsonResponse.ok()
def Create():
""" Creates a new module. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this page. Contact system administrator.'
})
# Parse and validate request body
name = request.form.get('module_name')
leader = request.form.get('leader')
if not name or not leader:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please make sure you enter a name and leader.'
})
# Make sure leader is a valid staff member
if not TeacherModel.findById(leader):
return JsonResponse.badRequest({
'message': 'not_found',
'nice_message': 'Teacher not found'
})
# Save new data to database
module = ModuleModel()
module.setName(name) \
.setLeader(leader) \
.save()
return JsonResponse.ok()
def Delete(module_id, session_id):
""" Deletes a module session. """
# Verify user access
if not Authorization.canAccess(session.get('user'), ('scheduling_admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
# Get session object
theSession = ModuleSessionModel.findById(session_id)
if not theSession:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Session not found.'
})
# Delete from database
theSession.delete()
return JsonResponse.ok()
