def update_grading_status(lti, lti_exception=None): submission_id = maybe_int(request.values.get("submission_id")) # TODO: Pretty sure multiple assignments are broken for grading assignment_group_id = maybe_int(request.values.get('assignment_group_id')) new_grading_status = request.values.get("new_grading_status") user, user_id = get_user() submission = Submission.by_id(submission_id) # Check resource exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if not user.is_grader(submission.course_id): return ajax_failure( "This is not your submission and you are not a grader in its course." ) submission.update_grading_status(new_grading_status) if submission.grading_status != GradingStatuses.FULLY_GRADED: return ajax_success({'new_status': new_grading_status}) # Do action if assignment_group_id is None: assignment_group_id = submission.assignment_group_id error = "Generic LTI Failure - perhaps not logged into LTI session?" try: success, score = lti_post_grade(lti, submission, None, assignment_group_id, submission.user_id, submission.course_id) except LTIPostMessageException as e: success = False error = str(e) if success: make_log_entry(submission.assignment_id, submission.assignment_version, submission.course_id, user_id, "X-Submission.LMS", "answer.py", message=str(score)) return ajax_success({"submitted": True, "new_status": "FullyGraded"}) else: submission.update_grading_status(GradingStatuses.FAILED) make_log_entry(submission.assignment_id, submission.assignment_version, submission.course_id, user_id, "X-Submission.LMS.Failure", "answer.py", message=error) return ajax_failure({ "submitted": False, "message": error, "new_status": "Failed" })
def save_assignment(lti=lti): assignment_id = request.values.get('assignment_id') user, user_id = get_user() course_id = get_course_id() assignment = Assignment.query.get(assignment_id) # Verify exists check_resource_exists(assignment, "Assignment", assignment_id) # Verify permissions if assignment.owner_id != user.id: require_course_grader(user, assignment.course_id) # Parse new settings updates = {} if "hidden" in request.values: updates["hidden"] = maybe_bool(request.values.get("hidden")) if "reviewed" in request.values: updates["reviewed"] = maybe_bool(request.values.get("reviewed")) if "public" in request.values: updates["public"] = maybe_bool(request.values.get("public")) if "url" in request.values: updates["url"] = request.values.get("url") or None if "ip_ranges" in request.values: updates["ip_ranges"] = request.values.get("ip_ranges") if "name" in request.values: updates["name"] = request.values.get("name") if "settings" in request.values: updates["settings"] = request.values.get("settings") # Perform update modified = assignment.edit(updates) make_log_entry(assignment.id, assignment.version, course_id or assignment.course_id, user.id, "X-Instructor.Settings.Edit", "assignment_settings.blockpy", message=json.dumps(updates)) return ajax_success({"modified": modified})
def load_assignment(lti=lti): # Get arguments assignment_id = int(request.values.get('assignment_id')) assignment = Assignment.by_id(assignment_id) course_id = get_course_id(True) user, user_id = get_user() # Verify exists check_resource_exists(assignment, "Assignment", assignment_id) # Verify permissions if course_id is None: editor_information = assignment.for_read_only_editor(user_id) else: editor_information = assignment.for_editor(user_id, course_id) browser_info = repr({ 'platform': request.user_agent.platform, 'browser': request.user_agent.browser, 'version': request.user_agent.version, 'language': request.user_agent.language, 'user_agent': request.user_agent.string }) # Log the event if user is not None: make_log_entry(assignment_id, assignment.version, course_id, user_id, 'Session.Start', message=browser_info) # Verify passcode, if necessary if assignment.passcode_fails(request.values.get('passcode')): return ajax_failure("Passcode {!r} rejected".format( request.values.get("passcode"))) return ajax_success(editor_information)
def get_assignments(): assignment_ids = request.values.get('assignment_ids', "") course_id = get_course_id() user, user_id = get_user() # TODO: verify that they have the permissions to see these assignments assignments, groups = [], [] errors = [] if not assignment_ids: course: Course = Course.by_id(course_id) check_resource_exists(course, "Course", course_id) grouped_assignments = natsorted( course.get_submitted_assignments_grouped(), key=lambda r: (r.AssignmentGroup.name if r.AssignmentGroup is not None else None, r.Assignment.name)) assignments = [a.Assignment.encode_json() for a in grouped_assignments] groups = [ a.AssignmentGroup.encode_json() if a.AssignmentGroup is not None else None for a in grouped_assignments ] else: for assignment_id in assignment_ids.split(","): if not assignment_id.isdigit(): errors.append(f"Unknown Assignment ID: {assignment_id!r}") assignment_id = int(assignment_id) # With Course Role Information assignment = Assignment.by_id(assignment_id) check_resource_exists(assignment, "Assignment", assignment_id) assignments.append(assignment.encode_json()) return ajax_success( dict(assignments=assignments, errors=errors, groups=groups))
def get_assignments(): course_id = request.values.get('course_id') if not g.user.in_course(course_id): return redirect(url_for('courses.index')) groups = [g.encode_json() for g in AssignmentGroup.query.all()] return ajax_success(dict(groups=groups, course_id=course_id))
def save_student_file(filename, course_id, user): submission_id = request.values.get("submission_id") code = request.values.get("code") submission = Submission.query.get(submission_id) # Verify exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if submission.user_id != user.id: require_course_grader(user, submission.course_id) # Validate the maximum file size if app.config["MAXIMUM_CODE_SIZE"] < len(code): return ajax_failure( "Maximum size of code exceeded. Current limit is {}, you uploaded {} characters." .format(app.config["MAXIMUM_CODE_SIZE"], len(code))) # Perform update # TODO: What if submission's assignment version conflicts with current assignments' version? version_change = submission.assignment.version != submission.assignment_version submission.save_code(filename, code) make_log_entry(submission.assignment_id, submission.assignment_version, course_id, user.id, "File.Edit", "answer.py", message=code) return ajax_success({"version_change": version_change})
def update_submission_status(lti, lti_exception=None): # Get parameters submission_id = maybe_int(request.values.get("submission_id")) status = request.values.get('status') course_id = get_course_id() user, user_id = get_user() submission = Submission.by_id(submission_id) # Check resource exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if submission.user_id != user_id and not user.is_grader( submission.course_id): return ajax_failure( "This is not your submission and you are not a grader in its course." ) # Do action success = submission.update_submission_status(status) make_log_entry(submission.assignment_id, submission.assignment_version, course_id, user_id, "Submit", "answer.py", category=status, message=str(success)) return ajax_success({"success": success})
def fix_course_outcome_url(): new_url = request.values.get("new_url") course_id = get_course_id() user, user_id = get_user() require_course_instructor(user, course_id) course = Course.by_id(course_id) course.update_endpoint(new_url) return ajax_success({"success": "True"})
def get_one(self, review_id): user, user_id = get_user() review = Review.by_id(review_id) check_resource_exists(review, "Review", review_id) submission = Submission.by_id(review.submission_id) check_resource_exists(submission, "Submission", review.submission_id) if submission.user_id != user_id: require_course_grader(user, submission.course_id) return ajax_success(dict(review=review.encode_json()))
def load_assignment(lti=lti): # Get arguments assignment_id = int(request.values.get('assignment_id')) assignment = Assignment.by_id(assignment_id) student_id = maybe_int(request.values.get('user_id')) course_id = get_course_id(True) user, user_id = get_user() force_download = maybe_bool(request.values.get('force_download', "false")) # Verify exists check_resource_exists(assignment, "Assignment", assignment_id) # Verify permissions if user_id != student_id and not user.is_grader(course_id): return ajax_failure( "Only graders can see submissions for other people.") if course_id is None: editor_information = assignment.for_read_only_editor(student_id) else: editor_information = assignment.for_editor(student_id, course_id) browser_info = json.dumps({ 'platform': request.user_agent.platform, 'browser': request.user_agent.browser, 'version': request.user_agent.version, 'language': request.user_agent.language, 'user_agent': request.user_agent.string }) # Log the event if user is not None: if user_id != student_id: make_log_entry(assignment_id, assignment.version, course_id, user_id, 'X-Submission.Get', message=str(student_id)) else: make_log_entry(assignment_id, assignment.version, course_id, user_id, 'Session.Start', message=browser_info) # Verify passcode, if necessary if assignment.passcode_fails(request.values.get('passcode')): return ajax_failure("Passcode {!r} rejected".format( request.values.get("passcode"))) if force_download: student_filename = User.by_id(student_id).get_filename("") filename = assignment.get_filename( "") + "_" + student_filename + '_submission.json' return Response(json.dumps(editor_information), mimetype='application/json', headers={ 'Content-Disposition': 'attachment;filename={}'.format(filename) }) else: return ajax_success(editor_information)
def delete(self, review_id): user, user_id = get_user() review = Review.by_id(review_id) check_resource_exists(review, "Review", review_id) submission = Submission.by_id(review.submission_id) check_resource_exists(submission, "Submission", review.submission_id) require_course_grader(user, submission.course_id) review.delete() return ajax_success(dict(success=True))
def get_all(self): submission_id = maybe_int(request.values.get('submission_id')) user, user_id = get_user() if submission_id is None: reviews = Review.get_generic_reviews() else: submission = Submission.by_id(submission_id) check_resource_exists(submission, "Submission", submission_id) reviews = Review.get_for_submission(submission_id) if submission.user_id != user_id: require_course_grader(user, submission.course_id) return ajax_success( dict(reviews=[review.encode_json() for review in reviews]))
def put(self, review_id): user, user_id = get_user() review = Review.by_id(review_id) check_resource_exists(review, "Review", review_id) submission = Submission.by_id(review.submission_id) check_resource_exists(submission, "Submission", review.submission_id) require_course_grader(user, submission.course_id) review_data = request.json.copy() del review_data['id'] fix_nullables(review_data) review_data['author_id'] = user_id edited_review = review.edit(review_data) return ajax_success(dict(review=edited_review.encode_json()))
def update_submission_status(): submission_id = maybe_int(request.values.get("submission_id")) new_submission_status = request.values.get("new_submission_status") user, user_id = get_user() submission = Submission.by_id(submission_id) # Check resource exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if not user.is_grader(submission.course_id): return ajax_failure( "You are not a grader in this submission's course.") submission.update_submission_status(new_submission_status) return ajax_success({'new_status': new_submission_status})
def save_instructor_file(course_id, user, filename): assignment_id = request.values.get("assignment_id") code = request.values.get("code") assignment = Assignment.query.get(assignment_id) # Verify exists check_resource_exists(assignment, "Assignment", assignment_id) # Verify permissions if assignment.owner_id != user.id: require_course_grader(user, assignment.course_id) # Perform update assignment.save_file(filename, code) make_log_entry(assignment_id, assignment.version, course_id, user.id, "X-Instructor.File.Edit", filename, message=code) return ajax_success({})
def log_event(lti=lti): course_id = get_course_id() user, user_id = get_user() assignment_id = request.values.get('assignment_id') assignment_version = request.values.get('assignment_version') event_type = request.values.get("event_type") file_path = request.values.get("file_path", "") category = request.values.get('category', "") label = request.values.get('label', "") message = request.values.get('message', "") # Make the entry new_log = make_log_entry(assignment_id, assignment_version, course_id, user_id, event_type, file_path, category, label, message) return ajax_success({"log_id": new_log.id})
def mass_close_assignment(): assignment_id = maybe_int(request.values.get("assignment_id")) course_id = maybe_int(request.values.get("course_id")) new_submission_status = request.values.get("new_submission_status") user, user_id = get_user() submissions = Submission.by_assignment(assignment_id=assignment_id, course_id=course_id) # Verify permissions if not user.is_grader(course_id): return ajax_failure("You are not a grader in this course.") # Do action for submission in submissions: submission.update_submission_status(new_submission_status) return ajax_success({'new_status': new_submission_status})
def post(self): user, user_id = get_user() submission_id = maybe_int(request.values.get('submission_id')) submission = Submission.by_id(submission_id) check_resource_exists(submission, "Submission", submission_id) require_course_grader(user, submission.course_id) review_data = request.values.copy() del review_data['id'] review_data['author_id'] = user_id review_data['submission_version'] = submission.version review_data['assignment_version'] = submission.assignment_version fix_nullables(review_data) new_review = Review.new(review_data) return ajax_success(dict(review=new_review.encode_json()))
def get_assignments(): assignment_ids = request.values.get('assignment_ids', "") course_id = get_course_id() user, user_id = get_user() # TODO: verify that they have the permissions to see this file assignments = [] for assignment_id in assignment_ids.split(","): if not assignment_id.isdigit(): return ajax_failure(f"Unknown Assignment ID: {assignment_id!r}") assignment_id = int(assignment_id) # With Course Role Information assignment = Assignment.by_id(assignment_id) check_resource_exists(assignment, "Assignment", assignment_id) assignments.append(assignment.encode_json()) return ajax_success(dict(assignments=assignments))
def save_image(): # Get parameters submission_id = maybe_int(request.values.get("submission_id")) directory = request.values.get('directory') image = request.values.get('image') course_id = get_course_id() user, user_id = get_user() submission = Submission.by_id(submission_id) # Check resource exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if submission.user_id != user_id and not user.is_grader(submission.course_id): return ajax_failure("This is not your submission and you are not a grader in its course.") # Do action success = submission.save_image(directory, image) make_log_entry(submission.assignment_id, submission.assignment_version, course_id, user_id, "X-Image.Save", directory) return ajax_success({"success": success})
def load_history(): # Get parameters course_id = maybe_int(request.values.get('course_id')) assignment_id = maybe_int(request.values.get('assignment_id')) student_id = maybe_int(request.values.get('user_id')) page_limit = maybe_int(request.values.get('page_limit')) page_offset = maybe_int(request.values.get('page_offset')) user, user_id = get_user() # Verify user can see the submission if user_id != student_id and not user.is_grader(course_id): return ajax_failure("Only graders can see logs for other people.") history = list( reversed( Log.get_history(course_id, assignment_id, student_id, page_offset=page_offset, page_limit=page_limit))) return ajax_success({"history": history})
def update_submission(lti, lti_exception=None): # Get parameters submission_id = maybe_int(request.values.get("submission_id")) lis_result_sourcedid = request.values.get('lis_result_sourcedid') assignment_group_id = maybe_int(request.values.get('assignment_group_id')) score = float(request.values.get('score', '0')) correct = maybe_bool(request.values.get("correct")) # TODO: Only send image if the assignment settings starts as Block or Split image = request.values.get('image', "") hidden_override = maybe_bool(request.values.get('hidden_override')) force_update = maybe_bool(request.values.get('force_update')) course_id = get_course_id() user, user_id = get_user() submission = Submission.by_id(submission_id) # Check resource exists check_resource_exists(submission, "Submission", submission_id) # Verify permissions if submission.user_id != user_id and not user.is_grader(submission.course_id): return ajax_failure("This is not your submission and you are not a grader in its course.") # Do action was_changed = submission.update_submission(score, correct) if assignment_group_id is None: assignment_group_id = submission.assignment_group_id # TODO: Document that we currently only pass back grade if it changed # TODO: If failure on previous submission grading, then retry if was_changed or force_update: submission.save_block_image(image) error = "Generic LTI Failure - perhaps not logged into LTI session?" try: success, score = lti_post_grade(lti, submission, lis_result_sourcedid, assignment_group_id, submission.user_id, submission.course_id) except LTIPostMessageException as e: success = False error = str(e) if success: make_log_entry(submission.assignment_id, submission.assignment_version, course_id, user_id, "X-Submission.LMS", "answer.py", message=str(score)) else: submission.update_grading_status(GradingStatuses.FAILED) make_log_entry(submission.assignment_id, submission.assignment_version, course_id, user_id, "X-Submission.LMS.Failure", "answer.py", message=error) return ajax_failure({"submitted": False, "changed": was_changed, "message": error}) return ajax_success({"submitted": was_changed or force_update, "changed": was_changed})
def load_history(): # Get parameters course_id = maybe_int(request.values.get('course_id')) assignment_id = (request.values.get('assignment_id')) student_id = (request.values.get('user_id')) page_limit = maybe_int(request.values.get('page_limit')) page_offset = maybe_int(request.values.get('page_offset')) with_submission = maybe_bool(request.values.get('with_submission')) user, user_id = get_user() # Verify user can see the submission if str(user_id) != str(student_id) and not user.is_grader(course_id): return ajax_failure("Only graders can see logs for other people.") history = Log.get_history(course_id, assignment_id, student_id, page_offset=page_offset, page_limit=page_limit) history = list(reversed(history)) submissions = [] if with_submission: submissions = Submission.get_submissions(course_id, assignment_id, student_id) return ajax_success({"history": history, "submissions": submissions})
def users(): user_ids = request.values.get('user_ids', "") course_id = get_course_id() user, user_id = get_user() if course_id is None: return ajax_failure("You are not in a course context.") is_grader = user.is_grader(course_id) if not is_grader and user_ids != str(user_id): return ajax_failure("You do not have permissions to see those users.") users = [] errors = [] # If blank, then get all the available users if not user_ids: course = Course.by_id(course_id) check_resource_exists(course, "Course", course_id) user_roles = course.get_users() user_data = {} for role, user in user_roles: if user not in user_data: user_data[user] = user.encode_json() user_data[user]['roles'] = [] user_data[user]['roles'].append(role.encode_json()) users.extend(user_data.values()) # Otherwise, get the subset suggested else: for user_id in user_ids.split(","): if not user_id.isdigit(): errors.append(f"Unknown User ID: {user_id!r}") continue user_id = int(user_id) # With Course Role Information user = User.by_id(user_id) check_resource_exists(user, "User", user_id) user_data = user.encode_json() user_data['roles'] = [ r.encode_json() for r in user.get_course_roles(course_id) ] users.append(user_data) return ajax_success(dict(users=users, errors=errors))
def users(): user_ids = request.values.get('user_ids', "") course_id = get_course_id() user, user_id = get_user() if course_id is None: return ajax_failure("You are not in a course context.") is_grader = user.is_grader(course_id) if not is_grader and user_ids != str(user_id): return ajax_failure("You do not have permissions to see those users.") users = [] for user_id in user_ids.split(","): if not user_id.isdigit(): return ajax_failure(f"Unknown User ID: {user_id!r}") user_id = int(user_id) # With Course Role Information user = User.by_id(user_id) check_resource_exists(user, "User", user_id) user_data = user.encode_json() user_data['roles'] = [ r.encode_json() for r in user.get_course_roles(course_id) ] users.append(user_data) return ajax_success(dict(users=users))