source: WAeUP_SRP/base/skins/waeup_student/search_students.py @ 2560

Last change on this file since 2560 was 2431, checked in by Henrik Bettermann, 17 years ago

close security holes

File size: 9.6 KB
RevLine 
[920]1## Script (Python) "search_students"
2##bind container=container
3##bind context=context
4##bind namespace=
5##bind script=script
6##bind subpath=traverse_subpath
7##parameters=REQUEST
8##title=
9##
10# $Id: search_students.py 911 2006-11-20 15:11:29Z henrik $
11"""
12list Students for ClearanceOfficers
13"""
[1278]14import logging
[1571]15logger = logging.getLogger('Skins.search_students')
[2249]16#from DateTime import DateTime
[1278]17#
18#with_timer = True
[2249]19#with_timer = False
[1278]20#
[920]21request = REQUEST
[1033]22form = request.form
23fget = form.get
[920]24mtool = context.portal_membership
25member = mtool.getAuthenticatedMember()
[1096]26is_anon = mtool.isAnonymousUser()
[1065]27lt = context.portal_layouts
28path_info = request.get('PATH_INFO').split('/')
[1096]29
30allowed = True
[2431]31if is_anon or context.isStudent():
[1096]32    allowed = False
[1845]33from Products.AdvancedQuery import Eq, Between, Le,In
[920]34try:
[1845]35    aq_portal = context.portal_catalog.evalAdvancedQuery
[920]36except:
[1845]37    aq_portal = context.portal_catalog_real.evalAdvancedQuery
38aq_students = context.students_catalog.evalAdvancedQuery
[920]39
40def cmp_id(a,b):
41    if a.getId() > b.getId():
42        return 1
43    return -1
44
45student_subobjects = ("StudentApplication",
46                      "StudentPersonal",
47                      "StudentStudyCourse",
48                      "StudentAccommodation",
49                      "StudentStudyLevel",)
50
[1065]51#student_objects = student_subobjects + ("Student",)
52student_objects = ("Student",)
[920]53
[1065]54user_info = {}
[920]55items = []
56validate = request.has_key("cpsdocument_edit_button")
[1006]57
58state = "all"
[1065]59user_info['member'] = str(member)
60user_info['departments'] = []
61user_info['faculties'] = []
62co_view = False
[1557]63ca_view = False
[1278]64faculties =  fget('faculties')
65departments = fget('departments')
[2253]66certificate_levels = fget('certificate_levels')
67dep_str = fac_str = certificate_levels_str = ''
[2250]68
[1006]69if "ClearanceOfficers" in member.getGroups():
70    state = "clearance_requested"
[1065]71    only_review = False
72    co_view = True
[1278]73    if faculties or departments:
74        #from Products.zdb import set_trace;set_trace()
75        if faculties:
76            fac_str = faculties
77            faculties = faculties.split()
78        if departments:
79            dep_str = departments
80            departments = departments.split()
81    else:
82        query = In('portal_type',('Faculty',)) &\
83                 In('localUsersWithRoles', ("user:%s" % member,))
[1845]84        res = aq_portal(query)
[1571]85        logger.info('ClearanceOfficer %s initiated student_search' % member)
[1278]86        faculties = []
87        if res:
88            faculties = [f.getId for f in res]
89        user_info['faculties'] = faculties
90        fac_str = " ".join(faculties)
91        query = In('portal_type',('Department',)) &\
92                 In('localUsersWithRoles', ("user:%s" % member,))
[1845]93        res = aq_portal(query)
[1278]94        departments = []
95        if res:
96            departments = [f.getId for f in res]
97        user_info['departments'] = departments
98        dep_str = " ".join(departments)
[1557]99elif "CourseAdvisers" in member.getGroups():
100    state = "courses_registered"
101    only_review = False
102    ca_view = True
[2253]103    if certificate_levels:
[1557]104        #from Products.zdb import set_trace;set_trace()
[2253]105        certificate_levels_str = certificate_levels
106        certificate_levels = certificate_levels.split()
[1557]107    else:
108        query = In('portal_type',('StudyLevel',)) &\
109                 In('localUsersWithRoles', ("user:%s" % member,))
[1845]110        res = aq_portal(query)
[2253]111
[1571]112        logger.info('CourseAdviser %s initiated student_search' % member)
[2253]113        certificate_levels = []
[1557]114        if res:
[2253]115            certificate_levels = ['/'.join(f.getPath().split('/')[-2:]) for f in res]
116        user_info['certificate_levels'] = certificate_levels
117        certificate_levels_str = " ".join(certificate_levels)
118
[1071]119default = {'search_mode': 'student_id',
[1006]120        'review_state': state,
[920]121        'search_string': ''
122        }
123rend,psm,ds = lt.renderLayout(layout_id= 'student_search',
124                      schema_id= 'student_search',
125                      context=context,
[1192]126                      mapping=validate and REQUEST,
[920]127                      ob=default,
128                      layout_mode='edit',
[971]129                      formaction="search_students",
[1278]130                      faculties = fac_str,
131                      departments = dep_str,
[2253]132                      certificate_levels = certificate_levels_str,
[971]133                      commit = False,
[920]134                      )
135if psm == '':
136    return context.search_students_form(rendered = rend,
137                             psm = psm,
138                             #psm = "%s, %s" % (psm,ds),
[1065]139                             info = user_info,
[971]140                             students = [],
[1096]141                             allowed = allowed,
[920]142                             )
143what = ds.get('search_mode')
144state = ds.get('review_state')
145st = term = ds.get('search_string')
146err = False
147with_review = state != "all"
148only_review = with_review and not term
149bools = "with_review = %s<br\> only_review = %s<br\>" % (with_review,only_review)
150if not term and not with_review:
151    psm = "You must specify a search string when searching 'all states'!"
152    err = True
153elif '*' in term:
154    psm = "Wildcards are not supported!"
155    err = True
156if err:
157    return context.search_students_form(rendered = rend,
158                             psm = psm,
159                             #psm = "%s, %s" % (psm,ds),
[1065]160                             info = user_info,
[920]161                             students = items,
[1096]162                             allowed = allowed,
[920]163                             )
[1479]164#st_queries = ('jamb_reg_no','matric_no','name')
[920]165review_res = None
166query = None
[1071]167items = []
168res = []
[1034]169review_set = []
[1043]170search_set = []
[920]171if len(term) > 0:
172    if what == "student_id":
[1065]173        students_folder = context.portal_url.getPortalObject().campus.students
[1033]174        if hasattr(students_folder,term.strip()):
[1571]175            logger.info('%s searches for student with id %s' % (member,term))
[1033]176            request.RESPONSE.redirect("%s/%s" % (students_folder.absolute_url(),term))
177        return context.search_students_form(rendered = rend,
178                             psm = "No student found!",
179                             students = [],
[1096]180                             allowed = allowed,
[1033]181                             )
[1034]182    elif what == "department":
183        res = context.students_catalog(department=term.strip())
[1571]184        logger.info('%s searches for student in department %s' % (member,term))
[1034]185        search_set = [r.id for r in res]
[1278]186    elif what == "matric_no":
187        res = context.students_catalog(matric_no=term.strip())
[1571]188        logger.info('%s searches for student with matric_no %s' % (member,term))
[1278]189        search_set = [r.id for r in res]
[1479]190    elif what == "jamb_reg_no":
[1500]191        st_l = "%s" % term.strip().lower()
192        st_u = "%s" % term.strip().upper()
193        res = aq_students(In('jamb_reg_no',(st_l,st_u)))
[1571]194        logger.info('%s searches for student with jamb_reg_no %s' % (member,term))
[1479]195        search_set = [r.id for r in res]
196    elif what == "name":
[2278]197        if len(term) < 4:
198            return context.search_students_form(rendered = rend,
[2280]199                                                psm = "Name too short!",
[2278]200                                                students = [],
201                                                allowed = allowed,
202                                               )
[1479]203        pt = ('StudentPersonal')
[920]204        query = In('portal_type',pt) & Eq('SearchableText',"%s*" % term.strip())
[1571]205        logger.info('%s searches for student with name %s' % (member,term))
[1845]206        res = aq_portal(query)
[1033]207        if res:
208            for r in res:
209                pl = r.getPath().split('/')
210                search_set.append(pl[pl.index('students') + 1])
[1479]211
[2250]212if only_review or with_review or co_view:
213    #query = Eq('review_state',state)
214    #review_res = aq_portal(query)
215    #review_res = context.portal_catalog(review_state = state)
[1479]216
[1278]217    query = Eq('review_state',state)
[2250]218    review_res = aq_students(query)
[1571]219    logger.info('%s searches for students in review_state %s' % (member,state))
[2253]220
[1278]221if co_view:
[1065]222    only_review = False
[1278]223    with_review = True
[1096]224    query = In('faculty',faculties) | In('department',departments)
[1065]225    res = aq_students(query)
226    search_set = [r.id for r in res]
[1557]227elif ca_view:
228    only_review = False
229    with_review = True
[2253]230    courses = [cl.split('/')[0] for cl in certificate_levels]
231    levels = [cl.split('/')[1] for cl in certificate_levels]
[1557]232    query = In('course',courses) & In('level',levels)
233    res = aq_students(query)
234    search_set = [r.id for r in res]
[1034]235if review_res:
[2250]236    review_set = [r.id for r in review_res]
237
[2253]238#from Products.zdb import set_trace;set_trace()
[2250]239
[1073]240if only_review:
241    all = review_set
242elif with_review:
243    all = []
244    for i in search_set:
245        if i in review_set:
246            all.append(i)
247else:
248    all = search_set
[2253]249
[1065]250items = all[:500]
[920]251students = []
252if items:
253    for item in items:
[1006]254        stcat = context.students_catalog
[1446]255        record = stcat(id = item)
256        if record:
257            record = record[0]
258        else:
259            return item+' not found in students_catalog'
[971]260        info = {}
[1006]261        for field in stcat.schema() + stcat.indexes():
262            info[field] = getattr(record, field)
[920]263        else:
[1011]264            students.append(info)
[920]265    return context.search_students_form(rendered = rend,
266                             psm = "",
[1065]267                             info = user_info,
[920]268                             students = students,
[1096]269                             allowed = allowed,
[920]270                             co_view = co_view,
[1582]271                             ca_view = ca_view
[920]272                             )
273return context.search_students_form(rendered = rend,
274                             psm = "No student found!",
[1065]275                             info = user_info,
[920]276                             students = students,
[1096]277                             allowed = allowed,
[920]278                             )
279
280
Note: See TracBrowser for help on using the repository browser.