예제 #1
0
def android_client_get_semester(identifier):
    """android client get a student or teacher's semesters
    """
    from flask import current_app as app, jsonify
    from everyclass.server.utils.rpc import HttpRpc

    with elasticapm.capture_span('rpc_search'):
        rpc_result = HttpRpc.call_with_handle_message('{}/v1/search/{}'.format(
            app.config['API_SERVER_BASE_URL'], identifier))
        if isinstance(rpc_result, tuple):
            return rpc_result
        api_response = rpc_result

    if len(api_response['student']) == 1:
        return jsonify({
            'type':
            'student',
            'sid':
            api_response['student'][0]['sid'],
            'semesters':
            sorted(api_response['student'][0]['semester'])
        })
    if len(api_response['teacher']) == 1:
        return jsonify({
            'type':
            'teacher',
            'tid':
            api_response['teacher'][0]['tid'],
            'semesters':
            sorted(api_response['teacher'][0]['semester'])
        })
    return "Bad request (got multiple people)", 400
예제 #2
0
def android_client_get_ics(resource_type, identifier, semester):
    """
    android client get a student or teacher's ics file

    If the student does not have privacy mode, anyone can use student number to subscribe his calendar.
    If the privacy mode is on and there is no HTTP basic authentication, return a 401(unauthorized)
    status code and the Android client ask user for password to try again.
    """
    from flask import current_app as app, redirect, url_for, request

    from everyclass.server.utils.rpc import HttpRpc
    from everyclass.server.db.dao import PrivacySettingsDAO, CalendarTokenDAO, UserDAO

    if resource_type not in ('student', 'teacher'):
        return "Unknown resource type", 400

    with elasticapm.capture_span('rpc_search'):
        rpc_result = HttpRpc.call_with_handle_message('{}/v1/{}/{}/{}'.format(
            app.config['API_SERVER_BASE_URL'], resource_type, identifier,
            semester))
        if isinstance(rpc_result, tuple):
            return rpc_result
        api_response = rpc_result

    if resource_type == 'teacher':
        cal_token = CalendarTokenDAO.get_or_set_calendar_token(
            resource_type=resource_type,
            identifier=rpc_result["sid"],
            semester=semester)
        return redirect(
            url_for('calendar.ics_download', calendar_token=cal_token))
    else:
        # student
        with elasticapm.capture_span('get_privacy_settings'):
            privacy_level = PrivacySettingsDAO.get_level(api_response['sid'])

        # get authorization from HTTP header and verify password if privacy is on
        if privacy_level != 0:
            if not request.authorization:
                return "Unauthorized (privacy on)", 401
            username, password = request.authorization
            if not UserDAO.check_password(username, password):
                return "Unauthorized (password wrong)", 401
            if api_response['sid'] != username:
                return "Unauthorized (username mismatch)", 401

        cal_token = CalendarTokenDAO.get_or_set_calendar_token(
            resource_type=resource_type,
            identifier=rpc_result["sid"],
            semester=semester)
        return redirect(
            url_for('calendar.ics_download', calendar_token=cal_token))