def lesson_update(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
json_data = json_from_request(request)
if "name" in json_data.keys():
if json_data['name'] != lesson.name:
validate_lesson_name(name=json_data['name'],
school_id=g.user.school_id)
lesson.name = json_data['name']
if "subject_id" in json_data.keys():
subject = get_record_by_id(json_data['subject_id'],
Subject,
custom_not_found_error=CustomError(
409, message="Invalid subject_id."))
lesson.subject_id = subject.id
if "teacher_ids" in json_data.keys():
lesson.teachers = []
add_teachers(json_data['teacher_ids'], lesson)
if "student_ids" in json_data.keys():
lesson.students = []
add_students(json_data['student_ids'], lesson)
db.session.add(lesson)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def form_detail(request, form_id):
# Get form by id from URL
# this function will throw a 404 error if id not found and a 409 error if form.school_id != g.user.school_id
form = get_record_by_id(form_id, Form)
# Return JSON
return jsonify({'success': True, 'form': form.to_dict()})
def grant_permission(request):
data = json_from_request(request)
expected_keys = ["user_id", "permission_id"]
check_keys(expected_keys, data)
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User,
CustomError(409, message="Invalid user_id."))
# Check the permission specified is in the correct school
permission = get_permission_by_id(
data['permission_id'],
CustomError(409, message="Invalid permission_id."))
# Check user does not have the permission
for p in user.permissions:
if p.id == data['permission_id']:
raise CustomError(
409,
message="User with id: {} already has permission with id: {}".
format(data['user_id'], data['permission_id']))
user.permissions.append(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 201
def submit_essay(request, essay_id):
# Check essay if valid
essay = get_record_by_id(essay_id, Essay, check_school_id=False)
# Validate lesson
resp = services.lesson.get("lessons/lesson/{}".format(essay.lesson_id),
headers=g.user.headers_dict(),
params={'nest-students': True})
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if lesson['school_id'] != g.user.school_id:
raise UnauthorizedError()
top_level_expected_keys = ["content"]
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
if g.user.id not in [t['id'] for t in lesson['students']]:
raise UnauthorizedError()
submission = EssaySubmission(
essay.id,
g.user.id,
datetime.datetime.now(), # TODO: Deal with timezones
json_data['content'])
db.session.add(submission)
db.session.commit()
return jsonify({'success': True}), 201
def view_quiz_submission(submission_id):
if not (g.user.has_permissions({'Teacher'})
or g.user.has_permissions({'Student'})):
raise UnauthorizedError()
submission = get_record_by_id(submission_id,
QuizSubmission,
check_school_id=False)
# Validate lesson
resp = services.lesson.get("lessons/lesson/{}".format(
submission.homework.lesson_id),
headers=g.user.headers_dict(),
params={'nest-students': True})
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if lesson['school_id'] != g.user.school_id:
raise UnauthorizedError()
return jsonify({
'success':
True,
'submission':
submission.to_dict(nest_user=True,
nest_homework=True,
nest_comments=True)
})
def current_user_details(request):
nest_permissions = get_boolean_query_param(request, 'nest-permissions')
user = get_record_by_id(g.user.id, User)
user_dict = user.to_dict(nest_permissions=nest_permissions)
return jsonify({'success': True, 'user': user_dict})
def remove_permission(request):
data = json_from_request(request)
expected_keys = ["user_id"]
check_keys(expected_keys, data)
if "permission_id" not in data.keys() and "all" not in data.keys():
raise MissingKeyError("permission_id or all")
# Check user specified is in the correct school
user = get_record_by_id(data['user_id'], User,
CustomError(409, message="Invalid user_id."))
if "all" in data.keys() and data['all'] is True:
user.permissions = []
else:
# Check the permission specified is in the correct school
permission = get_permission_by_id(
data['permission_id'],
CustomError(409, message="Invalid permission_id."))
# Check the user has the permission
if permission.id not in [p.id for p in user.permissions]:
raise CustomError(
409,
message="User with id: {} does not have permission with id: {}"
.format(data['user_id'], data['permission_id']))
user.permissions.remove(permission)
db.session.add(user)
db.session.commit()
# Return success status
return jsonify({'success': True}), 200
def submit_quiz(request, quiz_id):
# Check quiz is valid
quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False)
# Validate lesson
resp = services.lesson.get("lessons/lesson/{}".format(quiz.lesson_id),
headers=g.user.headers_dict(),
params={'nest-students': True})
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if lesson['school_id'] != g.user.school_id:
raise UnauthorizedError()
json_data = json_from_request(request)
expected_top_keys = ['answers']
expected_inner_keys = ['question_id', 'answer']
check_keys(expected_top_keys, json_data)
if g.user.id not in [t['id'] for t in lesson['students']]:
raise UnauthorizedError()
question_ids = [question.id for question in quiz.questions]
submission = QuizSubmission(
homework_id=quiz.id,
user_id=g.user.id,
datetime_submitted=datetime.datetime.now() # TODO: Deal with timezones
)
for answer in json_data['answers']:
check_keys(expected_inner_keys, answer)
question = get_record_by_id(answer['question_id'],
Question,
check_school_id=False)
if question.id not in question_ids:
raise UnauthorizedError()
answer = QuizAnswer(answer['answer'], submission.id, question.id)
submission.answers.append(answer)
submission.mark()
db.session.add(submission)
db.session.commit()
return jsonify({'score': submission.total_score})
def user_delete(request, user_id):
# Get user object using id from URL
user = get_record_by_id(user_id, User)
# Delete user
db.session.delete(user)
db.session.commit()
# Return success message
return jsonify({'success': True, 'message': 'Deleted.'})
def user_update(request, user_id):
# Get JSON data
data = json_from_request(request)
# Get User object from id in url
user = get_record_by_id(user_id, User)
# Check that
check_values_not_blank(data.keys(), data)
if "first_name" in data.keys():
user.first_name = data['first_name']
if "last_name" in data.keys():
user.first_name = data['first_name']
if "password" in data.keys():
user.password = user.generate_password_hash(data['password'])
if "email" in data.keys():
if user.email != data['email'] and User.query.filter_by(
email=data['email']).first() is not None:
raise FieldInUseError("email")
user.email = data['email']
if "username" in data.keys():
if user.username != data['username'] and User.query.filter_by(
username=data['username'],
school_id=g.user.school_id).first() is not None:
raise FieldInUseError("username")
user.username = data['username']
if "form_id" in data.keys():
# Validate form id
form = get_record_by_id(data["form_id"],
Form,
custom_not_found_error=CustomError(
409, message="Invalid form_id."))
user.form_id = form.id
db.session.add(user)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def delete_form(request, form_id):
# Get Form using id
form = get_record_by_id(form_id, Form)
# Delete from DB
db.session.delete(form)
db.session.commit()
# Return JSON
return jsonify({'success': True, 'message': 'Deleted.'})
def lesson_delete(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
# # lessons = db.session.query(lesson_teacher).filter(lesson_teacher.c.lesson_id==lesson.id).all()
# lessons = db.session.query(lesson_student).filter(lesson_student.c.lesson_id == lesson.id).all()
# print(lessons)
# # lesson = Lesson.query.filter_by(id=lesson_id)
# l = db.session.query(Lesson).filter(Lesson.id == lesson_id).first()
# print(l)
db.session.delete(lesson)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def user_detail(request, user_id):
# Get user by id
user = get_record_by_id(user_id, User)
# Get query params
nest_permissions = get_boolean_query_param(request, 'nest-permissions')
# Return user
return jsonify({
'success': True,
"user": user.to_dict(nest_permissions=nest_permissions)
})
def list_submissions(homework_id):
homework = get_record_by_id(homework_id, Homework, check_school_id=False)
resp = services.lesson.get('lessons/lesson/{}'.format(homework.lesson_id), headers=g.user.headers_dict())
if resp.status_code != 200:
raise CustomError(
**resp.json()
)
if resp.json()['lesson']['school_id'] != g.user.school_id:
raise UnauthorizedError()
submissions = Submission.query.filter_by(homework_id=homework.id).all()
return jsonify({'success': True, 'submissions': [s.to_dict(nest_user=True) for s in submissions]})
def subject_delete_view(request, subject_id):
subject = get_record_by_id(subject_id, Subject)
# Check if subject still has lessons
lesson = Lesson.query.filter_by(subject_id=subject.id).first()
if lesson is not None:
return jsonify({
'error':
True,
'message':
'Please delete all lessons which are part of this subject'
}), 409
db.session.delete(subject)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def lesson_detail(request, lesson_id):
lesson = get_record_by_id(lesson_id, Lesson)
nest_teachers = get_boolean_query_param(request, 'nest-teachers')
nest_students = get_boolean_query_param(request, 'nest-students')
nest_subject = get_boolean_query_param(request, 'nest-subject')
nest_homework = get_boolean_query_param(request, 'nest-homework')
return jsonify({
'success':
True,
'lesson':
lesson.to_dict(nest_homework=nest_homework,
nest_teachers=nest_teachers,
nest_students=nest_students,
nest_subject=nest_subject)
})
def subject_update_view(request, subject_id):
# Get subject
subject = get_record_by_id(subject_id, Subject)
# Get JSON data
data = json_from_request(request)
# If name in data, then update the name
if 'name' in data.keys():
if subject_name_in_use(data['name'], school_id=subject.school_id):
raise FieldInUseError("name")
subject.name = data['name']
db.session.add(subject)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def essay_detail(request, essay_id):
# Check essay if valid
essay = get_record_by_id(essay_id, Essay, check_school_id=False)
resp = services.lesson.get(
"lessons/lesson/{}".format(essay.lesson_id),
headers=g.user.headers_dict(),
)
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if lesson['school_id'] != g.user.school_id:
raise UnauthorizedError()
return jsonify({'success': True, 'essay': essay.to_dict()})
def quiz_detail(request, quiz_id):
# Check quiz if valid
quiz = get_record_by_id(quiz_id, Quiz, check_school_id=False)
resp = services.lesson.get(
"lessons/lesson/{}".format(quiz.lesson_id),
headers=g.user.headers_dict(),
)
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if lesson['school_id'] != g.user.school_id:
raise UnauthorizedError()
return jsonify({'success': True, 'quiz': quiz.to_dict()})
def user_create(request):
# Decode the JSON data
data = json_from_request(request)
# Validate data
expected_keys = [
"first_name", "last_name", "password", "username", "email"
] # List of keys which need to in JSON
check_keys(expected_keys, data) # Checks keys are in JSON
check_values_not_blank(
expected_keys, data) # Check that values for the keys are not blank
# Check email is not in use.
if User.query.filter_by(email=data['email']).first() is not None:
raise FieldInUseError("email")
# Check username is not in use in that school.
if User.query.filter_by(username=data['username'],
school_id=g.user.school_id).first() is not None:
raise FieldInUseError("username")
# Create user
user = User(first_name=data['first_name'],
last_name=data['last_name'],
email=data['email'],
password=data['password'],
username=data['username'],
school_id=g.user.school_id)
if "form_id" in data.keys():
# Validate form id
form = get_record_by_id(data["form_id"],
Form,
custom_not_found_error=CustomError(
409, message="Invalid form_id."))
# Set user's form_id
user.form_id = form.id
# Add user to db
db.session.add(user)
db.session.commit()
# Return JSON
return jsonify({"success": True, "user": user.to_dict()}), 201
def edit_form(request, form_id):
data = json_from_request(request) # Get data from request
form = get_record_by_id(form_id, Form) # Get form by id (this automatically checks school_id is the same as the g.user)
# Check name key is in JSON
if "name" in data.keys():
# Check name is not blank
if data['name'].strip() == "":
raise BlankValueError("name")
# Update form data
form.name = data['name']
# Update DB
db.session.add(form)
db.session.commit()
# Return JSON
return jsonify({'success': True, 'message': 'Updated.'})
def comment_update_view(request, comment_id):
"""Update Comment based on id."""
# Get comment
comment = get_record_by_id(comment_id, Comment)
# Validate that user has permission
if comment.user_id != g.user.id:
raise UnauthorizedError()
# Get JSON data
data = json_from_request(request)
# If text in data, then update the text
if 'text' in data.keys():
comment.name = data['text']
db.session.add(comment)
db.session.commit()
return jsonify({'success': True, 'message': 'Updated.'})
def comment_delete_view(request, comment_id):
"""Delete Comment based on id."""
comment = get_record_by_id(comment_id, Comment, check_school_id=False)
# Check user teaches the lesson that submission they are commenting on
resp = services.lesson.get(
"lessons/lesson/{}".format(comment.submission.homework.lesson_id),
headers=g.user.headers_dict(),
)
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if g.user.id != lesson['school_id']:
raise UnauthorizedError()
db.session.delete(comment)
db.session.commit()
return jsonify({'success': True, 'message': 'Deleted.'})
def comment_detail_view(request, comment_id):
"""Fetch Comment based on id from request."""
comment = get_record_by_id(comment_id, Comment, check_school_id=False)
# Check user teaches the lesson that submission they are commenting on
resp = services.lesson.get(
"lessons/lesson/{}".format(comment.submission.homework.lesson_id),
headers=g.user.headers_dict(),
)
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if g.user.id != lesson['school_id']:
raise UnauthorizedError()
return jsonify({
'success': True,
'comment': comment.to_dict(nest_user=True)
})
def lesson_create(request):
# Parse JSON from request
data = json_from_request(request)
# Check JSON has keys needed
expected_keys = ['name', 'subject_id']
check_keys(expected_keys=expected_keys, data=data)
# Validate subject_id
subject = get_record_by_id(data['subject_id'],
Subject,
custom_not_found_error=CustomError(
409, message="Invalid subject_id."))
# Validate name
validate_lesson_name(data['name'], g.user.school_id)
# Create lesson
lesson = Lesson(name=data['name'],
school_id=g.user.school_id,
subject_id=subject.id)
# db.session.add(lesson)
# db.session.commit()
# Add teachers (if supplied)
if 'teacher_ids' in data.keys():
add_teachers(data['teacher_ids'], lesson)
# Add students (if supplied)
if 'student_ids' in data.keys():
add_students(data['student_ids'], lesson)
db.session.add(lesson)
db.session.commit()
return jsonify({
'success': True,
'lesson': lesson.to_dict(nest_teachers=True)
}), 201
def comment_create_view(request):
"""Creates a Comment object from a HTTP request."""
# Keys which need to in JSON from request
top_level_expected_keys = [
"submission_id",
"text",
]
# Get JSON from request and check keys are present
json_data = json_from_request(request)
check_keys(top_level_expected_keys, json_data)
# Fetch submission
submission = get_record_by_id(json_data['submission_id'],
Submission,
check_school_id=False)
# Check user teaches the lesson that submission they are commenting on
resp = services.lesson.get("lessons/lesson/{}".format(
submission.homework.lesson_id),
headers=g.user.headers_dict(),
params={'nest-teachers': True})
if resp.status_code != 200:
raise CustomError(**resp.json())
lesson = resp.json()['lesson']
if g.user.id not in [t['id'] for t in lesson['teachers']]:
raise UnauthorizedError()
# Create comment
comment = Comment(submission.id, json_data['text'], g.user.id)
db.session.add(comment)
db.session.commit()
return jsonify({"success": True, "comment": comment.to_dict()}), 201
def subject_detail_view(request, subject_id):
subject = get_record_by_id(subject_id, Subject)
return jsonify({'success': True, 'subject': subject.to_dict()})
