def get(self): """A GET REST method shared by all unit types.""" key = self.request.get('key') if not roles.Roles.is_course_admin(self.app_context): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return course = courses.Course(self) unit = course.find_unit_by_id(key) if not unit: transforms.send_json_response(self, 404, 'Object not found.', {'key': key}) return message = ['Success.'] if self.request.get('is_newly_created'): message.append('New %s has been created and saved.' % self.NAME) transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=self.unit_to_dict(course, unit), xsrf_token=XsrfTokenManager.create_xsrf_token('put-unit'))
def get(self): """Get the data to populate the question editor form.""" key = self.request.get('key') if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return if key: question = QuestionDAO.load(key) payload_dict = question.dict else: payload_dict = { 'version': self.SCHEMA_VERSION, 'question': '', 'description': '', 'graders': [{ 'score': '1.0', 'matcher': 'case_insensitive', 'response': '', 'feedback': '' }] } transforms.send_json_response( self, 200, 'Success', payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))
def get(self): """A GET REST method shared by all unit types.""" key = self.request.get("key") if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, "Access denied.", {"key": key}) return unit = courses.Course(self).find_unit_by_id(key) if not unit: transforms.send_json_response(self, 404, "Object not found.", {"key": key}) return message = ["Success."] if self.request.get("is_newly_created"): unit_type = verify.UNIT_TYPE_NAMES[unit.type].lower() message.append("New %s has been created and saved." % unit_type) transforms.send_json_response( self, 200, "\n".join(message), payload_dict=self.unit_to_dict(unit), xsrf_token=XsrfTokenManager.create_xsrf_token("put-unit"), )
def do_render(self, form): self.template_value['navbar'] = {} self.template_value['form'] = form self.template_value['post_url'] = self.request.url self.template_value['xsrf_token'] = ( XsrfTokenManager.create_xsrf_token('survey-post-' + self.name)) self.render(self.template)
def get(self): """Provides empty initial content for asset upload editor.""" # TODO(jorr): Pass base URI through as request param when generalized. key = self.request.get('key') base = asset_paths.AllowedBases.match_allowed_bases(key) if not base: transforms.send_json_response(self, 400, 'Malformed request.', {'key': key}) return json_payload = { 'key': key, 'base': base, } fs = self.app_context.fs.impl if fs.isfile(fs.physical_to_logical(key)): json_payload['asset_url'] = key else: json_payload['asset_url'] = asset_paths.relative_base(base) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token( self.XSRF_TOKEN_NAME))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" key = self.request.get('key') if not ConfigPropertyRights.can_view(): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return item = None if key and key in config.Registry.registered.keys(): item = config.Registry.registered[key] if not item: self.redirect('/admin?action=settings') try: entity = config.ConfigPropertyEntity.get_by_key_name(key) except db.BadKeyError: entity = None if not entity: transforms.send_json_response( self, 404, 'Object not found.', {'key': key}) else: entity_dict = {'name': key, 'is_draft': entity.is_draft} entity_dict['value'] = transforms.string_to_value( entity.value, item.value_type) json_payload = transforms.dict_to_json( entity_dict, transforms.loads( ConfigPropertyEditor.get_schema_json(item))) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token( 'config-property-put'))
def get(self): """Provides empty initial content for asset upload editor.""" # TODO(jorr): Pass base URI through as request param when generalized. json_payload = {'file': '', 'base': ALLOWED_ASSET_UPLOAD_BASE} transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token('asset-upload'))
def get_edit(self): if not course_explorer.GCB_ENABLE_COURSE_EXPLORER_PAGE.value: self.error(404) return user = self.initialize_page_and_get_user() if not user: self.redirect('/explorer') return profile = self.get_profile_for_user(user) if not profile: self.redirect('/explorer') return self.template_value['student'] = profile self.fill_profile_data(profile) self.fill_local_chapter_data() self.template_value['xsrf_token'] = ( XsrfTokenManager.create_xsrf_token('save_profile')) self.template_value['navbar'] = {'profile': True} self.template_value['html_hooks'] = NullHtmlHooks() self.template_value['submit_button_name'] = 'Update Profile' self.template_value['force'] = self.request.get('force') self.render('edit_profile.html')
def render(self, node, context): """Renders the submit button.""" xsrf_token = XsrfTokenManager.create_xsrf_token( QUESTIONNAIRE_XSRF_TOKEN_NAME) form_id = node.attrib.get('form-id') button_label = node.attrib.get('button-label') disabled = (node.attrib.get('disabled') == 'true') post_message = node.text user = context.handler.get_user() registered = False if user and models.Student.get_enrolled_student_by_user(user): registered = True template_vals = { 'xsrf_token': xsrf_token, 'form_id': form_id, 'button_label': button_label, 'disabled': disabled, 'registered': registered, 'post_message': post_message, } template = jinja_utils.get_template( 'questionnaire.html', [TEMPLATES_DIR]) button = template.render(template_vals) return tags.html_string_to_element_tree(button)
def get(self): """Provides empty initial content for asset upload editor.""" # TODO(jorr): Pass base URI through as request param when generalized. key = self.request.get('key') base = asset_paths.AllowedBases.match_allowed_bases(key) if not base: transforms.send_json_response( self, 400, 'Malformed request.', {'key': key}) return json_payload = { 'key': key, 'base': base, } fs = self.app_context.fs.impl if fs.isfile(fs.physical_to_logical(key)): json_payload['asset_url'] = key # TODO(davyrisso): Remove when cached assets issues are solved. # We add a random seed to the URL to force a reload, we also append # the URL because oeditor expects it to end with the filename. suffix = ('?seed=%s&url=%s' % ( str(random.randint(0, 100000)), json_payload['asset_url'])) json_payload['asset_url'] += suffix else: json_payload['asset_url'] = asset_paths.relative_base(base) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN_NAME))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, "Access denied.", {}) return course = courses.Course(self) outline_data = [] for unit in course.get_units(): lesson_data = [] for lesson in course.get_lessons(unit.unit_id): lesson_data.append({"title": lesson.title, "id": lesson.lesson_id}) unit_title = unit.title if verify.UNIT_TYPE_UNIT == unit.type: unit_title = "Unit %s - %s" % (unit.index, unit.title) outline_data.append({"title": unit_title, "id": unit.unit_id, "lessons": lesson_data}) transforms.send_json_response( self, 200, "Success.", payload_dict={"outline": outline_data}, xsrf_token=XsrfTokenManager.create_xsrf_token("unit-lesson-reorder"), )
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" key = self.request.get('key') try: entity = AnnouncementEntity.get(key) except db.BadKeyError: entity = None if not entity: transforms.send_json_response( self, 404, 'Object not found.', {'key': key}) return viewable = AnnouncementsRights.apply_rights(self, [entity]) if not viewable: transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return entity = viewable[0] json_payload = transforms.dict_to_json(transforms.entity_to_dict( entity), AnnouncementsItemRESTHandler.SCHEMA_DICT) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token( 'announcement-put'))
def get(self): """Respond to the REST GET verb with the contents of the group.""" key = self.request.get('key') if not CourseOutlineRights.can_view(self): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return if key: question_group = QuestionGroupDAO.load(key) version = question_group.dict.get('version') if self.SCHEMA_VERSION != version: transforms.send_json_response( self, 403, 'Cannot edit a Version %s group.' % version, {'key': key}) return payload_dict = question_group.dict else: payload_dict = { 'version': self.SCHEMA_VERSION, 'items': [{'weight': ''}, {'weight': ''}, {'weight': ''}]} transforms.send_json_response( self, 200, 'Success', payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" assert self.app_context.is_editable_fs() key = self.request.get('key') if not CourseSettingsRights.can_view(self): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return # Load data if possible. fs = self.app_context.fs.impl filename = fs.physical_to_logical('/course.yaml') try: stream = fs.get(filename) except: # pylint: disable=bare-except stream = None if not stream: transforms.send_json_response( self, 404, 'Object not found.', {'key': key}) return # Prepare data. json_payload = self.process_get() transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_ACTION))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" assert is_editable_fs(self.app_context) key = self.request.get("key") if not FilesRights.can_view(self): transforms.send_json_response(self, 401, "Access denied.", {"key": key}) return # Load data if possible. fs = self.app_context.fs.impl filename = fs.physical_to_logical(key) try: stream = fs.get(filename) except: # pylint: disable=bare-except stream = None if not stream: transforms.send_json_response(self, 404, "Object not found.", {"key": key}) return # Prepare data. entity = {"key": key} if self.is_text_file(key): entity["encoding"] = self.FILE_ENCODING_TEXT entity["content"] = vfs.stream_to_string(stream) else: entity["encoding"] = self.FILE_ENCODING_BINARY entity["content"] = base64.b64encode(stream.read()) # Render JSON response. json_payload = transforms.dict_to_json(entity, FilesItemRESTHandler.SCHEMA_DICT) transforms.send_json_response( self, 200, "Success.", payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token("file-put") )
def test_attempt_activity_event(self): """Test activity attempt generates event.""" email = '*****@*****.**' name = 'Test Attempt Activity Event' actions.login(email) actions.register(self, name) # Enable event recording. config.Registry.db_overrides[ lessons.CAN_PERSIST_ACTIVITY_EVENTS.name] = True # Prepare event. request = {} request['source'] = 'test-source' request['payload'] = json.dumps({'Alice': 'Bob'}) # Check XSRF token is required. response = self.post('rest/events?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) assert_contains('"status": 403', response.body) # Check PUT works. request['xsrf_token'] = XsrfTokenManager.create_xsrf_token( 'event-post') response = self.post('rest/events?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) assert not response.body # Clean up. config.Registry.db_overrides = {}
def get(self): """A GET REST method shared by all unit types.""" key = self.request.get('key') if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return unit = courses.Course(self).find_unit_by_id(key) if not unit: transforms.send_json_response(self, 404, 'Object not found.', {'key': key}) return message = ['Success.'] if self.request.get('is_newly_created'): unit_type = verify.UNIT_TYPE_NAMES[unit.type].lower() message.append('New %s has been created and saved.' % unit_type) transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=self.unit_to_dict(unit), xsrf_token=XsrfTokenManager.create_xsrf_token('put-unit'))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" key = self.request.get('key') try: entity = AnnouncementEntity.get(key) except db.BadKeyError: entity = None if not entity: transforms.send_json_response(self, 404, 'Object not found.', {'key': key}) return viewable = AnnouncementsRights.apply_rights(self, [entity]) if not viewable: transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return entity = viewable[0] json_payload = transforms.dict_to_json( transforms.entity_to_dict(entity), AnnouncementsItemRESTHandler.SCHEMA_DICT) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token('announcement-put'))
def post(self): if not users.is_current_user_admin(): self.abort(403) if not XsrfTokenManager.is_xsrf_token_valid(self.request.POST.get('xsrf_token', ''), 'post'): self.abort(403, 'XSRF token failed.') form = self.Form(self.request.POST) if not form.validate(): self.response.write('<br>'.join(form.errors)) return student = Student.get_by_key_name(form.email.data) report = PartReport.on(student, course=self.get_course(), part=form.part.data, force_re_run=form.re_run.data, put=form.really_save.data) badge_version = choose_badge_version(part_config[form.part.data]['slug'], report.completion()) if badge_version: badge = Badge.get_by_key_name(badge_version) if not badge: self.response.write(' There is no badge with key_name %s (so I cannot issue a badge)' % badge_version) if form.really_save.data and badge: b = Badge.issue(badge, student, put=False) b.evidence = self.request.host_url + '/badges/evidence?id=%d' % report.key().id() b.put() self.response.write('Issued badge %s!' % badge_version) else: self.response.write('Would have issued badge %s!' % badge_version) else: self.response.write('Not issuing because at least one of: %s' % (', '.join(report.incomplete_reasons)))
def get(self): """Handles GET requests.""" if not course_explorer.GCB_ENABLE_COURSE_EXPLORER_PAGE.value: self.error(404) return user = self.initialize_page_and_get_user() if not user: self.redirect('/explorer') return courses = self.get_public_courses() self.template_values['student'] = ( StudentProfileDAO.get_profile_by_user_id(user.user_id())) self.template_values['navbar'] = {'profile': True} self.template_values['courses'] = self.get_enrolled_courses(courses) self.template_values['student_edit_xsrf_token'] = ( XsrfTokenManager.create_xsrf_token( STUDENT_RENAME_GLOBAL_XSRF_TOKEN_ID)) self.template_values['html_hooks'] = NullHtmlHooks() self.template_values['student_preferences'] = {} template = jinja_utils.get_template( '/modules/course_explorer/views/profile.html', DIR) self.response.write(template.render(self.template_values))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return course = courses.Course(self) outline_data = [] for unit in course.get_units(): lesson_data = [] for lesson in course.get_lessons(unit.unit_id): lesson_data.append({ 'title': lesson.title, 'id': lesson.lesson_id }) unit_title = unit.title if verify.UNIT_TYPE_UNIT == unit.type: unit_title = 'Unit %s - %s' % (unit.index, unit.title) outline_data.append({ 'title': unit_title, 'id': unit.unit_id, 'lessons': lesson_data }) transforms.send_json_response( self, 200, 'Success.', payload_dict={'outline': outline_data}, xsrf_token=XsrfTokenManager.create_xsrf_token( 'unit-lesson-reorder'))
def get(self): """Get the data to populate the question editor form.""" key = self.request.get('key') if not CourseOutlineRights.can_view(self): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return if key: question = QuestionDAO.load(key) payload_dict = question.dict else: payload_dict = { 'version': self.SCHEMA_VERSION, 'question': '', 'description': '', 'graders': [ { 'score': '1.0', 'matcher': 'case_insensitive', 'response': '', 'feedback': ''}]} transforms.send_json_response( self, 200, 'Success', payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return course = courses.Course(self) outline_data = [] for unit in course.get_units(): lesson_data = [] for lesson in course.get_lessons(unit.unit_id): lesson_data.append({ 'title': lesson.title, 'id': lesson.lesson_id}) unit_title = unit.title if verify.UNIT_TYPE_UNIT == unit.type: unit_title = 'Unit %s - %s' % (unit.index, unit.title) outline_data.append({ 'title': unit_title, 'id': unit.unit_id, 'lessons': lesson_data}) transforms.send_json_response( self, 200, None, payload_dict={'outline': outline_data}, xsrf_token=XsrfTokenManager.create_xsrf_token( 'unit-lesson-reorder'))
def get(self): """Handles the get verb.""" assert FilesRights.can_edit(self) filename = self.request.get('key') assert filename asset = self.app_context.fs.impl.get( os.path.join(appengine_config.BUNDLE_ROOT, filename)) assert asset contents = asset.read() is_text = is_text_payload(contents) if not is_text: contents = self.ERROR_MESSAGE_UNEDITABLE json_message = 'Success.' if is_text else self.ERROR_MESSAGE_UNEDITABLE json_payload = { 'contents': contents, 'is_text': is_text, 'readonly': is_readonly_asset(asset), } transforms.send_json_response( self, 200, json_message, payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token( self.XSRF_TOKEN_NAME))
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" key = self.request.get('key') if not ConfigPropertyRights.can_view(): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return item = None if key and key in config.Registry.registered.keys(): item = config.Registry.registered[key] if not item: self.redirect('/admin?action=settings') try: entity = config.ConfigPropertyEntity.get_by_key_name(key) except db.BadKeyError: entity = None if not entity: transforms.send_json_response( self, 404, 'Object not found.', {'key': key}) else: entity_dict = {'name': key, 'is_draft': entity.is_draft} entity_dict['value'] = transforms.string_to_value( entity.value, item.value_type) json_payload = transforms.dict_to_json( entity_dict, json.loads(ConfigPropertyEditor.get_schema_json(item))) transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token( 'config-property-put'))
def test_non_admin_has_no_access(self): """Test non admin has no access to pages or REST endpoints.""" email = '*****@*****.**' actions.login(email) # Add datastore override. prop = config.ConfigPropertyEntity( key_name='gcb_config_update_interval_sec') prop.value = '5' prop.is_draft = False prop.put() # Check user has no access to specific pages and actions. response = self.testapp.get('/admin?action=settings') assert_equals(response.status_int, 302) response = self.testapp.get( '/admin?action=config_edit&name=gcb_admin_user_emails') assert_equals(response.status_int, 302) response = self.testapp.post( '/admin?action=config_reset&name=gcb_admin_user_emails') assert_equals(response.status_int, 302) # Check user has no rights to GET verb. response = self.testapp.get( '/rest/config/item?key=gcb_config_update_interval_sec') assert_equals(response.status_int, 200) json_dict = json.loads(response.body) assert json_dict['status'] == 401 assert json_dict['message'] == 'Access denied.' # Check user has no rights to PUT verb. payload_dict = {} payload_dict['value'] = '666' payload_dict['is_draft'] = False request = {} request['key'] = 'gcb_config_update_interval_sec' request['payload'] = json.dumps(payload_dict) # Check XSRF token is required. response = self.testapp.put('/rest/config/item?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) assert_contains('"status": 403', response.body) # Check user still has no rights to PUT verb even if he somehow # obtained a valid XSRF token. request['xsrf_token'] = XsrfTokenManager.create_xsrf_token( 'config-property-put') response = self.testapp.put('/rest/config/item?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) json_dict = json.loads(response.body) assert json_dict['status'] == 401 assert json_dict['message'] == 'Access denied.'
def get(self): if not users.is_current_user_admin(): self.abort(403) form = self.Form() self.template_value['form'] = form self.template_value['xsrf_token'] = XsrfTokenManager.create_xsrf_token('post') self.template_value['action_url'] = self.request.url self.template_value['title'] = 'Reconsider a single participant' self.render('badge_bulk_issue.html')
def do_render(self, form, template): self.template_value['navbar'] = {'registration': True} self.template_value['form'] = form self.template_value['list'] = list self.template_value['max_student_count'] = MAXIMUM_PARTICIPANTS self.template_value['student_count'] = get_student_count() self.template_value['xsrf_token'] = ( XsrfTokenManager.create_xsrf_token('register-conf-post-' + self._page())) self.render(template)
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return transforms.send_json_response( self, 200, 'Success.', payload_dict={'course': None}, xsrf_token=XsrfTokenManager.create_xsrf_token( 'unit-lesson-reorder'))
def get(self): """Get the data to populate the question editor form.""" def export(q_dict): p_dict = copy.deepcopy(q_dict) # InputEx does not correctly roundtrip booleans, so pass strings p_dict['multiple_selections'] = ( 'true' if q_dict.get('multiple_selections') else 'false') return p_dict key = self.request.get('key') if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {'key': key}) return if key: question = QuestionDAO.load(key) payload_dict = export(question.dict) else: payload_dict = { 'version': self.SCHEMA_VERSION, 'question': '', 'description': '', 'multiple_selections': 'false', 'choices': [{ 'score': '1', 'text': '', 'feedback': '' }, { 'score': '0', 'text': '', 'feedback': '' }, { 'score': '0', 'text': '', 'feedback': '' }, { 'score': '0', 'text': '', 'feedback': '' }] } transforms.send_json_response( self, 200, 'Success', payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN))
def get(self): """A GET REST method shared by all unit types.""" if not roles.Roles.is_super_admin(): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return message = ['Success.'] transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=self.to_dict(), xsrf_token=XsrfTokenManager.create_xsrf_token('add-new-category'))
def get(self): """Provides empty initial content for asset upload editor.""" # TODO(jorr): Pass base URI through as request param when generalized. base = self.request.get("key") assert base in ALLOWED_ASSET_UPLOAD_BASES json_payload = {"file": "", "base": base} transforms.send_json_response( self, 200, "Success.", payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token("asset-upload"), )
def get(self): """Handles HTTP GET verb.""" if not CoursesPropertyRights.can_add(): transforms.send_json_response(self, 401, "Access denied.") return transforms.send_json_response( self, 200, "Success.", payload_dict={"name": "new_course", "title": "My New Course", "admin_email": self.get_user().email()}, xsrf_token=XsrfTokenManager.create_xsrf_token("add-course-put"), )
def get(self): """Handles REST GET verb and returns an object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return first_course_in_dropdown = self._get_course_list()[0]['value'] transforms.send_json_response( self, 200, None, payload_dict={'course': first_course_in_dropdown}, xsrf_token=XsrfTokenManager.create_xsrf_token( 'import-course'))
def get(self): """Handles REST GET verb and returns the uri of the asset.""" uri = self.request.get('key') if not FilesRights.can_view(self): transforms.send_json_response( self, 401, 'Access denied.', {'key': uri}) return transforms.send_json_response( self, 200, 'Success.', payload_dict={'uri': uri}, xsrf_token=XsrfTokenManager.create_xsrf_token('asset-delete'))
def get(self): """Handles HTTP GET verb.""" if not CoursesPropertyRights.can_add(): transforms.send_json_response( self, 401, 'Access denied.') return transforms.send_json_response( self, 200, 'Success.', payload_dict={ 'name': 'new_course', 'title': 'My New Course', 'admin_email': self.get_user().email()}, xsrf_token=XsrfTokenManager.create_xsrf_token( 'add-course-put'))
def get(self): """Handles GET requests.""" user = self.initialize_page_and_get_user() courses = self.get_public_courses() self.template_values['student'] = ( StudentProfileDAO.get_profile_by_user_id(user.user_id())) self.template_values['navbar'] = {'profile': True} self.template_values['courses'] = self.get_enrolled_courses(courses) self.template_values['student_edit_xsrf_token'] = ( XsrfTokenManager.create_xsrf_token( STUDENT_RENAME_GLOBAL_XSRF_TOKEN_ID)) template = jinja_utils.get_template( '/modules/course_explorer/views/profile.html', DIR, LOCALE) self.response.write(template.render(self.template_values))
def get(self): """A GET REST method shared by all unit types.""" if not roles.Roles.is_super_admin(): transforms.send_json_response(self, 403, 'Access denied.', {}) return message = ['Success.'] transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=self.to_dict(), xsrf_token=XsrfTokenManager.create_xsrf_token( 'bulk_score_offline_assignment'))
def get(self): """Handles REST GET verb and returns the uri of the asset.""" uri = self.request.get("key") if not FilesRights.can_view(self): transforms.send_json_response(self, 401, "Access denied.", {"key": uri}) return transforms.send_json_response( self, 200, "Success.", payload_dict={"uri": uri}, xsrf_token=XsrfTokenManager.create_xsrf_token("asset-delete"), )
def get_settings(self): user = self.personalize_page_and_get_enrolled() if not user: return try: report = PartReport.get_by_id(int(self.request.GET.get('id', -1))) except ValueError: report = None if not report: self.abort(404, "That evidence report was not found.") if not self.can_edit(user, report): self.abort(403) form = self.SettingsForm( report_id=report.key().id(), units_are_public=report.units_are_public, exam_display=report.exam_display, review_is_public=report.review_is_public) #if report.part != 4: #del form.review_is_public display_field_params = { 'choices': [('blank', '(Blank)')], 'default': 'blank' } if report.assessment_scores: if len(report.assessment_scores) > 1: logging.warning("Evidence page settings assuming there's just one exam per part, but there is more than one") display_field_params = exam_display_choices( report.assessment_scores[0]) form.exam_display.choices = display_field_params['choices'] form.exam_display.default = display_field_params['default'] self.template_value['report'] = report self.template_value['form'] = form self.template_value['xsrf_token'] = XsrfTokenManager.create_xsrf_token('save_settings') self.template_value['navbar'] = {} self.template_value['action_url'] = '/badges/evidence?action=save_settings' self.template_value['badge_name'] = report._config['name'] self.render('wf_evidence_settings.html')
def test_attempt_activity_event(self): """Test activity attempt generates event.""" email = '*****@*****.**' name = 'Test Attempt Activity Event' actions.login(email) actions.register(self, name) # Enable event recording. config.Registry.db_overrides[ lessons.CAN_PERSIST_ACTIVITY_EVENTS.name] = True # Prepare event. request = {} request['source'] = 'test-source' request['payload'] = json.dumps({'Alice': u'Bob (тест данные)'}) # Check XSRF token is required. response = self.post('rest/events?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) assert_contains('"status": 403', response.body) # Check PUT works. request['xsrf_token'] = XsrfTokenManager.create_xsrf_token( 'event-post') response = self.post('rest/events?%s' % urllib.urlencode( {'request': json.dumps(request)}), {}) assert_equals(response.status_int, 200) assert not response.body # Check event is properly recorded. old_namespace = namespace_manager.get_namespace() namespace_manager.set_namespace(self.namespace) try: events = models.EventEntity.all().fetch(1000) assert 1 == len(events) assert_contains( u'Bob (тест данные)', json.loads(events[0].data)['Alice']) finally: namespace_manager.set_namespace(old_namespace) # Clean up. config.Registry.db_overrides = {}
def get(self): """A GET REST method""" if not roles.Roles.is_super_admin(): transforms.send_json_response(self, 401, 'Access denied.', {'key': ''}) return errors = [] payload_dict = self.to_dict(errors) if errors: transforms.send_json_response(self, 412, '\n'.join(errors)) return message = ['Success.'] transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token( 'update-service_account'))
def get(self): """Handles GET REST verb and returns lesson object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return key = self.request.get('key') course = courses.Course(self) lesson = course.find_lesson_by_id(None, key) assert lesson fs = self.app_context.fs path = fs.impl.physical_to_logical( course.get_activity_filename(lesson.unit_id, lesson.lesson_id)) if lesson.has_activity and fs.isfile(path): activity = fs.get(path) else: activity = '' payload_dict = { 'key': key, 'title': lesson.title, 'unit_id': lesson.unit_id, 'objectives': lesson.objectives, 'video': lesson.video, 'notes': lesson.notes, 'activity_title': lesson.activity_title, 'activity_listed': lesson.activity_listed, 'activity': activity, 'is_draft': not lesson.now_available } message = ['Success.'] if self.request.get('is_newly_created'): message.append('New lesson has been created and saved.') transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token('lesson-edit'))
def get(self): """A GET REST method shared by all unit types.""" if not roles.Roles.is_super_admin(): transforms.send_json_response( self, 401, 'Access denied.', {'key': key}) return key = self.request.get('key') errors = [] payload_dict = self.to_dict(key, errors) if errors: transforms.send_json_response(self, 412, '\n'.join(errors)) return message = ['Success.'] transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token('update-category'))
def get(self): """Handles GET REST verb and returns lesson object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, "Access denied.", {}) return key = self.request.get("key") course = courses.Course(self) lesson = course.find_lesson_by_id(None, key) assert lesson fs = self.app_context.fs path = fs.impl.physical_to_logical(course.get_activity_filename(lesson.unit_id, lesson.lesson_id)) if lesson.has_activity and fs.isfile(path): activity = fs.get(path) else: activity = "" payload_dict = { "key": key, "title": lesson.title, "unit_id": lesson.unit_id, "objectives": lesson.objectives, "video": lesson.video, "notes": lesson.notes, "activity_title": lesson.activity_title, "activity": activity, "is_draft": not lesson.now_available, } message = ["Success."] if self.request.get("is_newly_created"): message.append("New lesson has been created and saved.") transforms.send_json_response( self, 200, "\n".join(message), payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token("lesson-edit"), )
def get(self): """Provides empty initial content for asset upload editor.""" # TODO(jorr): Pass base URI through as request param when generalized. key = self.request.get('key') base = _match_allowed_bases(key) if not base: transforms.send_json_response( self, 400, 'Malformed request.', {'key': key}) return json_payload = { 'key': key, 'base': base, } fs = self.app_context.fs.impl if fs.isfile(fs.physical_to_logical(key)): json_payload['asset_url'] = key transforms.send_json_response( self, 200, 'Success.', payload_dict=json_payload, xsrf_token=XsrfTokenManager.create_xsrf_token(self.XSRF_TOKEN_NAME))
def get(self): """Handles GET REST verb and returns lesson object as JSON payload.""" if not CourseOutlineRights.can_view(self): transforms.send_json_response(self, 401, 'Access denied.', {}) return key = self.request.get('key') course = courses.Course(self) lesson = course.find_lesson_by_id(None, key) assert lesson fs = self.app_context.fs path = fs.impl.physical_to_logical(course.get_activity_filename( lesson.unit_id, lesson.lesson_id)) if lesson.has_activity and fs.isfile(path): activity = fs.get(path) else: activity = '' payload_dict = { 'key': key, 'title': lesson.title, 'unit_id': lesson.unit_id, 'objectives': lesson.objectives, 'video': lesson.video, 'notes': lesson.notes, 'activity_title': lesson.activity_title, 'activity_listed': lesson.activity_listed, 'activity': activity, 'is_draft': not lesson.now_available } message = ['Success.'] if self.request.get('is_newly_created'): message.append('New lesson has been created and saved.') transforms.send_json_response( self, 200, '\n'.join(message), payload_dict=payload_dict, xsrf_token=XsrfTokenManager.create_xsrf_token('lesson-edit'))