def admin_institutions_remove(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM institution WHERE institutionid=%s" cursor.execute(query, (id, )) query = "DELETE FROM course where institutionid = %s" cursor.execute(query, (id, )) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Institution deleted...") else: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT institution_name FROM institution WHERE institutionid=%s" cursor.execute(query, (id, )) name = cursor.fetchone()[0] cursor.close() cnx.close() return templating.render( "confirm.html", TITLE="Are you sure you want to delete " + name + "?", MESSAGE= "The institution and all it's courses will be permanently removed.", CONFIRM_LABLE="DELETE")
def admin_teacher_revoke(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM teacher_info WHERE userid=%s" cursor.execute(query, (id, )) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Admin rights revoked...") else: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT username FROM whiley_user WHERE userid=%s" cursor.execute(query, (id, )) name = cursor.fetchone()[0] cursor.close() cnx.close() return templating.render( "confirm.html", TITLE="Are you sure you want to revoke %s's teaching rights?" % name, MESSAGE="", CONFIRM_LABLE="REVOKE")
def admin_course_remove(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM course WHERE courseid=%s" cursor.execute(query, (id, )) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Course deleted...") else: cnx, status = db.connect() cursor = cnx.cursor() query = """SELECT course.course_name, institution.institution_name FROM course, institution WHERE course.courseid=%s AND institution.institutionid = course.institutionid""" cursor.execute(query, (id, )) course, institution = cursor.fetchone() cursor.close() cnx.close() return templating.render( "confirm.html", TITLE="Are you sure you want to delete %s at %s?" % (course, institution), MESSAGE="This course will be permanently removed.", CONFIRM_LABLE="DELETE")
def admin_teacher_revoke(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM teacher_info WHERE userid=%s" cursor.execute(query, (id,)) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Admin rights revoked...") else: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT username FROM whiley_user WHERE userid=%s" cursor.execute(query, (id,)) name = cursor.fetchone()[0] cursor.close() cnx.close() return templating.render("confirm.html", TITLE="Are you sure you want to revoke %s's teaching rights?" % name, MESSAGE="", CONFIRM_LABLE="REVOKE")
def admin_course_remove(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM course WHERE courseid=%s" cursor.execute(query, (id,)) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Course deleted...") else: cnx, status = db.connect() cursor = cnx.cursor() query = """SELECT course.course_name, institution.institution_name FROM course, institution WHERE course.courseid=%s AND institution.institutionid = course.institutionid""" cursor.execute(query, (id,)) course, institution = cursor.fetchone() cursor.close() cnx.close() return templating.render("confirm.html", TITLE="Are you sure you want to delete %s at %s?" % (course, institution), MESSAGE="This course will be permanently removed.", CONFIRM_LABLE="DELETE")
def admin_institutions(self, institution="", *args, **kwargs): """ Lists available institutions. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_institutions() >>> ('Victoria University of Wellington', 2) in ret.OPTION True >>> ret = self.admin_institutions(2) >>> ret.INSTITUTION_ID, ret.INSTITUTION, ret.CONTACT, ret.WEBSITE, ret.DESCRIPTION (2, 'Victoria University of Wellington', None, None, None) """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) redirect = "NO" options = [] if institution: cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT institution_name, institutionid from institution order by institution_name") cursor.execute(query) options = list(cursor) cursor.close() cnx.close() displayInstitution = "" displayContact = "" displayWebsite = "" displayDescription = "" if institution == "": cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT institution_name, institutionid from institution order by institution_name") cursor.execute(query) institution = "" for (institute) in cursor: options.append(institute) if institution == "": institution = institute[1] cursor.close() cnx.close() cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institution_name,description,contact,website from institution where institutionid = '" + str(institution) + "'") cursor.execute(query) displayInstitution, displayDescription, displayContact, displayWebsite = cursor.fetchone() cursor.close() cnx.close() return templating.render("admin_institutions.html", ROOT_URL=config.VIRTUAL_URL, ERROR="", REDIRECT=redirect, OPTION=options, INSTITUTION_ID=institution, INSTITUTION=displayInstitution, CONTACT=displayContact, WEBSITE=displayWebsite, DESCRIPTION=displayDescription, IS_ADMIN=isAdmin(userid))
def admin_institutions_remove(self, id): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST': cnx, status = db.connect() cursor = cnx.cursor() query = "DELETE FROM institution WHERE institutionid=%s" cursor.execute(query, (id,)) query = "DELETE FROM course where institutionid = %s" cursor.execute(query, (id,)) cursor.close() cnx.close() return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Institution deleted...") else: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT institution_name FROM institution WHERE institutionid=%s" cursor.execute(query, (id,)) name = cursor.fetchone()[0] cursor.close() cnx.close() return templating.render("confirm.html", TITLE="Are you sure you want to delete "+name+"?", MESSAGE="The institution and all it's courses will be permanently removed.", CONFIRM_LABLE="DELETE")
def admin_institutions_add(self, institution=None, description=None, contact=None, website=None, *args, **kwargs): """ Adds an institution to the database. """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) options = " " status = "" if institution: cnx, status = db.connect() cursor = cnx.cursor() query = ( "insert into institution (institution_name,description,contact,website) values ('" + institution + "','" + description + "','" + contact + "','" + website + "')") cursor.execute(query) status = "New institution has been added" cursor.close() cnx.close() return templating.render("admin_institutions_add.html", ROOT_URL=config.VIRTUAL_URL, ERROR="", REDIRECT="", OPTION=options, STATUS=status, IS_ADMIN=isAdmin(userid))
def admin_courses(self, institution="", *args, **kwargs): """ Lists all available courses. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_courses() >>> (2, 'Victoria University of Wellington') in ret.OPTION True >>> ret = self.admin_courses('2') >>> (2, 'Victoria University of Wellington') in ret.OPTION True >>> ret.INSTITUTION '2' >>> (1, 'SWEN302') in ret.COURSE_LIST True """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" options = [] course_list = [] if institution: cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT institutionid,institution_name from institution order by institution_name") cursor.execute(query) options = list(cursor) cursor.close() else: cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT institutionid,institution_name from institution order by institution_name") cursor.execute(query) for (institutionid,institution_name) in cursor: options.append((institutionid, institution_name)) if institution == "": institution = str(institutionid) cursor.close() cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT courseid,code from course where institutionid = '" + institution + "' order by code") cursor.execute(query) course_list = list(cursor) cursor.close() return templating.render("admin_courses.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, OPTION=options, INSTITUTION=institution, COURSE_LIST=course_list, IS_ADMIN=isAdmin(userid))
def admin_course_add(self, course_name=None, course_code=None, course_year=None, course_institution=None, validation_code=None, *args, **kwargs): """ Adds a course to the database. """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) import random, string allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" options = [] newstatus = "" validationCode = ''.join( random.choice(string.ascii_uppercase + string.digits) for _ in range(4)) if course_code: cnx, status = db.connect() cursor = cnx.cursor() query = ( "insert into course (course_name,code,year,institutionid,validationcode) values ('" + course_name + "','" + course_code.upper() + "','" + course_year + "','" + course_institution + "','" + validation_code + "')") cursor.execute(query) newstatus = "New course has been added" cursor.close() cnx.close() cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institutionid,institution_name from institution order by institution_name" ) cursor.execute(query) options = list(cursor) cursor.close() cnx.close() return templating.render("admin_courses_add.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, OPTION=options, NEWSTATUS=newstatus, VALIDATIONCODE=validationCode, IS_ADMIN=isAdmin(userid))
def admin_course_details(self, id, *args, **kwargs): """ Retrieves course details. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_course_details('1') >>> ret.COURSENAME, ret.COURSECODE, ret.YEAR ('Agile Methods', 'SWEN302', 2014) >>> ret.VALIDATIONCODE, ret.INSTITUTION (u'aaaa', 'Victoria University of Wellington') >>> 'dave, dave' in ret.STUDENTS True """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" newstatus = "" students = [] courseId = id cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT courseid,course_name,code,year,validationcode,institution_name from course a, institution b where a.institutionid = b.institutionid and a.courseid = %s") cursor.execute(query, (id,)) courseID, courseName, courseCode, year, validationcode, institution = cursor.fetchone() sql = "SELECT distinct a.student_info_id,a.givenname,a.surname from student_info a,student_course_link b, course c, course_stream d where c.courseid = %s and c.courseid = d.courseid and d.coursestreamid =b.coursestreamid and b.studentinfoid = a.student_info_id order by a.surname" cursor.execute(sql, (str(courseID),)) students = [(id, name(givenname, surname)) for id, givenname, surname in cursor] sql = """SELECT distinct a.teacherid,a.full_name from teacher_info a, teacher_course_link b where b.courseid = %s and b.teacherinfoid = a.teacherid""" cursor.execute(sql, (str(courseID),)) teachers = list(cursor) sql = """SELECT stream_name from course_stream where courseid = %s""" cursor.execute(sql, (str(courseId),)) streams = [ret[0] for ret in cursor] cursor.close() return templating.render("admin_course_details.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, TEACHERS=teachers, STREAMS=streams, COURSENAME=courseName, COURSECODE=courseCode, YEAR=year, VALIDATIONCODE=validationcode, INSTITUTION=institution, STUDENTS=students, COURSEID=courseId, IS_ADMIN=isAdmin(userid))
def admin_course_add(self, course_name=None, course_code=None, course_year=None, course_institution=None, validation_code=None, *args, **kwargs): """ Adds a course to the database. """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) import random, string allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" options = [] newstatus = "" validationCode = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(4)) if course_code: cnx, status = db.connect() cursor = cnx.cursor() query = ("insert into course (course_name,code,year,institutionid,validationcode) values ('" + course_name + "','" + course_code.upper() + "','" + course_year + "','" + course_institution + "','" + validation_code + "')") cursor.execute(query) newstatus = "New course has been added" cursor.close() cnx.close() cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT institutionid,institution_name from institution order by institution_name") cursor.execute(query) options = list(cursor) cursor.close() cnx.close() return templating.render("admin_courses_add.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, OPTION=options, NEWSTATUS=newstatus, VALIDATIONCODE=validationCode, IS_ADMIN=isAdmin(userid))
def admin_teacher_add(self, id, login="", staffid="", full_name="", preferred_name="", *args, **kwargs): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST' and login and staffid and full_name and preferred_name: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT userid FROM whiley_user WHERE username = %s" cursor.execute(query, (id, )) id = cursor.fetchone()[0] cursor.close() cnx.close() auth.create_teacher(id, login, staffid, full_name, preferred_name) return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Teacher rights added...") else: # prefill login if not login: login = id return templating.render("admin_add_teacher.html", USERID=id, LOGIN=login, STAFFID=staffid, FULLNAME=full_name, PREFERRED_NAME=preferred_name, IS_ADMIN=isAdmin(userid))
def admin_teacher_add(self, id, login="", staffid="", full_name="", preferred_name="", *args, **kwargs): userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) if request.method == 'POST' and login and staffid and full_name and preferred_name: cnx, status = db.connect() cursor = cnx.cursor() query = "SELECT userid FROM whiley_user WHERE username = %s" cursor.execute(query, (id,)) id = cursor.fetchone()[0] cursor.close() cnx.close() auth.create_teacher(id, login, staffid, full_name, preferred_name) return templating.render("redirect.html", STATUS="alert-success", MESSAGE="Teacher rights added...") else: # prefill login if not login: login = id return templating.render("admin_add_teacher.html", USERID=id, LOGIN=login, STAFFID=staffid, FULLNAME=full_name, PREFERRED_NAME=preferred_name, IS_ADMIN=isAdmin(userid))
def manage_admins(self, newadminid="", deleteadminid="", searchuser=None, newteacherid="", *args, **kwargs): """ Manage the admins. >>> self = manage_admins() >>> results = manage_admins() >>> results.ERROR '' >>> results.REDIRECT 'NO' >>> results.STATUS 'DB: Connection ok' """ adminUserid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(adminUserid) allow(["HEAD", "GET", "POST"]) message = "" redirect = "NO" adminList = [] userList = [] options = [] teacheroptions = [] cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT username, userid from whiley_user user order by username") cursor.execute(query) for (username, userid) in cursor: username_clean = ''.join(ch for ch in username if ch.isalnum()) options.append((username_clean, userid)) teacheroptions.append((username_clean, userid)) cursor.close() if searchuser is not None: cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT userid from whiley_user where username=%s") cursor.execute(query, (searchuser, )) userid = cursor.fetchone() if cursor.rowcount > 0: if not auth.create_admin(userid[0]): message = "User is an Admin already" else: message = "User does not exist" cursor.close() if newadminid == "": cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT username, user.userid from whiley_user user, admin_users admin where user.userid=admin.userid" ) cursor.execute(query) for (username, userid) in cursor: adminList.append((username, userid)) cursor.close() userid = None teacherList = [] teacherMessage = "" if newteacherid == "": cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT full_name, userid from teacher_info") cursor.execute(query) for (username, userid) in cursor: teacherList.append((username, userid)) cursor.close() userid = None return templating.render("manage_admins.html", ADMINLIST=adminList, TEACHERLIST=teacherList, TEACHEROPTION=teacheroptions, OPTION=options, MESSAGE=message, TEACHER_MESSAGE=teacherMessage, IS_ADMIN=isAdmin(adminUserid))
def admin_course_details(self, id, *args, **kwargs): """ Retrieves course details. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_course_details('1') >>> ret.COURSENAME, ret.COURSECODE, ret.YEAR ('Agile Methods', 'SWEN302', 2014) >>> ret.VALIDATIONCODE, ret.INSTITUTION (u'aaaa', 'Victoria University of Wellington') >>> 'dave, dave' in ret.STUDENTS True """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" newstatus = "" students = [] courseId = id cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT courseid,course_name,code,year,validationcode,institution_name from course a, institution b where a.institutionid = b.institutionid and a.courseid = %s" ) cursor.execute(query, (id, )) courseID, courseName, courseCode, year, validationcode, institution = cursor.fetchone( ) sql = "SELECT distinct a.student_info_id,a.givenname,a.surname from student_info a,student_course_link b, course c, course_stream d where c.courseid = %s and c.courseid = d.courseid and d.coursestreamid =b.coursestreamid and b.studentinfoid = a.student_info_id order by a.surname" cursor.execute(sql, (str(courseID), )) students = [(id, name(givenname, surname)) for id, givenname, surname in cursor] sql = """SELECT distinct a.teacherid,a.full_name from teacher_info a, teacher_course_link b where b.courseid = %s and b.teacherinfoid = a.teacherid""" cursor.execute(sql, (str(courseID), )) teachers = list(cursor) sql = """SELECT stream_name from course_stream where courseid = %s""" cursor.execute(sql, (str(courseId), )) streams = [ret[0] for ret in cursor] cursor.close() return templating.render("admin_course_details.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, TEACHERS=teachers, STREAMS=streams, COURSENAME=courseName, COURSECODE=courseCode, YEAR=year, VALIDATIONCODE=validationcode, INSTITUTION=institution, STUDENTS=students, COURSEID=courseId, IS_ADMIN=isAdmin(userid))
def admin_institutions(self, institution="", *args, **kwargs): """ Lists available institutions. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_institutions() >>> ('Victoria University of Wellington', 2) in ret.OPTION True >>> ret = self.admin_institutions(2) >>> ret.INSTITUTION_ID, ret.INSTITUTION, ret.CONTACT, ret.WEBSITE, ret.DESCRIPTION (2, 'Victoria University of Wellington', None, None, None) """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) redirect = "NO" options = [] if institution: cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institution_name, institutionid from institution order by institution_name" ) cursor.execute(query) options = list(cursor) cursor.close() cnx.close() displayInstitution = "" displayContact = "" displayWebsite = "" displayDescription = "" if institution == "": cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institution_name, institutionid from institution order by institution_name" ) cursor.execute(query) institution = "" for (institute) in cursor: options.append(institute) if institution == "": institution = institute[1] cursor.close() cnx.close() cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institution_name,description,contact,website from institution where institutionid = '" + str(institution) + "'") cursor.execute(query) displayInstitution, displayDescription, displayContact, displayWebsite = cursor.fetchone( ) cursor.close() cnx.close() return templating.render("admin_institutions.html", ROOT_URL=config.VIRTUAL_URL, ERROR="", REDIRECT=redirect, OPTION=options, INSTITUTION_ID=institution, INSTITUTION=displayInstitution, CONTACT=displayContact, WEBSITE=displayWebsite, DESCRIPTION=displayDescription, IS_ADMIN=isAdmin(userid))
def manage_admins(self, newadminid="", deleteadminid="", searchuser=None, newteacherid="", *args, **kwargs): """ Manage the admins. >>> self = manage_admins() >>> results = manage_admins() >>> results.ERROR '' >>> results.REDIRECT 'NO' >>> results.STATUS 'DB: Connection ok' """ adminUserid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(adminUserid) allow(["HEAD", "GET", "POST"]) message = "" redirect = "NO" adminList = [] userList = [] options = [] teacheroptions = [] cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT username, userid from whiley_user user order by username") cursor.execute(query) for (username, userid) in cursor: username_clean = ''.join(ch for ch in username if ch.isalnum()) options.append((username_clean,userid)) teacheroptions.append((username_clean,userid)) cursor.close() if searchuser is not None: cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT userid from whiley_user where username=%s") cursor.execute(query,(searchuser,)) userid = cursor.fetchone() if cursor.rowcount > 0: if not auth.create_admin(userid[0]): message = "User is an Admin already" else: message = "User does not exist" cursor.close() if newadminid == "": cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT username, user.userid from whiley_user user, admin_users admin where user.userid=admin.userid") cursor.execute(query) for (username, userid) in cursor: adminList.append((username,userid)) cursor.close() userid = None teacherList = [] teacherMessage = "" if newteacherid == "": cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT full_name, userid from teacher_info") cursor.execute(query) for (username, userid) in cursor: teacherList.append((username,userid)) cursor.close() userid = None return templating.render("manage_admins.html", ADMINLIST=adminList, TEACHERLIST=teacherList,TEACHEROPTION=teacheroptions,OPTION=options, MESSAGE=message, TEACHER_MESSAGE=teacherMessage, IS_ADMIN=isAdmin(adminUserid))
def admin_courses(self, institution="", *args, **kwargs): """ Lists all available courses. >>> authorizeTests() >>> self = Admin() >>> ret = self.admin_courses() >>> (2, 'Victoria University of Wellington') in ret.OPTION True >>> ret = self.admin_courses('2') >>> (2, 'Victoria University of Wellington') in ret.OPTION True >>> ret.INSTITUTION '2' >>> (1, 'SWEN302') in ret.COURSE_LIST True """ userid = cherrypy.session.get(auth.SESSION_USERID) requireAdmin(userid) allow(["HEAD", "GET", "POST"]) error = "" redirect = "NO" options = [] course_list = [] if institution: cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institutionid,institution_name from institution order by institution_name" ) cursor.execute(query) options = list(cursor) cursor.close() else: cnx, status = db.connect() cursor = cnx.cursor() query = ( "SELECT institutionid,institution_name from institution order by institution_name" ) cursor.execute(query) for (institutionid, institution_name) in cursor: options.append((institutionid, institution_name)) if institution == "": institution = str(institutionid) cursor.close() cnx, status = db.connect() cursor = cnx.cursor() query = ("SELECT courseid,code from course where institutionid = '" + institution + "' order by code") cursor.execute(query) course_list = list(cursor) cursor.close() return templating.render("admin_courses.html", ROOT_URL=config.VIRTUAL_URL, ERROR=error, REDIRECT=redirect, OPTION=options, INSTITUTION=institution, COURSE_LIST=course_list, IS_ADMIN=isAdmin(userid))