def create_selection(uid=0, cid=0): ''' 1. check user login/authenticated 2. uid = g.user.uid 3. valid cid a. exist b. cid grade, datetime, upbound, state 4. (uid, cid) not in selection ''' # same user id, self if g.user.uid != uid: abort(403) # valid course id course = Course.query.filter(Course.cid == cid).first() if course is None: abort(403) # check course state if course.state != 0: flash(_('ERROR: Course cannot be selected!')) return render_template("create_selection.html", course=course) # user's grade OR user's tag in course's grades if str(g.user.student_grade) not in course.grades: if str(g.user.student_tag) not in course.grades: flash(_('ERROR: Grade is not in course!')) return render_template("create_selection.html", course=course) # already selected selection = Selection.query.filter(Selection.user_id == uid).filter( Selection.course_id == cid).first() if selection: flash(_('WARNING: You have selected this course!')) else: conflict = False selections = Selection.query.filter(Selection.user_id == uid).all() for x in selections: for dtx in x.course.datetime.split(","): for dty in course.datetime.split(","): if dt_overlap(dtx, dty): conflict = True break if conflict: flash(_('ERROR: Date time conflicted!')) return render_template("create_selection.html", course=course) selection = Selection(user_id=uid, course_id=cid) db.session.add(selection) db.session.commit() flash(_('You selected this course.')) logging(user_id=g.user.uid, message="User selected a course. (course_id={})".format(cid), ip=request.remote_addr) rank = Selection.query.filter(Selection.course_id == cid).filter( Selection.sid <= selection.sid).count() return render_template("create_selection.html", course=course, rank=rank)
def logout(): previous_uid = g.user.uid logout_user() flash(_("You have logged out!")) logging(user_id=previous_uid, message="User logged out.", ip=request.remote_addr) return redirect(url_for("login"))
def admin_task_user_change(student_grade, student_class, student_number): user = User.query.filter(User.student_grade == student_grade).filter( User.student_class == student_class).filter( User.student_number == student_number).first() if user: logging(user_id=g.user.uid, message=u"Change user. (uid={}, student_name={})".format( user.uid, user.student_name), ip=request.remote_addr) login_user(user) return redirect(url_for("user")) else: abort(404)
def login(): if g.user and g.user.is_authenticated: return redirect(url_for("index")) form = LoginForm() target = request.args.get("next") or request.referrer or None form.next.data = target if form.validate_on_submit(): student_grade = request.form["student_grade"] student_class = request.form["student_class"] student_number = request.form["student_number"] ''' omit the name field student_name = request.form["student_name"] ''' password = request.form["password"] target = request.form["next"] # authenticate via Student Profile stu_auth = StudentAuthenticator(student_grade=student_grade, student_class=student_class, student_number=student_number, password=password) if not stu_auth.authenticate(): return error_page(errors=[ lazy_gettext('Invalid Username or Password!'), ]) # authenticated user = User.query.filter_by(student_grade=student_grade, student_class=student_class, student_number=student_number).first() target = target or url_for("index") login_user(user) flash(_("You have logged in!")) logging(user_id=g.user.uid, message="User logged in.", ip=request.remote_addr) return redirect(target) return render_template("login.html", form=form)
def admin_task_upload_course(): # must be admin ''' if g.user.uid != 0: abort(403) ''' form = CourseUploadForm() if form.validate_on_submit(): filename = secure_filename(form.csv.data.filename) replace = form.replace.data csv_filename = os.path.join('uploads', filename) form.csv.data.save(csv_filename) result = import_course(filename=csv_filename, replace=replace) if result: flash(_('Course has been uploaded!')) logging(user_id=g.user.uid, message="Upload course. (filename={}, replace={})".format( filename, replace), ip=request.remote_addr) else: flash(_('ERROR: Failed to upload!')) logging( user_id=g.user.uid, message="Failed to upload course. (filename={}, replace={})". format(filename, replace), ip=request.remote_addr) else: filename = None return render_template("admin_task_upload_course.html", form=form, filename=filename)
def delete_selection(uid=0, cid=0): ''' 1. check user login/authenticated 2. uid = g.user.uid ''' # same user id, self if g.user.uid != uid: abort(403) # already selected selection = Selection.query.filter(Selection.user_id == uid).filter( Selection.course_id == cid).first() if not selection: flash(_('ERROR: You did not select this course!')) else: db.session.delete(selection) db.session.commit() flash(_('You have deselected this course.')) logging(user_id=g.user.uid, message="User deselected a course. (course_id={})".format(cid), ip=request.remote_addr) return redirect(request.referrer or url_for("selection"))