30
from storm.expr import Select, Max
31
from ivle.database import ProjectGroup, User
33
from ivle.database import (User, ProjectGroup, Assessed, ProjectSubmission,
34
Project, ProjectSet, Offering, Enrolment)
33
36
def chown_to_webserver(filename):
34
37
"""chown a directory and its contents to the web server.
72
75
""" % {'login': u.login})
77
# Now we need to grant offering tutors and lecturers access to the latest
78
# submissions in their offerings. There are much prettier ways to do this,
79
# but a lot of browser requests call this function, so it needs to be
80
# fast. We can grab all of the paths needing authorisation directives with
81
# a single query, and we cache the list of viewers for each offering.
82
offering_viewers_cache = {}
83
for (login, psid, pspath, offeringid) in store.find(
84
(User.login, ProjectSubmission.id, ProjectSubmission.path,
86
Assessed.id == ProjectSubmission.assessed_id,
87
User.id == Assessed.user_id,
88
Project.id == Assessed.project_id,
89
ProjectSet.id == Project.project_set_id,
90
Offering.id == ProjectSet.id,
91
ProjectSubmission.date_submitted == Select(
92
Max(ProjectSubmission.date_submitted),
93
ProjectSubmission.assessed_id == Assessed.id,
94
tables=ProjectSubmission
98
# Do we already have the list of logins authorised for this offering
99
# cached? If not, get it.
100
if offeringid not in offering_viewers_cache:
101
offering_viewers_cache[offeringid] = list(store.find(
103
User.id == Enrolment.user_id,
104
Enrolment.offering_id == offeringid,
105
Enrolment.role.is_in((u'tutor', u'lecturer'))
112
""" % {'login': login, 'id': psid, 'path': pspath})
114
for viewer_login in offering_viewers_cache[offeringid]:
115
# We don't want to override the owner's write privilege,
116
# so we don't add them to the read-only ACL.
117
if login != viewer_login:
118
f.write("%s = r\n" % viewer_login)
75
121
os.rename(temp_name, conf_name)
76
122
chown_to_webserver(conf_name)
added
removed
ivle/makeuser.py
