def android_client_get_semester(identifier): """android client get a student or teacher's semesters """ from flask import current_app as app, jsonify from everyclass.server.utils.rpc import HttpRpc with elasticapm.capture_span('rpc_search'): rpc_result = HttpRpc.call_with_handle_message('{}/v1/search/{}'.format( app.config['API_SERVER_BASE_URL'], identifier)) if isinstance(rpc_result, tuple): return rpc_result api_response = rpc_result if len(api_response['student']) == 1: return jsonify({ 'type': 'student', 'sid': api_response['student'][0]['sid'], 'semesters': sorted(api_response['student'][0]['semester']) }) if len(api_response['teacher']) == 1: return jsonify({ 'type': 'teacher', 'tid': api_response['teacher'][0]['tid'], 'semesters': sorted(api_response['teacher'][0]['semester']) }) return "Bad request (got multiple people)", 400
def android_client_get_ics(resource_type, identifier, semester): """ android client get a student or teacher's ics file If the student does not have privacy mode, anyone can use student number to subscribe his calendar. If the privacy mode is on and there is no HTTP basic authentication, return a 401(unauthorized) status code and the Android client ask user for password to try again. """ from flask import current_app as app, redirect, url_for, request from everyclass.server.utils.rpc import HttpRpc from everyclass.server.db.dao import PrivacySettingsDAO, CalendarTokenDAO, UserDAO if resource_type not in ('student', 'teacher'): return "Unknown resource type", 400 with elasticapm.capture_span('rpc_search'): rpc_result = HttpRpc.call_with_handle_message('{}/v1/{}/{}/{}'.format( app.config['API_SERVER_BASE_URL'], resource_type, identifier, semester)) if isinstance(rpc_result, tuple): return rpc_result api_response = rpc_result if resource_type == 'teacher': cal_token = CalendarTokenDAO.get_or_set_calendar_token( resource_type=resource_type, identifier=rpc_result["sid"], semester=semester) return redirect( url_for('calendar.ics_download', calendar_token=cal_token)) else: # student with elasticapm.capture_span('get_privacy_settings'): privacy_level = PrivacySettingsDAO.get_level(api_response['sid']) # get authorization from HTTP header and verify password if privacy is on if privacy_level != 0: if not request.authorization: return "Unauthorized (privacy on)", 401 username, password = request.authorization if not UserDAO.check_password(username, password): return "Unauthorized (password wrong)", 401 if api_response['sid'] != username: return "Unauthorized (username mismatch)", 401 cal_token = CalendarTokenDAO.get_or_set_calendar_token( resource_type=resource_type, identifier=rpc_result["sid"], semester=semester) return redirect( url_for('calendar.ics_download', calendar_token=cal_token))