def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get('user_id')
if user_id is None:
g.user = None
else:
g.user = get_db().execute('SELECT * FROM user WHERE id = ?',
(user_id, )).fetchone()
g.accessible_chains = list(c['chain_id'] for c in get_db().execute(
'SELECT chain_id FROM user_chain WHERE user_id = ?', (
user_id, )).fetchall())
def chain_get(chain_id):
if request.method == 'POST':
_, chain = load_chain(chain_id)
description = request.form['description']
for grade in request.form:
if grade.startswith('student-'):
student = grade[len('student-'):]
value = int(request.form[grade])
add_grade(chain, g.user['username'], student, value,
description)
db = get_db()
db.execute('UPDATE chain SET data = ? WHERE id = ?',
(serialize_chain(chain), chain_id))
db.commit()
return redirect(url_for('chain.chain_get', chain_id=chain_id))
chain_name, chain = load_chain(chain_id)
students = validate_chain(chain)
events, descriptions, matrix = get_history(chain)
return render_template('chain/details.html',
chain={
'id': chain_id,
'name': chain_name,
},
students=students,
events=events,
descriptions=descriptions,
matrix=matrix)
def create():
"""Create a new post for the current user."""
if request.method == 'POST':
name = request.form['name']
lecturer = g.user['username']
error = None
if not name:
error = 'Name is required.'
if error is not None:
flash(error)
else:
chain = create_chain(chain_name=name, owner=lecturer)
chain = serialize_chain(chain)
db = get_db()
cursor = db.cursor()
cursor.execute(
'INSERT INTO chain (owner_id, name, data)'
' VALUES (?, ?, ?)', (g.user['id'], name, chain))
db.commit()
cursor.execute(
'INSERT INTO user_chain (chain_id, user_id) VALUES (?, ?)',
(cursor.lastrowid, g.user['id']))
db.commit()
cursor.close()
return redirect(url_for('chain.index'))
return render_template('chain/create.html')
def chain_new_student(chain_id):
if request.method == 'POST':
name = request.form['name']
_, chain = load_chain(chain_id)
add_student(chain, g.user['username'], name)
db = get_db()
db.execute('UPDATE chain SET data = ? WHERE id = ?',
(serialize_chain(chain), chain_id))
cursor = db.cursor()
cursor.execute('INSERT INTO user (username, password) VALUES (?, ?)',
(name, generate_password_hash('123')))
db.commit()
cursor.execute(
'INSERT INTO user_chain (user_id, chain_id) VALUES (?, ?)',
(cursor.lastrowid, chain_id))
db.commit()
cursor.close()
return redirect(url_for('chain.chain_get', chain_id=chain_id))
return render_template('chain/new_student.html')
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
user = db.execute('SELECT * FROM user WHERE username = ?',
(username, )).fetchone()
if user is None:
error = 'Incorrect username.'
elif not check_password_hash(user['password'], password):
error = 'Incorrect password.'
if error is None:
# store the user id in a new session and return to the index
session.clear()
session['user_id'] = user['id']
return redirect(url_for('index'))
flash(error)
return render_template('auth/login.html')
def register_lecturer():
"""Register a new lecturer.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == 'POST':
if not g.user or not g.user['admin']:
flash('Need to be an admin to register new lecturers')
return
username = request.form['username']
password = request.form['password']
db = get_db()
error = None
if not username:
error = 'Username is required.'
elif not password:
error = 'Password is required.'
elif db.execute('SELECT id FROM user WHERE username = ?',
(username, )).fetchone() is not None:
error = 'User {0} is already registered.'.format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
db.execute(
'INSERT INTO user (username, password, lecturer) VALUES (?, ?, ?)',
(username, generate_password_hash(password), True))
db.commit()
return redirect(url_for('auth.login'))
flash(error)
return render_template('auth/register.html')
def load_chain(chain_id):
dbdata = get_db().execute('SELECT name, data FROM chain WHERE id = ?',
(chain_id, )).fetchone()
return dbdata['name'], deserialize_chain(dbdata['data'])
def index():
db = get_db()
chains = db.execute(
'SELECT c.id, c.name, c.owner_id, owner.username FROM chain c JOIN user owner ON c.owner_id = owner.id, user_chain uc WHERE c.id = uc.chain_id AND uc.user_id = ?',
(g.user['id'], )).fetchall()
return render_template('chain/index.html', chains=chains)