def dispatch(self, *args, **kwargs):
# initialize a few helpful variables here
self.record_viewer = self.request.user
self.record_owner = None
record_owner_name = kwargs.pop("record_owner_name", None)
if record_owner_name:
self.record_owner = get_object_or_404(User, username=record_owner_name)
# Is the current user faculty or a CCNMTL staff member
self.is_viewer_faculty = cached_course_is_faculty(self.request.course, self.record_viewer)
# Can the record_owner edit the records
self.viewing_own_records = self.record_owner == self.record_viewer
self.viewing_faculty_records = self.record_owner and cached_course_is_faculty(
self.request.course, self.record_owner
)
# Does the course allow viewing other user selections?
# The viewer can always view their own records + faculty records
# If the viewer is faculty, they can view all records
self.all_selections_are_visible = all_selections_are_visible(self.request.course)
self.visible_authors = []
if not self.all_selections_are_visible and not self.is_viewer_faculty:
self.visible_authors = [self.record_viewer.id] # me
for user in self.request.course.faculty.all():
self.visible_authors.append(user.id)
return super(RestrictedMaterialsMixin, self).dispatch(*args, **kwargs)
def dispatch(self, *args, **kwargs):
# initialize a few helpful variables here
self.record_viewer = self.request.user
self.record_owner = None
record_owner_name = kwargs.pop('record_owner_name', None)
if record_owner_name:
self.record_owner = get_object_or_404(User,
username=record_owner_name)
# Is the current user faculty or a CCNMTL staff member
self.is_viewer_faculty = cached_course_is_faculty(
self.request.course, self.record_viewer)
# Can the record_owner edit the records
self.viewing_own_records = (self.record_owner == self.record_viewer)
self.viewing_faculty_records = (self.record_owner
and cached_course_is_faculty(
self.request.course,
self.record_owner))
# Does the course allow viewing other user selections?
# The viewer can always view their own records + faculty records
# If the viewer is faculty, they can view all records
self.all_selections_are_visible = \
all_selections_are_visible(self.request.course)
self.visible_authors = []
if not self.all_selections_are_visible and not self.is_viewer_faculty:
self.visible_authors = [self.record_viewer.id] # me
for user in self.request.course.faculty.all():
self.visible_authors.append(user.id)
return super(RestrictedMaterialsMixin, self).dispatch(*args, **kwargs)
def initialize(self, record_owner_name=None):
# initialize a few helpful variables here
self.record_viewer = self.request.user
self.record_owner = None
if record_owner_name:
self.record_owner = get_object_or_404(User,
username=record_owner_name)
# Is the current user faculty or a CCNMTL staff member
self.is_viewer_faculty = cached_course_is_faculty(self.request.course,
self.record_viewer)
# Can the record_owner edit the records
self.viewing_own_records = (self.record_owner == self.record_viewer)
self.viewing_faculty_records = (
self.record_owner and
cached_course_is_faculty(self.request.course, self.record_owner))
# Does the course allow viewing other user selections?
# The viewer can always view their own records + faculty records
# If the viewer is faculty, they can view all records
self.all_selections_are_visible = \
all_selections_are_visible(self.request.course)
self.all_items_are_visible = \
all_items_are_visible(self.request.course)
self.visible_authors = []
if (not self.is_viewer_faculty and
(not self.all_selections_are_visible or
not self.all_items_are_visible)):
self.visible_authors = [self.record_viewer.id] # me
for user in self.request.course.faculty.all():
self.visible_authors.append(user.id)
def initialize(self, record_owner_name=None):
# initialize a few helpful variables here
self.record_viewer = self.request.user
self.record_owner = None
if record_owner_name:
self.record_owner = get_object_or_404(User,
username=record_owner_name)
# Is the current user faculty or a CCNMTL staff member
self.is_viewer_faculty = cached_course_is_faculty(self.request.course,
self.record_viewer)
# Can the record_owner edit the records
self.viewing_own_records = (self.record_owner == self.record_viewer)
self.viewing_faculty_records = (
self.record_owner and
cached_course_is_faculty(self.request.course, self.record_owner))
# Does the course allow viewing other user selections?
# The viewer can always view their own records + faculty records
# If the viewer is faculty, they can view all records
self.all_selections_are_visible = \
all_selections_are_visible(self.request.course)
self.all_items_are_visible = \
all_items_are_visible(self.request.course)
self.visible_authors = []
if (not self.is_viewer_faculty and
(not self.all_selections_are_visible or
not self.all_items_are_visible)):
self.visible_authors = [self.record_viewer.id] # me
for user in self.request.course.faculty.all():
self.visible_authors.append(user.id)
def get_context_data(self, **kwargs):
context = super(CourseDetailView, self).get_context_data(**kwargs)
course = context.get('object')
qs = ExternalCollection.objects.filter(course=course)
collections = qs.filter(uploader=False).order_by('title')
uploader = qs.filter(uploader=True).first()
owners = []
if (course.is_member(self.request.user) and
(self.request.user.is_staff or
self.request.user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(self.request, course.members)
context.update({
'course': course,
'classwork_owner': self.request.user,
'information_title': course_information_title(course),
'faculty_feed': Project.objects.faculty_compositions(
course, self.request.user),
'is_faculty': cached_course_is_faculty(course, self.request.user),
'discussions': get_course_discussions(course),
'collections': collections,
'uploader': uploader,
'can_upload': False,
'owners': owners,
})
return context
def can_read(self, course, viewer,
the_collaboration=None, viewer_response=None):
# has the author published his work?
collaboration = the_collaboration or self.get_collaboration()
if (collaboration is None) or \
(not collaboration.permission_to('read', course, viewer)):
return False
# If this project is an assignment response, verify the parent
# assignment's response policy sanctions a read by the viewer
if (not self.is_composition() or
collaboration.policy_record.policy_name ==
PUBLISH_WHOLE_WORLD[0]):
return True # this project is an assignment
parent = collaboration.get_parent()
if parent is None:
return True # this project does not have a parent assignment
# the author & faculty can always view a submitted response
if (cached_course_is_faculty(course, viewer) or
self.is_participant(viewer)):
return True
assignment = parent.content_object
if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]):
return True
elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]:
viewer_response = (
viewer_response or
self._response_by_author(parent.get_children_for_object(self),
viewer))
return viewer_response and viewer_response.is_submitted()
else: # assignment.response_view_policy == 'never':
return False
def can_read(self, course, viewer, the_collaboration=None):
# has the author published his work?
collaboration = the_collaboration or self.get_collaboration()
if (collaboration is None) or \
(not collaboration.permission_to('read', course, viewer)):
return False
# If this project is an assignment response, verify the parent
# assignment's response policy sanctions a read by the viewer
if not self.is_composition():
return True # this project is an assignment
parent = collaboration.get_parent()
if parent is None or parent.content_object is None:
return True # this project does not have a parent assignment
# the author & faculty can always view a submitted response
if (self.is_participant(viewer) or
cached_course_is_faculty(course, viewer)):
return True
assignment = parent.content_object
if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]):
return True
elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]:
# can_read if the viewer has submitted his own work
# @todo - consider multiple assignment responses
# via collaborative authoring.
responses = assignment.responses(course, viewer, viewer)
return len(responses) > 0 and responses[0].is_submitted()
else: # assignment.response_view_policy == 'never':
return False
def read(self, coll, course, user):
course_collaboration = cached_course_collaboration(course)
return coll.context == course_collaboration and (
(course and cached_course_is_faculty(course, user))
or coll.user_id == user.id
or (coll.group_id and user in coll.group.user_set.all())
)
def apply_authorization_limits(self, request, object_list):
course = self.course or request.course
if (all_selections_are_visible(course) or
cached_course_is_faculty(course, request.user)):
return self.get_unrestricted(request, object_list, course)
else:
return self.get_restricted(request, object_list, course)
def apply_authorization_limits(self, request, object_list):
course = self.course or request.course
if (all_selections_are_visible(course) or
cached_course_is_faculty(course, request.user)):
return self.get_unrestricted(request, object_list, course)
else:
return self.get_restricted(request, object_list, course)
def has_object_permission(self, request, view, obj):
# Am I the owner of this asset?
if obj.author == request.user:
return True
if cached_course_is_faculty(obj.course, request.user):
return True
if not all_items_are_visible(obj.course):
raise PermissionDenied
return True
def deprecated_course_detail_view(request, course_pk):
try:
course = get_object_or_404(Course, pk=course_pk)
request.course = course
request.session[SESSION_KEY] = course
except Course.DoesNotExist:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
qs = ExternalCollection.objects.filter(course=request.course)
collections = qs.filter(uploader=False).order_by('title')
uploader = qs.filter(uploader=True).first()
owners = []
if (request.course.is_member(logged_in_user)
and (logged_in_user.is_staff
or logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
context = {
'classwork_owner':
classwork_owner,
'information_title':
course_information_title(course),
'faculty_feed':
Project.objects.faculty_compositions(course, logged_in_user),
'is_faculty':
cached_course_is_faculty(course, logged_in_user),
'discussions':
get_course_discussions(course),
'msg':
request.GET.get('msg', ''),
'view':
request.GET.get('view', ''),
'collections':
collections,
'uploader':
uploader,
'can_upload':
course_details.can_upload(request.user, request.course),
'owners':
owners
}
return context
def post(self, request, course_pk):
from_course_id = request.POST.get('fromCourse', None)
from_course = get_object_or_404(Course, id=from_course_id)
faculty = [user.id for user in from_course.faculty.all()]
include_tags = request.POST.get('include_tags', 'false') == 'true'
include_notes = request.POST.get('include_notes', 'false') == 'true'
# maps old ids to new objects
object_map = {'assets': {}, 'notes': {}, 'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course)
or not cached_course_is_faculty(request.course, owner)):
json_stream = json.dumps({
'success':
False,
'message':
'%s is not a course member or faculty member'
})
return HttpResponse(json_stream, content_type='application/json')
if 'asset_ids[]' in request.POST:
asset_ids = request.POST.getlist('asset_ids[]')
assets = Asset.objects.filter(id__in=asset_ids)
object_map = Asset.objects.migrate(assets, request.course, owner,
faculty, object_map,
include_tags, include_notes)
if 'project_ids[]' in request.POST:
project_ids = request.POST.getlist('project_ids[]')
projects = Project.objects.filter(id__in=project_ids)
object_map = Project.objects.migrate(projects, request.course,
owner, object_map,
include_tags, include_notes)
json_stream = json.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': len(object_map['notes'])
})
return HttpResponse(json_stream, content_type='application/json')
def triple_homepage(request):
if not request.course:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
course = request.course
qs = ExternalCollection.objects.filter(course=request.course)
collections = qs.filter(uploader=False).order_by('title')
uploader = qs.filter(uploader=True).first()
owners = []
if (request.course.is_member(logged_in_user) and
(logged_in_user.is_staff or
logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
context = {
'classwork_owner': classwork_owner,
"information_title": course_information_title(course),
'faculty_feed': Project.objects.faculty_compositions(course,
logged_in_user),
'is_faculty': cached_course_is_faculty(course, logged_in_user),
'discussions': get_course_discussions(course),
'msg': request.GET.get('msg', ''),
'view': request.GET.get('view', ''),
'collections': collections,
'uploader': uploader,
'can_upload': course_details.can_upload(request.user, request.course),
'owners': owners
}
if getattr(settings, 'DJANGOSHERD_FLICKR_APIKEY', None):
# MUST only contain string values for now!!
# (see templates/assetmgr/bookmarklet.js to see why or fix)
context['bookmarklet_vars'] = {
'flickr_apikey': settings.DJANGOSHERD_FLICKR_APIKEY
}
return context
def post(self, request):
from_course_id = request.POST.get('fromCourse', None)
from_course = get_object_or_404(Course, id=from_course_id)
faculty = [user.id for user in from_course.faculty.all()]
include_tags = request.POST.get('include_tags', 'false') == 'true'
include_notes = request.POST.get('include_notes', 'false') == 'true'
# maps old ids to new objects
object_map = {'assets': {},
'notes': {},
'projects': {}}
owner = request.user
if 'on_behalf_of' in request.POST:
owner = User.objects.get(id=request.POST.get('on_behalf_of'))
if (not in_course(owner.username, request.course) or
not cached_course_is_faculty(request.course, owner)):
json_stream = json.dumps({
'success': False,
'message': '%s is not a course member or faculty member'})
return HttpResponse(json_stream, content_type='application/json')
if 'asset_ids[]' in request.POST:
asset_ids = request.POST.getlist('asset_ids[]')
assets = Asset.objects.filter(id__in=asset_ids)
object_map = Asset.objects.migrate(
assets, request.course, owner, faculty, object_map,
include_tags, include_notes)
if 'project_ids[]' in request.POST:
project_ids = request.POST.getlist('project_ids[]')
projects = Project.objects.filter(id__in=project_ids)
object_map = Project.objects.migrate(
projects, request.course, owner, object_map,
include_tags, include_notes)
json_stream = json.dumps({
'success': True,
'asset_count': len(object_map['assets']),
'project_count': len(object_map['projects']),
'note_count': len(object_map['notes'])})
return HttpResponse(json_stream, content_type='application/json')
def get_context_data(self, **kwargs):
# Only show courses for which the user is an instructor
available_courses = available_courses_query(self.request.user)
courses = []
if self.request.user.is_superuser:
courses = available_courses
else:
for course in available_courses:
if cached_course_is_faculty(course, self.request.user):
courses.append(course)
# Only send down the real faculty. Not all us staff members
faculty = []
for user in self.request.course.faculty.all():
faculty.append(user)
return {
"current_course_faculty": faculty,
"available_courses": courses
}
def get_context_data(self, **kwargs):
# Only show courses for which the user is an instructor
available_courses = available_courses_query(self.request.user)
courses = []
if self.request.user.is_superuser:
courses = available_courses
else:
for course in available_courses:
if cached_course_is_faculty(course, self.request.user):
courses.append(course)
# Only send down the real faculty. Not all us staff members
faculty = []
for user in self.request.course.faculty.all():
faculty.append(user)
return {
"current_course_faculty": faculty,
"available_courses": courses
}
def can_read(self,
course,
viewer,
the_collaboration=None,
viewer_response=None):
# has the author published his work?
collaboration = the_collaboration or self.get_collaboration()
if (collaboration is None) or \
(not collaboration.permission_to('read', course, viewer)):
return False
# First check: if this is not a composition
if (not self.is_composition()
or collaboration.policy_record.policy_name
== PUBLISH_WHOLE_WORLD[0]):
return True
parent = collaboration.get_parent()
if parent is None:
return True # this project does not have a parent assignment
# If this project is an assignment response, verify the parent
# assignment's response policy sanctions a read by the viewer
# the author & faculty can always view a submitted response
if ((course and cached_course_is_faculty(course, viewer))
or self.is_participant(viewer)):
return True
assignment = parent.content_object
if (assignment.response_view_policy == RESPONSE_VIEW_ALWAYS[0]):
return True
elif assignment.response_view_policy == RESPONSE_VIEW_SUBMITTED[0]:
viewer_response = (viewer_response or self._response_by_author(
parent.get_children_for_object(self), viewer))
return viewer_response and viewer_response.is_submitted()
else:
# assignment.response_view_policy == 'never'
# or a public url is being accessed and the user has changed
# security settings
return False
def course_detail_view(request):
if not request.course:
return HttpResponseRedirect('/accounts/login/')
logged_in_user = request.user
classwork_owner = request.user # Viewing your own work by default
if 'username' in request.GET:
user_name = request.GET['username']
in_course_or_404(user_name, request.course)
classwork_owner = get_object_or_404(User, username=user_name)
course = request.course
qs = ExternalCollection.objects.filter(course=request.course)
collections = qs.filter(uploader=False).order_by('title')
uploader = qs.filter(uploader=True).first()
owners = []
if (request.course.is_member(logged_in_user) and
(logged_in_user.is_staff or
logged_in_user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(request, request.course.members)
context = {
'classwork_owner': classwork_owner,
'information_title': course_information_title(course),
'faculty_feed': Project.objects.faculty_compositions(course,
logged_in_user),
'is_faculty': cached_course_is_faculty(course, logged_in_user),
'discussions': get_course_discussions(course),
'msg': request.GET.get('msg', ''),
'view': request.GET.get('view', ''),
'collections': collections,
'uploader': uploader,
'can_upload': course_details.can_upload(request.user, request.course),
'owners': owners
}
return context
def get_queryset(self):
qs = Project.objects.visible_assignments_by_course(
self.request.course, self.request.user)
qs = self.filter_by_title(qs)
if cached_course_is_faculty(self.request.course, self.request.user):
qs = self.sort_queryset(qs, 'due_date', 'desc')
else:
# Assignments for the student are sorted by:
# * the student's response submitted date asc with nulls first
# * timedelta between today and the due_date desc with nulls last
# annotate with the timedelta between today and the due_date
qs = qs.annotate(due_delta=datetime.now() - F('due_date'))
# use a subquery to retrieve the date of the user's response
# and annotate the date_submitted
my_responses = Project.objects.filter(
(Q(author=self.request.user)
| Q(participants=self.request.user)),
collaboration___parent__object_pk=OuterRef('pk')).distinct()
qs = qs.annotate(response_submitted=Subquery(
my_responses.values('date_submitted')[:1]))
qs = qs.annotate(response_policy=Subquery(
my_responses.values(
'collaboration__policy_record__policy_name')[:1]))
qs = qs.order_by('-response_submitted',
F('due_delta').desc(nulls_last=True))
# Assignments for students can be filtered based on status
qs = self.filter_by_status(qs)
return qs.select_related('author').prefetch_related(
'participants', 'collaboration__children',
'collaboration__policy_record',
'collaboration__children__content_object')
def get_context_data(self, **kwargs):
context = super(CourseDetailView, self).get_context_data(**kwargs)
course = context.get('object')
qs = ExternalCollection.objects.filter(course=self.request.course)
collections = qs.filter(uploader=False).order_by('title')
uploader = qs.filter(uploader=True).first()
owners = []
if (self.request.course.is_member(self.request.user) and
(self.request.user.is_staff
or self.request.user.has_perm('assetmgr.can_upload_for'))):
owners = UserResource().render_list(self.request, course.members)
context.update({
'course':
course,
'classwork_owner':
self.request.user,
'information_title':
course_information_title(course),
'faculty_feed':
Project.objects.faculty_compositions(course, self.request.user),
'is_faculty':
cached_course_is_faculty(course, self.request.user),
'owners':
owners,
'collections':
collections,
'uploader':
uploader,
'msg':
self.request.GET.get('msg', ''),
'can_upload':
course_details.can_upload(self.request.user, self.request.course),
})
return context
def apply_limits(self, request, object_list, exclude_global=True):
if request.user.is_authenticated():
if exclude_global:
# only request user's global annotations
object_list = object_list.exclude(~Q(author=request.user),
range1__isnull=True)
# Make sure the requesting user is allowed to see this note
invisible = []
courses = {}
for note in object_list.select_related('asset__course'):
course = note.asset.course
# Cache this out per course/user. It's just too slow otherwise
if not course.id in courses.keys():
courses[course.id] = {'whitelist': None}
is_faculty = cached_course_is_faculty(course, request.user)
if (not course_details.all_selections_are_visible(course)
and not is_faculty):
courses[course.id]['whitelist'] = list(course.faculty)
courses[course.id]['whitelist'].append(request.user)
if not cached_course_is_member(course, request.user):
invisible.append(note.id)
elif (courses[course.id]['whitelist'] and
not note.author in courses[course.id]['whitelist']):
# apply per course limitations
# the user or a faculty member must be the selection author
invisible.append(note.id)
return object_list.exclude(id__in=invisible).order_by('id')
elif request.public:
# attribute "public" set on request when requesting a
# public_to_world essay. all notes are public by default
return object_list.order_by('id')
else:
return []
def apply_limits(self, request, object_list, exclude_global=True):
if request.user.is_authenticated():
if exclude_global:
# only request user's global annotations
object_list = object_list.exclude(~Q(author=request.user),
range1__isnull=True)
# Make sure the requesting user is allowed to see this note
invisible = []
courses = {}
for note in object_list.select_related('asset__course'):
course = note.asset.course
# Cache this out per course/user. It's just too slow otherwise
if not course.id in courses.keys():
courses[course.id] = {'whitelist': None}
is_faculty = cached_course_is_faculty(course, request.user)
if (not course_details.all_selections_are_visible(course)
and not is_faculty):
courses[course.id]['whitelist'] = list(course.faculty)
courses[course.id]['whitelist'].append(request.user)
if not cached_course_is_member(course, request.user):
invisible.append(note.id)
elif (courses[course.id]['whitelist']
and not note.author in courses[course.id]['whitelist']):
# apply per course limitations
# the user or a faculty member must be the selection author
invisible.append(note.id)
return object_list.exclude(id__in=invisible).order_by('id')
elif request.public:
# attribute "public" set on request when requesting a
# public_to_world essay. all notes are public by default
return object_list.order_by('id')
else:
return []
def manage(self, coll, course, user):
course_collaboration = cached_course_collaboration(course)
return coll.context == course_collaboration and (
(course and cached_course_is_faculty(course, user)) or coll.user == user
)
def manage(self, coll, course, user):
course_collaboration = cached_course_collaboration(course)
return (coll.context == course_collaboration
and ((course and cached_course_is_faculty(course, user))
or coll.user == user))
def render_assets(request, record_owner, assets):
course = request.course
logged_in_user = request.user
# Is the current user faculty OR staff
is_faculty = cached_course_is_faculty(course, logged_in_user)
# Can the record_owner edit the records
viewing_own_records = (record_owner == logged_in_user)
viewing_faculty_records = record_owner and course.is_faculty(record_owner)
# Allow the logged in user to add assets to his composition
citable = request.GET.get('citable', '') == 'true'
# Does the course allow viewing other user selections?
owner_selections_are_visible = (
course_details.all_selections_are_visible(course) or
viewing_own_records or viewing_faculty_records or is_faculty)
# Spew out json for the assets
if request.GET.get('annotations', '') == 'true':
resource = AssetResource(owner_selections_are_visible,
record_owner,
{'editable': viewing_own_records,
'citable': citable})
else:
resource = AssetSummaryResource({'editable': viewing_own_records,
'citable': citable})
asset_json = resource.render_list(request, assets)
active_filters = {}
for k, val in request.GET.items():
if (k == 'tag' or k == 'modified' or k.startswith('vocabulary-')):
active_filters[k] = val
user_resource = UserResource()
# #todo -- figure out a cleaner way to do this. Ugli-ness
# Collate tag set & vocabulary set for the result set.
# Get all visible notes for the returned asset set
# These notes may include global annotations for all users,
# whereas the rendered set will not
active_asset_ids = [a['id'] for a in asset_json]
active_notes = []
if record_owner:
if owner_selections_are_visible:
active_notes = SherdNote.objects.filter(
asset__course=course, asset__id__in=active_asset_ids,
author__id=record_owner.id)
else:
if all_selections_are_visible(course) or is_faculty:
# Display all tags for the asset set including globals
active_notes = SherdNote.objects.filter(
asset__course=course, asset__id__in=active_asset_ids)
else:
whitelist = [f.id for f in course.faculty]
whitelist.append(request.user.id)
active_notes = SherdNote.objects.filter(
asset__course=course,
asset__id__in=active_asset_ids,
author__id__in=whitelist)
tags = []
if len(active_notes) > 0:
tags = Tag.objects.usage_for_queryset(active_notes)
tags.sort(lambda a, b: cmp(a.name.lower(), b.name.lower()))
active_vocabulary = []
note_ids = [n.id for n in active_notes]
content_type = ContentType.objects.get_for_model(SherdNote)
term_resource = TermResource()
for v in Vocabulary.objects.get_for_object(request.course):
vocabulary = {
'id': v.id,
'display_name': v.display_name,
'term_set': []
}
related = TermRelationship.objects.filter(term__vocabulary=v,
content_type=content_type,
object_id__in=note_ids)
terms = []
for r in related:
if r.term.display_name not in terms:
the_term = term_resource.render_one(request, r.term)
vocabulary['term_set'].append(the_term)
terms.append(r.term.display_name)
active_vocabulary.append(vocabulary)
# Assemble the context
data = {'assets': asset_json,
'active_tags': TagResource().render_list(request, tags),
'active_filters': active_filters,
'active_vocabulary': active_vocabulary,
'space_viewer': user_resource.render_one(request, logged_in_user),
'editable': viewing_own_records,
'citable': citable,
'is_faculty': is_faculty}
if record_owner:
data['space_owner'] = user_resource.render_one(request, record_owner)
json_stream = simplejson.dumps(data, indent=2)
return HttpResponse(json_stream, mimetype='application/json')
def test_cached_course_is_faculty(self):
self.assertTrue(
cached_course_is_faculty(self.sample_course, self.instructor_one))
self.assertTrue(
cached_course_is_faculty(self.sample_course, self.instructor_one))
def read(self, coll, course, user):
return (self.manage(coll, course, user)
or cached_course_is_faculty(course, user))
def dispatch(self, *args, **kwargs):
if not cached_course_is_faculty(self.request.course,
self.request.user):
return HttpResponseForbidden("forbidden")
return super(LoggedInFacultyMixin, self).dispatch(*args, **kwargs)
def wrap(request, *args, **kwargs):
if not cached_course_is_faculty(request.course, request.user):
return HttpResponseForbidden("forbidden")
return func(request, *args, **kwargs)
def render_assets(request, record_owner, assets):
course = request.course
logged_in_user = request.user
# Is the current user faculty OR staff
is_faculty = cached_course_is_faculty(course, logged_in_user)
# Can the record_owner edit the records
viewing_own_records = (record_owner == logged_in_user)
viewing_faculty_records = record_owner and course.is_faculty(record_owner)
# Allow the logged in user to add assets to his composition
citable = request.GET.get('citable', '') == 'true'
# Does the course allow viewing other user selections?
owner_selections_are_visible = (
course_details.all_selections_are_visible(course)
or viewing_own_records or viewing_faculty_records or is_faculty)
# Spew out json for the assets
if request.GET.get('annotations', '') == 'true':
resource = AssetResource(owner_selections_are_visible, record_owner, {
'editable': viewing_own_records,
'citable': citable
})
else:
resource = AssetSummaryResource({
'editable': viewing_own_records,
'citable': citable
})
asset_json = resource.render_list(request, assets)
active_filters = {}
for key, val in request.GET.items():
if (key == 'tag' or key == 'modified'
or key.startswith('vocabulary-')):
active_filters[key] = val
user_resource = UserResource()
# #todo -- figure out a cleaner way to do this. Ugli-ness
# Collate tag set & vocabulary set for the result set.
# Get all visible notes for the returned asset set
# These notes may include global annotations for all users,
# whereas the rendered set will not
active_asset_ids = [a['id'] for a in asset_json]
active_notes = []
if record_owner:
if owner_selections_are_visible:
active_notes = SherdNote.objects.filter(
asset__course=course,
asset__id__in=active_asset_ids,
author__id=record_owner.id)
else:
if all_selections_are_visible(course) or is_faculty:
# Display all tags for the asset set including globals
active_notes = SherdNote.objects.filter(
asset__course=course, asset__id__in=active_asset_ids)
else:
whitelist = [f.id for f in course.faculty]
whitelist.append(request.user.id)
active_notes = SherdNote.objects.filter(
asset__course=course,
asset__id__in=active_asset_ids,
author__id__in=whitelist)
tags = []
if len(active_notes) > 0:
tags = Tag.objects.usage_for_queryset(active_notes)
tags.sort(lambda a, b: cmp(a.name.lower(), b.name.lower()))
active_vocabulary = []
note_ids = [n.id for n in active_notes]
content_type = ContentType.objects.get_for_model(SherdNote)
term_resource = TermResource()
for vocab in Vocabulary.objects.get_for_object(request.course):
vocabulary = {
'id': vocab.id,
'display_name': vocab.display_name,
'term_set': []
}
related = TermRelationship.objects.filter(term__vocabulary=vocab,
content_type=content_type,
object_id__in=note_ids)
terms = []
for rel in related:
if rel.term.display_name not in terms:
the_term = term_resource.render_one(request, rel.term)
vocabulary['term_set'].append(the_term)
terms.append(rel.term.display_name)
active_vocabulary.append(vocabulary)
# Assemble the context
data = {
'assets': asset_json,
'active_tags': TagResource().render_list(request, tags),
'active_filters': active_filters,
'active_vocabulary': active_vocabulary,
'space_viewer': user_resource.render_one(request, logged_in_user),
'editable': viewing_own_records,
'citable': citable,
'is_faculty': is_faculty
}
if record_owner:
data['space_owner'] = user_resource.render_one(request, record_owner)
json_stream = simplejson.dumps(data, indent=2)
return HttpResponse(json_stream, mimetype='application/json')
def test_cached_course_is_faculty(self):
self.assertTrue(cached_course_is_faculty(self.sample_course,
self.instructor_one))
self.assertTrue(cached_course_is_faculty(self.sample_course,
self.instructor_one))
def wrap(request, *args, **kwargs):
if request.user is None or request.user.is_anonymous():
return HttpResponseForbidden("forbidden")
if not cached_course_is_faculty(request.course, request.user):
return HttpResponseForbidden("forbidden")
return func(request, *args, **kwargs)
def dispatch(self, *args, **kwargs):
if not cached_course_is_faculty(self.request.course,
self.request.user):
return HttpResponseForbidden("forbidden")
return super(LoggedInFacultyMixin, self).dispatch(*args, **kwargs)
def read(self, coll, course, user):
return self.manage(coll, course, user) or cached_course_is_faculty(course, user)
def wrap(request, *args, **kwargs):
if request.user is None or request.user.is_anonymous():
return HttpResponseForbidden("forbidden")
if not cached_course_is_faculty(request.course, request.user):
return HttpResponseForbidden("forbidden")
return func(request, *args, **kwargs)
def read(self, coll, course, user):
course_collaboration = cached_course_collaboration(course)
return (coll.context == course_collaboration
and ((course and cached_course_is_faculty(course, user))
or coll.user_id == user.id or
(coll.group_id and user in coll.group.user_set.all())))
def wrap(request, *args, **kwargs):
if not cached_course_is_faculty(request.course, request.user):
return HttpResponseForbidden("forbidden")
return func(request, *args, **kwargs)
