~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/tutorial/service.py

Implement authorization in JSON REST views. Add security declarations to
UserRESTView.

Show diffs side-by-side

added added

removed removed

Lines of Context:
19
19
 
20
20
'''AJAX backend for the tutorial application.'''
21
21
 
 
22
import os
22
23
import datetime
23
24
 
24
 
import genshi
25
 
from storm.locals import Store
26
 
 
 
25
import ivle.util
 
26
import ivle.console
27
27
import ivle.database
28
 
from ivle.database import Exercise, ExerciseAttempt, ExerciseSave, Worksheet, \
29
 
                          Offering, Subject, Semester, User, WorksheetExercise
30
 
import ivle.worksheet.utils
31
 
from ivle.webapp.base.rest import (JSONRESTView, write_operation,
32
 
                                   require_permission)
 
28
import ivle.worksheet
 
29
import ivle.conf
 
30
import ivle.webapp.tutorial.test
 
31
 
 
32
from ivle.webapp.base.rest import JSONRESTView, named_operation
33
33
from ivle.webapp.errors import NotFound
34
34
 
 
35
# If True, getattempts or getattempt will allow browsing of inactive/disabled
 
36
# attempts. If False, will not allow this.
 
37
HISTORY_ALLOW_INACTIVE = False
35
38
 
36
39
TIMESTAMP_FORMAT = '%Y-%m-%d %H:%M:%S'
37
40
 
38
41
 
39
42
class AttemptsRESTView(JSONRESTView):
40
43
    '''REST view of a user's attempts at an exercise.'''
 
44
    def __init__(self, req, subject, worksheet, exercise, username):
 
45
        # TODO: Find exercise within worksheet.
 
46
        self.user = ivle.database.User.get_by_login(req.store, username)
 
47
        if self.user is None:
 
48
            raise NotFound()
 
49
        self.exercise = exercise
41
50
 
42
 
    @require_permission('edit')
43
51
    def GET(self, req):
44
52
        """Handles a GET Attempts action."""
45
 
        attempts = req.store.find(ExerciseAttempt, 
46
 
                ExerciseAttempt.ws_ex_id == self.context.worksheet_exercise.id,
47
 
                ExerciseAttempt.user_id == self.context.user.id)
 
53
        exercise = ivle.database.Exercise.get_by_name(req.store, 
 
54
                                                        self.exercise)
 
55
 
 
56
        attempts = ivle.worksheet.get_exercise_attempts(req.store, self.user,
 
57
                            exercise, allow_inactive=HISTORY_ALLOW_INACTIVE)
48
58
        # attempts is a list of ExerciseAttempt objects. Convert to dictionaries
49
59
        time_fmt = lambda dt: datetime.datetime.strftime(dt, TIMESTAMP_FORMAT)
50
60
        attempts = [{'date': time_fmt(a.date), 'complete': a.complete}
53
63
        return attempts
54
64
 
55
65
 
56
 
    @require_permission('edit')
57
66
    def PUT(self, req, data):
58
 
        """ Tests the given submission """
59
 
        # Trim off any trailing whitespace (can cause syntax errors in python)
60
 
        # While technically this is a user error, it causes a lot of confusion 
61
 
        # for student since it's "invisible".
62
 
        code = data['code'].rstrip()
63
 
 
64
 
        test_results = ivle.worksheet.utils.test_exercise_submission(
65
 
            req.config, req.user, self.context.worksheet_exercise.exercise,
66
 
            code)
 
67
        ''' Tests the given submission '''
 
68
        exercisefile = ivle.util.open_exercise_file(self.exercise)
 
69
        if exercisefile is None:
 
70
            raise NotFound()
 
71
 
 
72
        # Start a console to run the tests on
 
73
        jail_path = os.path.join(ivle.conf.jail_base, req.user.login)
 
74
        working_dir = os.path.join("/home", req.user.login)
 
75
        cons = ivle.console.Console(req.user.unixid, jail_path, working_dir)
 
76
 
 
77
        # Parse the file into a exercise object using the test suite
 
78
        exercise_obj = ivle.webapp.tutorial.test.parse_exercise_file(
 
79
                                                            exercisefile, cons)
 
80
        exercisefile.close()
 
81
 
 
82
        # Run the test cases. Get the result back as a JSONable object.
 
83
        # Return it.
 
84
        test_results = exercise_obj.run_tests(data['code'])
 
85
 
 
86
        # Close the console
 
87
        cons.close()
 
88
 
 
89
        # Get the Exercise from the database
 
90
        exercise = ivle.database.Exercise.get_by_name(req.store, self.exercise)
67
91
 
68
92
        attempt = ivle.database.ExerciseAttempt(user=req.user,
69
 
            worksheet_exercise = self.context.worksheet_exercise,
70
 
            date = datetime.datetime.now(),
71
 
            complete = test_results['passed'],
72
 
            text = unicode(code)
73
 
        )
 
93
                                                exercise=exercise,
 
94
                                                date=datetime.datetime.now(),
 
95
                                                complete=test_results['passed'],
 
96
                                                # XXX
 
97
                                                text=unicode(data['code']))
74
98
 
75
99
        req.store.add(attempt)
76
100
 
77
101
        # Query the DB to get an updated score on whether or not this problem
78
102
        # has EVER been completed (may be different from "passed", if it has
79
103
        # been completed before), and the total number of attempts.
80
 
        completed, attempts = ivle.worksheet.utils.get_exercise_status(
81
 
                req.store, req.user, self.context.worksheet_exercise)
 
104
        completed, attempts = ivle.worksheet.get_exercise_status(req.store,
 
105
            req.user, exercise)
82
106
        test_results["completed"] = completed
83
107
        test_results["attempts"] = attempts
84
108
 
88
112
class AttemptRESTView(JSONRESTView):
89
113
    '''REST view of an exercise attempt.'''
90
114
 
91
 
    @require_permission('view')
 
115
    def __init__(self, req, subject, worksheet, exercise, username, date):
 
116
        # TODO: Find exercise within worksheet.
 
117
        user = ivle.database.User.get_by_login(req.store, username)
 
118
        if user is None:
 
119
            raise NotFound()
 
120
 
 
121
        try:
 
122
            date = datetime.datetime.strptime(date, TIMESTAMP_FORMAT)
 
123
        except ValueError:
 
124
            raise NotFound()
 
125
 
 
126
        exercise = ivle.database.Exercise.get_by_name(req.store, exercise)
 
127
        attempt = ivle.worksheet.get_exercise_attempt(req.store, user,
 
128
            exercise, as_of=date, allow_inactive=HISTORY_ALLOW_INACTIVE)
 
129
 
 
130
        if attempt is None:
 
131
            raise NotFound()
 
132
 
 
133
        self.context = attempt
 
134
 
92
135
    def GET(self, req):
93
136
        return {'code': self.context.text}
94
137
 
95
138
 
96
 
class WorksheetExerciseRESTView(JSONRESTView):
97
 
    '''REST view of a worksheet exercise.'''
98
 
 
99
 
    @write_operation('view')
 
139
class ExerciseRESTView(JSONRESTView):
 
140
    '''REST view of an exercise.'''
 
141
    @named_operation
100
142
    def save(self, req, text):
101
 
        # Find the appropriate WorksheetExercise to save to. If its not found,
102
 
        # the user is submitting against a non-existant worksheet/exercise
103
 
 
104
 
        old_save = req.store.find(ExerciseSave,
105
 
            ExerciseSave.ws_ex_id == self.context.id,
106
 
            ExerciseSave.user == req.user).one()
107
 
        
108
 
        #Overwrite the old, or create a new if there isn't one
109
 
        if old_save is None:
110
 
            new_save = ExerciseSave()
111
 
            req.store.add(new_save)
112
 
        else:
113
 
            new_save = old_save
114
 
        
115
 
        new_save.worksheet_exercise = self.context
116
 
        new_save.user = req.user
117
 
        new_save.text = unicode(text)
118
 
        new_save.date = datetime.datetime.now()
119
 
 
 
143
        # Need to open JUST so we know this is a real exercise.
 
144
        # (This avoids users submitting code for bogus exercises).
 
145
        exercisefile = ivle.util.open_exercise_file(self.exercise)
 
146
        if exercisefile is None:
 
147
            raise NotFound()
 
148
        exercisefile.close()
 
149
 
 
150
        exercise = ivle.database.Exercise.get_by_name(req.store, self.exercise)
 
151
        ivle.worksheet.save_exercise(req.store, req.user, exercise,
 
152
                                     unicode(text), datetime.datetime.now())
120
153
        return {"result": "ok"}
121
 
 
122
 
 
123
 
class WorksheetsRESTView(JSONRESTView):
124
 
    """View used to update and create Worksheets."""
125
 
 
126
 
    @write_operation('edit_worksheets')
127
 
    def move_up(self, req, worksheetid):
128
 
        """Takes a list of worksheet-seq_no pairs and updates their 
129
 
        corresponding Worksheet objects to match."""
130
 
        
131
 
        worksheet_below = req.store.find(Worksheet,
132
 
            Worksheet.offering_id == self.context.id,
133
 
            Worksheet.identifier == unicode(worksheetid)).one()
134
 
        if worksheet_below is None:
135
 
            raise NotFound('worksheet_below')
136
 
        worksheet_above = req.store.find(Worksheet,
137
 
            Worksheet.offering_id == self.context.id,
138
 
            Worksheet.seq_no == (worksheet_below.seq_no - 1)).one()
139
 
        if worksheet_above is None:
140
 
            raise NotFound('worksheet_above')
141
 
 
142
 
        worksheet_below.seq_no = worksheet_below.seq_no - 1
143
 
        worksheet_above.seq_no = worksheet_above.seq_no + 1
144
 
        
145
 
        return {'result': 'ok'}
146
 
 
147
 
    @write_operation('edit_worksheets')
148
 
    def move_down(self, req, worksheetid):
149
 
        """Takes a list of worksheet-seq_no pairs and updates their 
150
 
        corresponding Worksheet objects to match."""
151
 
        
152
 
        worksheet_above = req.store.find(Worksheet,
153
 
            Worksheet.offering_id == self.context.id,
154
 
            Worksheet.identifier == unicode(worksheetid)).one()
155
 
        if worksheet_above is None:
156
 
            raise NotFound('worksheet_below')
157
 
        worksheet_below = req.store.find(Worksheet,
158
 
            Worksheet.offering_id == self.context.id,
159
 
            Worksheet.seq_no == (worksheet_above.seq_no + 1)).one()
160
 
        if worksheet_below is None:
161
 
            raise NotFound('worksheet_above')
162
 
 
163
 
        worksheet_below.seq_no = worksheet_below.seq_no - 1
164
 
        worksheet_above.seq_no = worksheet_above.seq_no + 1
165
 
        
166
 
        return {'result': 'ok'}