29
30
from storm.locals import create_database, Store, Int, Unicode, DateTime, \
30
31
Reference, ReferenceSet, Bool, Storm, Desc
215
216
Semester.id == Offering.semester_id,
216
217
(not active_only) or (Semester.state == u'current'),
217
218
Enrolment.offering_id == Offering.id,
218
Enrolment.user_id == self.id)
219
Enrolment.user_id == self.id,
220
Enrolment.active == True)
221
223
def hash_password(password):
227
229
"""Find a user in a store by login name."""
228
230
return store.find(cls, cls.login == unicode(login)).one()
230
def get_permissions(self, user):
232
def get_permissions(self, user, config):
231
233
"""Determine privileges held by a user over this object.
233
235
If the user requesting privileges is this user or an admin,
234
236
they may do everything. Otherwise they may do nothing.
236
238
if user and user.admin or user is self:
237
return set(['view', 'edit', 'submit_project'])
239
return set(['view_public', 'view', 'edit', 'submit_project'])
241
return set(['view_public'])
241
243
# SUBJECTS AND ENROLMENTS #
249
251
code = Unicode(name="subj_code")
250
252
name = Unicode(name="subj_name")
251
253
short_name = Unicode(name="subj_short_name")
254
255
offerings = ReferenceSet(id, 'Offering.subject_id')
258
259
def __repr__(self):
259
260
return "<%s '%s'>" % (type(self).__name__, self.short_name)
261
def get_permissions(self, user):
262
def get_permissions(self, user, config):
262
263
"""Determine privileges held by a user over this object.
264
265
If the user requesting privileges is an admin, they may edit.
322
323
subject = Reference(subject_id, Subject.id)
323
324
semester_id = Int(name="semesterid")
324
325
semester = Reference(semester_id, Semester.id)
326
description = Unicode()
328
show_worksheet_marks = Bool()
329
worksheet_cutoff = DateTime()
325
330
groups_student_permissions = Unicode()
327
332
enrolments = ReferenceSet(id, 'Enrolment.offering_id')
330
335
'Enrolment.user_id',
332
337
project_sets = ReferenceSet(id, 'ProjectSet.offering_id')
338
projects = ReferenceSet(id,
339
'ProjectSet.offering_id',
341
'Project.project_set_id')
334
343
worksheets = ReferenceSet(id,
335
344
'Worksheet.offering_id',
366
375
Enrolment.offering_id == self.id).one()
367
376
Store.of(enrolment).remove(enrolment)
369
def get_permissions(self, user):
378
def get_permissions(self, user, config):
371
380
if user is not None:
372
381
enrolment = self.get_enrolment(user)
373
382
if enrolment or user.admin:
374
383
perms.add('view')
375
if (enrolment and enrolment.role in (u'tutor', u'lecturer')) \
384
if enrolment and enrolment.role == u'tutor':
385
perms.add('view_project_submissions')
386
# Site-specific policy on the role of tutors
387
if config['policy']['tutors_can_enrol_students']:
389
perms.add('enrol_student')
390
if config['policy']['tutors_can_edit_worksheets']:
391
perms.add('edit_worksheets')
392
if config['policy']['tutors_can_admin_groups']:
393
perms.add('admin_groups')
394
if (enrolment and enrolment.role in (u'lecturer')) or user.admin:
395
perms.add('view_project_submissions')
396
perms.add('admin_groups')
397
perms.add('edit_worksheets')
398
perms.add('view_worksheet_marks')
399
perms.add('edit') # Can edit projects & details
400
perms.add('enrol') # Can see enrolment screen at all
401
perms.add('enrol_student') # Can enrol students
402
perms.add('enrol_tutor') # Can enrol tutors
404
perms.add('enrol_lecturer') # Can enrol lecturers
380
407
def get_enrolment(self, user):
391
418
Enrolment.user_id == User.id,
392
419
Enrolment.offering_id == self.id,
393
420
Enrolment.role == role
421
).order_by(User.login)
397
424
def students(self):
398
425
return self.get_members_by_role(u'student')
427
def get_open_projects_for_user(self, user):
428
"""Find all projects currently open to submissions by a user."""
429
# XXX: Respect extensions.
430
return self.projects.find(Project.deadline > datetime.datetime.now())
432
def clone_worksheets(self, source):
433
"""Clone all worksheets from the specified source to this offering."""
434
import ivle.worksheet.utils
435
for worksheet in source.worksheets:
437
newws.seq_no = worksheet.seq_no
438
newws.identifier = worksheet.identifier
439
newws.name = worksheet.name
440
newws.assessable = worksheet.assessable
441
newws.published = worksheet.published
442
newws.data = worksheet.data
443
newws.format = worksheet.format
444
newws.offering = self
445
Store.of(self).add(newws)
446
ivle.worksheet.utils.update_exerciselist(newws)
400
449
class Enrolment(Storm):
401
450
"""An enrolment of a user in an offering.
428
477
return "<%s %r in %r>" % (type(self).__name__, self.user,
480
def get_permissions(self, user, config):
481
# A user can edit any enrolment that they could have created.
483
if ('enrol_' + str(self.role)) in self.offering.get_permissions(
489
"""Delete this enrolment."""
490
Store.of(self).remove(self)
433
495
class ProjectSet(Storm):
453
515
return "<%s %d in %r>" % (type(self).__name__, self.id,
456
def get_permissions(self, user):
457
return self.offering.get_permissions(user)
518
def get_permissions(self, user, config):
519
return self.offering.get_permissions(user, config)
521
def get_groups_for_user(self, user):
522
"""List all groups in this offering of which the user is a member."""
524
return Store.of(self).find(
526
ProjectGroupMembership.user_id == user.id,
527
ProjectGroupMembership.project_group_id == ProjectGroup.id,
528
ProjectGroup.project_set_id == self.id)
530
def get_submission_principal(self, user):
531
"""Get the principal on behalf of which the user can submit.
533
If this is a solo project set, the given user is returned. If
534
the user is a member of exactly one group, all the group is
535
returned. Otherwise, None is returned.
538
groups = self.get_groups_for_user(user)
539
if groups.count() == 1:
548
return self.max_students_per_group is not None
460
551
def assigned(self):
463
554
This will be a Storm ResultSet.
465
556
#If its a solo project, return everyone in offering
466
if self.max_students_per_group is None:
558
return self.project_groups
467
560
return self.offering.students
469
return self.project_groups
562
class DeadlinePassed(Exception):
563
"""An exception indicating that a project cannot be submitted because the
564
deadline has passed."""
568
return "The project deadline has passed"
471
570
class Project(Storm):
472
571
"""A student project for which submissions can be made."""
494
593
return "<%s '%s' in %r>" % (type(self).__name__, self.short_name,
495
594
self.project_set.offering)
497
def can_submit(self, principal):
596
def can_submit(self, principal, user):
498
597
return (self in principal.get_projects() and
499
self.deadline > datetime.datetime.now())
598
not self.has_deadline_passed(user))
501
600
def submit(self, principal, path, revision, who):
502
601
"""Submit a Subversion path and revision to a project.
508
607
@param who: The user who is actually making the submission.
511
if not self.can_submit(principal):
512
raise Exception('cannot submit')
610
if not self.can_submit(principal, who):
611
raise DeadlinePassed()
514
613
a = Assessed.get(Store.of(self), principal, self)
515
614
ps = ProjectSubmission()
615
# Raise SubmissionError if the path is illegal
616
ps.path = ProjectSubmission.test_and_normalise_path(path)
517
617
ps.revision = revision
518
618
ps.date_submitted = datetime.datetime.now()
524
def get_permissions(self, user):
525
return self.project_set.offering.get_permissions(user)
624
def get_permissions(self, user, config):
625
return self.project_set.offering.get_permissions(user, config)
528
628
def latest_submissions(self):
640
def has_deadline_passed(self, user):
641
"""Check whether the deadline has passed."""
642
# XXX: Need to respect extensions.
643
return self.deadline < datetime.datetime.now()
645
def get_submissions_for_principal(self, principal):
646
"""Fetch a ResultSet of all submissions by a particular principal."""
647
assessed = Assessed.get(Store.of(self), principal, self)
650
return assessed.submissions
541
654
class ProjectGroup(Storm):
542
655
"""A group of students working together on a project."""
593
706
(not active_only) or (Semester.state == u'current'))
596
def get_permissions(self, user):
709
def get_permissions(self, user, config):
597
710
if user.admin or user in self.members:
598
711
return set(['submit_project'])
635
748
project = Reference(project_id, Project.id)
637
750
extensions = ReferenceSet(id, 'ProjectExtension.assessed_id')
638
submissions = ReferenceSet(id, 'ProjectSubmission.assessed_id')
751
submissions = ReferenceSet(
752
id, 'ProjectSubmission.assessed_id', order_by='date_submitted')
640
754
def __repr__(self):
641
755
return "<%s %r in %r>" % (type(self).__name__,
650
764
def principal(self):
651
765
return self.project_group or self.user
768
def checkout_location(self):
769
"""Returns the location of the Subversion workspace for this piece of
770
assessment, relative to each group member's home directory."""
771
subjectname = self.project.project_set.offering.subject.short_name
773
checkout_dir_name = self.principal.short_name
775
checkout_dir_name = "mywork"
776
return subjectname + "/" + checkout_dir_name
654
779
def get(cls, store, principal, project):
655
780
"""Find or create an Assessed for the given user or group and project.
664
789
a = store.find(cls,
665
790
(t is User) or (cls.project_group_id == principal.id),
666
791
(t is ProjectGroup) or (cls.user_id == principal.id),
667
Project.id == project.id).one()
792
cls.project_id == project.id).one()
694
819
approver = Reference(approver_id, User.id)
695
820
notes = Unicode()
822
class SubmissionError(Exception):
823
"""Denotes a validation error during submission."""
697
826
class ProjectSubmission(Storm):
698
827
"""A submission from a user or group repository to a particular project.
715
844
submitter = Reference(submitter_id, User.id)
716
845
date_submitted = DateTime()
847
def get_verify_url(self, user):
848
"""Get the URL for verifying this submission, within the account of
850
# If this is a solo project, then self.path will be prefixed with the
851
# subject name. Remove the first path segment.
852
submitpath = self.path[1:] if self.path[:1] == '/' else self.path
853
if not self.assessed.is_group:
854
if '/' in submitpath:
855
submitpath = submitpath.split('/', 1)[1]
858
return "/files/%s/%s/%s?r=%d" % (user.login,
859
self.assessed.checkout_location, submitpath, self.revision)
862
def test_and_normalise_path(path):
863
"""Test that path is valid, and normalise it. This prevents possible
864
injections using malicious paths.
865
Returns the updated path, if successful.
866
Raises SubmissionError if invalid.
868
# Ensure the path is absolute to prevent being tacked onto working
870
# Prevent '\n' because it will break all sorts of things.
871
# Prevent '[' and ']' because they can be used to inject into the
873
# Normalise to avoid resulting in ".." path segments.
874
if not os.path.isabs(path):
875
raise SubmissionError("Path is not absolute")
876
if any(c in path for c in "\n[]"):
877
raise SubmissionError("Path must not contain '\\n', '[' or ']'")
878
return os.path.normpath(path)
719
880
# WORKSHEETS AND EXERCISES #
751
912
def __repr__(self):
752
913
return "<%s %s>" % (type(self).__name__, self.name)
754
def get_permissions(self, user):
915
def get_permissions(self, user, config):
916
return self.global_permissions(user, config)
919
def global_permissions(user, config):
920
"""Gets the set of permissions this user has over *all* exercises.
921
This is used to determine who may view the exercises list, and create
757
925
if user is not None:
761
929
elif u'lecturer' in set((e.role for e in user.active_enrolments)):
762
930
perms.add('edit')
763
931
perms.add('view')
764
elif u'tutor' in set((e.role for e in user.active_enrolments)):
932
elif (config['policy']['tutors_can_edit_worksheets']
933
and u'tutor' in set((e.role for e in user.active_enrolments))):
934
# Site-specific policy on the role of tutors
765
935
perms.add('edit')
766
936
perms.add('view')
828
999
store.find(WorksheetExercise,
829
1000
WorksheetExercise.worksheet == self).remove()
831
def get_permissions(self, user):
832
return self.offering.get_permissions(user)
1002
def get_permissions(self, user, config):
1003
offering_perms = self.offering.get_permissions(user, config)
1007
# Anybody who can view an offering can view a published
1009
if 'view' in offering_perms and self.published:
1012
# Any worksheet editors can both view and edit.
1013
if 'edit_worksheets' in offering_perms:
834
1019
def get_xml(self):
835
1020
"""Returns the xml of this worksheet, converts from rst if required."""
880
1065
return "<%s %s in %s>" % (type(self).__name__, self.exercise.name,
881
1066
self.worksheet.identifier)
883
def get_permissions(self, user):
884
return self.worksheet.get_permissions(user)
1068
def get_permissions(self, user, config):
1069
return self.worksheet.get_permissions(user, config)
887
1072
class ExerciseSave(Storm):
907
1092
def __repr__(self):
908
1093
return "<%s %s by %s at %s>" % (type(self).__name__,
909
self.exercise.name, self.user.login, self.date.strftime("%c"))
1094
self.worksheet_exercise.exercise.name, self.user.login,
1095
self.date.strftime("%c"))
911
1097
class ExerciseAttempt(ExerciseSave):
912
1098
"""An attempt at solving an exercise.
934
1120
complete = Bool()
937
def get_permissions(self, user):
1123
def get_permissions(self, user, config):
938
1124
return set(['view']) if user is self.user else set()
940
1126
class TestSuite(Storm):
960
1146
def delete(self):
961
1147
"""Delete this suite, without asking questions."""
962
for vaariable in self.variables:
1148
for variable in self.variables:
963
1149
variable.delete()
964
1150
for test_case in self.test_cases:
965
1151
test_case.delete()
added
removed
ivle/database.py
