def create_course(request):
""" Add a course to the calendar belonging to the school
in which the current user is enrolled in"""
# Like before, get the request's context.
context = RequestContext(request)
course_added = False
user = request.user
profile = get_profile(user)
if 'Instructor' in profile[1]:
school = UserProfile.objects.get(user=user).school
if not school:
return render_permission_denied(
context, 'create courses. Enrol in a school first.')
else:
#return HttpResponse("You don't have permission to create courses!")
return render_permission_denied(context, 'create courses')
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'POST':
# Attempt to grab information from the raw form information.
course_form = CourseForm(data=request.POST)
if course_form.is_valid():
# Save the event's form data to the database.
course = course_form.save(commit=False)
course.school = school
course.creator = user
# Add the personal calendar for the user
calendar = Calendar(name=course.code + " Calendar")
calendar.save()
course.cal = calendar
course.save()
course_added = True
# Invalid form or forms - mistakes or something else?
# Print problems to the terminal.
# They'll also be shown to the user.
else:
print course_form.errors
# Not a HTTP POST, so we render our form using the EventForm.
# These forms will be blank, ready for user input.
else:
course_form = CourseForm()
# Render the template depending on the context.
return render_to_response(
'school/create_course.html', {
'course_form': course_form,
'user': user,
'course_added': course_added,
'school': school
}, context)
def add_student_admin(request, course_id):
""" Add a student admin to the course belonging to the school
in which the instructor is enrolled in"""
# Get the request's context.
context = RequestContext(request)
student_admin_added = False
user = request.user
profile = get_profile(user)
#If has abillity to create a course then they are an instructor
if 'Instructor' in profile[1]:
school = profile[0].school
if not school:
return render_permission_denied(
context, 'add admin. Enrol in a school first.')
else:
#return HttpResponse("You don't have permission to add a student admin!")
return render_permission_denied(context, 'add student admin')
course = Course.objects.filter(id=int(course_id))[:1]
if (course):
course = course[0]
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'POST' and course:
# Attempt to grab information from the raw form information.
student_admin_form = StudentAdminForm(course, data=request.POST)
if student_admin_form.is_valid():
# Save the event's form data to the database.
student_admin = student_admin_form.cleaned_data
course.student_admins = student_admin['student_admins']
student_admin_added = True
#course_admins_added.send(sender=None, owner_type='course', owner_id=course_id,
# students=course.student_admins, user=None)
# Invalid form or forms - mistakes
# Print problems to the terminal.
else:
print student_admin_form.errors
# Not a HTTP POST, so we render our form using the EventForm.
# These forms will be blank, ready for user input.
else:
student_admin_form = StudentAdminForm(course)
# Render the template depending on the context.
return render_to_response(
'school/add_student_admin.html', {
'student_admin_form': student_admin_form,
'user': user,
'student_admin_added': student_admin_added,
'school': school
}, context)
def view_event(request, owner_type, owner_id, event_id):
"""Return the event with event_id if the current user has permission to
view the calendar to which the event belongs"""
# Like before, get the request's context.
context = RequestContext(request)
user = request.user
edit_priv = False
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'GET':
verified_obj = verified_calendar(context, owner_type, owner_id, user)
if not isinstance(verified_obj, HttpResponse):
calendar, edit_priv = verified_obj
else:
return verified_obj
event = Event.objects.get(id=int(event_id))
#If the event mentioned doesn't belong to the calendar
if not (event.cal.id == calendar.id):
return render_permission_denied(context, 'view this event')
else:
return render_to_response(reverse('index'), {}, context)
# Render the template depending on the context.
return render_to_response('scheduler/view_event.html', {
'event': event,
'edit_priv': edit_priv,
'owner_type': owner_type
}, context)
def view_school(request, school_id):
"""Return all the courses owned by school_id and the school object.
Also return if the current user is eligible to be enroled in to school
with school_id, the current school the user is enrolled"""
# Like before, obtain the context for the user's request.
context = RequestContext(request)
user = request.user
eligible = False
enrolled = False
school = SchoolProfile.objects.filter(id=int(school_id))[:1]
if (school):
school = school[0]
courses = school.course_set.all()
user_school = UserProfile.objects.get(user=user).school
eligible = school.validate_user_email(user.email)
if (user_school):
enrolled = school.id == user_school.id
if request.method == 'POST':
#If the user wants to post, then he/she must have clicked enrol
# button in the school
if (eligible):
profile = UserProfile.objects.get(user=user)
profile.school = school
profile.save()
enrolled = True
else:
return render_permission_denied(context,
'enrol in this school')
return render_to_response(
'school/school_view.html', {
'school': school,
'courses': courses,
'enrolled': enrolled,
'eligible': eligible,
'current_school': user_school
}, context)
else:
# TODO: this is not a permission denied! This is a not found!!!!!!
return render_permission_denied(context, 'view non existing school')
def verified_calendar(context, owner_type, owner_id, user):
"""Return a calendar owned by owner_id only if the current user has
permission to view the calendar
If the owner_type is a school or a course, ensure that the user is
enrolled"""
if (owner_type == 'user'):
if (user.id == int(owner_id)):
calendar = UserProfile.objects.get(user=user).cal
edit_priv = True
else:
#return HttpResponse('Sorry, this is not your own profile!')
return render_permission_denied(context,
'access this user\'s calendar')
elif (owner_type == 'school'):
profile = UserProfile.objects.get(user=user)
if (profile.school.id == int(owner_id)):
calendar = profile.school.cal
edit_priv = profile.school.admin.id == user.id
else:
#return HttpResponse('Sorry, this is not your school!')
return render_permission_denied(context,
'access this school\'s calendar')
elif (owner_type == 'course'):
profile = UserProfile.objects.get(user=user)
course = profile.courses.filter(id=int(owner_id))[:1]
# If the user is enrolled in a course and the school
if course and course[0].school.id == profile.school.id:
calendar = course[0].cal
#If student
if (Student.objects.filter(user=user)):
edit_priv = False
if (course[0].student_admins.filter(id=int(profile.id))):
edit_priv = True
else:
course = Course.objects.filter(id=int(owner_id))[:1]
#If teacher
if course and course[0].creator.id == profile.user.id:
edit_priv = True
calendar = course[0].cal
else:
return render_permission_denied(
context, ' access this course\'s calendar')
return (calendar, edit_priv)
def update_event(request, owner_type, owner_id, event_id):
"""Return the event with event_id if the current user has permission to
view the calendar to which the event belongs"""
# Like before, get the request's context.
context = RequestContext(request)
user = request.user
verified_obj = verified_calendar(context, owner_type, owner_id, user)
if not isinstance(verified_obj, Calendar):
calendar = verified_obj
else:
return verified_obj
event = Event.objects.get(id=int(event_id))
#If the event mentioned doesn't belong to the calendar
if not (event.creator.id == user.id or event.cal.id == calendar.id):
#return HttpResponse('You do not have permission to edit this event')
return render_permission_denied(context, 'edit this event')
event_added = False
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'POST':
event_form = EventForm(data=request.POST, instance=event)
if (event_form.is_valid()):
e = event_form.save(commit=False)
e.save()
event_added = True
#notify the subscribers
updated_event.send(sender=None,
owner_type=owner_type,
owner_id=owner_id,
event=event,
user=user)
else:
event_form = EventForm(instance=event)
# Render the template depending on the context.
return render_to_response('scheduler/update_event.html', {
'event_form': event_form,
'user': user,
'event_added': event_added
}, context)
def user_login(request):
# Like before, obtain the context for the user's request.
context = RequestContext(request)
# If the request is a HTTP POST, try to pull out the relevant information.
if request.method == 'POST':
# Gather the username and password provided by the user.
# This information is obtained from the login form.
username = request.POST['username']
password = request.POST['password']
# Use Django's machinery to attempt to see if the username/password
# combination is valid - a User object is returned if it is.
user = authenticate(username=username, password=password)
# If we have a User object, the details are correct.
# If None (Python's way of representing the absence of a value), no user
# with matching credentials was found.
if user:
# Is the account active? It could have been disabled.
if user.is_active:
# If the account is valid and active, we can log the user in.
# We'll send the user back to the homepage.
login(request, user)
return HttpResponseRedirect(reverse('index'))
else:
# An inactive account was used - no logging in!
return HttpResponse("Your account is disabled.")
else:
# Bad login details were provided. So we can't log the user in.
print "Invalid login details: {0}, {1}".format(username, password)
return render_permission_denied(
context,
' proceed with registration since invalid login details were supplied'
)
# The request is not a HTTP POST, so display the login form.
# This scenario would most likely be a HTTP GET.
else:
# No context variables to pass to the template system, hence the
# blank dictionary object...
return render_to_response('main/login.html', {}, context)
def view_course(request, course_id):
"""Return a course given a course id. If the user choses to enrol in the
course, then add a course relation between the course and the user"""
# Like before, obtain the context for the user's request.
context = RequestContext(request)
user = request.user
eligible = False
enrolled = False
is_instructor = False
course = Course.objects.filter(id=int(course_id))[:1]
if (course):
course = course[0]
user_profile = UserProfile.objects.get(user=user)
if user_profile.school:
eligible = course.school.id == user_profile.school.id
relation = user_profile.courses.filter(id=course.id)[:1]
if relation:
enrolled = True
is_instructor = course.creator.id == user_profile.user.id
if request.method == 'POST':
#If the user wants to post, then he/she must have clicked enrol
# button in the school
if (eligible and not enrolled):
user_profile.courses.add(course)
user_profile.save()
enrolled = True
return render_to_response(
'school/course_view.html', {
'course': course,
'enrolled': enrolled,
'eligible': eligible,
'is_instructor': is_instructor
}, context)
else:
return render_permission_denied(context, ' view non existing course')
def get_courses(request):
""" Give a list of courses which is offered by the school in which the
user is enrolled in"""
# Like before, get the request's context.
context = RequestContext(request)
# If it's a HTTP POST, we're interested in processing form data.
if request.method == 'GET':
# Attempt to grab information from the raw form information.
# Note that we make use of both UserForm and UserProfileForm.
user_school = UserProfile.objects.get(user=request.user).school
if user_school:
courses = Course.objects.filter(school_id=user_school.id)
else:
return render_permission_denied(
context, 'view courses. Please enrol in a school first')
# Render the template depending on the context.
return render_to_response('school/search_courses.html',
{'courses': courses}, context)