def delete_secret(app_name, secret_name): if not is_admin(get_user()["email"], "cs61a"): return login() with connect_db() as db: db("DELETE FROM secrets WHERE app=%s AND name=%s", [app_name, secret_name]) return redirect(url_for("index"))
def full_json(self): attendances = (Attendance.query.filter_by(student_id=self.id).options( joinedload(Attendance.session, innerjoin=True).joinedload( Session.section).joinedload(Section.staff)).all()) return { **self.json, "isAdmin": is_admin(self.email), "attendanceHistory": [ attendance.full_json for attendance in sorted( attendances, key=lambda attendance: attendance.session.start_time) ], }
def wrapped(*args, access_token=None, course="cs61a", **kwargs): token_good = access_token and is_admin_token(access_token=access_token, course=course) cookie_good = is_staff(course=course) and is_admin( email=get_user()["email"], course=course) if token_good or cookie_good: try: return func(*args, **kwargs, course=course) except PermissionError: pass if access_token: raise PermissionError else: return login()
def view_course(course=None): if not course: course = request.form["course"] return redirect(url_for("canonical_view_course", course=course)) if not is_logged_in(): return login() email = get_user()["email"] if not is_admin(email, course): abort(403) with connect_db() as db: apps = db( "SELECT domain, app, status FROM hosted_apps WHERE course=(%s)", [course]).fetchall() return html(f""" <h2>Hosted Apps for {format_coursecode(course)}</h2> {"<p>".join(f"<code>{domain}</code> ({app}) - {status}" for domain, app, status in apps)} """)
def wrapped(**kwargs): if not is_admin(current_user.email): raise Failure("Only course admins can perform this action.") return func(**kwargs)