def journal_add_view(context, request):
if IJournalEntry.providedBy(context):
entry = context
project = context.__parent__.__parent__
add_form = False
else:
entry = JournalEntry()
project = context
add_form = True
errors = {}
defaults = {}
if 'form.submitted' in request.POST:
try:
# FormEncode validation
defaults = dict(request.POST)
defaults['indicators'] = request.POST.get('indicators')
form_result = entry_schema.to_python(request.POST)
except formencode.validators.Invalid, why:
errors = why.error_dict
else:
session = DBSession()
# Handle image upload
if form_result['image'] is not None:
entry.image = File('image.jpg', form_result['image'].read())
elif form_result['image_action'] == 'delete' and entry.image:
session.delete(entry.image)
entry.date = datetime.now()
entry.text = form_result['text']
entry.user = authenticated_user(request)
# Check whether indicator belongs to this project.
indicator_query = session.query(Indicator)
indicator_query = indicator_query.filter(Project.id == project.id)
indicator_query = indicator_query.join(Project.objectives)
indicator_query = indicator_query.join(Objective.competences)
indicator_query = indicator_query.join(Competence.indicator_sets)
indicator_query = indicator_query.join(IndicatorSet.indicators)
if form_result['indicators']:
indicator_query = indicator_query.filter(
Indicator.id.in_(form_result['indicators']))
indicators = indicator_query.all()
entry.indicators = indicators
if add_form:
project.journal_entries.append(entry)
if ITeacher.providedBy(authenticated_user(request)):
return HTTPFound(location=model_url(
get_root(request)['projects'][project.id], request))
return HTTPFound(
location=model_url(authenticated_user(request), request))
def test_acl(self):
from eportfolio.models import Student
from eportfolio.models import JournalEntry
from eportfolio.security.journal import JournalEntryPermissions
self.config.registry.registerAdapter(JournalEntryPermissions)
student = Student(email=u'*****@*****.**')
entry = JournalEntry()
entry.user = student
# Only the author of the journal entry can edit it.
acl = [
('Allow', u'*****@*****.**', 'edit'),
('Deny', 'system.Everyone', 'edit'),
('Allow', u'*****@*****.**', 'remove'),
]
self.assertEquals(acl, entry.__acl__)
def journal_add_view(context, request):
if IJournalEntry.providedBy(context):
entry = context
project = context.__parent__.__parent__
add_form = False
else:
entry = JournalEntry()
project = context
add_form = True
errors = {}
defaults = {}
if 'form.submitted' in request.POST:
try:
# FormEncode validation
defaults = dict(request.POST)
defaults['indicators'] = request.POST.get('indicators')
form_result = entry_schema.to_python(request.POST)
except formencode.validators.Invalid, why:
errors=why.error_dict
else:
session = DBSession()
# Handle image upload
if form_result['image'] is not None:
entry.image = File('image.jpg', form_result['image'].read())
elif form_result['image_action'] == 'delete' and entry.image:
session.delete(entry.image)
entry.date = datetime.now()
entry.text = form_result['text']
entry.user = authenticated_user(request)
# Check whether indicator belongs to this project.
indicator_query = session.query(Indicator)
indicator_query = indicator_query.filter(Project.id == project.id)
indicator_query = indicator_query.join(Project.objectives)
indicator_query = indicator_query.join(Objective.competences)
indicator_query = indicator_query.join(Competence.indicator_sets)
indicator_query = indicator_query.join(IndicatorSet.indicators)
if form_result['indicators']:
indicator_query = indicator_query.filter(Indicator.id.in_(form_result['indicators']))
indicators = indicator_query.all()
entry.indicators = indicators
if add_form:
project.journal_entries.append(entry)
if ITeacher.providedBy(authenticated_user(request)):
return HTTPFound(location = model_url(get_root(request)['projects'][project.id], request))
return HTTPFound(location = model_url(authenticated_user(request), request))