1
# IVLE - Informatics Virtual Learning Environment
2
# Copyright (C) 2007-2008 The University of Melbourne
4
# This program is free software; you can redistribute it and/or modify
5
# it under the terms of the GNU General Public License as published by
6
# the Free Software Foundation; either version 2 of the License, or
7
# (at your option) any later version.
9
# This program is distributed in the hope that it will be useful,
10
# but WITHOUT ANY WARRANTY; without even the implied warranty of
11
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
# GNU General Public License for more details.
14
# You should have received a copy of the GNU General Public License
15
# along with this program; if not, write to the Free Software
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
22
# Code to talk to the PostgreSQL database.
23
# (This is the Data Access Layer).
24
# All DB code should be in this module to ensure portability if we want to
25
# change the DB implementation.
26
# This means no SQL strings should be outside of this module. Add functions
27
# here to perform the activities needed, and place the SQL code for those
30
# CAUTION to editors of this module.
31
# All string inputs must be sanitized by calling _escape before being
32
# formatted into an SQL query string.
42
TIMESTAMP_FORMAT = '%Y-%m-%d %H:%M:%S'
45
"""Wrapper around pg.escape_string. Prepares the Python value for use in
46
SQL. Returns a string, which may be safely placed verbatim into an SQL
48
Handles the following types:
49
* str: Escapes the string, and also quotes it.
50
* int/long/float: Just converts to an unquoted string.
51
* bool: Returns as "TRUE" or "FALSE", unquoted.
52
* NoneType: Returns "NULL", unquoted.
53
* common.caps.Role: Returns the role as a quoted, lowercase string.
54
* time.struct_time: Returns the time as a quoted string for insertion into
56
Raises a DBException if val has an unsupported type.
58
# "E'" is postgres's way of making "escape" strings.
59
# Such strings allow backslashes to escape things. Since escape_string
60
# converts a single backslash into two backslashes, it needs to be fed
62
# Ref: http://www.postgresql.org/docs/8.2/static/sql-syntax-lexical.html
63
# WARNING: PostgreSQL-specific code
66
elif isinstance(val, str) or isinstance(val, unicode):
67
return "E'" + pg.escape_string(val) + "'"
68
elif isinstance(val, bool):
69
return "TRUE" if val else "FALSE"
70
elif isinstance(val, int) or isinstance(val, long) \
71
or isinstance(val, float):
73
elif isinstance(val, caps.Role):
74
return _escape(str(val))
75
elif isinstance(val, time.struct_time):
76
return _escape(time.strftime(TIMESTAMP_FORMAT, val))
78
raise DBException("Attempt to insert an unsupported type "
79
"into the database (%s)" % repr(type(val)))
81
def _parse_boolean(val):
83
Accepts a boolean as output from the DB (either the string 't' or 'f').
84
Returns a boolean value True or False.
85
Also accepts other values which mean True or False in PostgreSQL.
86
If none match, raises a DBException.
88
# On a personal note, what sort of a language allows 7 different values
89
# to denote each of True and False?? (A: SQL)
90
if isinstance(val, bool):
96
elif val == 'true' or val == 'y' or val == 'yes' or val == '1' \
99
elif val == 'false' or val == 'n' or val == 'no' or val == '0' \
103
raise DBException("Invalid boolean value returned from DB")
105
def _passhash(password):
106
return md5.md5(password).hexdigest()
108
class DBException(Exception):
109
"""A DBException is for bad conditions in the database or bad input to
110
these methods. If Postgres throws an exception it does not get rebadged.
111
This is only for additional exceptions."""
115
"""An IVLE database object. This object provides an interface to
116
interacting with the IVLE database without using any external SQL.
118
Most methods of this class have an optional dry argument. If true, they
119
will return the SQL query string and NOT actually execute it. (For
122
Methods may throw db.DBException, or any of the pg exceptions as well.
123
(In general, be prepared to catch exceptions!)
126
"""Connects to the database and creates a DB object.
127
Takes no parameters - gets all the DB info from the configuration."""
129
self.db = pg.connect(host=ivle.conf.db_host, port=ivle.conf.db_port,
130
dbname=ivle.conf.db_dbname,
131
user=ivle.conf.db_user, passwd=ivle.conf.db_password)
138
# GENERIC DB FUNCTIONS #
141
def check_dict(dict, tablefields, disallowed=frozenset([]), must=False):
142
"""Checks that a dict does not contain keys that are not fields
143
of the specified table.
144
dict: A mapping from string keys to values; the keys are checked to
145
see that they correspond to login table fields.
146
tablefields: Collection of strings for field names in the table.
147
Only these fields will be allowed.
148
disallowed: Optional collection of strings for field names that are
150
must: If True, the dict MUST contain all fields in tablefields.
151
If False, it may contain any subset of the fields.
152
Returns True if the dict is valid, False otherwise.
154
allowed = frozenset(tablefields) - frozenset(disallowed)
155
dictkeys = frozenset(dict.keys())
157
return allowed == dictkeys
159
return allowed.issuperset(dictkeys)
161
def insert(self, dict, tablename, tablefields, disallowed=frozenset([]),
163
"""Inserts a new row in a table, using data from a supplied
164
dictionary (which will be checked by check_dict).
165
dict: Dictionary mapping column names to values. The values may be
166
any of the following types:
167
str, int, long, float, NoneType.
168
tablename: String, name of the table to insert into. Will NOT be
169
escaped - must be a valid identifier.
170
tablefields, disallowed: see check_dict.
171
dry: Returns the SQL query as a string, and does not execute it.
172
Raises a DBException if the dictionary contains invalid fields.
174
if not DB.check_dict(dict, tablefields, disallowed):
175
extras = set(dict.keys()) - tablefields
176
raise DBException("Supplied dictionary contains invalid fields. (%s)" % (repr(extras)))
177
# Build two lists concurrently: field names and values, as SQL strings
180
for k,v in dict.items():
182
values.append(_escape(v))
183
if len(fieldnames) == 0: return
184
fieldnames = ', '.join(fieldnames)
185
values = ', '.join(values)
186
query = ("INSERT INTO %s (%s) VALUES (%s);"
187
% (tablename, fieldnames, values))
191
def return_insert(self, dict, tablename, tablefields, returning,
192
disallowed=frozenset([]), dry=False):
193
"""Inserts a new row in a table, using data from a supplied
194
dictionary (which will be checked by check_dict) and returns certain
196
dict: Dictionary mapping column names to values. The values may be
197
any of the following types:
198
str, int, long, float, NoneType.
199
tablename: String, name of the table to insert into. Will NOT be
200
escaped - must be a valid identifier.
201
returning: List of fields to return, not escaped
202
tablefields, disallowed: see check_dict.
203
dry: Returns the SQL query as a string, and does not execute it.
204
Raises a DBException if the dictionary contains invalid fields.
206
if not DB.check_dict(dict, tablefields, disallowed):
207
extras = set(dict.keys()) - tablefields
208
raise DBException("Supplied dictionary contains invalid fields. (%s)" % (repr(extras)))
209
# Build two lists concurrently: field names and values, as SQL strings
212
for k,v in dict.items():
214
values.append(_escape(v))
215
if len(fieldnames) == 0: return
216
fieldnames = ', '.join(fieldnames)
217
values = ', '.join(values)
218
returns = ', '.join(returning)
219
query = ("INSERT INTO %s (%s) VALUES (%s) RETURNING (%s);"
220
% (tablename, fieldnames, values, returns))
222
return self.db.query(query)
225
def update(self, primarydict, updatedict, tablename, tablefields,
226
primary_keys, disallowed_update=frozenset([]), dry=False):
227
"""Updates a row in a table, matching against primarydict to find the
228
row, and using the data in updatedict (which will be checked by
230
primarydict: Dict mapping column names to values. The keys should be
231
the table's primary key. Only rows which match this dict's values
233
updatedict: Dict mapping column names to values. The columns will be
234
updated with the given values for the matched rows.
235
tablename, tablefields, disallowed_update: See insert.
236
primary_keys: Collection of strings which together form the primary
237
key for this table. primarydict must contain all of these as keys,
240
if (not (DB.check_dict(primarydict, primary_keys, must=True)
241
and DB.check_dict(updatedict, tablefields, disallowed_update))):
242
raise DBException("Supplied dictionary contains invalid or missing fields (1).")
243
# Make a list of SQL fragments of the form "field = 'new value'"
244
# These fragments are ALREADY-ESCAPED
246
for k,v in updatedict.items():
247
setlist.append("%s = %s" % (k, _escape(v)))
249
for k,v in primarydict.items():
250
wherelist.append("%s = %s" % (k, _escape(v)))
251
if len(setlist) == 0 or len(wherelist) == 0:
253
# Join the fragments into a comma-separated string
254
setstring = ', '.join(setlist)
255
wherestring = ' AND '.join(wherelist)
256
# Build the whole query as an UPDATE statement
257
query = ("UPDATE %s SET %s WHERE %s;"
258
% (tablename, setstring, wherestring))
262
def delete(self, primarydict, tablename, primary_keys, dry=False):
263
"""Deletes a row in the table, matching against primarydict to find
265
primarydict, tablename, primary_keys: See update.
267
if not DB.check_dict(primarydict, primary_keys, must=True):
268
raise DBException("Supplied dictionary contains invalid or missing fields (2).")
270
for k,v in primarydict.items():
271
wherelist.append("%s = %s" % (k, _escape(v)))
272
if len(wherelist) == 0:
274
wherestring = ' AND '.join(wherelist)
275
query = ("DELETE FROM %s WHERE %s;" % (tablename, wherestring))
279
def get_single(self, primarydict, tablename, getfields, primary_keys,
280
error_notfound="No rows found", dry=False):
281
"""Retrieves a single row from a table, returning it as a dictionary
282
mapping field names to values. Matches against primarydict to find the
284
primarydict, tablename, primary_keys: See update/delete.
285
getfields: Collection of strings; the field names which will be
286
returned as keys in the dictionary.
287
error_notfound: Error message if 0 rows match.
288
Raises a DBException if 0 rows match, with error_notfound as the msg.
289
Raises an AssertError if >1 rows match (this should not happen if
290
primary_keys is indeed the primary key).
292
if not DB.check_dict(primarydict, primary_keys, must=True):
293
raise DBException("Supplied dictionary contains invalid or missing fields (3).")
295
for k,v in primarydict.items():
296
wherelist.append("%s = %s" % (k, _escape(v)))
297
if len(getfields) == 0 or len(wherelist) == 0:
299
# Join the fragments into a comma-separated string
300
getstring = ', '.join(getfields)
301
wherestring = ' AND '.join(wherelist)
302
# Build the whole query as an SELECT statement
303
query = ("SELECT %s FROM %s WHERE %s;"
304
% (getstring, tablename, wherestring))
306
result = self.db.query(query)
307
# Expecting exactly one
308
if result.ntuples() != 1:
309
# It should not be possible for ntuples to be greater than 1
310
assert (result.ntuples() < 1)
311
raise DBException(error_notfound)
312
# Return as a dictionary
313
return result.dictresult()[0]
315
def get_all(self, tablename, getfields, dry=False):
316
"""Retrieves all rows from a table, returning it as a list of
317
dictionaries mapping field names to values.
318
tablename, getfields: See get_single.
320
if len(getfields) == 0:
322
getstring = ', '.join(getfields)
323
query = ("SELECT %s FROM %s;" % (getstring, tablename))
325
return self.db.query(query).dictresult()
327
def start_transaction(self, dry=False):
328
"""Starts a DB transaction.
329
Will not commit any changes until self.commit() is called.
331
query = "START TRANSACTION;"
335
def commit(self, dry=False):
336
"""Commits (ends) a DB transaction.
337
Commits all changes since the call to start_transaction.
343
def rollback(self, dry=False):
344
"""Rolls back (ends) a DB transaction, undoing all changes since the
345
call to start_transaction.
351
# USER MANAGEMENT FUNCTIONS #
353
login_primary = frozenset(["login"])
354
login_fields_list = [
355
"login", "passhash", "state", "unixid", "email", "nick", "fullname",
356
"rolenm", "studentid", "acct_exp", "pass_exp", "last_login", "svn_pass"
358
login_fields = frozenset(login_fields_list)
360
def create_user(self, user_obj=None, dry=False, **kwargs):
361
"""Creates a user login entry in the database.
362
Two ways to call this - passing a user object, or passing
363
all fields as separate arguments.
365
Either pass a "user_obj" as the first argument (in which case other
366
fields will be ignored), or pass all fields as arguments.
368
All user fields are to be passed as args. The argument names
369
are the field names of the "login" table of the DB schema.
370
However, instead of supplying a "passhash", you must supply a
371
"password" argument, which will be hashed internally.
372
Also "state" must not given explicitly; it is implicitly set to
374
Raises an exception if the user already exists, or the dict contains
375
invalid keys or is missing required keys.
377
if 'passhash' in kwargs:
378
raise DBException("Supplied arguments include passhash (invalid) (1).")
379
# Make a copy of the dict. Change password to passhash (hashing it),
380
# and set 'state' to "no_agreement".
383
fields = copy.copy(kwargs)
385
# Use the user object
386
fields = dict(user_obj)
387
if 'password' in fields:
388
fields['passhash'] = _passhash(fields['password'])
389
del fields['password']
391
# Convert role to rolenm
392
fields['rolenm'] = str(user_obj.role)
395
fields['state'] = "no_agreement"
396
# else, we'll trust the user, but it SHOULD be "no_agreement"
397
# (We can't change it because then the user object would not
399
if 'local_password' in fields:
400
del fields['local_password']
402
return self.insert(fields, "login", self.login_fields, dry=dry)
404
def get_user_loginid(self, login, dry=False):
405
"""Given a login, returns the integer loginid for this user.
407
Raises a DBException if the login is not found in the DB.
409
userdict = self.get_single({"login": login}, "login",
410
['loginid'], self.login_primary,
411
error_notfound="get_user_loginid: No user with that login name",
414
return userdict # Query string
415
return userdict['loginid']
417
# PROBLEM AND PROBLEM ATTEMPT FUNCTIONS #
419
def get_problem_problemid(self, exercisename, dry=False):
420
"""Given an exercise name, returns the associated problemID.
421
If the exercise name is NOT in the database, it inserts it and returns
422
the new problemID. Hence this may mutate the DB, but is idempotent.
425
d = self.get_single({"identifier": exercisename}, "problem",
426
['problemid'], frozenset(["identifier"]),
429
return d # Query string
432
# Shouldn't try again, must have failed for some other reason
434
# if we failed to get a problemid, it was probably because
435
# the exercise wasn't in the db. So lets insert it!
437
# The insert can fail if someone else simultaneously does
438
# the insert, so if the insert fails, we ignore the problem.
440
self.insert({'identifier': exercisename}, "problem",
441
frozenset(['identifier']))
445
# Assuming the insert succeeded, we should be able to get the
447
d = self.get_single({"identifier": exercisename}, "problem",
448
['problemid'], frozenset(["identifier"]))
450
return d['problemid']
452
def insert_problem_attempt(self, login, exercisename, date, complete,
454
"""Inserts the details of a problem attempt into the database.
455
exercisename: Name of the exercise. (identifier field of problem
456
table). If this exercise does not exist, also creates a new row in
457
the problem table for this exercise name.
458
login: Name of the user submitting the attempt. (login field of the
460
date: struct_time, the date this attempt was made.
461
complete: bool. Whether the test passed or not.
462
attempt: Text of the attempt.
464
Note: Even if dry, will still physically call get_problem_problemid,
465
which may mutate the DB, and get_user_loginid, which may fail.
467
problemid = self.get_problem_problemid(exercisename)
468
loginid = self.get_user_loginid(login) # May raise a DBException
471
'problemid': problemid,
474
'complete': complete,
476
}, 'problem_attempt',
477
frozenset(['problemid','loginid','date','complete','attempt']),
480
def write_problem_save(self, login, exercisename, date, text, dry=False):
481
"""Writes text to the problem_save table (for when the user saves an
482
exercise). Creates a new row, or overwrites an existing one if the
483
user has already saved that problem.
484
(Unlike problem_attempt, does not keep historical records).
486
problemid = self.get_problem_problemid(exercisename)
487
loginid = self.get_user_loginid(login) # May raise a DBException
491
'problemid': problemid,
496
frozenset(['problemid','loginid','date','text']),
498
except pg.ProgrammingError:
499
# May have failed because this problemid/loginid row already
500
# exists (they have a unique key constraint).
501
# Do an update instead.
503
# Shouldn't try again, must have failed for some other reason
506
'problemid': problemid,
513
frozenset(['date', 'text']),
514
frozenset(['problemid', 'loginid']))
516
# ENROLMENT INFORMATION
518
def add_enrolment(self, login, subj_code, semester, year=None, dry=False):
520
Enrol a student in the given offering of a subject.
521
Returns True on success, False on failure (which usually means either
522
the student is already enrolled in the subject, the student was not
523
found, or no offering existed with the given details).
524
The return value can usually be ignored.
526
subj_code = str(subj_code)
527
semester = str(semester)
529
year = str(time.gmtime().tm_year)
533
INSERT INTO enrolment (loginid, offeringid)
535
(SELECT loginid FROM login WHERE login=%s),
537
FROM offering, subject, semester
538
WHERE subject.subjectid = offering.subject
539
AND semester.semesterid = offering.semesterid
540
AND subj_code=%s AND semester=%s AND year=%s)
541
);""" % (_escape(login), _escape(subj_code), _escape(semester),
546
result = self.db.query(query)
547
except pg.ProgrammingError:
551
# SUBJECTS AND ENROLEMENT
553
def get_offering_semesters(self, subjectid, dry=False):
555
Get the semester information for a subject as well as providing
556
information about if the subject is active and which semester it is in.
559
SELECT offeringid, subj_name, year, semester, active
560
FROM semester, offering, subject
561
WHERE offering.semesterid = semester.semesterid AND
562
offering.subject = subject.subjectid AND
563
offering.subject = %d;"""%subjectid
566
results = self.db.query(query).dictresult()
567
# Parse boolean varibles
568
for result in results:
569
result['active'] = _parse_boolean(result['active'])
572
def get_offering_members(self, offeringid, dry=False):
574
Gets the logins of all the people enroled in an offering
577
SELECT login.login AS login, login.fullname AS fullname
578
FROM login, enrolment
579
WHERE login.loginid = enrolment.loginid AND
580
enrolment.offeringid = %d
581
ORDER BY login.login;"""%offeringid
584
return self.db.query(query).dictresult()
587
def get_enrolment_groups(self, login, offeringid, dry=False):
589
Get all groups the user is member of in the given offering.
590
Returns a list of dicts (all values strings), with the keys:
594
SELECT project_group.groupnm as name, project_group.nick as nick
595
FROM project_set, project_group, group_member, login
597
AND project_set.offeringid=%s
598
AND group_member.loginid=login.loginid
599
AND project_group.groupid=group_member.groupid
600
AND project_group.projectsetid=project_set.projectsetid
601
""" % (_escape(login), _escape(offeringid))
604
return self.db.query(query).dictresult()
608
def get_offering_info(self, projectsetid, dry=False):
609
"""Takes information from projectset and returns useful information
610
about the subject and semester. Returns as a dictionary.
613
SELECT subjectid, subj_code, subj_name, subj_short_name, url, year, semester,
615
FROM subject, offering, semester, project_set
616
WHERE offering.subject = subject.subjectid AND
617
offering.semesterid = semester.semesterid AND
618
project_set.offeringid = offering.offeringid AND
619
project_set.projectsetid = %d;"""%projectsetid
622
return self.db.query(query).dictresult()[0]
624
def get_projectgroup_members(self, groupid, dry=False):
625
"""Returns the logins of all students in a project group
628
SELECT login.login as login, login.fullname as fullname
629
FROM login, group_member
630
WHERE login.loginid = group_member.loginid AND
631
group_member.groupid = %d
632
ORDER BY login.login;"""%groupid
635
return self.db.query(query).dictresult()
637
def get_projectsets_by_offering(self, offeringid, dry=False):
638
"""Returns all the projectsets in a particular offering"""
640
SELECT projectsetid, max_students_per_group
642
WHERE project_set.offeringid = %d;"""%offeringid
645
return self.db.query(query).dictresult()
647
def get_groups_by_projectset(self, projectsetid, dry=False):
648
"""Returns all the groups that are in a particular projectset"""
650
SELECT groupid, groupnm, nick, createdby, epoch
652
WHERE project_group.projectsetid = %d;"""%projectsetid
655
return self.db.query(query).dictresult()
658
"""Close the DB connection. Do not call any other functions after
659
this. (The behaviour of doing so is undefined).
added
removed
ivle/db.py
