def login(request): """ Login form and handler """ login_url = request.route_url('login') referrer = request.url if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) message = '' login = '' password = '' if 'form.submitted' in request.params: login = request.params['login'] password = request.params['password'] user = get_user(request, login) if user and (user.password == password): headers = remember(request, login) return HTTPFound(location = came_from, headers = headers) message = 'Failed login' return dict( message = message, url = request.application_url + '/login', came_from = came_from, login = login, password = password, )
def staffHome(): if (not has_access(request.remote_addr, Staff)): return redirect("/login/Staff/@2FstaffHome") update(request.remote_addr) user = get_user(request.remote_addr) all_review_surveys = get_surveys(state = 0) review_surveys = [] for survey in all_review_surveys: if (user.is_enrolled_in(survey.course)): review_surveys.append(survey) all_active_surveys = get_surveys(state = 1) active_surveys = [] for survey in all_active_surveys: if (user.is_enrolled_in(survey.course)): active_surveys.append(survey) all_closed_surveys = get_surveys(state = 2) closed_surveys = [] for survey in all_closed_surveys: if (user.is_enrolled_in(survey.course)): closed_surveys.append(survey) root = request.url_root return render_template("staffHome.html", review_surveys = review_surveys, active_surveys = active_surveys, closed_surveys = closed_surveys, root = root)
def get_user_todos(request: Request): user = security.get_user(request) if not user: raise HTTPException(status_code=403, detail="Unable to find your username.") tasks = db.select_query( f"select * from tasks where username = '******'username']}'") return tasks
def test_student_login(self): user = login_user('z100', 'student228', 'localhost') self.assertNotEqual(user, None) self.assertEqual(type(user), Student) self.assertEqual(user, get_user('localhost')) self.assertEqual(has_access('localhost', Student), True)
def test_staff_login(self): user = login_user('z50', 'staff670', 'localhost') self.assertNotEqual(user, None) self.assertEqual(type(user), Staff) self.assertEqual(user, get_user('localhost')) self.assertEqual(has_access('localhost', Staff), True)
def test_admin_login(self): user = login_user('z1', 'adminPass', 'localhost') self.assertNotEqual(user, None) self.assertEqual(type(user), Admin) self.assertEqual(user, get_user('localhost')) self.assertEqual(has_access('localhost', Admin), True)
def studentHome(): if (not has_access(request.remote_addr, Student)): return redirect("/login/Student/@2FstudentHome") update(request.remote_addr) user = get_user(request.remote_addr) all_active_surveys = get_surveys(state = 1) active_surveys = [] for survey in all_active_surveys: if user.is_enrolled_in(survey.course) and not user.has_responded_to(DATABASE_FILENAME, survey): active_surveys.append(survey) return render_template("studentHome.html", active_surveys = active_surveys)
def studentResults(): if (not has_access(request.remote_addr, Student)): return redirect("/login/Student/@2FstudentResults") update(request.remote_addr) user = get_user(request.remote_addr) all_closed_surveys = get_surveys(state = 2) closed_surveys = [] for survey in all_closed_surveys: if user.is_enrolled_in(survey.course): closed_surveys.append(survey) return render_template("studentResults.html", closed_surveys = closed_surveys)
def create_todo(request: Request, todo: ToDo): if not security.user_has_role(request, "CREATE_TODO"): raise HTTPException( status_code=403, detail="You don't have permission to create ToDo's") user = security.get_user(request) sql = f''' insert into tasks (task, complete, username) values('{todo.task}', '{todo.complete}', '{user["username"]}') ''' result = db.execute_sql(sql) if (result == 0): return "OK" else: return result
def view_survey(course, semester): if (not has_access(request.remote_addr, Student)): return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester) user = get_user(request.remote_addr) survey = Survey() survey = survey.load_course_from_db(DATABASE_FILENAME, course, semester) if (not user.is_enrolled_in(survey.course)): return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester) if (user.has_responded_to(DATABASE_FILENAME, survey)): return redirect("/login/Student/@2Fsurvey@2F"+course+"@2F"+semester) update(request.remote_addr) if request.method == "POST": return save_response(DATABASE_FILENAME, survey, request) numQuestions = len(survey.questions) if survey == None: return render_template("surveyFail.html") return render_template("survey.html", survey = survey, numQuestions = numQuestions)
def save_response(filename, survey, request): user = get_user(request.remote_addr) try: write_id = max([ int(x[0]) for x in db_select(filename, "SELECT ID FROM RESPONSES") ]) + 1 except ValueError: write_id = 1 for question in survey.questions: if question.get_type() == 'text': response = request.form.get('TextBox' + str(question.get_id())) db_execute( filename, """INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID) VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format( write_id, user.zID, response, question.get_id(), survey.id)) write_id += 1 elif question.get_type() == 'single': response = request.form.get('Q' + str(question.get_id())) db_execute( filename, """INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID) VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format( write_id, user.zID, response, question.get_id(), survey.id)) write_id += 1 else: for response in request.form.getlist('Q' + str(question.get_id())): db_execute( filename, """INSERT INTO RESPONSES (ID, ZID, RESPONSE, QUESTIONID, SURVEYID) VALUES ("{0}", "{1}", "{2}", "{3}", "{4}")""".format( write_id, user.zID, response, question.get_id(), survey.id)) write_id += 1 return redirect('/login')
def test_student_logout(self): logout('localhost') self.assertEqual(get_user('localhost'), None) self.assertEqual(has_access('localhost', Student), False)
def test_admin_logout(self): logout('localhost') self.assertEqual(get_user('localhost'), None) self.assertEqual(has_access('localhost', Admin), False)
def user(self): dbconn = self.registry.settings['db'] userid = unauthenticated_userid(self) if userid is not None: return get_user(self, userid)