← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/tutorial/service.py

  • Committer: William Grant
  • Date: 2009-02-27 03:55:15 UTC
  • Revision ID: grantw@unimelb.edu.au-20090227035515-u5nwfrbed8qu9sbl
Offerings now give 'view' only to user enrolled in them. 'edit' is granted
to their tutors and lecturers.

Worksheet(Exercise)s and their views now delegate to and use Offering's
permissions.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/tutorial/service.py
170
170
        return {'code': self.context.text}
171
171
 
172
172
 
173
 
class ExerciseRESTView(JSONRESTView):
174
 
    '''REST view of an exercise.'''
175
 
 
176
 
    def get_permissions(self, user):
177
 
        # XXX: Do it properly.
178
 
        # XXX: Does any user have the ability to save as themselves?
179
 
        # XXX: Does a user EVER have permission to save as another user?
180
 
        if user is not None:
181
 
            return set(['save'])
182
 
        else:
183
 
            return set()
184
 
 
185
 
    @named_operation('save')
 
173
class WorksheetExerciseRESTView(JSONRESTView):
 
174
    '''REST view of a worksheet exercise.'''
 
175
 
 
176
    def __init__(self, req, subject, year, semester, worksheet, exercise):
 
177
        self.context = req.store.find(WorksheetExercise,
 
178
            WorksheetExercise.exercise_id == exercise,
 
179
            WorksheetExercise.worksheet_id == Worksheet.id,
 
180
            Worksheet.offering_id == Offering.id,
 
181
            Offering.subject_id == Subject.id,
 
182
            Subject.code == subject,
 
183
            Offering.semester_id == Semester.id,
 
184
            Semester.year == year,
 
185
            Semester.semester == semester).one()
 
186
        
 
187
        if self.context is None:
 
188
            raise NotFound()
 
189
 
 
190
    @named_operation('view')
186
191
    def save(self, req, text):
187
192
        # Find the appropriate WorksheetExercise to save to. If its not found,
188
193
        # the user is submitting against a non-existant worksheet/exercise
189
 
        worksheet_exercise = req.store.find(WorksheetExercise,
190
 
            WorksheetExercise.exercise_id == self.exercise,
191
 
            WorksheetExercise.worksheet_id == Worksheet.id,
192
 
            Worksheet.offering_id == Offering.id,
193
 
            Offering.subject_id == Subject.id,
194
 
            Subject.code == self.subject,
195
 
            Offering.semester_id == Semester.id,
196
 
            Semester.year == self.year,
197
 
            Semester.semester == self.semester).one()
198
 
        
199
 
        if worksheet_exercise is None:
200
 
            raise NotFound()
201
194
 
202
195
        old_save = req.store.find(ExerciseSave,
203
 
            ExerciseSave.ws_ex_id == worksheet_exercise.id,
 
196
            ExerciseSave.ws_ex_id == self.context.id,
204
197
            ExerciseSave.user == req.user).one()
205
198
        
206
199
        #Overwrite the old, or create a new if there isn't one
210
203
        else:
211
204
            new_save = old_save
212
205
        
213
 
        new_save.worksheet_exercise = worksheet_exercise
 
206
        new_save.worksheet_exercise = self.context
214
207
        new_save.user = req.user
215
208
        new_save.text = unicode(text)
216
209
        new_save.date = datetime.datetime.now()
224
217
class WorksheetRESTView(JSONRESTView):
225
218
    """View used to update a worksheet."""
226
219
 
227
 
    def get_permissions(self, user):
228
 
        # XXX: Do it properly.
229
 
        # XXX: Lecturers should be allowed to add worksheets Only to subjects
230
 
        #      under their control
231
 
        if user is not None:
232
 
            if user.admin:
233
 
                return set(['save'])
234
 
            else:
235
 
                return set()
236
 
        else:
237
 
            return set()    
238
 
 
239
220
    def __init__(self, req, **kwargs):
240
221
    
241
222
        self.worksheet = kwargs['worksheet']
255
236
        if self.context is None:
256
237
            raise NotFound()
257
238
    
258
 
    @named_operation('save')
 
239
    @named_operation('edit')
259
240
    def save(self, req, name, assessable, data, format):
260
241
        """Takes worksheet data and saves it."""
261
242
        self.context.name = unicode(name)
269
250
class WorksheetsRESTView(JSONRESTView):
270
251
    """View used to update and create Worksheets."""
271
252
    
272
 
    def get_permissions(self, user):
273
 
        # XXX: Do it properly.
274
 
        # XXX: Lecturers should be allowed to add worksheets Only to subjects
275
 
        #      under their control
276
 
        if user is not None:
277
 
            if user.admin:
278
 
                return set(['edit'])
279
 
            else:
280
 
                return set()
281
 
        else:
282
 
            return set()
283
 
 
284
253
    def __init__(self, req, **kwargs):
285
254
    
286
255
        self.subject = kwargs['subject']