def lesson_update(request, lesson_id): lesson = get_record_by_id(lesson_id, Lesson) json_data = json_from_request(request) if "name" in json_data.keys(): if json_data['name'] != lesson.name: validate_lesson_name(name=json_data['name'], school_id=g.user.school_id) lesson.name = json_data['name'] if "subject_id" in json_data.keys(): subject = get_record_by_id(json_data['subject_id'], Subject, custom_not_found_error=CustomError( 409, message="Invalid subject_id.")) lesson.subject_id = subject.id if "teacher_ids" in json_data.keys(): lesson.teachers = [] add_teachers(json_data['teacher_ids'], lesson) if "student_ids" in json_data.keys(): lesson.students = [] add_students(json_data['student_ids'], lesson) db.session.add(lesson) db.session.commit() return jsonify({'success': True, 'message': 'Updated.'})
def form_detail(request, form_id): # Get form by id from URL # this function will throw a 404 error if id not found and a 409 error if form.school_id != g.user.school_id form = get_record_by_id(form_id, Form) # Return JSON return jsonify({'success': True, 'form': form.to_dict()})
def grant_permission(request): data = json_from_request(request) expected_keys = ["user_id", "permission_id"] check_keys(expected_keys, data) # Check user specified is in the correct school user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id.")) # Check the permission specified is in the correct school permission = get_permission_by_id( data['permission_id'], CustomError(409, message="Invalid permission_id.")) # Check user does not have the permission for p in user.permissions: if p.id == data['permission_id']: raise CustomError( 409, message="User with id: {} already has permission with id: {}". format(data['user_id'], data['permission_id'])) user.permissions.append(permission) db.session.add(user) db.session.commit() # Return success status return jsonify({'success': True}), 201
def submit_essay(request, essay_id): # Check essay if valid essay = get_record_by_id(essay_id, Essay, check_school_id=False) # Validate lesson resp = services.lesson.get("lessons/lesson/{}".format(essay.lesson_id), headers=g.user.headers_dict(), params={'nest-students': True}) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if lesson['school_id'] != g.user.school_id: raise UnauthorizedError() top_level_expected_keys = ["content"] json_data = json_from_request(request) check_keys(top_level_expected_keys, json_data) if g.user.id not in [t['id'] for t in lesson['students']]: raise UnauthorizedError() submission = EssaySubmission( essay.id, g.user.id, datetime.datetime.now(), # TODO: Deal with timezones json_data['content']) db.session.add(submission) db.session.commit() return jsonify({'success': True}), 201
def view_quiz_submission(submission_id): if not (g.user.has_permissions({'Teacher'}) or g.user.has_permissions({'Student'})): raise UnauthorizedError() submission = get_record_by_id(submission_id, QuizSubmission, check_school_id=False) # Validate lesson resp = services.lesson.get("lessons/lesson/{}".format( submission.homework.lesson_id), headers=g.user.headers_dict(), params={'nest-students': True}) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if lesson['school_id'] != g.user.school_id: raise UnauthorizedError() return jsonify({ 'success': True, 'submission': submission.to_dict(nest_user=True, nest_homework=True, nest_comments=True) })
def current_user_details(request): nest_permissions = get_boolean_query_param(request, 'nest-permissions') user = get_record_by_id(g.user.id, User) user_dict = user.to_dict(nest_permissions=nest_permissions) return jsonify({'success': True, 'user': user_dict})
def remove_permission(request): data = json_from_request(request) expected_keys = ["user_id"] check_keys(expected_keys, data) if "permission_id" not in data.keys() and "all" not in data.keys(): raise MissingKeyError("permission_id or all") # Check user specified is in the correct school user = get_record_by_id(data['user_id'], User, CustomError(409, message="Invalid user_id.")) if "all" in data.keys() and data['all'] is True: user.permissions = [] else: # Check the permission specified is in the correct school permission = get_permission_by_id( data['permission_id'], CustomError(409, message="Invalid permission_id.")) # Check the user has the permission if permission.id not in [p.id for p in user.permissions]: raise CustomError( 409, message="User with id: {} does not have permission with id: {}" .format(data['user_id'], data['permission_id'])) user.permissions.remove(permission) db.session.add(user) db.session.commit() # Return success status return jsonify({'success': True}), 200
def submit_quiz(request, quiz_id): # Check quiz is valid quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False) # Validate lesson resp = services.lesson.get("lessons/lesson/{}".format(quiz.lesson_id), headers=g.user.headers_dict(), params={'nest-students': True}) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if lesson['school_id'] != g.user.school_id: raise UnauthorizedError() json_data = json_from_request(request) expected_top_keys = ['answers'] expected_inner_keys = ['question_id', 'answer'] check_keys(expected_top_keys, json_data) if g.user.id not in [t['id'] for t in lesson['students']]: raise UnauthorizedError() question_ids = [question.id for question in quiz.questions] submission = QuizSubmission( homework_id=quiz.id, user_id=g.user.id, datetime_submitted=datetime.datetime.now() # TODO: Deal with timezones ) for answer in json_data['answers']: check_keys(expected_inner_keys, answer) question = get_record_by_id(answer['question_id'], Question, check_school_id=False) if question.id not in question_ids: raise UnauthorizedError() answer = QuizAnswer(answer['answer'], submission.id, question.id) submission.answers.append(answer) submission.mark() db.session.add(submission) db.session.commit() return jsonify({'score': submission.total_score})
def user_delete(request, user_id): # Get user object using id from URL user = get_record_by_id(user_id, User) # Delete user db.session.delete(user) db.session.commit() # Return success message return jsonify({'success': True, 'message': 'Deleted.'})
def user_update(request, user_id): # Get JSON data data = json_from_request(request) # Get User object from id in url user = get_record_by_id(user_id, User) # Check that check_values_not_blank(data.keys(), data) if "first_name" in data.keys(): user.first_name = data['first_name'] if "last_name" in data.keys(): user.first_name = data['first_name'] if "password" in data.keys(): user.password = user.generate_password_hash(data['password']) if "email" in data.keys(): if user.email != data['email'] and User.query.filter_by( email=data['email']).first() is not None: raise FieldInUseError("email") user.email = data['email'] if "username" in data.keys(): if user.username != data['username'] and User.query.filter_by( username=data['username'], school_id=g.user.school_id).first() is not None: raise FieldInUseError("username") user.username = data['username'] if "form_id" in data.keys(): # Validate form id form = get_record_by_id(data["form_id"], Form, custom_not_found_error=CustomError( 409, message="Invalid form_id.")) user.form_id = form.id db.session.add(user) db.session.commit() return jsonify({'success': True, 'message': 'Updated.'})
def delete_form(request, form_id): # Get Form using id form = get_record_by_id(form_id, Form) # Delete from DB db.session.delete(form) db.session.commit() # Return JSON return jsonify({'success': True, 'message': 'Deleted.'})
def lesson_delete(request, lesson_id): lesson = get_record_by_id(lesson_id, Lesson) # # lessons = db.session.query(lesson_teacher).filter(lesson_teacher.c.lesson_id==lesson.id).all() # lessons = db.session.query(lesson_student).filter(lesson_student.c.lesson_id == lesson.id).all() # print(lessons) # # lesson = Lesson.query.filter_by(id=lesson_id) # l = db.session.query(Lesson).filter(Lesson.id == lesson_id).first() # print(l) db.session.delete(lesson) db.session.commit() return jsonify({'success': True, 'message': 'Deleted.'})
def user_detail(request, user_id): # Get user by id user = get_record_by_id(user_id, User) # Get query params nest_permissions = get_boolean_query_param(request, 'nest-permissions') # Return user return jsonify({ 'success': True, "user": user.to_dict(nest_permissions=nest_permissions) })
def list_submissions(homework_id): homework = get_record_by_id(homework_id, Homework, check_school_id=False) resp = services.lesson.get('lessons/lesson/{}'.format(homework.lesson_id), headers=g.user.headers_dict()) if resp.status_code != 200: raise CustomError( **resp.json() ) if resp.json()['lesson']['school_id'] != g.user.school_id: raise UnauthorizedError() submissions = Submission.query.filter_by(homework_id=homework.id).all() return jsonify({'success': True, 'submissions': [s.to_dict(nest_user=True) for s in submissions]})
def subject_delete_view(request, subject_id): subject = get_record_by_id(subject_id, Subject) # Check if subject still has lessons lesson = Lesson.query.filter_by(subject_id=subject.id).first() if lesson is not None: return jsonify({ 'error': True, 'message': 'Please delete all lessons which are part of this subject' }), 409 db.session.delete(subject) db.session.commit() return jsonify({'success': True, 'message': 'Deleted.'})
def lesson_detail(request, lesson_id): lesson = get_record_by_id(lesson_id, Lesson) nest_teachers = get_boolean_query_param(request, 'nest-teachers') nest_students = get_boolean_query_param(request, 'nest-students') nest_subject = get_boolean_query_param(request, 'nest-subject') nest_homework = get_boolean_query_param(request, 'nest-homework') return jsonify({ 'success': True, 'lesson': lesson.to_dict(nest_homework=nest_homework, nest_teachers=nest_teachers, nest_students=nest_students, nest_subject=nest_subject) })
def subject_update_view(request, subject_id): # Get subject subject = get_record_by_id(subject_id, Subject) # Get JSON data data = json_from_request(request) # If name in data, then update the name if 'name' in data.keys(): if subject_name_in_use(data['name'], school_id=subject.school_id): raise FieldInUseError("name") subject.name = data['name'] db.session.add(subject) db.session.commit() return jsonify({'success': True, 'message': 'Updated.'})
def essay_detail(request, essay_id): # Check essay if valid essay = get_record_by_id(essay_id, Essay, check_school_id=False) resp = services.lesson.get( "lessons/lesson/{}".format(essay.lesson_id), headers=g.user.headers_dict(), ) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if lesson['school_id'] != g.user.school_id: raise UnauthorizedError() return jsonify({'success': True, 'essay': essay.to_dict()})
def quiz_detail(request, quiz_id): # Check quiz if valid quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False) resp = services.lesson.get( "lessons/lesson/{}".format(quiz.lesson_id), headers=g.user.headers_dict(), ) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if lesson['school_id'] != g.user.school_id: raise UnauthorizedError() return jsonify({'success': True, 'quiz': quiz.to_dict()})
def user_create(request): # Decode the JSON data data = json_from_request(request) # Validate data expected_keys = [ "first_name", "last_name", "password", "username", "email" ] # List of keys which need to in JSON check_keys(expected_keys, data) # Checks keys are in JSON check_values_not_blank( expected_keys, data) # Check that values for the keys are not blank # Check email is not in use. if User.query.filter_by(email=data['email']).first() is not None: raise FieldInUseError("email") # Check username is not in use in that school. if User.query.filter_by(username=data['username'], school_id=g.user.school_id).first() is not None: raise FieldInUseError("username") # Create user user = User(first_name=data['first_name'], last_name=data['last_name'], email=data['email'], password=data['password'], username=data['username'], school_id=g.user.school_id) if "form_id" in data.keys(): # Validate form id form = get_record_by_id(data["form_id"], Form, custom_not_found_error=CustomError( 409, message="Invalid form_id.")) # Set user's form_id user.form_id = form.id # Add user to db db.session.add(user) db.session.commit() # Return JSON return jsonify({"success": True, "user": user.to_dict()}), 201
def edit_form(request, form_id): data = json_from_request(request) # Get data from request form = get_record_by_id(form_id, Form) # Get form by id (this automatically checks school_id is the same as the g.user) # Check name key is in JSON if "name" in data.keys(): # Check name is not blank if data['name'].strip() == "": raise BlankValueError("name") # Update form data form.name = data['name'] # Update DB db.session.add(form) db.session.commit() # Return JSON return jsonify({'success': True, 'message': 'Updated.'})
def comment_update_view(request, comment_id): """Update Comment based on id.""" # Get comment comment = get_record_by_id(comment_id, Comment) # Validate that user has permission if comment.user_id != g.user.id: raise UnauthorizedError() # Get JSON data data = json_from_request(request) # If text in data, then update the text if 'text' in data.keys(): comment.name = data['text'] db.session.add(comment) db.session.commit() return jsonify({'success': True, 'message': 'Updated.'})
def comment_delete_view(request, comment_id): """Delete Comment based on id.""" comment = get_record_by_id(comment_id, Comment, check_school_id=False) # Check user teaches the lesson that submission they are commenting on resp = services.lesson.get( "lessons/lesson/{}".format(comment.submission.homework.lesson_id), headers=g.user.headers_dict(), ) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if g.user.id != lesson['school_id']: raise UnauthorizedError() db.session.delete(comment) db.session.commit() return jsonify({'success': True, 'message': 'Deleted.'})
def comment_detail_view(request, comment_id): """Fetch Comment based on id from request.""" comment = get_record_by_id(comment_id, Comment, check_school_id=False) # Check user teaches the lesson that submission they are commenting on resp = services.lesson.get( "lessons/lesson/{}".format(comment.submission.homework.lesson_id), headers=g.user.headers_dict(), ) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if g.user.id != lesson['school_id']: raise UnauthorizedError() return jsonify({ 'success': True, 'comment': comment.to_dict(nest_user=True) })
def lesson_create(request): # Parse JSON from request data = json_from_request(request) # Check JSON has keys needed expected_keys = ['name', 'subject_id'] check_keys(expected_keys=expected_keys, data=data) # Validate subject_id subject = get_record_by_id(data['subject_id'], Subject, custom_not_found_error=CustomError( 409, message="Invalid subject_id.")) # Validate name validate_lesson_name(data['name'], g.user.school_id) # Create lesson lesson = Lesson(name=data['name'], school_id=g.user.school_id, subject_id=subject.id) # db.session.add(lesson) # db.session.commit() # Add teachers (if supplied) if 'teacher_ids' in data.keys(): add_teachers(data['teacher_ids'], lesson) # Add students (if supplied) if 'student_ids' in data.keys(): add_students(data['student_ids'], lesson) db.session.add(lesson) db.session.commit() return jsonify({ 'success': True, 'lesson': lesson.to_dict(nest_teachers=True) }), 201
def comment_create_view(request): """Creates a Comment object from a HTTP request.""" # Keys which need to in JSON from request top_level_expected_keys = [ "submission_id", "text", ] # Get JSON from request and check keys are present json_data = json_from_request(request) check_keys(top_level_expected_keys, json_data) # Fetch submission submission = get_record_by_id(json_data['submission_id'], Submission, check_school_id=False) # Check user teaches the lesson that submission they are commenting on resp = services.lesson.get("lessons/lesson/{}".format( submission.homework.lesson_id), headers=g.user.headers_dict(), params={'nest-teachers': True}) if resp.status_code != 200: raise CustomError(**resp.json()) lesson = resp.json()['lesson'] if g.user.id not in [t['id'] for t in lesson['teachers']]: raise UnauthorizedError() # Create comment comment = Comment(submission.id, json_data['text'], g.user.id) db.session.add(comment) db.session.commit() return jsonify({"success": True, "comment": comment.to_dict()}), 201
def subject_detail_view(request, subject_id): subject = get_record_by_id(subject_id, Subject) return jsonify({'success': True, 'subject': subject.to_dict()})