def post(self) -> Response:
"""
POST response method for creating a quiz submission.
JSON Web Token is required.
Student must be in the course.
Student may only have one submission per quiz.
"""
user = get_jwt_identity()
data = request.get_json()
quiz_id = data['quiz']
# already a submission from this user
if len(Submissions.objects(quiz=quiz_id, user=user)) != 0:
return forbidden()
# quiz doesn't exist
try:
quiz = Quizzes.objects.get(id=quiz_id)
course = Courses.objects.get(id=quiz.course.id)
except DoesNotExist as e:
return not_found()
# student must be enrolled in the course of the quiz
courses = Courses.objects(students=user)
if course not in courses:
return forbidden()
# student is in course and has not submitted
# generate the answer key
answer_key = {}
for question in quiz.quizQuestions:
answer_key[question.index] = question.answer
# compare answer key to student responses
student_responses = data['answers']
grade = 0
for response in student_responses:
index = response['question']
if index in answer_key and answer_key[index] == response['answer']:
grade += 1
try:
data['user'] = user
data['grade'] = grade
submission = Submissions(**data).save()
except ValidationError as e:
return bad_request(e.to_dict())
output = {'id': str(submission.id)}
return jsonify(output)
def get(self, course_id: str) -> Response:
"""
GET response method for all documents in course collection.
JSON Web Token is required.
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
user_id = get_jwt_identity()
# make sure the course exists
try:
course = Courses.objects.get(id=course_id)
except DoesNotExist:
return not_found()
if authorized:
inst_id = getattr(getattr(course, 'instructor'), 'id')
if (str(inst_id) != str(user_id)):
query = Feedback.objects(course=course_id, public=True)
else:
query = Feedback.objects(course=course_id)
res = []
for fb in query:
img_b64 = base64.b64encode(fb.user.image.thumbnail.read())
fb_json = {
'comment': fb.comment,
'user': fb.user.name,
'image': img_b64.decode('utf-8')
}
res.append(fb_json)
return jsonify(res)
else:
return forbidden()
def post(self) -> Response:
"""
POST response method for endorsing a course.
:return: JSON object
"""
data = request.get_json()
user_id=get_jwt_identity()
course_id = data["courseId"]
authorized: bool = Users.objects.get(id=user_id).roles.organization
if authorized:
# don't let an organization endorse the same course twice
if Courses.objects(id=course_id, endorsedBy=ObjectId(user_id)):
return conflict("You already endorsed this course!")
# add the organization the course's endorsedBy list
try:
endorse = Courses.objects(id=course_id).update(push__endorsedBy=ObjectId(user_id))
if endorse == 0:
return not_found("404 Error: The requested course does not exist")
except InvalidId as e:
print(e.__class__.__name__)
print(dir(e))
return bad_request(str(e))
except ValidationError as e:
return bad_request(e.message)
output = {'id': user_id}
return jsonify(output)
else:
return forbidden()
def delete(self) -> Response:
"""
DELETE response method for deleting all users.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
output = Users.objects.delete()
return jsonify(output)
else:
return forbidden()
def get(self, course_id) -> Response:
# get the number of people enrolled in a course
# get the instructor for the course
try:
course = Courses.objects.get(id=course_id)
inst = course.instructor
except DoesNotExist:
return not_found("could not find the specified course")
authorized = (str(inst.id) == get_jwt_identity())
if not authorized:
return forbidden()
output = {'students': len(course.students)}
return jsonify(output)
def get(self) -> Response:
"""
GET response method for acquiring all user data.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
query = Users.objects()
fields = {'email', 'password', 'name', 'phone', 'roles'}
return jsonify(convert_query(query, fields))
else:
return forbidden()
def get(self, user_id: str) -> Response:
"""
GET response method for acquiring single user data.
JSON Web Token is required.
Authorization is required: Access(admin=true) or UserId = get_jwt_identity()
:return: JSON object
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
user = Users.objects.get(id=user_id)
fields = {'email', 'password', 'name', 'phone', 'roles'}
return jsonify(convert_doc(user, fields))
else:
return forbidden()
def post(self: str) -> Response:
"""
POST response method for creating user.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
user = create_user(data)
output = {'id': str(user.id)}
return jsonify(output)
else:
return forbidden()
def get(self, course_id: str) -> Response:
"""
GET response method for single documents in course collection.
:return: JSON object
"""
# check if the given course id is valid or not
try:
course = Courses.objects.get(id=course_id)
except DoesNotExist as e:
return not_found()
except ValidationError as e:
return bad_request()
user = get_jwt_identity()
try:
# check if the user is enrolled in the course
queryCourse = Courses.objects.get(id=course_id,
students=ObjectId(user))
student = True
except DoesNotExist as e:
student = False
# check if the user is the instructor of the course or if they are an admin
inst = str(course.instructor.id) == user
admin = Users.objects.get(id=user).roles.admin
authorized = student or inst or admin
if authorized:
if inst or admin:
query = Quizzes.objects(course=course)
elif student:
query = Quizzes.objects(course=course, published=True)
fields = {
'id',
'name',
'quizQuestions',
'published',
}
embedded = {'course': {'id': 'course'}}
converted = convert_embedded_query(query, fields, embedded)
return jsonify(converted)
else:
return forbidden()
def put(self, user_id: str) -> Response:
"""
PUT response method for updating a user.
JSON Web Token is required.
Authorization is required: Access(admin=true) or UserId = get_jwt_identity()
:return: JSON object
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
put_user = Users.objects(id=user_id).update(**data)
output = {'id': str(put_user.id)}
return jsonify(output)
else:
return forbidden()
def delete(self, op_id: str) -> Response:
"""
DELETE response method for deleting single opportunity.
JSON Web Token is required.
"""
authorized: bool = Users.objects.get(id=get_jwt_identity()).roles.organization or \
Users.objects.get(id=get_jwt_identity()).roles.admin
if authorized:
try:
output = Opportunity.objects.get(id=op_id).delete()
except ValidationError as e:
return bad_request(e.message)
return jsonify(output)
else:
return forbidden()
def put(self, op_id: str) -> Response:
"""
PUT response method for updating an opportunity.
JSON Web Token is required.
"""
data = request.get_json()
authorized: bool = Users.objects.get(id=get_jwt_identity()).roles.organization or \
Users.objects.get(id=get_jwt_identity()).roles.admin
if authorized:
try:
res = Opportunity.objects.get(id=op_id).update(**data)
except ValidationError as e:
return bad_request(e.message)
return jsonify(res)
else:
return forbidden()
def get(self) -> Response:
"""
GET response method for all documents in quiz collection.
JSON Web Token is required.
"""
authorized: bool = Users.objects.get(id=get_jwt_identity()).roles.admin
if authorized:
query = Quizzes.objects()
fields = {
'id',
'name',
'published',
}
response = convert_query(query, include=fields)
return jsonify(response)
else:
return forbidden()
def get(self, course_id) -> Response:
# get the number of *published* quizzes in a course
# get the instructor for the course
try:
course = Courses.objects.get(id=course_id)
inst = course.instructor
except DoesNotExist:
return not_found("could not find the specified course")
authorized = (str(inst.id) == get_jwt_identity())
if not authorized:
return forbidden()
# get all the quizzes for this course that are published
quizzes = Quizzes.objects(course=course, published=True)
output = {'quizzes': len(quizzes)}
return jsonify(output)
def get(self, course_id) -> Response:
# get the number of *published* quizzes in a course
# get the instructor for the course
try:
course = Courses.objects.get(id=course_id)
inst = course.instructor
except DoesNotExist:
return not_found("could not find the specified course")
authorized = (str(inst.id) == get_jwt_identity())
if not authorized:
return forbidden()
# get all the quizzes for this course that are published
quizzes = Quizzes.objects(course=course, published=True)
# output will be a list of quiz objects (name, # of submissions, and average)
output = []
for quiz in quizzes:
query = Submissions.objects(quiz=quiz.id)
if (len(query) > 0 and len(quiz.quizQuestions) > 0):
total = 0
for submission in query:
total += submission.grade
average = total / (len(query) * len(quiz.quizQuestions))
# the following two lines take the decimal average and convert it to whole number with 2 digits remaining
# examples:
# 0.01 -> 100.0 -> 1
# 0.234 -> 234.0 -> 23
average *= 10000
average //= 100
totalSubs = len(query)
else:
average = 0
totalSubs = 0
output.append({
'quiz': quiz.name,
'average': average,
'totalSubmissions': totalSubs,
})
return jsonify(output)
def post(self) -> Response:
"""
POST response method for creating a course.
JSON Web Token is required.
Authorization is required: Access(admin=true)
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
# get the instructor id based off of jwt token identity
data['instructor'] = get_jwt_identity()
try:
course = Courses(**data).save()
except ValidationError as e:
return bad_request(e.to_dict())
output = {'id': str(course.id)}
return jsonify(output)
else:
return forbidden()
def get(self, course_id) -> Response:
# get the view count for a course page
# get the instructor for the course
try:
inst = Courses.objects.get(id=course_id).instructor
except DoesNotExist:
return not_found("could not find the specified course")
authorized = (str(inst.id) == get_jwt_identity())
if not authorized:
return forbidden()
# get the page with the given name (might not be registered yet)
try:
page_name = '~courses~' + course_id
page = Pages.objects.get(name=page_name)
output = {'views': page.views}
return jsonify(output)
except DoesNotExist:
return not_found("this page has no views yet")
def post(self) -> Response:
"""
POST response method for creating a quiz.
JSON Web Token is required.
Authorization is required: role must be instructor
"""
user = get_jwt_identity()
data = request.get_json()
oid = ObjectId(user)
authorized: bool = Courses.objects.get(
id=data['course'])['instructor']['id'] == oid
authorized = authorized or Users.objects.get(id=user).roles.admin
if authorized:
try:
quiz = Quizzes(**data).save()
except ValidationError as e:
return bad_request(e.to_dict())
output = {'id': str(quiz.id)}
return jsonify(output)
else:
return forbidden()
def delete(self, course_id: str) -> Response:
"""
DELETE response method for deleting single course.
JSON Web Token is required.
Authorization is required: Access(admin=true)
"""
queryCourse = Courses.objects.get(id=course_id)
user = get_jwt_identity()
# only the course instructor can delete courses
authorized: bool = queryCourse['instructor']['id'] == ObjectId(user)
# or an admin
authorized = authorized or Users.objects.get(id=user).roles.admin
if authorized:
output = Courses.objects(id=course_id).delete()
if output == 0:
return not_found()
else:
return jsonify(output)
else:
return forbidden()
def post(self) -> Response:
"""
POST response method for creating an opportunity.
JSON Web Token is required.
"""
data = request.get_json()
authorized: bool = Users.objects.get(id=get_jwt_identity()).roles.organization or \
Users.objects.get(id=get_jwt_identity()).roles.admin
if authorized:
data['organization'] = get_jwt_identity()
try:
opportunity = Opportunity(**data).save()
except ValidationError as e:
return bad_request(e.to_dict())
output = {'id': str(opportunity.id)}
return jsonify(output)
else:
return forbidden()
def post(self) -> Response:
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
# make sure the course exists
try:
course = Courses.objects.get(id=data["course"])
except DoesNotExist:
return not_found()
# get the user id based off of jwt token identity
data['user'] = get_jwt_identity()
try:
feedback = Feedback(**data).save()
except ValidationError as e:
return bad_request(e.to_dict())
output = {'id': str(feedback.id)}
return jsonify(output)
else:
return forbidden()
def get(self) -> Response:
"""
GET response method for all documents related to an org.
:return: JSON object
"""
query = Opportunity.objects(organization=get_jwt_identity())
authorized: bool = Users.objects.get(id=get_jwt_identity()).roles.organization or \
Users.objects.get(id=get_jwt_identity()).roles.admin
if authorized:
fields = {
'paid',
'description',
'published',
'id',
}
converted = convert_query(query, fields)
return jsonify(converted)
else:
return forbidden()
def put(self, quiz_id: str) -> Response:
"""
PUT response method for updating a quiz.
JSON Web Token is required.
"""
query = Quizzes.objects.get(id=quiz_id)
user = get_jwt_identity()
# only the course instructor can delete their quizzes
authorized: bool = query.course.instructor.id == ObjectId(user)
# or an admin
authorized = authorized or Users.objects.get(id=user).roles.admin
if not authorized:
return forbidden()
data = request.get_json()
if ('course' in data):
data['course'] = ObjectId(data['course'])
try:
res = query.update(**data)
except ValidationError as e:
return bad_request(e.message)
return jsonify(res)
def get(self) -> Response:
"""
GET response method for all documents in course collection.
JSON Web Token is required.
"""
authorized: bool = True #Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
query = Courses.objects()
fields = {
'id',
'name',
'objective',
'learningOutcomes',
'published',
}
res = convert_query(query, include=fields)
return jsonify(res)
else:
return forbidden()
