def show_appointment_participants(request, app_id): """ This view displays a list of all participants associated with\n the selected appointment.\n \n*login required*\n For security reasons we check the user's group association once more\n and redirect if necessary.\n :param request: the incoming request :param app_id: database id of the selected appointment :return: rendered page or HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: app = get_object_or_404(Appointment, pk=app_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass if app is None: return HttpResponseRedirect(reverse('cmanagement:tut')) course = app.my_course other_tutors_list = make_other_tutors_list(request) my_courses_list = make_courses_list(request) # This variable is unused??? course_apps = compile_course_apps(course) part_list = app.my_participants.all() context = {'course': course, 'app': app, 'part_list': part_list, 'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user} return render(request, 'cmanagement/tutor_show_participants.html', context)
def edit_appointment_location(request, app_id): """ This view provides an interface for tutors to change\n the selected appointments location.\n It shows the "change appointment location" form.\n :param request: the incoming request :param app_id: database id of the selected appointment :return: HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: app = get_object_or_404(Appointment, pk=app_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass if app is None: return HttpResponseRedirect(reverse('cmanagement:tut')) course = app.my_course other_tutors_list = make_other_tutors_list(request) my_courses_list = make_courses_list(request) # this is unused??? course_apps = compile_course_apps(course) part_list = app.my_participants.all() context = {'course': course, 'app': app, 'part_list': part_list, 'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user} return render(request, 'cmanagement/tutor_appointment_changeloc.html', context)
def show_form_email_to_course(request, course_id): """ This view shows an E-Mail form.\n The written message will be send to all participants enrolled to\n appointments which are associated with the selected course\n and the active request user (a tutor).\n \n*login required*\n For security reasons we check the user's group association once more\n and redirect if necessary.\n :param request: the incoming request :param course_id: the database id of the selected course :return: rendered page or HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: the_course = get_object_or_404(Course, pk=course_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass other_tutors_list = make_other_tutors_list(request) my_courses_list = get_course_app_list(request) context = { 'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user, 'recipient': the_course, 'mass_email': True } return render(request, 'cmanagement/tutor_message.html', context)
def show_form_email_to_course(request, course_id): """ This view shows an E-Mail form.\n The written message will be send to all participants enrolled to\n appointments which are associated with the selected course\n and the active request user (a tutor).\n \n*login required*\n For security reasons we check the user's group association once more\n and redirect if necessary.\n :param request: the incoming request :param course_id: the database id of the selected course :return: rendered page or HttpResponseRedirect() """ # <SECURITY_BLOCK> # check user groups for Tutor or Organizer membership (in hierarchical order) if not request.user or not request.user.is_active: logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) elif request.user.groups.filter(name="Organizers").count() is not 0: # redirect to organizer view return HttpResponseRedirect(reverse('cmanagement:exec')) elif request.user.groups.filter(name="Tutors").count() is not 0: # everything is fine, proceed to tutor's view pass else: # strange membership, redirect to login page logout(request) return HttpResponseRedirect(reverse('cmanagement:index')) # <SECURITY_BLOCK> try: the_course = get_object_or_404(Course, pk=course_id) except Http404: return HttpResponseRedirect(reverse('cmanagement:tut')) else: pass other_tutors_list = make_other_tutors_list(request) my_courses_list = get_course_app_list(request) context = {'tutors_list': other_tutors_list, 'my_courses_list': my_courses_list, 'logged_in_user': request.user, 'recipient': the_course, 'mass_email': True} return render(request, 'cmanagement/tutor_message.html', context)