def create_selection(uid=0, cid=0):
'''
1. check user login/authenticated
2. uid = g.user.uid
3. valid cid
a. exist
b. cid grade, datetime, upbound, state
4. (uid, cid) not in selection
'''
# same user id, self
if g.user.uid != uid:
abort(403)
# valid course id
course = Course.query.filter(Course.cid == cid).first()
if course is None:
abort(403)
# check course state
if course.state != 0:
flash(_('ERROR: Course cannot be selected!'))
return render_template("create_selection.html", course=course)
# user's grade OR user's tag in course's grades
if str(g.user.student_grade) not in course.grades:
if str(g.user.student_tag) not in course.grades:
flash(_('ERROR: Grade is not in course!'))
return render_template("create_selection.html", course=course)
# already selected
selection = Selection.query.filter(Selection.user_id == uid).filter(
Selection.course_id == cid).first()
if selection:
flash(_('WARNING: You have selected this course!'))
else:
conflict = False
selections = Selection.query.filter(Selection.user_id == uid).all()
for x in selections:
for dtx in x.course.datetime.split(","):
for dty in course.datetime.split(","):
if dt_overlap(dtx, dty):
conflict = True
break
if conflict:
flash(_('ERROR: Date time conflicted!'))
return render_template("create_selection.html", course=course)
selection = Selection(user_id=uid, course_id=cid)
db.session.add(selection)
db.session.commit()
flash(_('You selected this course.'))
logging(user_id=g.user.uid,
message="User selected a course. (course_id={})".format(cid),
ip=request.remote_addr)
rank = Selection.query.filter(Selection.course_id == cid).filter(
Selection.sid <= selection.sid).count()
return render_template("create_selection.html", course=course, rank=rank)
def logout():
previous_uid = g.user.uid
logout_user()
flash(_("You have logged out!"))
logging(user_id=previous_uid,
message="User logged out.",
ip=request.remote_addr)
return redirect(url_for("login"))
def admin_task_user_change(student_grade, student_class, student_number):
user = User.query.filter(User.student_grade == student_grade).filter(
User.student_class == student_class).filter(
User.student_number == student_number).first()
if user:
logging(user_id=g.user.uid,
message=u"Change user. (uid={}, student_name={})".format(
user.uid, user.student_name),
ip=request.remote_addr)
login_user(user)
return redirect(url_for("user"))
else:
abort(404)
def login():
if g.user and g.user.is_authenticated:
return redirect(url_for("index"))
form = LoginForm()
target = request.args.get("next") or request.referrer or None
form.next.data = target
if form.validate_on_submit():
student_grade = request.form["student_grade"]
student_class = request.form["student_class"]
student_number = request.form["student_number"]
''' omit the name field
student_name = request.form["student_name"]
'''
password = request.form["password"]
target = request.form["next"]
# authenticate via Student Profile
stu_auth = StudentAuthenticator(student_grade=student_grade,
student_class=student_class,
student_number=student_number,
password=password)
if not stu_auth.authenticate():
return error_page(errors=[
lazy_gettext('Invalid Username or Password!'),
])
# authenticated
user = User.query.filter_by(student_grade=student_grade,
student_class=student_class,
student_number=student_number).first()
target = target or url_for("index")
login_user(user)
flash(_("You have logged in!"))
logging(user_id=g.user.uid,
message="User logged in.",
ip=request.remote_addr)
return redirect(target)
return render_template("login.html", form=form)
def admin_task_upload_course():
# must be admin
'''
if g.user.uid != 0:
abort(403)
'''
form = CourseUploadForm()
if form.validate_on_submit():
filename = secure_filename(form.csv.data.filename)
replace = form.replace.data
csv_filename = os.path.join('uploads', filename)
form.csv.data.save(csv_filename)
result = import_course(filename=csv_filename, replace=replace)
if result:
flash(_('Course has been uploaded!'))
logging(user_id=g.user.uid,
message="Upload course. (filename={}, replace={})".format(
filename, replace),
ip=request.remote_addr)
else:
flash(_('ERROR: Failed to upload!'))
logging(
user_id=g.user.uid,
message="Failed to upload course. (filename={}, replace={})".
format(filename, replace),
ip=request.remote_addr)
else:
filename = None
return render_template("admin_task_upload_course.html",
form=form,
filename=filename)
def delete_selection(uid=0, cid=0):
'''
1. check user login/authenticated
2. uid = g.user.uid
'''
# same user id, self
if g.user.uid != uid:
abort(403)
# already selected
selection = Selection.query.filter(Selection.user_id == uid).filter(
Selection.course_id == cid).first()
if not selection:
flash(_('ERROR: You did not select this course!'))
else:
db.session.delete(selection)
db.session.commit()
flash(_('You have deselected this course.'))
logging(user_id=g.user.uid,
message="User deselected a course. (course_id={})".format(cid),
ip=request.remote_addr)
return redirect(request.referrer or url_for("selection"))