def process_request(self, request, override_view=None): request.course = None # must be present to be a caching key if is_anonymous_path(request.path) or \ ( not request.user.is_authenticated() and not CourseAccess.allowed(request) ): return None if 'unset_course' in request.GET and SESSION_KEY in request.session: del request.session[SESSION_KEY] set_course = request.POST.get('set_course', request.GET.get('set_course', None)) if set_course is not None: course = get_object_or_404( Course, group__name=set_course) if request.user.is_staff or \ CourseAccess.allowed(request) or \ (request.user in course.members): request.session[SESSION_KEY] = course self.decorate_request(request, course) if 'next' in request.GET: return HttpResponseRedirect(request.GET['next']) return None if SESSION_KEY in request.session: course = request.session[SESSION_KEY] self.decorate_request(request, course) return None available_courses = Course.objects.filter(group__user=request.user) chosen_course = None try: requested_view, view_args, view_kwargs = resolve( request.get_full_path()) except Resolver404: requested_view = None # Staff and instructors should always get the opportunity to # pick a course. if requested_view in AUTO_COURSE_SELECT: chosen_course = AUTO_COURSE_SELECT[requested_view]( *view_args, **view_kwargs) elif (available_courses.count() == 1 and not request.user.is_staff and not is_faculty(request.user)): chosen_course = available_courses.first() if chosen_course and \ (chosen_course in available_courses or request.user.is_staff): request.session[SESSION_KEY] = chosen_course self.decorate_request(request, chosen_course) return None return self.course_list_view(request, override_view)
def test_courseaccess(self): """ what is this? """ # respond() should do nothing CourseAccess.respond("foo") class StubRequest(object): REQUEST = dict() self.assertFalse(CourseAccess.allowed(StubRequest()))
def post(self, request, *args, **kwargs): if not CourseAccess.allowed(request): return HttpResponseForbidden() try: arg = self.request.POST.get('asset-url', None) asset = Asset.objects.get(id=self.get_asset_id(arg)) except (TypeError, Asset.DoesNotExist): return HttpResponseNotFound() for key, value in request.POST.items(): # replace primary source completely. the labels will differ if key in Asset.primary_labels: if len(value) < 1: # don't empty out a primary source msg = 'Invalid primary source for {}'.format(key) return HttpResponseBadRequest(msg) asset.update_primary(key, value) else: # update a secondary source based on label sources = asset.source_set.filter(label=key) sources.update(url=value) return HttpResponse('updated')
def parse_user(self, request): user = request.user args = request.POST if request.method == 'POST' else request.GET if ((user.is_staff or CourseAccess.allowed(request)) and 'as' in args): as_user = args['as'] user = get_object_or_404(User, username=as_user) return user
def parse_user(self, request): user = request.user if ((user.is_staff or CourseAccess.allowed(request)) and 'as' in request.REQUEST): as_user = request.REQUEST['as'] user = get_object_or_404(User, username=as_user) return user
def _parse_user(request): user = request.user if ((user.is_staff or CourseAccess.allowed(request)) and 'as' in request.REQUEST): as_user = request.REQUEST['as'] user = get_object_or_404(User, username=as_user) if not request.course or not request.course.is_true_member(user): return HttpResponseForbidden("You must be a member of the course to \ add assets.") return user
def course_list_query(request): if not CourseAccess.allowed(request): return HttpResponseForbidden('{"error":"server not whitelisted"}') user = get_object_or_404( User, username=request.REQUEST.get('user', 'none')) courses = available_courses_query(user) data = {'courses': dict( [(c.group.name, {'title': c.title, }) for c in courses] )} return HttpResponse( simplejson.dumps(data, indent=2), mimetype='application/json')
def course_list_query(request): if not CourseAccess.allowed(request): return HttpResponseForbidden('{"error":"server not whitelisted"}') username = request.POST.get('user', request.GET.get('user', 'none')) user = get_object_or_404(User, username=username) courses = get_courses_for_user(user) data = {'courses': dict( [(c.group.name, {'title': c.title, }) for c in courses] )} return HttpResponse( json.dumps(data, indent=2), content_type='application/json')
def post(self, request, *args, **kwargs): if not CourseAccess.allowed(request): return HttpResponseForbidden() wid = self.request.POST.get('metadata-wardenclyffe-id', None) if not wid: return HttpResponseNotFound() qs = self.get_matching_assets(wid) if qs.count() == 0: return HttpResponseNotFound() for asset in self.get_matching_assets(wid): items = request.POST.items() if not self.update_asset(asset, items): return HttpResponseBadRequest() return HttpResponse('updated')
def asset_create(request): """ We'd like to support basically the Delicious URL API as much as possible /save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes} But also thumb={url}&stream={url}&... Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=) """ # XXX TODO: the error case here should be 401/403, not 404 user = request.user if (user.is_staff or CourseAccess.allowed(request)) and request.REQUEST.has_key('as'): as_user = request.REQUEST['as'] if as_user == 'faculty': as_user = request.course.faculty[0].username user = get_object_or_404(User,username=as_user) if not request.course or not request.course.is_true_member(user): extra = '' if user.is_staff: extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse('admin:courseaffils_course_change', args=[request.course.id]) return HttpResponseForbidden("""You must be a member of the course to add assets. This is to prevent unintentional participation.%s""" % extra) asset = None req_dict = getattr(request,request.method) metadata = {} for key in req_dict: if key.startswith('metadata-'): metadata[key[len('metadata-'):]] = req_dict.getlist(key) title = req_dict.get('title','') asset = Asset.objects.get_by_args(req_dict, asset__course=request.course) if asset is False: raise AssertionError("no arguments were supplied to make an asset") if asset is None: try: asset = Asset(title=title[:1020], #max title length course=request.course, author=user) asset.save() for source in sources_from_args(request, asset).values(): if len(source.url) <= 4096: source.save() if "tag" in metadata: for t in metadata["tag"]: asset.save_tag(user, t) if len(metadata): asset.metadata_blob = simplejson.dumps(metadata) asset.save() except: #we'll make it here if someone doesn't submit #any primary_labels as arguments # @todo verify the above comment. raise AssertionError("no primary source provided") # create a global annotation global_annotation = asset.global_annotation(user, True) asset_url = reverse('asset-view', args=[asset.id]) source = request.POST.get('asset-source', "") if source == 'bookmarklet': asset_url += "?level=item" #for bookmarklet mass-adding if request.REQUEST.get('noui','').startswith('postMessage'): return render_to_response('assetmgr/interface_iframe.html', {'message': '%s|%s' % (request.build_absolute_uri(asset_url), request.REQUEST['noui']), }) elif request.is_ajax(): return HttpResponse(serializers.serialize('json', asset), mimetype="application/json") elif "archive" == asset.primary.label: redirect_url = request.POST.get('redirect-url', reverse('class-add-source')) url = "%s?newsrc=%s" % (redirect_url, asset.title) return HttpResponseRedirect(url) else: return HttpResponseRedirect(asset_url)
def process_request(self, request): request.course = None # must be present to be a caching key path = urlquote(request.get_full_path()) if is_anonymous_path(request.path): return None if (not request.user.is_authenticated() and not CourseAccess.allowed(request)): return None if 'unset_course' in request.GET: if SESSION_KEY in request.session: del request.session[SESSION_KEY] def decorate_request(request, course): request.course = course request.coursename = course.title # these will show up in Error emails as part of WSGI object request.environ['django_username'] = request.user.username request.environ['django_course'] = course.title if Collaboration: # if structuredcollaboration app is installed (request.collaboration_context, created) = Collaboration.objects.get_or_create( content_type=ContentType.objects.get_for_model(Course), object_pk=str(course.pk)) if created or request.collaboration_context.slug is None: request.collaboration_context.title = course.title request.collaboration_context.group = course.group for i in range(2): slug_try = course.slug(attempt=i) if Collaboration.objects.filter( slug=slug_try).count() == 0: request.collaboration_context.slug = slug_try break request.collaboration_context.save() if 'set_course' in request.REQUEST: course = Course.objects.get( group__name=request.REQUEST['set_course']) if (request.user.is_staff or CourseAccess.allowed(request) or (request.user in course.members)): request.session[SESSION_KEY] = course decorate_request(request, course) if 'next' in request.GET: return HttpResponseRedirect(request.GET['next']) return None if SESSION_KEY in request.session: course = request.session[SESSION_KEY] decorate_request(request, course) return None available_courses = Course.objects.filter(group__user=request.user) chosen_course = None try: requested_view, view_args, view_kwargs = resolve( request.get_full_path()) except Resolver404: requested_view = None #staff should always get the opportunity to pick a course if requested_view in AUTO_COURSE_SELECT: chosen_course = AUTO_COURSE_SELECT[requested_view]( *view_args, **view_kwargs) elif len(available_courses) == 1 and not request.user.is_staff: chosen_course = available_courses[0] if (chosen_course and (chosen_course in available_courses or request.user.is_staff)): request.session[SESSION_KEY] = chosen_course decorate_request(request, chosen_course) return None return select_course(request)
def asset_create(request): """ We'd like to support basically the Delicious URL API as much as possible /save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes} But also thumb={url}&stream={url}&... Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=) """ # XXX TODO: the error case here should be 401/403, not 404 user = request.user if (user.is_staff or CourseAccess.allowed(request)) and request.REQUEST.has_key('as'): as_user = request.REQUEST['as'] if as_user == 'faculty': as_user = request.course.faculty[0].username user = get_object_or_404(User, username=as_user) if not request.course or not request.course.is_true_member(user): extra = '' if user.is_staff: extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse( 'admin:courseaffils_course_change', args=[request.course.id]) return HttpResponseForbidden( """You must be a member of the course to add assets. This is to prevent unintentional participation.%s""" % extra) asset = None req_dict = getattr(request, request.method) metadata = {} for key in req_dict: if key.startswith('metadata-'): metadata[key[len('metadata-'):]] = req_dict.getlist(key) title = req_dict.get('title', '') asset = Asset.objects.get_by_args(req_dict, asset__course=request.course) if asset is False: raise AssertionError("no arguments were supplied to make an asset") if asset is None: try: asset = Asset( title=title[:1020], #max title length course=request.course, author=user) asset.save() for source in sources_from_args(request, asset).values(): if len(source.url) <= 4096: source.save() if "tag" in metadata: for t in metadata["tag"]: asset.save_tag(user, t) if len(metadata): asset.metadata_blob = simplejson.dumps(metadata) asset.save() except: #we'll make it here if someone doesn't submit #any primary_labels as arguments # @todo verify the above comment. raise AssertionError("no primary source provided") # create a global annotation global_annotation = asset.global_annotation(user, True) asset_url = reverse('asset-view', args=[asset.id]) source = request.POST.get('asset-source', "") if source == 'bookmarklet': asset_url += "?level=item" #for bookmarklet mass-adding if request.REQUEST.get('noui', '').startswith('postMessage'): return render_to_response( 'assetmgr/interface_iframe.html', { 'message': '%s|%s' % (request.build_absolute_uri(asset_url), request.REQUEST['noui']), }) elif request.is_ajax(): return HttpResponse(serializers.serialize('json', asset), mimetype="application/json") elif "archive" == asset.primary.label: redirect_url = request.POST.get('redirect-url', reverse('class-add-source')) url = "%s?newsrc=%s" % (redirect_url, asset.title) return HttpResponseRedirect(url) else: return HttpResponseRedirect(asset_url)
def add_asset(request): """ We'd like to support basically the Delicious URL API as much as possible /save?jump={yes|close}&url={url}&title={title}&{noui}&v={5}&share={yes} But also thumb={url}&stream={url}&... Other groups to pay attention to are MediaMatrix (seems subset of delicious: url=) """ # XXX TODO: the error case here should be 401/403, not 404 user = request.user if (user.is_staff or CourseAccess.allowed(request)) and request.REQUEST.has_key('as'): as_user = request.REQUEST['as'] if as_user == 'faculty': as_user = request.course.faculty[0].username user = get_object_or_404(User,username=as_user) if not request.course or not request.course.is_true_member(user): extra = '' if user.is_staff: extra = 'Since you are staff, you can add yourself through <a href="%s">Manage Course</a> interface.' % reverse('admin:courseaffils_course_change', args=[request.course.id]) return HttpResponseForbidden("""You must be a member of the course to add assets. This is to prevent unintentional participation.%s""" % extra) asset = None req_dict = getattr(request,request.method) metadata = {} for key in req_dict: if key.startswith('metadata-'): metadata[key[len('metadata-'):]] = req_dict.getlist(key) title = req_dict.get('title','') asset = Asset.objects.get_by_args(req_dict, asset__course=request.course) if asset is False: raise AssertionError("no arguments were supplied to make an asset") if asset is None: try: asset = Asset(title=title[:1020], #max title length course=request.course, author=user) asset.save() for source in sources_from_args(request, asset).values(): source.save() transaction.commit() if len(metadata): asset.metadata_blob = simplejson.dumps(metadata) asset.save() transaction.commit() except: transaction.rollback() raise # if we got here from an attempt to annotate the mock asset # we'll save that annotation now that the asset exists if asset: if request.POST.has_key('save-global-annotation'): # if the user is saving a global annotation # we need to create it first and then edit it global_annotation = asset.global_annotation(user) annotationview(request, asset.pk, global_annotation.pk) transaction.commit() elif request.POST.has_key('save-clip-annotation'): annotationcontainerview(request, asset.pk) transaction.commit() asset_url = reverse('asset-view', args=[asset.id]) #for bookmarklet mass-adding if request.REQUEST.get('noui','').startswith('postMessage'): return render_to_response('assetmgr/interface_iframe.html', {'message': '%s|%s' % (request.build_absolute_uri(asset_url), request.REQUEST['noui']), }) elif not request.is_ajax(): return HttpResponseRedirect(asset_url) else: return HttpResponse(serializers.serialize('json',asset), mimetype="application/json") else: #we'll make it here if someone doesn't submit #any primary_labels as arguments raise AssertionError("something didn't work")