示例#1
0
 def clean(self):
     super().clean()
     if self.cleaned_data.get(
             'DELETE') and not self.instance.can_manager_delete:
         raise SuspiciousOperation("Deleting course type not allowed")
示例#2
0
    def get_filters(self, request):
        lookup_params = self.params.copy() # a dictionary of the query string
        use_distinct = False

        # Remove all the parameters that are globally and systematically
        # ignored.
        for ignored in IGNORED_PARAMS:
            if ignored in lookup_params:
                del lookup_params[ignored]

        # Normalize the types of keys
        for key, value in lookup_params.items():
            if not isinstance(key, str):
                # 'key' will be used as a keyword argument later, so Python
                # requires it to be a string.
                del lookup_params[key]
                lookup_params[smart_str(key)] = value

            if not self.model_admin.lookup_allowed(key, value):
                raise SuspiciousOperation("Filtering by %s not allowed" % key)

        filter_specs = []
        if self.list_filter:
            for list_filter in self.list_filter:
                if callable(list_filter):
                    # This is simply a custom list filter class.
                    spec = list_filter(request, lookup_params,
                        self.model, self.model_admin)
                else:
                    field_path = None
                    if isinstance(list_filter, (tuple, list)):
                        # This is a custom FieldListFilter class for a given field.
                        field, field_list_filter_class = list_filter
                    else:
                        # This is simply a field name, so use the default
                        # FieldListFilter class that has been registered for
                        # the type of the given field.
                        field, field_list_filter_class = list_filter, FieldListFilter.create
                    if not isinstance(field, models.Field):
                        field_path = field
                        field = get_fields_from_path(self.model, field_path)[-1]
                    spec = field_list_filter_class(field, request, lookup_params,
                        self.model, self.model_admin, field_path=field_path)
                    # Check if we need to use distinct()
                    use_distinct = (use_distinct or
                                    lookup_needs_distinct(self.lookup_opts,
                                                          field_path))
                if spec and spec.has_output():
                    filter_specs.append(spec)

        # At this point, all the parameters used by the various ListFilters
        # have been removed from lookup_params, which now only contains other
        # parameters passed via the query string. We now loop through the
        # remaining parameters both to ensure that all the parameters are valid
        # fields and to determine if at least one of them needs distinct(). If
        # the lookup parameters aren't real fields, then bail out.
        try:
            for key, value in lookup_params.items():
                lookup_params[key] = prepare_lookup_value(key, value)
                use_distinct = (use_distinct or
                                lookup_needs_distinct(self.lookup_opts, key))
            return filter_specs, bool(filter_specs), lookup_params, use_distinct
        except FieldDoesNotExist, e:
            raise IncorrectLookupParameters(e)
示例#3
0
    def create_classification_entry(cls,
                                    name,
                                    rank_id,
                                    parent,
                                    language,
                                    layout=None,
                                    descriptors=None):
        """
        Create a new classification entry with a unique name. The level must be
        greater than its parent level.
        :param name: Unique classification entry name.
        :param rank_id: Classification rank with a greater level than its parent rank.
        :param parent: None or valid Classification entry instance.
        :param language: Language code of the primary synonym created with name.
        :param layout: Layout instance or None.
        :param descriptors: Descriptors values or None if no layout.
        :return: None or new Classification entry instance.
        """
        if ClassificationEntry.objects.filter(name=name).exists():
            raise SuspiciousOperation(
                _("A classification entry with this name already exists"))

        try:
            classification_rank = ClassificationRank.objects.get(id=rank_id)
        except ClassificationRank.DoesNotExist:
            raise SuspiciousOperation(
                _("The given classification rank does not exists"))

        if parent:
            if parent.rank.classification_id != classification_rank.classification_id:
                raise SuspiciousOperation(
                    _("The parent and the children classification rank must be of the same nature"
                      ))

            if parent.rank.level >= classification_rank.level:
                raise SuspiciousOperation(
                    _("The rank level of the parent must be lesser than the rank level of the new classification entry"
                      ))

        classification_entry = ClassificationEntry()
        classification_entry.name = name
        classification_entry.rank = classification_rank
        classification_entry.parent = parent
        classification_entry.parent_list = []
        classification_entry.layout = layout

        if parent:
            try:
                ClassificationEntryManager.update_parents(
                    classification_entry, parent)
            except ClassificationEntry.DoesNotExist:
                return None

        # descriptors
        if layout is not None:
            descriptors_builder = DescriptorsBuilder(classification_entry)

            descriptors_builder.check_and_update(layout, descriptors)
            classification_entry.descriptors = descriptors_builder.descriptors

        classification_entry.save()

        # first name a primary synonym
        primary_synonym = ClassificationEntrySynonym(
            entity_id=classification_entry.id,
            name=name,
            synonym_type_id=localsettings.
            synonym_type_classification_entry_name,
            language=language)

        primary_synonym.save()

        return classification_entry
示例#4
0
 def get_object(self, uid, user_id):
     try:
         return MLModel.create(**self.get_document(ObjectId(uid), user_id))
     except (TypeError, InvalidId):
         raise SuspiciousOperation('Invalid ID')
示例#5
0
def validate_team(request):

    if request.method != "POST":
        raise SuspiciousOperation(
            "Illegal request; This is event is reported and you will be blocked from any further access to this website"
        )

    team = request.POST.get('team', None)
    user = User.objects.get(username=request.user)
    code = request.POST.get('code', None)
    event = request.POST.get('event', None)
    email = request.POST.get('email', None)
    catg = request.POST.get('catg', None)
    print team, user, code, event, email, catg
    team = team.upper()
    #code = code.upper()
    team_leader = user.get_full_name()

    category_dict = {
        'Indian Vocal Solo ': 0,
        'Western Vocal Solo': 1,
        'Instrumental Solo': 2,
        'Group Musical': 3,
        None: None
    }
    catg_choice = Participant.dhwanit_category

    # because one team per user per event is allowed
    event_obj = Event.objects.get(name=event)
    is_taken = Team.objects.filter(created_by=user).filter(
        event_name=event_obj).exists() or Team.objects.filter(
            team_pass=code).exists(
            )  #returns true if logged in user has already created a team
    if is_taken:
        data = {'is_taken': is_taken}
        return JsonResponse(data)

    # If team doesn't already exist, allow user to create one
    if not is_taken:

        #participant cannot register with null value of code
        if team and code:
            does_exist = Team.objects.filter(team_name=team).filter(
                team_pass=code).exists(
                )  # returns true of team and code pair already exists
            if not does_exist and catg:
                team_obj = Team(
                    team_name=team,
                    team_pass=code,
                    created_by=user,
                    event_name=event_obj,
                    category=catg_choice[category_dict[str(catg)]][0])
                team_obj.save(
                )  # Team leader is not added untill he submits his details in join team module
                response = send_team_code(email, team_leader, code, event)
                if response:
                    print "added and mail sent"

            if not does_exist and not catg:
                team_obj = Team(team_name=team,
                                team_pass=code,
                                created_by=user,
                                event_name=event_obj,
                                category=None)
                team_obj.save(
                )  # Team leader is not added untill he submits his details in join team module
                response = send_team_code(email, team_leader, code, event)
                if response:
                    print "added and mail sent"

        else:
            is_taken = True

        data = {'is_taken': is_taken}

        return JsonResponse(data)
示例#6
0
def suspicious(request):
    raise SuspiciousOperation('Raising exception to test logging.')
示例#7
0
def sign_up(request):
    if not settings.RELATE_REGISTRATION_ENABLED:
        raise SuspiciousOperation(
                _("self-registration is not enabled"))

    if request.method == 'POST':
        form = SignUpForm(request.POST)
        if form.is_valid():
            if get_user_model().objects.filter(
                    username=form.cleaned_data["username"]).count():
                messages.add_message(request, messages.ERROR,
                        _("A user with that username already exists."))

            elif get_user_model().objects.filter(
                    email__iexact=form.cleaned_data["email"]).count():
                messages.add_message(request, messages.ERROR,
                        _("That email address is already in use. "
                        "Would you like to "
                        "<a href='%s'>reset your password</a> instead?")
                        % reverse(
                            "relate-reset_password")),
            else:
                email = form.cleaned_data["email"]
                user = get_user_model()(
                        email=email,
                        username=form.cleaned_data["username"])

                user.set_unusable_password()
                user.status = user_status.unconfirmed
                user.sign_in_key = make_sign_in_key(user)
                user.save()

                from django.template.loader import render_to_string
                message = render_to_string("course/sign-in-email.txt", {
                    "user": user,
                    "sign_in_uri": request.build_absolute_uri(
                        reverse(
                            "relate-reset_password_stage2",
                            args=(user.id, user.sign_in_key,))
                        + "?to_profile=1"),
                    "home_uri": request.build_absolute_uri(
                        reverse("relate-home"))
                    })

                from django.core.mail import send_mail
                send_mail(
                        string_concat("[", _("RELATE"), "] ",
                                     _("Verify your email")),
                        message,
                        settings.ROBOT_EMAIL_FROM,
                        recipient_list=[email])

                messages.add_message(request, messages.INFO,
                        _("Email sent. Please check your email and click "
                        "the link."))

                return redirect("relate-home")

    else:
        form = SignUpForm()

    return render(request, "generic-form.html", {
        "form_description": _("Sign up"),
        "form": form
        })
示例#8
0
def add_question(request, id):
    """
    Adds the question to test
    :param request:
    :param id: id of the test
    :return:
    """
    test = Test.objects.get(id=id)
    if test.test is None or test.test == b'':
        exam_test = ExamTest()
    else:
        exam_test = pickle.loads(test.test)

    if request.user != test.author:
        raise SuspiciousOperation("Некорректный id теста")
    if "type" in request.POST and int(request.POST["type"]) in (1, 2, 3):
        question_type = TestType(int(request.POST["type"]))

        if "question" in request.POST:
            question = Question(request.POST["question"], question_type)
        else:
            question = Question(None, question_type)

        if "image" in request.FILES:
            image = TestImage.objects.get_or_create(
                image=request.FILES["image"])
            image_id = image[0].id
        else:
            image_id = None
        question.set_image(image_id)

        if question_type is TestType.CLOSE_TYPE_SEVERAL_CORRECT_ANSWERS:
            i = 1
            while "answer" + str(i) in request.POST:
                question.add_new_answer(
                    CloseAnswer(answer=request.POST["answer" + str(i)],
                                is_correct=str(i)
                                in request.POST.getlist("trueAnswer")))
                i += 1
        elif question_type is TestType.CLOSE_TYPE_ONE_CORRECT_ANSWER:
            i = 1
            while "answer" + str(i) in request.POST:
                question.add_new_answer(
                    CloseAnswer(
                        answer=request.POST["answer" + str(i)],
                        is_correct=str(i) == request.POST["trueAnswer"]))
                i += 1
        elif question_type is TestType.OPEN_TYPE:
            question.add_new_answer(Answer(request.POST["openAnswer"]))

        exam_test.add_question(question)
        test.test = pickle.dumps(exam_test)
        test.save()
        request.user.rating += 1
        request.user.save()

        return HttpResponseRedirect(reverse("edit_test", args=[id]))
    else:
        return render(
            request, "exam/add_question.html", {
                "number_of_question": len(exam_test.get_questions()) + 1,
                "type_list": TYPE_LIST,
                "test_id": id
            })
示例#9
0
def edit_question(request, id, number):
    """
    Edits the question in the test
    :param request:
    :param id: id of test
    :param number: number of question
    :return:
    """
    id = int(id)
    number = int(number)
    test = Test.objects.get(id=id)
    if test.test is None or test.test == b'':
        raise SuspiciousOperation("Некорректный запрос")
    exam_test = pickle.loads(test.test)
    if "type" in request.POST and int(request.POST["type"]) in (1, 2, 3):
        question_type = TestType(int(request.POST["type"]))

        if "question" in request.POST:
            question = Question(request.POST["question"], question_type)
        else:
            question = Question(None, question_type)

        if "image" in request.FILES:
            image = TestImage.objects.get_or_create(
                image=request.FILES["image"])
            question.set_image(image[0].id)
        else:
            question.set_image(exam_test.get_questions()[number -
                                                         1].get_image())

        if question_type is TestType.CLOSE_TYPE_SEVERAL_CORRECT_ANSWERS:
            i = 1
            while "answer" + str(i) in request.POST:
                question.add_new_answer(
                    CloseAnswer(answer=request.POST["answer" + str(i)],
                                is_correct=str(i)
                                in request.POST.getlist("trueAnswer")))
                i += 1
        elif question_type is TestType.CLOSE_TYPE_ONE_CORRECT_ANSWER:
            i = 1
            while "answer" + str(i) in request.POST:
                question.add_new_answer(
                    CloseAnswer(
                        answer=request.POST["answer" + str(i)],
                        is_correct=str(i) == request.POST["trueAnswer"]))
                i += 1
        elif question_type is TestType.OPEN_TYPE:
            question.add_new_answer(Answer(request.POST["openAnswer"]))

        exam_test.get_questions()[number - 1] = question
        test.test = pickle.dumps(exam_test)
        test.save()
        request.user.rating += 1
        request.user.save()

        return HttpResponseRedirect(reverse("edit_test", args=[id]))
    else:
        question = exam_test.get_questions()[number - 1]
        if question.get_image():
            image_test = TestImage.objects.get(id=question.get_image())
            image = image_test.image.url
        else:
            image = None

        return render(
            request, "exam/edit_question.html", {
                "number_of_question": number,
                "operation": "edit_test_edit_question",
                "type_list": TYPE_LIST,
                "test_id": id,
                "question": question,
                "image": image
            })
示例#10
0
文件: views.py 项目: julkw/1327
def revert(request):
    if not request.is_ajax() or not request.POST:
        raise Http404

    version_id = request.POST['id']
    document_url_title = request.POST['url_title']
    document = get_object_or_404(Document, url_title=document_url_title)
    check_permissions(document, request.user, [document.edit_permission_name])
    versions = Version.objects.get_for_object(document)

    if not document.can_be_reverted:
        raise SuspiciousOperation('This Document can not be reverted!')

    # find the we want to revert to
    revert_version = None
    for version in versions:
        if version.pk == int(version_id):
            revert_version = version
            break

    if revert_version is None:
        # user supplied version_id that does not exist
        raise SuspiciousOperation('Could not find document')

    revert_version.revision.revert(delete=False)
    fields = revert_version.field_dict
    document_class = ContentType.objects.get_for_id(
        fields.pop('polymorphic_ctype_id')).model_class()

    # Remove all references to parent objects, rename ForeignKeyFields, extract ManyToManyFields.
    new_fields = fields.copy()
    many_to_many_fields = {}
    for key in fields.keys():
        if "_ptr" in key:
            del new_fields[key]
            continue

        try:
            field = getattr(document_class, key).field
        except AttributeError:
            continue

        if isinstance(field, models.ManyToManyField):
            many_to_many_fields[key] = fields[key]
        else:
            new_fields[field.attname] = fields[key]
        del new_fields[key]

    reverted_document = document_class(**new_fields)
    with transaction.atomic(), revisions.create_revision():
        reverted_document.save()
        # Restore ManyToManyFields
        for key in many_to_many_fields.keys():
            getattr(reverted_document, key).clear()
            getattr(reverted_document, key).add(*many_to_many_fields[key])
        revisions.set_user(request.user)
        revisions.set_comment(
            _('reverted to revision \"{revision_comment}\" (at {date})'.format(
                revision_comment=revert_version.revision.comment,
                date=datetime.utcnow().strftime("%Y-%m-%d %H:%M"),
            )))

    return HttpResponse(reverse('versions',
                                args=[reverted_document.url_title]))
示例#11
0
文件: views.py 项目: ziarn/podv2
def folder(request, type, id=""):

    if type not in FOLDER_FILE_TYPE:
        raise SuspiciousOperation('Invalid type')

    if (request.POST.get("action") and request.POST.get("action") == "delete"):
        folder = get_object_or_404(UserFolder, id=request.POST['id'])
        if (folder.name == 'home' or
            (request.user != folder.owner and not request.user.is_superuser)):
            messages.add_message(request, messages.ERROR,
                                 _(u'You cannot delete home folder.'))
            raise PermissionDenied
        else:
            folder.delete()

    page = request.GET.get('page', 1)
    full_path = request.get_full_path().replace("?page=%s" % page, "").replace(
        "&page=%s" % page, "").replace("&infinite=true", "") if page else ""
    form = UserFolderForm()

    user_home_folder = get_object_or_404(UserFolder,
                                         name="home",
                                         owner=request.user)

    folders = get_folders(request, page)
    current_session_folder = get_current_session_folder(request)

    current_folder = get_object_or_404(
        UserFolder, id=id) if id != "" else (current_session_folder)

    request.session['current_session_folder'] = current_folder.name

    if (request.user != current_folder.owner
            and not request.user.groups.filter(name__in=[
                name[0] for name in current_folder.groups.values_list('name')
            ]).exists() and not request.user.is_superuser):
        messages.add_message(request, messages.ERROR,
                             _(u'You cannot see this folder.'))
        raise PermissionDenied

    if (request.POST.get("name") and request.POST.get("name") != ""):
        form, current_folder = edit_folder(request, current_folder)
        folders = get_folders(request, page)

    if request.GET.get('infinite', False):
        return render(request, 'podfile/infinite_folders.html', {
            'list_folder': folders,
            "type": type,
            "full_path": full_path
        })

    list_file = current_folder.customimagemodel_set.all() if (
        type == "image") else current_folder.customfilemodel_set.all()

    return render(
        request, 'podfile/list_folder.html', {
            'list_folder': folders,
            'form': form,
            "current_folder": current_folder,
            "list_file": list_file,
            "type": type,
            "full_path": full_path,
            "user_home_folder": user_home_folder
        })
示例#12
0
def authenticate_app_ssh(public_keys, signatures, timestamp, body):
    """Authenticate request signature

    If the client sends more then 20 key signature pairs, we raise a
    SuspiciousOperation to prevent DOS.

    Look up all of the public keys send with this request in our database.
    Verify the signature send by the client for those public keys we know
    about. Raise PermissionDenied for invalid signatures.

    If we find no public key in our database, we raise a PermissionDenied.

    If we find multiple valid signatures using public keys belonging to
    different applications, we raise PermissionDenied. The different
    applications likely have different permissions and we don't want to guess
    which to enforce.

    Return the app the user authenticated to
    """
    def verify_signature(public_key, signature):
        """Verify a single signature

        Raise PermissionDenied if the signature is invalid

        Return the public key on success
        """
        expected_message = calc_message(timestamp, body)
        if not public_key.load().verify_ssh_sig(data=expected_message.encode(),
                                                msg=Message(
                                                    b64decode(signature))):
            raise PermissionDenied('Invalid signature')

        return public_key

    key_signatures = dict(zip(public_keys.split(','), signatures.split(',')))
    if len(key_signatures) > 20:
        raise SuspiciousOperation('Over 20 signatures in one request')

    verified_keys = {
        verify_signature(public_key, key_signatures[public_key.key_base64])
        for public_key in PublicKey.objects.filter(
            key_base64__in=key_signatures.keys())
    }

    if not verified_keys:
        raise PermissionDenied('No known public key found')

    applications = {key.application for key in verified_keys}
    if len(applications) > 1:
        raise PermissionDenied(
            'Valid signatures for more than one application received: ' +
            ', '.join([str(key) for key in verified_keys]) +
            '. It is unclear which ACLs to enforce, giving up.')

    application = applications.pop()
    if not application:
        # This can never happen as the PublicKey.application is not nullable,
        # this is only a safety net in case this field gets changed.
        raise SuspiciousOperation('We did not end up with an application')

    return application
示例#13
0
def grade_flow_page(pctx, flow_session_id, page_ordinal):
    page_ordinal = int(page_ordinal)

    if pctx.role not in [
            participation_role.instructor,
            participation_role.teaching_assistant]:
        raise PermissionDenied(
                _("must be instructor or TA to view grades"))

    flow_session = get_object_or_404(FlowSession, id=int(flow_session_id))

    if flow_session.course.pk != pctx.course.pk:
        raise SuspiciousOperation(
                _("Flow session not part of specified course"))
    if flow_session.participation is None:
        raise SuspiciousOperation(
                _("Cannot grade anonymous session"))

    fpctx = FlowPageContext(pctx.repo, pctx.course, flow_session.flow_id,
            page_ordinal, participation=flow_session.participation,
            flow_session=flow_session)

    if fpctx.page_desc is None:
        raise http.Http404()

    # {{{ enable flow session zapping

    all_flow_sessions = list(FlowSession.objects
            .filter(
                course=pctx.course,
                flow_id=flow_session.flow_id,
                participation__isnull=False,
                in_progress=flow_session.in_progress)
            .order_by(
                "participation__user__last_name",
                "start_time"))

    next_flow_session_id = None
    prev_flow_session_id = None
    for i, other_flow_session in enumerate(all_flow_sessions):
        if other_flow_session.pk == flow_session.pk:
            if i > 0:
                prev_flow_session_id = all_flow_sessions[i-1].id
            if i + 1 < len(all_flow_sessions):
                next_flow_session_id = all_flow_sessions[i+1].id

    # }}}

    # {{{ reproduce student view

    form = None
    feedback = None
    answer_data = None
    grade_data = None
    most_recent_grade = None

    if fpctx.page.expects_answer():
        if fpctx.prev_answer_visit is not None:
            answer_data = fpctx.prev_answer_visit.answer

            most_recent_grade = fpctx.prev_answer_visit.get_most_recent_grade()
            if most_recent_grade is not None:
                feedback = get_feedback_for_grade(most_recent_grade)
                grade_data = most_recent_grade.grade_data
            else:
                feedback = None
                grade_data = None

        else:
            feedback = None

        from course.page.base import PageBehavior
        page_behavior = PageBehavior(
                show_correctness=True,
                show_answer=False,
                may_change_answer=False)

        form = fpctx.page.make_form(
                fpctx.page_context, fpctx.page_data.data,
                answer_data, page_behavior)

    if form is not None:
        form_html = fpctx.page.form_to_html(
                pctx.request, fpctx.page_context, form, answer_data)
    else:
        form_html = None

    # }}}

    # {{{ grading form

    if (fpctx.page.expects_answer()
            and fpctx.page.is_answer_gradable()
            and fpctx.prev_answer_visit is not None
            and not flow_session.in_progress):
        request = pctx.request
        if pctx.request.method == "POST":
            grading_form = fpctx.page.post_grading_form(
                    fpctx.page_context, fpctx.page_data, grade_data,
                    request.POST, request.FILES)
            if grading_form.is_valid():
                grade_data = fpctx.page.update_grade_data_from_grading_form(
                        fpctx.page_context, fpctx.page_data, grade_data,
                        grading_form, request.FILES)

                feedback = fpctx.page.grade(
                        fpctx.page_context, fpctx.page_data,
                        answer_data, grade_data)

                if feedback is not None:
                    correctness = feedback.correctness
                else:
                    correctness = None

                if feedback is not None:
                    feedback_json, bulk_feedback_json = feedback.as_json()
                else:
                    feedback_json = bulk_feedback_json = None

                most_recent_grade = FlowPageVisitGrade(
                        visit=fpctx.prev_answer_visit,
                        grader=pctx.request.user,
                        graded_at_git_commit_sha=pctx.course_commit_sha,

                        grade_data=grade_data,

                        max_points=fpctx.page.max_points(fpctx.page_data),
                        correctness=correctness,
                        feedback=feedback_json)

                most_recent_grade.save()

                update_bulk_feedback(
                        fpctx.prev_answer_visit.page_data,
                        most_recent_grade,
                        bulk_feedback_json)

                grading_rule = get_session_grading_rule(
                        flow_session, flow_session.participation.role,
                        fpctx.flow_desc, get_now_or_fake_time(request))

                from course.flow import grade_flow_session
                grade_flow_session(fpctx, flow_session, grading_rule)

        else:
            grading_form = fpctx.page.make_grading_form(
                    fpctx.page_context, fpctx.page_data, grade_data)

    else:
        grading_form = None

    if grading_form is not None:
        from crispy_forms.layout import Submit
        grading_form.helper.add_input(
                Submit(
                    "submit", _("Submit"),
                    accesskey="s",
                    css_class="col-lg-offset-2 relate-grading-save-button"))

        grading_form_html = fpctx.page.grading_form_to_html(
                pctx.request, fpctx.page_context, grading_form, grade_data)

    else:
        grading_form_html = None

    # }}}

    # {{{ compute points_awarded

    max_points = None
    points_awarded = None
    if (fpctx.page.expects_answer()
            and fpctx.page.is_answer_gradable()):
        max_points = fpctx.page.max_points(fpctx.page_data)
        if feedback is not None and feedback.correctness is not None:
            points_awarded = max_points * feedback.correctness

    # }}}

    grading_rule = get_session_grading_rule(
            flow_session, flow_session.participation.role,
            fpctx.flow_desc, get_now_or_fake_time(pctx.request))

    if grading_rule.grade_identifier is not None:
        grading_opportunity = get_flow_grading_opportunity(
                pctx.course, flow_session.flow_id, fpctx.flow_desc,
                grading_rule)
    else:
        grading_opportunity = None

    return render_course_page(
            pctx,
            "course/grade-flow-page.html",
            {
                "flow_identifier": fpctx.flow_id,
                "flow_session": flow_session,
                "flow_desc": fpctx.flow_desc,
                "ordinal": fpctx.ordinal,
                "page_data": fpctx.page_data,

                "body": fpctx.page.body(
                    fpctx.page_context, fpctx.page_data.data),
                "form": form,
                "form_html": form_html,
                "feedback": feedback,
                "max_points": max_points,
                "points_awarded": points_awarded,
                "most_recent_grade": most_recent_grade,

                "grading_opportunity": grading_opportunity,

                "prev_flow_session_id": prev_flow_session_id,
                "next_flow_session_id": next_flow_session_id,

                "grading_form": grading_form,
                "grading_form_html": grading_form_html,
            })
示例#14
0
def evaluation_edit(request, evaluation_id):
    evaluation = get_object_or_404(Evaluation, id=evaluation_id)

    # check rights
    if not (evaluation.is_user_editor_or_delegate(request.user)
            and evaluation.state == 'prepared'):
        raise PermissionDenied

    post_operation = request.POST.get('operation') if request.POST else None
    preview = post_operation == 'preview'

    InlineContributionFormset = inlineformset_factory(
        Evaluation,
        Contribution,
        formset=ContributionFormSet,
        form=EditorContributionForm,
        extra=1)
    evaluation_form = EvaluationForm(request.POST or None, instance=evaluation)
    formset = InlineContributionFormset(request.POST or None,
                                        instance=evaluation,
                                        form_kwargs={'evaluation': evaluation})

    forms_are_valid = evaluation_form.is_valid() and formset.is_valid()
    if forms_are_valid and not preview:
        if post_operation not in ('save', 'approve'):
            raise SuspiciousOperation("Invalid POST operation")

        form_has_changed = evaluation_form.has_changed(
        ) or formset.has_changed()

        evaluation_form.save()
        formset.save()

        if post_operation == 'approve':
            evaluation.editor_approve()
            evaluation.save()
            if form_has_changed:
                messages.success(
                    request,
                    _("Successfully updated and approved evaluation."))
            else:
                messages.success(request,
                                 _("Successfully approved evaluation."))
        else:
            messages.success(request, _("Successfully updated evaluation."))

        return redirect('contributor:index')

    preview_html = None
    if preview and forms_are_valid:
        preview_html = render_preview(request, formset, evaluation_form,
                                      evaluation)

    if not forms_are_valid and (evaluation_form.errors or formset.errors):
        if preview:
            messages.error(
                request,
                _("The preview could not be rendered. Please resolve the errors shown below."
                  ))
        else:
            messages.error(
                request,
                _("The form was not saved. Please resolve the errors shown below."
                  ))

    sort_formset(request, formset)
    template_data = dict(form=evaluation_form,
                         formset=formset,
                         evaluation=evaluation,
                         editable=True,
                         preview_html=preview_html)
    return render(request, "contributor_evaluation_form.html", template_data)
示例#15
0
    def process_response(self, request: HttpRequest, response: HttpResponse) -> HttpResponse:
        if getattr(response, "asynchronous", False):
            # This special Tornado "asynchronous" response is
            # discarded after going through this code path as Tornado
            # intends to block, so we stop here to avoid unnecessary work.
            return response

        try:
            request.get_host()
        except DisallowedHost:
            # If we get a DisallowedHost exception trying to access
            # the host, (1) the request is failed anyway and so the
            # below code will do nothing, and (2) the below will
            # trigger a recursive exception, breaking things, so we
            # just return here.
            return response

        if (not request.path.startswith("/static/") and not request.path.startswith("/api/") and
                not request.path.startswith("/json/")):
            subdomain = get_subdomain(request)
            if subdomain != Realm.SUBDOMAIN_FOR_ROOT_DOMAIN:
                try:
                    get_realm(subdomain)
                except Realm.DoesNotExist:
                    return render(request, "zerver/invalid_realm.html", status=404)
        """
        If request.session was modified, or if the configuration is to save the
        session every time, save the changes and set a session cookie or delete
        the session cookie if the session has been emptied.
        """
        try:
            accessed = request.session.accessed
            modified = request.session.modified
            empty = request.session.is_empty()
        except AttributeError:
            pass
        else:
            # First check if we need to delete this cookie.
            # The session should be deleted only if the session is entirely empty
            if settings.SESSION_COOKIE_NAME in request.COOKIES and empty:
                response.delete_cookie(
                    settings.SESSION_COOKIE_NAME,
                    path=settings.SESSION_COOKIE_PATH,
                    domain=settings.SESSION_COOKIE_DOMAIN,
                )
            else:
                if accessed:
                    patch_vary_headers(response, ('Cookie',))
                if (modified or settings.SESSION_SAVE_EVERY_REQUEST) and not empty:
                    if request.session.get_expire_at_browser_close():
                        max_age = None
                        expires = None
                    else:
                        max_age = request.session.get_expiry_age()
                        expires_time = time.time() + max_age
                        expires = http_date(expires_time)
                    # Save the session data and refresh the client cookie.
                    # Skip session save for 500 responses, refs #3881.
                    if response.status_code != 500:
                        try:
                            request.session.save()
                        except UpdateError:
                            raise SuspiciousOperation(
                                "The request's session was deleted before the "
                                "request completed. The user may have logged "
                                "out in a concurrent request, for example."
                            )
                        host = request.get_host().split(':')[0]

                        # The subdomains feature overrides the
                        # SESSION_COOKIE_DOMAIN setting, since the setting
                        # is a fixed value and with subdomains enabled,
                        # the session cookie domain has to vary with the
                        # subdomain.
                        session_cookie_domain = host
                        response.set_cookie(
                            settings.SESSION_COOKIE_NAME,
                            request.session.session_key, max_age=max_age,
                            expires=expires, domain=session_cookie_domain,
                            path=settings.SESSION_COOKIE_PATH,
                            secure=settings.SESSION_COOKIE_SECURE or None,
                            httponly=settings.SESSION_COOKIE_HTTPONLY or None,
                            samesite=settings.SESSION_COOKIE_SAMESITE,
                        )
        return response
def _check_non_existing_trace(name, full_path):
    qs = models.PendingTrace.objects.filter(name=name, full_path=full_path)
    if qs.count() != 0:
        raise SuspiciousOperation("Test with trace already exists")
示例#17
0
    def get_list_queryset(self, queryset):
        lookup_params = dict([
            (smart_str(k)[len(FILTER_PREFIX):], v)
            for k, v in self.admin_view.params.items()
            if smart_str(k).startswith(FILTER_PREFIX) and v != ''
        ])
        for p_key, p_val in iteritems(lookup_params):
            if p_val == "False":
                lookup_params[p_key] = False
        use_distinct = False

        # for clean filters
        self.admin_view.has_query_param = bool(lookup_params)
        self.admin_view.clean_query_url = self.admin_view.get_query_string(
            remove=[
                k for k in self.request.GET.keys()
                if k.startswith(FILTER_PREFIX)
            ])

        # Normalize the types of keys
        if not self.free_query_filter:
            for key, value in lookup_params.items():
                if not self.lookup_allowed(key, value):
                    raise SuspiciousOperation("Filtering by %s not allowed" %
                                              key)

        self.filter_specs = []
        if self.list_filter:
            for list_filter in self.list_filter:
                if callable(list_filter):
                    # This is simply a custom list filter class.
                    spec = list_filter(self.request, lookup_params, self.model,
                                       self)
                else:
                    field_path = None
                    field_parts = []
                    if isinstance(list_filter, (tuple, list)):
                        # This is a custom FieldListFilter class for a given field.
                        field, field_list_filter_class = list_filter
                    else:
                        # This is simply a field name, so use the default
                        # FieldListFilter class that has been registered for
                        # the type of the given field.
                        field, field_list_filter_class = list_filter, filter_manager.create
                    if not isinstance(field, models.Field):
                        field_path = field
                        field_parts = get_fields_from_path(
                            self.model, field_path)
                        field = field_parts[-1]
                    spec = field_list_filter_class(field,
                                                   self.request,
                                                   lookup_params,
                                                   self.model,
                                                   self.admin_view,
                                                   field_path=field_path)

                    if len(field_parts) > 1:
                        # Add related model name to title
                        spec.title = "%s %s" % (field_parts[-2].name,
                                                spec.title)

                    # Check if we need to use distinct()
                    use_distinct = (use_distinct or lookup_needs_distinct(
                        self.opts, field_path))
                if spec and spec.has_output():
                    try:
                        new_qs = spec.do_filte(queryset)
                    except ValidationError as e:
                        new_qs = None
                        self.admin_view.message_user(
                            _("<b>Filtering error:</b> %s") % e.messages[0],
                            'error')
                    if new_qs is not None:
                        queryset = new_qs

                    self.filter_specs.append(spec)

        self.has_filters = bool(self.filter_specs)
        self.admin_view.filter_specs = self.filter_specs
        obj = filter(lambda f: f.is_used, self.filter_specs)
        if six.PY3:
            obj = list(obj)
        self.admin_view.used_filter_num = len(obj)

        try:
            for key, value in lookup_params.items():
                use_distinct = (use_distinct
                                or lookup_needs_distinct(self.opts, key))
        except FieldDoesNotExist as e:
            raise IncorrectLookupParameters(e)

        try:
            # fix a bug by david: In demo, quick filter by IDC Name() cannot be used.
            if isinstance(queryset, models.query.QuerySet) and lookup_params:
                new_lookup_parames = dict()
                for k, v in lookup_params.iteritems():
                    list_v = v.split(',')
                    if len(list_v) > 0:
                        new_lookup_parames.update({k: list_v})
                    else:
                        new_lookup_parames.update({k: v})
                queryset = queryset.filter(**new_lookup_parames)
        except (SuspiciousOperation, ImproperlyConfigured):
            raise
        except Exception as e:
            raise IncorrectLookupParameters(e)
        else:
            if not isinstance(queryset, models.query.QuerySet):
                pass

        query = self.request.GET.get(SEARCH_VAR, '')

        # Apply keyword searches.
        def construct_search(field_name):
            if field_name.startswith('^'):
                return "%s__istartswith" % field_name[1:]
            elif field_name.startswith('='):
                return "%s__iexact" % field_name[1:]
            elif field_name.startswith('@'):
                return "%s__search" % field_name[1:]
            else:
                return "%s__icontains" % field_name

        if self.search_fields and query:
            orm_lookups = [
                construct_search(str(search_field))
                for search_field in self.search_fields
            ]
            for bit in query.split():
                or_queries = [
                    models.Q(**{orm_lookup: bit}) for orm_lookup in orm_lookups
                ]
                queryset = queryset.filter(reduce(operator.or_, or_queries))
            if not use_distinct:
                for search_spec in orm_lookups:
                    if lookup_needs_distinct(self.opts, search_spec):
                        use_distinct = True
                        break
            self.admin_view.search_query = query

        if use_distinct:
            return queryset.distinct()
        else:
            return queryset
示例#18
0
文件: grades.py 项目: gboone/relate
def view_grades_by_opportunity(pctx, opp_id):
    from course.views import get_now_or_fake_time
    now_datetime = get_now_or_fake_time(pctx.request)

    if pctx.role not in [
            participation_role.instructor,
            participation_role.teaching_assistant
    ]:
        raise PermissionDenied(_("must be instructor or TA to view grades"))

    opportunity = get_object_or_404(GradingOpportunity, id=int(opp_id))

    if pctx.course != opportunity.course:
        raise SuspiciousOperation(_("opportunity from wrong course"))

    # {{{ batch sessions form

    batch_session_ops_form = None
    if pctx.role == participation_role.instructor and opportunity.flow_id:
        cursor = connection.cursor()
        cursor.execute(
            "select distinct access_rules_tag from course_flowsession "
            "where course_id = %s and flow_id = %s "
            "order by access_rules_tag", (pctx.course.id, opportunity.flow_id))
        session_rule_tags = [
            mangle_session_access_rule_tag(row[0])
            for row in cursor.fetchall()
        ]

        request = pctx.request
        if request.method == "POST":
            batch_session_ops_form = ModifySessionsForm(
                session_rule_tags, request.POST, request.FILES)
            if "expire" in request.POST:
                op = "expire"
            elif "end" in request.POST:
                op = "end"
            elif "regrade" in request.POST:
                op = "regrade"
            elif "recalculate" in request.POST:
                op = "recalculate"
            else:
                raise SuspiciousOperation(_("invalid operation"))

            if batch_session_ops_form.is_valid():
                rule_tag = batch_session_ops_form.cleaned_data["rule_tag"]
                past_due_only = batch_session_ops_form.cleaned_data[
                    "past_due_only"]

                if rule_tag == RULE_TAG_NONE_STRING:
                    rule_tag = None
                try:
                    if op == "expire":
                        count = expire_in_progress_sessions(
                            pctx.repo,
                            pctx.course,
                            opportunity.flow_id,
                            rule_tag,
                            now_datetime,
                            past_due_only=past_due_only)

                        messages.add_message(
                            pctx.request, messages.SUCCESS,
                            _("%d session(s) expired.") % count)

                    elif op == "end":
                        count = finish_in_progress_sessions(
                            pctx.repo,
                            pctx.course,
                            opportunity.flow_id,
                            rule_tag,
                            now_datetime,
                            past_due_only=past_due_only)

                        messages.add_message(pctx.request, messages.SUCCESS,
                                             _("%d session(s) ended.") % count)

                    elif op == "regrade":
                        count = regrade_ended_sessions(pctx.repo, pctx.course,
                                                       opportunity.flow_id,
                                                       rule_tag)

                        messages.add_message(
                            pctx.request, messages.SUCCESS,
                            _("%d session(s) regraded.") % count)

                    elif op == "recalculate":
                        count = recalculate_ended_sessions(
                            pctx.repo, pctx.course, opportunity.flow_id,
                            rule_tag)

                        messages.add_message(
                            pctx.request, messages.SUCCESS,
                            _("Grade recalculated for %d session(s).") % count)

                    else:
                        raise SuspiciousOperation("invalid operation")
                except Exception as e:
                    messages.add_message(
                        pctx.request, messages.ERROR,
                        string_concat(
                            pgettext_lazy("Starting of Error message",
                                          "Error"),
                            ": %(err_type)s %(err_str)s") % {
                                "err_type": type(e).__name__,
                                "err_str": str(e)
                            })
                    raise

        else:
            batch_session_ops_form = ModifySessionsForm(session_rule_tags)

    # }}}

    # NOTE: It's important that these queries are sorted consistently,
    # also consistently with the code below.

    participations = list(
        Participation.objects.filter(
            course=pctx.course, status=participation_status.active).order_by(
                "id").select_related("user"))

    grade_changes = list(
        GradeChange.objects.filter(opportunity=opportunity).order_by(
            "participation__id",
            "grade_time").select_related("participation").select_related(
                "participation__user").select_related("opportunity"))

    idx = 0

    finished_sessions = 0
    total_sessions = 0

    grade_table = []
    for participation in participations:
        while (idx < len(grade_changes)
               and grade_changes[idx].participation.id < participation.id):
            idx += 1

        my_grade_changes = []
        while (idx < len(grade_changes)
               and grade_changes[idx].participation.pk == participation.pk):
            my_grade_changes.append(grade_changes[idx])
            idx += 1

        state_machine = GradeStateMachine()
        state_machine.consume(my_grade_changes)

        if opportunity.flow_id:
            flow_sessions = (FlowSession.objects.filter(
                participation=participation,
                flow_id=opportunity.flow_id,
            ).order_by("start_time"))

            for fsession in flow_sessions:
                total_sessions += 1
                if not fsession.in_progress:
                    finished_sessions += 1

        else:
            flow_sessions = None

        grade_table.append(
            OpportunityGradeInfo(grade_state_machine=state_machine,
                                 flow_sessions=flow_sessions))

    grade_table = sorted(zip(participations, grade_table),
                         key=lambda (participation, grades):
                         (participation.user.last_name.lower(),
                          participation.user.first_name.lower()))

    return render_course_page(
        pctx, "course/gradebook-by-opp.html", {
            "opportunity": opportunity,
            "participations": participations,
            "grade_state_change_types": grade_state_change_types,
            "grade_table": grade_table,
            "batch_session_ops_form": batch_session_ops_form,
            "total_sessions": total_sessions,
            "finished_sessions": finished_sessions,
        })
 def _normalize_name(self, name):
     try:
         return safe_join(self.location, name).lstrip('/')
     except ValueError:
         raise SuspiciousOperation("Attempted access to '%s' denied." %
                                   name)
示例#20
0
文件: grades.py 项目: gboone/relate
def view_single_grade(pctx, participation_id, opportunity_id):
    now_datetime = get_now_or_fake_time(pctx.request)

    participation = get_object_or_404(Participation, id=int(participation_id))

    if participation.course != pctx.course:
        raise SuspiciousOperation(_("participation does not match course"))

    opportunity = get_object_or_404(GradingOpportunity, id=int(opportunity_id))

    if pctx.role in [
            participation_role.instructor,
            participation_role.teaching_assistant
    ]:
        if not opportunity.shown_in_grade_book:
            messages.add_message(
                pctx.request, messages.INFO,
                _("This grade is not shown in the grade book."))
        if not opportunity.shown_in_student_grade_book:
            messages.add_message(
                pctx.request, messages.INFO,
                _("This grade is not shown in the student grade book."))

    elif pctx.role == participation_role.student:
        if participation != pctx.participation:
            raise PermissionDenied(_("may not view other people's grades"))
        if not (opportunity.shown_in_grade_book
                and opportunity.shown_in_student_grade_book):
            raise PermissionDenied(_("grade has not been released"))
    else:
        raise PermissionDenied()

    # {{{ modify sessions buttons

    if pctx.role in [
            participation_role.instructor,
            participation_role.teaching_assistant
    ]:
        allow_session_actions = True

        request = pctx.request
        if pctx.request.method == "POST":
            action_re = re.compile("^([a-z]+)_([0-9]+)$")
            for key in request.POST.keys():
                action_match = action_re.match(key)
                if action_match:
                    break

            if not action_match:
                raise SuspiciousOperation(_("unknown action"))

            session = FlowSession.objects.get(id=int(action_match.group(2)))
            op = action_match.group(1)

            from course.flow import (regrade_session,
                                     recalculate_session_grade,
                                     expire_flow_session_standalone,
                                     finish_flow_session_standalone)

            try:
                if op == "expire":
                    expire_flow_session_standalone(pctx.repo, pctx.course,
                                                   session, now_datetime)
                    messages.add_message(pctx.request, messages.SUCCESS,
                                         _("Session expired."))

                elif op == "end":
                    finish_flow_session_standalone(pctx.repo,
                                                   pctx.course,
                                                   session,
                                                   now_datetime=now_datetime)
                    messages.add_message(pctx.request, messages.SUCCESS,
                                         _("Session ended."))

                elif op == "regrade":
                    regrade_session(pctx.repo, pctx.course, session)
                    messages.add_message(pctx.request, messages.SUCCESS,
                                         _("Session regraded."))

                elif op == "recalculate":
                    recalculate_session_grade(pctx.repo, pctx.course, session)
                    messages.add_message(pctx.request, messages.SUCCESS,
                                         _("Session grade recalculated."))

                else:
                    raise SuspiciousOperation(_("invalid session operation"))

            except Exception as e:
                messages.add_message(
                    pctx.request, messages.ERROR,
                    string_concat(
                        pgettext_lazy("Starting of Error message", "Error"),
                        ": %(err_type)s %(err_str)s") % {
                            "err_type": type(e).__name__,
                            "err_str": str(e)
                        })
    else:
        allow_session_actions = False

    # }}}

    grade_changes = list(
        GradeChange.objects.filter(
            opportunity=opportunity,
            participation=participation).order_by("grade_time").select_related(
                "participation").select_related("participation__user").
        select_related("creator").select_related("opportunity"))

    state_machine = GradeStateMachine()
    state_machine.consume(grade_changes, set_is_superseded=True)

    if opportunity.flow_id:
        flow_sessions = list(
            FlowSession.objects.filter(
                participation=participation,
                flow_id=opportunity.flow_id,
            ).order_by("start_time"))

        from collections import namedtuple
        SessionProperties = namedtuple(  # noqa
            "SessionProperties", ["due", "grade_description"])

        from course.utils import get_session_grading_rule
        from course.content import get_flow_desc

        try:
            flow_desc = get_flow_desc(pctx.repo, pctx.course,
                                      opportunity.flow_id,
                                      pctx.course_commit_sha)
        except ObjectDoesNotExist:
            flow_sessions_and_session_properties = None
        else:
            flow_sessions_and_session_properties = []
            for session in flow_sessions:
                grading_rule = get_session_grading_rule(
                    session, pctx.role, flow_desc, now_datetime)

                session_properties = SessionProperties(
                    due=grading_rule.due,
                    grade_description=grading_rule.description)
                flow_sessions_and_session_properties.append(
                    (session, session_properties))

    else:
        flow_sessions_and_session_properties = None

    avg_grade_percentage, avg_grade_population = average_grade(opportunity)

    return render_course_page(
        pctx, "course/gradebook-single.html", {
            "opportunity":
            opportunity,
            "avg_grade_percentage":
            avg_grade_percentage,
            "avg_grade_population":
            avg_grade_population,
            "grade_participation":
            participation,
            "grade_state_change_types":
            grade_state_change_types,
            "grade_changes":
            grade_changes,
            "state_machine":
            state_machine,
            "flow_sessions_and_session_properties":
            flow_sessions_and_session_properties,
            "allow_session_actions":
            allow_session_actions,
            "show_privileged_info":
            pctx.role in [
                participation_role.instructor,
                participation_role.teaching_assistant
            ],
        })
示例#21
0
def reset_password(request, field="email"):
    if not settings.RELATE_REGISTRATION_ENABLED:
        raise SuspiciousOperation(
                _("self-registration is not enabled"))

    # return form class by string of class name
    ResetPasswordForm = globals()["ResetPasswordFormBy" + field.title()]
    if request.method == 'POST':
        form = ResetPasswordForm(request.POST)
        if form.is_valid():
            if field == "instid":
                inst_id = form.cleaned_data["instid"]
                try:
                    user = get_user_model().objects.get(
                            institutional_id__iexact=inst_id)
                except ObjectDoesNotExist:
                    user = None

            if field == "email":
                email = form.cleaned_data["email"]
                try:
                    user = get_user_model().objects.get(email__iexact=email)
                except ObjectDoesNotExist:
                    user = None

            if user is None:
                FIELD_DICT = {
                        "email": _("email address"),
                        "instid": _("institutional ID")
                        }
                messages.add_message(request, messages.ERROR,
                        _("That %(field)s doesn't have an "
                            "associated user account. Are you "
                            "sure you've registered?")
                        % {"field": FIELD_DICT[field]})
            else:
                if not user.email:
                    # happens when a user have an inst_id but have no email.
                    messages.add_message(request, messages.ERROR,
                            _("The account with that institution ID "
                                "doesn't have an associated email."))
                else:
                    email = user.email
                    user.sign_in_key = make_sign_in_key(user)
                    user.save()

                    from django.template.loader import render_to_string
                    message = render_to_string("course/sign-in-email.txt", {
                        "user": user,
                        "sign_in_uri": request.build_absolute_uri(
                            reverse(
                                "relate-reset_password_stage2",
                                args=(user.id, user.sign_in_key,))),
                        "home_uri": request.build_absolute_uri(
                            reverse("relate-home"))
                        })
                    from django.core.mail import send_mail
                    send_mail(
                            string_concat("[", _("RELATE"), "] ",
                                         _("Password reset")),
                            message,
                            settings.ROBOT_EMAIL_FROM,
                            recipient_list=[email])

                    if field == "instid":
                        messages.add_message(request, messages.INFO,
                            _("The email address associated with that "
                                "account is %s.")
                            % masked_email(email))

                    messages.add_message(request, messages.INFO,
                            _("Email sent. Please check your email and "
                            "click the link."))

                    return redirect("relate-home")
    else:
        form = ResetPasswordForm()

    return render(request, "reset-passwd-form.html", {
        "field": field,
        "form_description":
            _("Password reset on %(site_name)s")
            % {"site_name": _("RELATE")},
        "form": form
        })
示例#22
0
    def get_list_queryset(self, queryset):
        lookup_params = dict([(smart_str(k)[len(FILTER_PREFIX):], v) for k, v in self.admin_view.params.items() if smart_str(k).startswith(FILTER_PREFIX) and v != ''])
        for p_key, p_val in lookup_params.iteritems():
            if p_val == "False":
                lookup_params[p_key] = False
        use_distinct = False
        
        if not hasattr(self.admin_view,'quickfilter'):
            self.admin_view.quickfilter = {}
 
        # for clean filters
        self.admin_view.quickfilter['has_query_param'] = bool(lookup_params)
        self.admin_view.quickfilter['clean_query_url'] = self.admin_view.get_query_string(remove=[k for k in self.request.GET.keys() if k.startswith(FILTER_PREFIX)])
 
        # Normalize the types of keys
        if not self.free_query_filter:
            for key, value in lookup_params.items():
                if not self.lookup_allowed(key, value):
                    raise SuspiciousOperation("Filtering by %s not allowed" % key)
 
        self.filter_specs = []
        if self.list_quick_filter:
            for list_quick_filter in self.list_quick_filter:
                field_path = None
                field_order_by = None
                field_limit = None
                field_parts = []
                sort_key = None 
                cache_config = None
                
                if type(list_quick_filter)==dict and 'field' in list_quick_filter:
                    field = list_quick_filter['field']
                    if 'order_by' in list_quick_filter:
                        field_order_by = list_quick_filter['order_by']
                    if 'limit' in list_quick_filter:
                        field_limit = list_quick_filter['limit']
                    if 'sort' in list_quick_filter and callable(list_quick_filter['sort']):
                        sort_key = list_quick_filter['sort']
                    if 'cache' in list_quick_filter and type(list_quick_filter)==dict:
                        cache_config = list_quick_filter['cache']
                        
                else:        
                    field = list_quick_filter # This plugin only uses MultiselectFieldListFilter
                
                if not isinstance(field, models.Field):
                    field_path = field
                    field_parts = get_fields_from_path(self.model, field_path)
                    field = field_parts[-1]
                spec = QuickFilterMultiSelectFieldListFilter(field, self.request, lookup_params,self.model, self.admin_view, field_path=field_path,field_order_by=field_order_by,field_limit=field_limit,sort_key=sort_key,cache_config=cache_config)
                 
                if len(field_parts)>1:
                    spec.title = "%s %s"%(field_parts[-2].name,spec.title) 
                 
                # Check if we need to use distinct()
                use_distinct = True#(use_distinct orlookup_needs_distinct(self.opts, field_path))
                if spec and spec.has_output():
                    try:
                        new_qs = spec.do_filte(queryset)
                    except ValidationError, e:
                        new_qs = None
                        self.admin_view.message_user(u"<b>过滤器错误:</b> %s" % e.messages[0], 'error')
                    if new_qs is not None:
                        queryset = new_qs
 
                    self.filter_specs.append(spec)
示例#23
0
def grade_flow_page(pctx, flow_session_id, page_ordinal):
    # type: (CoursePageContext, int, int) -> http.HttpResponse
    now_datetime = get_now_or_fake_time(pctx.request)

    page_ordinal = int(page_ordinal)

    viewing_prev_grade = False
    prev_grade_id = pctx.request.GET.get("grade_id")
    if prev_grade_id is not None:
        try:
            prev_grade_id = int(prev_grade_id)
            viewing_prev_grade = True
        except ValueError:
            raise SuspiciousOperation("non-integer passed for 'grade_id'")

    if not pctx.has_permission(pperm.view_gradebook):
        raise PermissionDenied(_("may not view grade book"))

    flow_session = get_object_or_404(FlowSession, id=int(flow_session_id))

    if flow_session.course.pk != pctx.course.pk:
        raise SuspiciousOperation(
            _("Flow session not part of specified course"))
    if flow_session.participation is None:
        raise SuspiciousOperation(_("Cannot grade anonymous session"))

    from course.flow import adjust_flow_session_page_data
    adjust_flow_session_page_data(pctx.repo,
                                  flow_session,
                                  pctx.course.identifier,
                                  respect_preview=False)

    fpctx = FlowPageContext(pctx.repo,
                            pctx.course,
                            flow_session.flow_id,
                            page_ordinal,
                            participation=flow_session.participation,
                            flow_session=flow_session,
                            request=pctx.request)

    if fpctx.page_desc is None:
        raise http.Http404()

    assert fpctx.page is not None
    assert fpctx.page_context is not None

    # {{{ enable flow session zapping

    all_flow_sessions = list(
        FlowSession.objects.filter(course=pctx.course,
                                   flow_id=flow_session.flow_id,
                                   participation__isnull=False,
                                   in_progress=flow_session.in_progress).
        order_by(
            # Datatables will default to sorting the user list
            # by the first column, which happens to be the username.
            # Match that sorting.
            "participation__user__username",
            "start_time"))

    next_flow_session_id = None
    prev_flow_session_id = None
    for i, other_flow_session in enumerate(all_flow_sessions):
        if other_flow_session.pk == flow_session.pk:
            if i > 0:
                prev_flow_session_id = all_flow_sessions[i - 1].id
            if i + 1 < len(all_flow_sessions):
                next_flow_session_id = all_flow_sessions[i + 1].id

    # }}}

    prev_grades = get_prev_visit_grades(flow_session_id, page_ordinal)

    # {{{ reproduce student view

    form = None
    feedback = None
    answer_data = None
    grade_data = None
    shown_grade = None

    if fpctx.page.expects_answer():
        if fpctx.prev_answer_visit is not None and prev_grade_id is None:
            answer_data = fpctx.prev_answer_visit.answer

            shown_grade = fpctx.prev_answer_visit.get_most_recent_grade()
            if shown_grade is not None:
                feedback = get_feedback_for_grade(shown_grade)
                grade_data = shown_grade.grade_data
            else:
                feedback = None
                grade_data = None

            if shown_grade is not None:
                prev_grade_id = shown_grade.id

        elif prev_grade_id is not None:
            try:
                shown_grade = prev_grades.filter(id=prev_grade_id).get()
            except ObjectDoesNotExist:
                raise http.Http404()

            feedback = get_feedback_for_grade(shown_grade)
            grade_data = shown_grade.grade_data
            answer_data = shown_grade.visit.answer

        else:
            feedback = None

        from course.page.base import PageBehavior
        page_behavior = PageBehavior(show_correctness=True,
                                     show_answer=False,
                                     may_change_answer=False)

        try:
            form = fpctx.page.make_form(fpctx.page_context,
                                        fpctx.page_data.data, answer_data,
                                        page_behavior)
        except InvalidPageData as e:
            messages.add_message(
                pctx.request, messages.ERROR,
                _("The page data stored in the database was found "
                  "to be invalid for the page as given in the "
                  "course content. Likely the course content was "
                  "changed in an incompatible way (say, by adding "
                  "an option to a choice question) without changing "
                  "the question ID. The precise error encountered "
                  "was the following: ") + str(e))

            return render_course_page(pctx, "course/course-base.html", {})

    if form is not None:
        form_html = fpctx.page.form_to_html(pctx.request, fpctx.page_context,
                                            form, answer_data)
    else:
        form_html = None

    # }}}

    # {{{ grading form

    if (fpctx.page.expects_answer() and fpctx.page.is_answer_gradable()
            and fpctx.prev_answer_visit is not None
            and not flow_session.in_progress and not viewing_prev_grade):
        request = pctx.request
        if pctx.request.method == "POST":
            if not pctx.has_permission(pperm.assign_grade):
                raise PermissionDenied(_("may not assign grades"))

            grading_form = fpctx.page.post_grading_form(
                fpctx.page_context, fpctx.page_data, grade_data, request.POST,
                request.FILES)
            if grading_form.is_valid():
                grade_data = fpctx.page.update_grade_data_from_grading_form_v2(
                    request, fpctx.page_context, fpctx.page_data, grade_data,
                    grading_form, request.FILES)

                with translation.override(settings.RELATE_ADMIN_EMAIL_LOCALE):
                    feedback = fpctx.page.grade(fpctx.page_context,
                                                fpctx.page_data, answer_data,
                                                grade_data)

                if feedback is not None:
                    correctness = feedback.correctness
                else:
                    correctness = None

                feedback_json = None  # type: Optional[Dict[Text, Any]]
                bulk_feedback_json = None  # type: Optional[Dict[Text, Any]]

                if feedback is not None:
                    feedback_json, bulk_feedback_json = feedback.as_json()
                else:
                    feedback_json = bulk_feedback_json = None

                most_recent_grade = FlowPageVisitGrade(
                    visit=fpctx.prev_answer_visit,
                    grader=pctx.request.user,
                    graded_at_git_commit_sha=pctx.course_commit_sha,
                    grade_data=grade_data,
                    max_points=fpctx.page.max_points(fpctx.page_data),
                    correctness=correctness,
                    feedback=feedback_json)

                prev_grade_id = _save_grade(fpctx, flow_session,
                                            most_recent_grade,
                                            bulk_feedback_json, now_datetime)
        else:
            grading_form = fpctx.page.make_grading_form(
                fpctx.page_context, fpctx.page_data, grade_data)

    else:
        grading_form = None

    if grading_form is not None:
        from crispy_forms.layout import Submit
        grading_form.helper.form_class += " relate-grading-form"
        grading_form.helper.add_input(
            Submit("submit",
                   _("Submit"),
                   accesskey="s",
                   css_class="relate-grading-save-button"))

        grading_form_html = fpctx.page.grading_form_to_html(
            pctx.request, fpctx.page_context, grading_form, grade_data)

    else:
        grading_form_html = None

    # }}}

    # {{{ compute points_awarded

    max_points = None
    points_awarded = None
    if (fpctx.page.expects_answer() and fpctx.page.is_answer_gradable()):
        max_points = fpctx.page.max_points(fpctx.page_data)
        if feedback is not None and feedback.correctness is not None:
            points_awarded = max_points * feedback.correctness

    # }}}

    grading_rule = get_session_grading_rule(flow_session, fpctx.flow_desc,
                                            get_now_or_fake_time(pctx.request))

    if grading_rule.grade_identifier is not None:
        grading_opportunity = get_flow_grading_opportunity(
            pctx.course, flow_session.flow_id, fpctx.flow_desc,
            grading_rule.grade_identifier, grading_rule.
            grade_aggregation_strategy)  # type: Optional[GradingOpportunity]
    else:
        grading_opportunity = None

    return render_course_page(
        pctx,
        "course/grade-flow-page.html",
        {
            "flow_identifier":
            fpctx.flow_id,
            "flow_session":
            flow_session,
            "flow_desc":
            fpctx.flow_desc,
            "ordinal":
            fpctx.ordinal,
            "page_data":
            fpctx.page_data,
            "body":
            fpctx.page.body(fpctx.page_context, fpctx.page_data.data),
            "form":
            form,
            "form_html":
            form_html,
            "feedback":
            feedback,
            "max_points":
            max_points,
            "points_awarded":
            points_awarded,
            "shown_grade":
            shown_grade,
            "prev_grade_id":
            prev_grade_id,
            "grading_opportunity":
            grading_opportunity,
            "prev_flow_session_id":
            prev_flow_session_id,
            "next_flow_session_id":
            next_flow_session_id,
            "grading_form":
            grading_form,
            "grading_form_html":
            grading_form_html,
            "correct_answer":
            fpctx.page.correct_answer(fpctx.page_context, fpctx.page_data.data,
                                      answer_data, grade_data),

            # Wrappers used by JavaScript template (tmpl) so as not to
            # conflict with Django template's tag wrapper
            "JQ_OPEN":
            '{%',
            'JQ_CLOSE':
            '%}',
        })
示例#24
0
    def get_list_queryset(self, queryset):
        lookup_params = dict([
            (smart_str(k)[len(FILTER_PREFIX):], v)
            for k, v in self.admin_view.params.items()
            if smart_str(k).startswith(FILTER_PREFIX) and v != ''
        ])
        for p_key, p_val in lookup_params.iteritems():
            if p_val == "False":
                lookup_params[p_key] = False
        use_distinct = False

        # for clean filters
        self.admin_view.has_query_param = bool(lookup_params)
        self.admin_view.clean_query_url = self.admin_view.get_query_string(
            remove=[
                k for k in self.request.GET.keys()
                if k.startswith(FILTER_PREFIX)
            ])

        # Normalize the types of keys
        if not self.free_query_filter:
            for key, value in lookup_params.items():
                if not self.lookup_allowed(key, value):
                    raise SuspiciousOperation("Filtering by %s not allowed" %
                                              key)

        self.filter_specs = []
        if self.list_filter:
            for list_filter in self.list_filter:
                if callable(list_filter):
                    # This is simply a custom list filter class.
                    spec = list_filter(self.request, lookup_params, self.model,
                                       self)
                else:
                    field_path = None
                    field_parts = []
                    if isinstance(list_filter, (tuple, list)):
                        # This is a custom FieldListFilter class for a given field.
                        field, field_list_filter_class = list_filter
                    else:
                        # This is simply a field name, so use the default
                        # FieldListFilter class that has been registered for
                        # the type of the given field.
                        field, field_list_filter_class = list_filter, filter_manager.create
                    if not isinstance(field, models.Field):
                        field_path = field
                        field_parts = get_fields_from_path(
                            self.model, field_path)
                        field = field_parts[-1]
                    spec = field_list_filter_class(field,
                                                   self.request,
                                                   lookup_params,
                                                   self.model,
                                                   self.admin_view,
                                                   field_path=field_path)

                    if len(field_parts) > 1:
                        # Add related model name to title
                        spec.title = "%s %s" % (field_parts[-2].name,
                                                spec.title)

                    # Check if we need to use distinct()
                    use_distinct = (use_distinct or lookup_needs_distinct(
                        self.opts, field_path))
                if spec and spec.has_output():
                    try:
                        new_qs = spec.do_filte(queryset)
                    except ValidationError, e:
                        new_qs = None
                        self.admin_view.message_user(
                            _("<b>Filtering error:</b> %s") % e.messages[0],
                            'error')
                    if new_qs is not None:
                        queryset = new_qs

                    self.filter_specs.append(spec)
示例#25
0
def join_team(request):

    #Option 1: Join an existing team
    #Option 2 : Register as an individual

    if request.method != "POST":
        raise SuspiciousOperation(
            "Illegal request; This event is reported and you will be blocked from any further access to this website"
        )

    code = request.POST.get('team', None)
    event = request.POST.get('event', None)
    email = request.POST.get('email', None)
    course = request.POST.get('course', None)
    contact = request.POST.get('contact', None)
    college = request.POST.get('college', None)
    year = request.POST.get('year', None)

    required = {
        'email': email,
        'course': course,
        'college': college,
        'year': year,
        'contact': contact
    }
    for key in required:
        if not required[key]:

            data = {'status': '%s Field is required' % key}
            return JsonResponse(data)

    user = User.objects.get(username=request.user)
    name = user.get_full_name()
    print(code, event, email, course, contact, college, year, name)

    ##***************************************Individual Registeration*****************************************************##

    if not code:
        #This means user wants to register for solo participation
        event_obj = Event.objects.get(
            name=event)  # store event object in event variable
        #Test if user is already registered for this event
        has_registered = Participant.objects.filter(
            event_name=event_obj).filter(student_name=name).exists()
        if not has_registered:
            p_obj = Participant(event_name=event_obj,
                                student_name=name,
                                college=college,
                                year=year,
                                contact_number=contact,
                                email_id=email,
                                course=course)
            p_obj.save()
            print "Added"
            #Now fetch computer generated ID for this record
            q_obj = Participant.objects.filter(email_id=email).filter(
                event_name=event_obj).filter(student_name=name)
            ID = q_obj[0].event_ref  # fetch ID
            # And send it to participant's email ID
            status = send_confirmation_mail(email, event_obj.name, ID,
                                            name)  # General email format
            if status:
                #if status is true mail has been sent
                data = {
                    'status':
                    "Your registeration is confirmed.Please check your email inbox"
                }
                print "added and mail sent"
                return JsonResponse(data)

        else:
            data = {'status': "You have already registered for this event"}
            return JsonResponse(data)

##***************************************Registeration using Team Code**************************************************************##

    if code:
        # first of all test whether the team exist or not
        does_exist = Team.objects.filter(
            team_pass=code).exists()  # returns true if team code exists
        event_obj = Event.objects.get(
            name=event)  # store event object in event variable

        status = 0  #default value
        success = False  #default value

        if does_exist:
            try:
                team_obj = Team.objects.get(team_pass=code)
            except:
                data = {'status': 'We are Sorry this is not allowed :/.'}
                return JsonResponse(data)

            success = registerParticipant(name, college, year, course, contact,
                                          email, event_obj, team_obj)
            #print(success)

            if success:
                q_obj = Participant.objects.filter(email_id=email).filter(
                    event_name=event_obj).filter(student_name=name)
                ID = q_obj[0].event_ref  # fetch ID
                #print(q_obj)
                status = send_confirmation_mail(email, event_obj.name, ID,
                                                name)
                print "added and mail sent"

##*************************************Confirmation Logic(Team Registeration)*******************************************##

        if success and status:
            status = "Registeration Confirmed. Please check your email"
            print "mail sent"
        if success and not status:
            status = "Registeration Confirmed but we were unable to send you confirmation email"
        if not success:
            status = "You have already registered for this event.See you soon."
        if not does_exist:
            status = "Invalid Team Code"

        data = {'status': status}

        return JsonResponse(data)
示例#26
0
    def create_city(self, geoname_id, lang):

        web_service_url = self.geonames_url + 'getJSON'
        values = {
            'geonameId': geoname_id,
            'username': self.geonames_username,
            'style': 'FULL'
        }

        data = urlencode(values)
        data = data.encode('ascii')

        r = urlopen(web_service_url, data)
        data = json.loads(r.read().decode(r.info().get_param('charset')
                                          or 'utf-8'))

        if data.get('status', False):
            raise Exception(data.get('status').get('message'))

        if data.get('fcode') not in self.geonames_allowed_city_types:
            raise SuspiciousOperation(
                _("The geonames feature code is not supported"))

        try:
            country = Country.objects.get(
                geoname_id=int_arg(data.get('countryId')))
        except Error:
            raise SuspiciousOperation(
                _("The country of this city is not referenced"))

        lat = float(data.get('lat'))
        long = float(data.get('lng'))
        population = int_arg(data.get('population'))

        try:
            city, value = City.objects.get_or_create(
                geoname_id=int_arg(geoname_id),
                country_id=country.id,
                defaults={
                    'name': data['name'],
                    'latitude': lat,
                    'longitude': long,
                    'population': population,
                    'feature_code': data['fcode']
                })
        except Error:
            raise Exception(_("Unable to create the city"))

        if value and data.get('alternateNames'):

            for city_alt_name in data.get('alternateNames'):

                if city_alt_name.get('lang') not in TRANSLATION_LANGUAGES:
                    continue

                is_preferred = city_alt_name.get('isPreferredName',
                                                 False) is 'true'
                is_short = city_alt_name.get('isShortName', False) is 'true'

                try:
                    alt_name = AlternateName.objects.create(
                        language=city_alt_name['lang'],
                        alternate_name=city_alt_name.get('name'),
                        is_preferred_name=is_preferred,
                        is_short_name=is_short)

                    city.alt_names.add(alt_name)

                except Error:
                    continue

        city = City.objects.get(id=city.id)
        alt_names = []
        preferred = []
        short = []
        for name in city.alt_names.filter(language=lang):
            if name.is_preferred_name:
                preferred.append(name.alternate_name)
            if name.is_short_name:
                short.append(name.alternate_name)
            else:
                alt_names.append(name.alternate_name)

        result = {
            'cit_id': city.id,
            'geoname_id': city.geoname_id,
            'name': city.name,
            'lat': float(city.latitude),
            'long': float(city.longitude),
            'alt_name': ','.join(alt_names),
            'cou_id': city.country_id,
            'preferred_name': ', '.join(preferred),
            'short_name': ', '.join(short)
        }

        return result
示例#27
0
 def save(self, *args, **kwargs):
     if self._state.adding:
         if self.company.routes.filter(station=self.station):
             raise SuspiciousOperation("Already exists")
     super().save(*args, **kwargs)
示例#28
0
def get_import_file_content_or_raise(user_id, import_type):
    filename = generate_import_filename(user_id, import_type)
    if not os.path.isfile(filename):
        raise SuspiciousOperation("No test run performed previously.")
    with open(filename, "rb") as file:
        return file.read()
示例#29
0
def update_from_dnb(model_admin, request, object_id):
    """
    Tool to let admin users update company with a valid `duns_number`
    by pulling fresh data from D&B.

    The company record will be versioned after the update from
    D&B is applied.

    The `pending_dnb_investigation` field will
    be set to False.
    """
    if not model_admin.has_change_permission(request):
        raise PermissionDenied()

    dh_company = model_admin.get_object(request, object_id)

    company_change_page = reverse(
        admin_urlname(model_admin.model._meta, 'change'),
        kwargs={'object_id': dh_company.pk},
    )

    if dh_company is None or dh_company.duns_number is None:
        raise SuspiciousOperation()

    try:
        dnb_company = get_company(dh_company.duns_number)

    except (
            DNBServiceError,
            DNBServiceConnectionError,
            DNBServiceTimeoutError,
            DNBServiceInvalidResponse,
    ):
        message = 'Something went wrong in an upstream service.'
        raise AdminException(message, company_change_page)

    except DNBServiceInvalidRequest:
        message = 'No matching company found in D&B database.'
        raise AdminException(message, company_change_page)

    if request.method == 'GET':
        return TemplateResponse(
            request,
            'admin/company/company/update-from-dnb.html',
            {
                **model_admin.admin_site.each_context(request),
                'media':
                model_admin.media,
                'opts':
                model_admin.model._meta,
                'object':
                dh_company,
                'title':
                gettext_lazy('Confirm update from D&B'),
                'diff':
                _format_company_diff(dh_company, dnb_company),
            },
        )

    try:
        update_company_from_dnb(dh_company, dnb_company, request.user)
        return HttpResponseRedirect(company_change_page)
    except serializers.ValidationError:
        message = 'Data from D&B did not pass the Data Hub validation checks.'
        raise AdminException(message, company_change_page)
示例#30
0
def confirmation(request, category):

  assertValidTime()
  context = initialize_context(request)
  if request.method != 'POST':
    context['message'] = 'Invalid http method for the resource'
    return render(request, 'http/405.html', context ,status = 405)
  user = requireValidUser(request)
  assertNotVoted(user, category)

  # legitimacy checks
  checkBatch(user.batch)
  if not checkCategory(category):
    context['message'] = "The page you are trying to access does not exist"
    return render(request, 'http/404.html', context, status = 404)

  if not canVoteCategory(user, category):
    raise PermissionDenied("You are not permitted to vote for this category")

  # post data checks
  email = request.POST.get('vote', None)
  if not email:
    raise SuspiciousOperation('The request was cancelled')

  candidate = UserProfile.findByEmail(email)

  if not candidate:
    raise SuspiciousOperation('The request was cancelled')

  # Prevent cross category request forgery
  # TODO: remove hardcode
  batch = [category[:-2]]
  if category[:-2] == "MT2020":
    batch = ['MT2020', 'DT2020', 'MS2020', 'PH2020']

  if candidate.batch not in batch:
    raise SuspiciousOperation('The request was cancelled due to attempt at request forgery')

  # if not after confirmation
  if not request.POST.get('confirm', False):
    context = {}
    context['candidate'] = candidate
    context['category'] = category
    context['user'] = {
      'name': " ".join(user.username.split(" ")[1:]),
      'rollno': user.username.split(" ")[0],
      'batch_programme': user.batch_programme,
      'batch_year': user.batch_year,
      'is_authenticated': True,
      'role': user.role,
    }
    return render(request, 'main/confirm.html', context)

  else:
    # create and save the vote
    voteHash = hashlib.sha256((user.username + candidate.username + user.salt).encode()).hexdigest()
    vote = Vote.objects.create(candidate = candidate, voter = user, category = category, voteHash = voteHash)
    # increment candidate's vote_count, easier for dashboard
    vote.save()

    # return redirect(reverse('vote', kwargs={'m': "done"}))
    return redirect('/vote/?m=done')