def delete_task():
data = json.loads(request.data)
task_id = data['taskId']
db.connect()
submissions = db.select_columns('submissions', ['name'], ['task'],
[task_id])
if submissions:
db.close()
return error('Cannot delete this task!' +
'<br>Students have already made submissions')
task_path = db.select_columns('task_attachments', ['path'], ['task'],
[task_id])
if task_path:
file_upload = FileUpload(filename=task_path[0][0])
file_upload.remove_file()
db.delete_rows('tasks', ['id'], [task_id])
db.delete_rows('task_attachments', ['task'], [task_id])
db.delete_rows('task_criteria', ['task'], [task_id])
db.delete_rows('allowed_files', ['task'], [task_id])
db.delete_rows('submission_types', ['task'], [task_id])
db.close()
return jsonify({'status': 'ok', "message": "Task deleted"})
def submit_text_task():
task_id = request.form.get('task', -1)
text = request.form.get('text-submission', -1)
db.connect()
task = build_task(task_id)
res = db.select_columns('enrollments', ['user'],
['user', 'course_offering'],
[session['id'], task['offering']])
if not res:
db.close()
return error("User not enrolled in task's course")
if not request.form.get('certify', 'false') == 'true':
db.close()
return error("You must certify this is all your own work")
if datetime.now().timestamp() >= task['deadline']:
db.close()
return error("Submissions closed!<br>You can no longer submit")
mark_method_id = None
if task['mark_method']['name'] == 'requires approval':
mark_method_id = db.select_columns('request_statuses', ['id'],
['name'], ['pending'])[0][0]
elif task['mark_method']['name'] == 'requires mark':
mark_method_id = db.select_columns('request_statuses', ['id'],
['name'], ['pending mark'])[0][0]
# check if text is too long
if (len(text.strip().split(' ')) > task["word_limit"]):
db.close()
return error(f'Your submission exceeds the word limit')
res = db.select_columns('submissions', ['*'], ['student', 'task'],
[session['id'], task['id']])
if res:
# if there's already a submission, delete it
db.delete_rows('submissions', ['student', 'task'],
[session['id'], task['id']])
db.insert_single('submissions', [
session['id'], task['id'], task['name'], text,
datetime.now().timestamp(), mark_method_id
], ['student', 'task', 'name', 'text', 'date_modified', 'status'])
db.close()
return jsonify({'status': 'ok'})
def delete_material():
data = json.loads(request.data)
material_id = data['materialId']
db.connect()
material_path = db.select_columns('material_attachments', ['path'],
['material'], [material_id])
if material_path:
file_upload = FileUpload(filename=material_path[0][0])
file_upload.remove_file()
db.delete_rows('materials', ['id'], [material_id])
db.delete_rows('material_attachments', ['material'], [material_id])
db.close()
return jsonify({'status': 'ok', "message": "Material deleted"})
def confirm():
confirm_code = request.args.get('confirm_code', '')
user = request.args.get('user', '')
db.connect()
# get the user's confirm code & creation date
res = db.select_columns(
'users', ['confirm_code', 'date_created', 'email', 'id'],
['name'], [user]
)
expired = False
now = datetime.now().timestamp()
if len(res) and res[0][1] + config.ACCOUNT_EXPIRY < now:
expired = True # expire unactivated accounts every 24 hours
db.delete_rows('users', ['name'], [user])
flash('This activation link has expired!<br>' +
'You must register your account again.', 'error')
if not expired and len(res) and confirm_code == res[0][0]:
# clear confirm code to "mark" account as activated
user_id = res[0][3]
res = db.select_columns(
'update_account_types',
['id', 'new_name', 'account_type', 'course_offering'],
['email'], [res[0][2]]
)
if len(res) > 0:
db.update_rows(
'users', ['', res[0][1], res[0][2]],
['confirm_code', 'name', 'account_type'],
['name'], [user]
)
if res[0][3] is not None:
account_types = get_all_account_types()
course_role = 'staff'
if account_types['student'] == res[0][2]:
course_role = 'student'
course_role_id = db.select_columns(
'course_roles', ['id'], ['name'], [course_role]
)
enroll_user(user_id, res[0][3], course_role_id[0][0])
db.delete_rows('update_account_types', ['id'], [res[0][0]])
else:
db.update_rows('users', [''], ['confirm_code'], ['name'], [user])
flash('Account activated! You can now log in.', 'success')
db.close()
return redirect(url_for('.login'))
def delete_topic():
data = json.loads(request.data)
topic_id = data['topicId']
db.connect()
db.delete_rows('topics', ['id'], [topic_id])
db.delete_rows('topic_to_area', ['topic'], [topic_id])
db.delete_rows('announcements', ['topic'], [topic_id])
db.delete_rows('prerequisites', ['topic'], [topic_id])
db.close()
return jsonify({'status': 'ok', "message": "Topic deleted"})
def respond_request():
data = get_fields(request.form, ['response', 'student-id', 'topic'])
db.connect()
req_status = 'approved' if data[0] == 'accept' else 'rejected'
if req_status == 'approved':
if 'assessor' not in request.form:
db.close()
return error('You must specify an assessor')
db.delete_rows('student_topic', ['student'], [data[1]])
db.insert_single('student_topic',
[data[1], data[2], request.form['assessor']],
['student', 'topic', 'assessor'])
queries.respond_topic(data[1], data[2], req_status,
datetime.now().timestamp())
res = db.select_columns('users', ['email', 'name'], ['id'], [data[1]])[0]
student = {'email': res[0], 'name': res[1]}
topic = db.select_columns('topics', ['name'], ['id'], [data[2]])[0][0]
db.close()
send_email(student['email'], student['name'], 'Topic Reply',
[f'Your topic request for "{topic}" has been {req_status}.'])
return jsonify({'status': 'ok'})
def create():
if request.method == 'GET':
topic_id = request.args.get('update', None, type=int)
if topic_id:
db.connect()
topic_info = db.select_columns('topics', ['name', 'description'],
['id'], [topic_id])[0]
# 404 if no such topic id
if not len(topic_info):
db.close()
abort(404)
db.close()
return render_template('create_topic.html',
heading='Edit Topic',
title='Edit Topic',
topic_id=topic_id,
topic_info=topic_info)
else:
return render_template('create_topic.html',
heading='Create Topic',
title='Create Topic')
try:
data = json.loads(request.data)
topic = data['topic']
areas = [area['tag'] for area in data['topic_area']]
prereqs = [prereq['tag'] for prereq in data['prereqs']]
details = data['details']
except ValueError as e:
return e.args[0]
# check if there is an edit param, if there is, get the topic id
update_id = request.args.get('update', None, type=str)
if update_id:
update_id = update_id.split('-')[2]
# make sure the course codes are uppercase and strip for areas and prereqs
if len(areas) == 0:
return error('You must enter at least one topic area')
original_prereqs = prereqs
prereqs = [x.upper().strip() for x in prereqs]
areas = [x.strip() for x in areas]
db.connect()
user_id = session['id']
# test if there is such course in the database
course_ids = []
i = 0
for prereq in prereqs:
course_id = db.select_columns('courses', ['id', 'prereq'], ['code'],
[prereq])
if len(course_id) == 0:
db.close()
err_msg = f'{original_prereqs[i]} is an unknown course code!'
if not re.match(config.COURSE_CODE_FORMAT, prereqs[i]):
err_msg = f'{original_prereqs[i]} is an invalid course code!'
return error(err_msg)
if course_id[0][1] == 0:
db.close()
return error(f'{prereqs[i]} cannot be a prerequisite!')
course_ids.append(course_id[0][0])
i += 1
if not update_id:
# test if there is such topic in the database
res = db.select_columns('topics', ['name'], ['name'], [topic])
# only check the name of the topic
if len(res):
db.close()
return error('A topic with that name already exists!')
# now start to insert data into db
# insert topic
db.insert_single('topics', [topic, user_id, details],
['name', 'supervisor', 'description'])
# otherwise, update the topic name and description
else:
db.update_rows('topics', [topic, details], ['name', 'description'],
['id'], [update_id])
topic_id = db.select_columns('topics', ['id'], ['name'], [topic])[0][0]
# if this is an update, delete all the related area and prereqs
# then insert the new ones
if update_id:
db.delete_rows('topic_to_area', ['topic'], [topic_id])
db.delete_rows('prerequisites', ['topic'], [topic_id])
# now get topic areas
for area in areas:
# get area_id if area in database
area_id = db.select_columns('topic_areas', ['id'], ['name'], [area])
# else add area to database and get the id
if not area_id:
db.insert_single('topic_areas', [area], ['name'])
area_id = db.select_columns('topic_areas', ['id'], ['name'],
[area])
db.insert_single('topic_to_area', [topic_id, area_id[0][0]],
['topic', 'topic_area'])
else:
# add to linking table
db.insert_single('topic_to_area', [topic_id, area_id[0][0]],
['topic', 'topic_area'])
# now insert prereqs
for i in range(len(course_ids)):
db.insert_single('prerequisites', [0, topic_id, course_ids[i]],
['type', 'topic', 'course'])
db.close()
return jsonify({'status': 'ok'})
def upload_material():
try:
fields = [
'file-label', 'file-name', 'course-offering', 'old-material-id',
'delete-old-file'
]
file_label, file_name, course_offering, old_material_id, \
delete_old_file = \
get_fields(request.form, fields,
optional=['word-limit', 'file-name'],
ints=['course-offering'])
except ValueError as e:
return e.args[0]
try:
old_material_id = int(old_material_id)
except ValueError as e:
old_material_id = None
# check if no file when there should be one
if file_name == '' and \
(delete_old_file == 'true' or old_material_id is None):
return error('File is required!')
db.connect()
# check if course offering is valid
res = db.select_columns('course_offerings', ['id'], ['id'],
[course_offering])
if not len(res):
db.close()
return error('Cannot attach material to unknown course offering')
# check if material with same label exists in course
res = db.select_columns('materials', ['id'], ['name', 'course_offering'],
[file_label, course_offering])
if len(res) and old_material_id != res[0][0]:
db.close()
return error('An item with that label already exists in this course')
# otherwise, we can insert the material into the course
if len(file_name):
try:
sent_file = FileUpload(req=request)
except KeyError:
db.close()
return error('Could not find a file to upload')
res = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], res))
if sent_file.get_extention() not in file_types:
db.close()
accept_files = ', '.join(file_types)
return error(f'Accepted file types are: {accept_files}')
if sent_file.get_size() > config.MAX_FILE_SIZE:
sent_file.remove_file()
db.close()
return error(
f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
sent_file.commit()
if delete_old_file == 'true':
old = db.select_columns('material_attachments', ['path'], ['material'],
[old_material_id])
if old:
db.delete_rows('material_attachments', ['material'],
[old_material_id])
try:
prev_submission = FileUpload(filename=old[0][0])
prev_submission.remove_file()
except LookupError:
# If the file doesn't exists don't worry as we are deleting
# the attachment anyway
pass
if old_material_id is not None:
# update existing material entries
db.update_rows('materials', [file_label], ['name'], ['id'],
[old_material_id])
db.update_rows('materials', [file_label], ['name'], ['id'],
[old_material_id])
if delete_old_file == 'true':
db.insert_single(
'material_attachments',
[old_material_id, sent_file.get_name()], ['material', 'path'])
else:
# add material and file path to db
db.insert_single('materials', [course_offering, file_label, 0],
['course_offering', 'name', 'visible'])
res = db.select_columns('materials', ['id'],
['name', 'course_offering'],
[file_label, course_offering])
db.insert_single('material_attachments',
[res[0][0], sent_file.get_name()],
['material', 'path'])
db.close()
return jsonify({'status': 'ok'})
def create():
course_id = request.args.get('course_offering_id', None, type=int)
if request.method == 'GET':
if course_id is None:
abort(400)
db.connect()
res = db.select_columns('course_offerings', ['id'], ['id'],
[course_id])
if not len(res):
db.close()
abort(404)
file_types = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], file_types))
allowed_file_types = ','.join(file_types)
heading = 'Create Task'
default_fields = {
'task-name': '',
'deadline': '',
'task-description': '',
'submission-type': 'text',
'word-limit': '',
'maximum-file-size': '',
'accepted-file-type': '',
'marking-method': 'accept',
'criteria': [],
'task_attachments': []
}
# if updating old task then load old task data
old_task_id = request.args.get('update', None, type=int)
if old_task_id is not None:
res = queries.get_past_task_data(old_task_id)
if res is not None:
res = res[0]
heading = 'Edit Task'
# basic task details
default_fields['task-name'] = res[0]
time_format = '%d/%m/%Y %H:%M'
due_date = datetime.fromtimestamp(res[1])
default_fields['deadline'] = due_date.strftime(time_format)
default_fields['task-description'] = res[2]
attachments = db.select_columns('task_attachments', ['path'],
['task'], [old_task_id])
for r in attachments:
file = [FileUpload(filename=r[0])]
default_fields['task_attachments'] = file
# submission method specific
if res[3] == 'text submission':
default_fields['word-limit'] = res[4]
else:
default_fields['submission-type'] = 'file'
default_fields['maximum-file-size'] = int(res[5])
default_fields['accepted-file-type'] = res[6]
# marking method specifics
if res[7] == 'requires mark':
default_fields['marking-method'] = 'criteria'
crit = db.select_columns('task_criteria',
['name, max_mark'], ['task'],
[old_task_id])
if crit is not None:
default_fields['criteria'] = crit
db.close()
if default_fields['maximum-file-size'] == '':
default_fields['maximum-file-size'] = 5
if default_fields['accepted-file-type'] == '':
default_fields['accepted-file-type'] = '.pdf'
return render_template('create_task.html',
heading=heading,
title=heading,
file_types=file_types,
course_id=course_id,
max_file_size=config.MAX_FILE_SIZE,
max_word_limit=config.MAX_WORD_LIMIT,
accepted_file_types=allowed_file_types,
old_task_id=old_task_id,
default_fields=default_fields)
try:
fields = [
'task-name', 'deadline', 'task-description', 'submission-type',
'word-limit', 'maximum-file-size', 'accepted-file-type',
'marking-method', 'num-criteria', 'course-id', 'file-name',
'old_task_id', 'delete_old_attachment'
]
task_name, deadline, task_description, submission_type, \
word_limit, max_file_size, accepted_ftype, marking_method, \
num_criteria, course_id, file_name, old_task_id, \
delete_old_attachment = \
get_fields(request.form, fields,
optional=['word-limit', 'file-name'],
ints=['maximum-file-size', 'num-criteria',
'word-limit', 'course-id',
'delete_old_attachment'])
except ValueError as e:
return e.args[0]
try:
old_task_id = int(old_task_id)
except ValueError as e:
old_task_id = None
try:
deadline = datetime.strptime(deadline, '%d/%m/%Y %H:%M').timestamp()
except ValueError:
return error('Invalid date format for deadline!')
if submission_type == 'file':
max_size = config.MAX_FILE_SIZE
if not (1 <= max_file_size <= max_size):
return error(
f'Maximum file size must be between 1 and {max_size}!')
elif submission_type == 'text':
try:
word_limit = get_fields(request.form, ['word-limit'],
ints=['word-limit'])[0]
except ValueError as e:
return e.args[0]
max_word_limit = config.MAX_WORD_LIMIT
if not (1 <= word_limit <= max_word_limit):
return error(f'Word limit must be between 1 and {max_word_limit}!')
else:
return error('Unknown submission type!')
if marking_method == 'criteria':
if num_criteria < 1:
return error('At least one marking criterion is required!')
else:
criteria = [f'criteria-{i}' for i in range(1, num_criteria + 1)]
marks = [f'maximum-mark-{i}' for i in range(1, num_criteria + 1)]
try:
criteria = get_fields(request.form, criteria)
marks = get_fields(request.form, marks, ints=marks)
except ValueError as e:
return e.args[0]
if sum([mark for mark in marks]) != 100:
return error('Marks must add to 100!')
elif marking_method != 'accept':
return error('Unknown marking method!')
db.connect()
res = db.select_columns('course_offerings', ['id'], ['id'], [course_id])
if not len(res):
db.close()
return error('Cannot create task for unknown course!')
res = db.select_columns('tasks', ['id', 'name'],
['name', 'course_offering'],
[task_name, course_id])
if len(res) and res[0][0] != old_task_id:
db.close()
return error('A task with that name already exists in this course!')
# retrieve some foreign keys for insertion
res = db.select_columns('file_types', ['id'], ['name'], [accepted_ftype])
if not len(res):
db.close()
return error('Invalid or unsupported file type!')
file_type_id = res[0][0]
# upload file if present
sent_file = None
if len(file_name):
try:
sent_file = FileUpload(req=request)
except KeyError:
db.close()
return error('Could not find a file to upload')
res = db.select_columns('file_types', ['name'])
file_types = list(map(lambda x: x[0], res))
if sent_file.get_extention() not in file_types:
db.close()
accept_files = ', '.join(file_types)
return error(f'Accepted file types are: {accept_files}')
if sent_file.get_size() > config.MAX_FILE_SIZE:
sent_file.remove_file()
db.close()
return error(
f'File exceeds the maximum size of {config.MAX_FILE_SIZE} MB')
sent_file.commit()
if (len(file_name) and old_task_id is not None) or delete_old_attachment:
old = db.select_columns('task_attachments', ['path'], ['task'],
[old_task_id])
if old:
db.delete_rows('task_attachments', ['task'], [old_task_id])
try:
prev_submission = FileUpload(filename=old[0][0])
prev_submission.remove_file()
except LookupError:
# If the file doesn't exists don't worry as we are deleting
# the attachment anyway
pass
res = db.select_columns('submission_methods', ['id'], ['name'],
['{} submission'.format(submission_type)])
submission_method_id = res[0][0]
marking_method = 'approval' if marking_method == 'accept' else 'mark'
res = db.select_columns('marking_methods', ['id'], ['name'],
['requires {}'.format(marking_method)])
mark_method_id = res[0][0]
# commit task
if old_task_id is not None:
# update an existing task
db.update_rows('tasks', [
task_name, course_id, deadline, task_description, max_file_size,
submission_method_id, mark_method_id, word_limit
], [
'name', 'course_offering', 'deadline', 'description', 'size_limit',
'submission_method', 'marking_method', 'word_limit'
], ['id'], [old_task_id])
else:
# add a new task`
db.insert_single('tasks', [
task_name, course_id, deadline, task_description, max_file_size, 0,
submission_method_id, mark_method_id, word_limit
], [
'name', 'course_offering', 'deadline', 'description', 'size_limit',
'visible', 'submission_method', 'marking_method', 'word_limit'
])
res = db.select_columns('tasks', ['id'], ['name', 'course_offering'],
[task_name, course_id])
task_id = res[0][0]
if sent_file:
db.insert_single('task_attachments',
[task_id, sent_file.get_name()], ['task', 'path'])
# delete old entries in other tables
if old_task_id is not None:
db.delete_rows('submission_types', ['task'], [old_task_id])
res = db.select_columns('task_criteria', ['id'], ['task'],
[old_task_id])
for r in res:
db.delete_rows('marks', ['criteria'], [r[0]])
db.delete_rows('task_criteria', ['task'], [old_task_id])
# commit accepted file type
db.insert_single('submission_types', [file_type_id, task_id],
['file_type', 'task'])
# commit marking criteria
marking_criteria = []
if marking_method == 'approval':
marking_criteria.append(
('task_criteria', [task_id, 'Approval',
100], ['task', 'name', 'max_mark']))
else:
for i in range(len(criteria)):
marking_criteria.append(
('task_criteria', [task_id, criteria[i],
marks[i]], ['task', 'name', 'max_mark']))
db.insert_multiple(marking_criteria)
db.close()
return jsonify({'status': 'ok'})
def submit_file_task():
task_id = request.form.get('task', -1)
db.connect()
res = db.select_columns('tasks', [
'deadline', 'marking_method', 'visible', 'course_offering',
'size_limit'
], ['id'], [task_id])
if not res:
db.close()
return error("Task not found")
task = build_task(task_id)
res = db.select_columns('enrollments', ['user'],
['user', 'course_offering'],
[session['id'], task['offering']])
if not res:
db.close()
return error("User not enrolled in task's course")
if not request.form.get('certify', 'false') == 'true':
db.close()
return error("You must certify this is all your own work")
if datetime.now().timestamp() >= task['deadline']:
db.close()
return error("Submissions closed!<br>You can no longer submit")
if task['mark_method']['name'] == 'requires approval':
res = db.select_columns('request_statuses', ['id'], ['name'],
['pending'])
elif task['mark_method']['name'] == 'requires mark':
res = db.select_columns('request_statuses', ['id'], ['name'],
['pending mark'])
pending_status_id = res[0][0]
try:
sent_file = FileUpload(req=request)
except KeyError:
db.close()
return error("You must supply a file for submission")
if sent_file.get_extention() not in task['accepted_files']:
db.close()
accept_files = ', '.join([f[1:] for f in task['accepted_files']])
return error(f"File must be formatted as {accept_files}")
if sent_file.get_size() > task['file_limit']:
sent_file.remove_file()
db.close()
return error(
f'File exceeds the maximum size of {task["file_limit"]} MB')
sent_file.commit()
res = db.select_columns('submissions', ['path'], ['student', 'task'],
[session['id'], task['id']])
if res:
db.delete_rows('submissions', ['student', 'task'],
[session['id'], task['id']])
# If the file doesn't exists don't worry as we are deleting
# the submission anyway
try:
prev_submission = FileUpload(filename=res[0][0])
prev_submission.remove_file()
except LookupError:
pass
db.insert_single('submissions', [
session['id'], task['id'],
sent_file.get_original_name(),
str(sent_file.get_name()),
datetime.now().timestamp(), pending_status_id
], ['student', 'task', 'name', 'path', 'date_modified', 'status'])
db.close()
return jsonify({'status': 'ok'})
def register():
if request.method == 'GET':
return render_template('register.html',
title='Register', hide_navbar=True)
try:
fields = ['email', 'password', 'confirm-password']
email, password, confirm = get_fields(request.form, fields)
except ValueError as e:
return e.args[0]
if not re.match(config.EMAIL_FORMAT, email):
return error(
f'Invalid email format!<br>{config.EMAIL_FORMAT_ERROR}', 'email')
db.connect()
res = db.select_columns('users', ['email', 'date_created', 'confirm_code'],
['email'], [email])
now = datetime.now().timestamp()
if len(res):
if res[0][2] != '' and res[0][1] + config.ACCOUNT_EXPIRY < now:
# expire unactivated accounts every 24 hours
db.delete_rows('users', ['email'], [email])
else:
db.close()
return error('This email has already been registered!', 'email')
if len(password) < 8:
msg = 'Password must be at least 8 characters long!'
db.close()
return error(msg, 'password')
if password != confirm:
db.close()
return error('Passwords do not match!', 'confirm-password')
hashed_pass = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
name = email.split('@')[0]
# get the id for a public account
acc_type = db.select_columns('account_types',
['id'], ['name'], ['public'])
confirm_code = uuid.uuid1()
activation_link = url_for('.confirm', user=name,
confirm_code=confirm_code, _external=True)
send_email(to=email, name=email, subject='Confirm Account Registration',
messages=[
'You recently registered for an account on TMS.',
'To activiate your account, click ' +
f'<a href="{activation_link}">here</a>.',
'This link will expire in 24 hours.'
])
db.insert_single(
'users',
[name, hashed_pass, email, acc_type[0][0], str(confirm_code), now],
['name', 'password', 'email', 'account_type', 'confirm_code',
'date_created']
)
db.close()
return jsonify({'status': 'ok'})