source: WAeUP_SRP/base/skins/waeup_student/search_students.py @ 2531

Last change on this file since 2531 was 2431, checked in by Henrik Bettermann, 17 years ago

close security holes

File size: 9.6 KB
Line 
1## Script (Python) "search_students"
2##bind container=container
3##bind context=context
4##bind namespace=
5##bind script=script
6##bind subpath=traverse_subpath
7##parameters=REQUEST
8##title=
9##
10# $Id: search_students.py 911 2006-11-20 15:11:29Z henrik $
11"""
12list Students for ClearanceOfficers
13"""
14import logging
15logger = logging.getLogger('Skins.search_students')
16#from DateTime import DateTime
17#
18#with_timer = True
19#with_timer = False
20#
21request = REQUEST
22form = request.form
23fget = form.get
24mtool = context.portal_membership
25member = mtool.getAuthenticatedMember()
26is_anon = mtool.isAnonymousUser()
27lt = context.portal_layouts
28path_info = request.get('PATH_INFO').split('/')
29
30allowed = True
31if is_anon or context.isStudent():
32    allowed = False
33from Products.AdvancedQuery import Eq, Between, Le,In
34try:
35    aq_portal = context.portal_catalog.evalAdvancedQuery
36except:
37    aq_portal = context.portal_catalog_real.evalAdvancedQuery
38aq_students = context.students_catalog.evalAdvancedQuery
39
40def cmp_id(a,b):
41    if a.getId() > b.getId():
42        return 1
43    return -1
44
45student_subobjects = ("StudentApplication",
46                      "StudentPersonal",
47                      "StudentStudyCourse",
48                      "StudentAccommodation",
49                      "StudentStudyLevel",)
50
51#student_objects = student_subobjects + ("Student",)
52student_objects = ("Student",)
53
54user_info = {}
55items = []
56validate = request.has_key("cpsdocument_edit_button")
57
58state = "all"
59user_info['member'] = str(member)
60user_info['departments'] = []
61user_info['faculties'] = []
62co_view = False
63ca_view = False
64faculties =  fget('faculties')
65departments = fget('departments')
66certificate_levels = fget('certificate_levels')
67dep_str = fac_str = certificate_levels_str = ''
68
69if "ClearanceOfficers" in member.getGroups():
70    state = "clearance_requested"
71    only_review = False
72    co_view = True
73    if faculties or departments:
74        #from Products.zdb import set_trace;set_trace()
75        if faculties:
76            fac_str = faculties
77            faculties = faculties.split()
78        if departments:
79            dep_str = departments
80            departments = departments.split()
81    else:
82        query = In('portal_type',('Faculty',)) &\
83                 In('localUsersWithRoles', ("user:%s" % member,))
84        res = aq_portal(query)
85        logger.info('ClearanceOfficer %s initiated student_search' % member)
86        faculties = []
87        if res:
88            faculties = [f.getId for f in res]
89        user_info['faculties'] = faculties
90        fac_str = " ".join(faculties)
91        query = In('portal_type',('Department',)) &\
92                 In('localUsersWithRoles', ("user:%s" % member,))
93        res = aq_portal(query)
94        departments = []
95        if res:
96            departments = [f.getId for f in res]
97        user_info['departments'] = departments
98        dep_str = " ".join(departments)
99elif "CourseAdvisers" in member.getGroups():
100    state = "courses_registered"
101    only_review = False
102    ca_view = True
103    if certificate_levels:
104        #from Products.zdb import set_trace;set_trace()
105        certificate_levels_str = certificate_levels
106        certificate_levels = certificate_levels.split()
107    else:
108        query = In('portal_type',('StudyLevel',)) &\
109                 In('localUsersWithRoles', ("user:%s" % member,))
110        res = aq_portal(query)
111
112        logger.info('CourseAdviser %s initiated student_search' % member)
113        certificate_levels = []
114        if res:
115            certificate_levels = ['/'.join(f.getPath().split('/')[-2:]) for f in res]
116        user_info['certificate_levels'] = certificate_levels
117        certificate_levels_str = " ".join(certificate_levels)
118
119default = {'search_mode': 'student_id',
120        'review_state': state,
121        'search_string': ''
122        }
123rend,psm,ds = lt.renderLayout(layout_id= 'student_search',
124                      schema_id= 'student_search',
125                      context=context,
126                      mapping=validate and REQUEST,
127                      ob=default,
128                      layout_mode='edit',
129                      formaction="search_students",
130                      faculties = fac_str,
131                      departments = dep_str,
132                      certificate_levels = certificate_levels_str,
133                      commit = False,
134                      )
135if psm == '':
136    return context.search_students_form(rendered = rend,
137                             psm = psm,
138                             #psm = "%s, %s" % (psm,ds),
139                             info = user_info,
140                             students = [],
141                             allowed = allowed,
142                             )
143what = ds.get('search_mode')
144state = ds.get('review_state')
145st = term = ds.get('search_string')
146err = False
147with_review = state != "all"
148only_review = with_review and not term
149bools = "with_review = %s<br\> only_review = %s<br\>" % (with_review,only_review)
150if not term and not with_review:
151    psm = "You must specify a search string when searching 'all states'!"
152    err = True
153elif '*' in term:
154    psm = "Wildcards are not supported!"
155    err = True
156if err:
157    return context.search_students_form(rendered = rend,
158                             psm = psm,
159                             #psm = "%s, %s" % (psm,ds),
160                             info = user_info,
161                             students = items,
162                             allowed = allowed,
163                             )
164#st_queries = ('jamb_reg_no','matric_no','name')
165review_res = None
166query = None
167items = []
168res = []
169review_set = []
170search_set = []
171if len(term) > 0:
172    if what == "student_id":
173        students_folder = context.portal_url.getPortalObject().campus.students
174        if hasattr(students_folder,term.strip()):
175            logger.info('%s searches for student with id %s' % (member,term))
176            request.RESPONSE.redirect("%s/%s" % (students_folder.absolute_url(),term))
177        return context.search_students_form(rendered = rend,
178                             psm = "No student found!",
179                             students = [],
180                             allowed = allowed,
181                             )
182    elif what == "department":
183        res = context.students_catalog(department=term.strip())
184        logger.info('%s searches for student in department %s' % (member,term))
185        search_set = [r.id for r in res]
186    elif what == "matric_no":
187        res = context.students_catalog(matric_no=term.strip())
188        logger.info('%s searches for student with matric_no %s' % (member,term))
189        search_set = [r.id for r in res]
190    elif what == "jamb_reg_no":
191        st_l = "%s" % term.strip().lower()
192        st_u = "%s" % term.strip().upper()
193        res = aq_students(In('jamb_reg_no',(st_l,st_u)))
194        logger.info('%s searches for student with jamb_reg_no %s' % (member,term))
195        search_set = [r.id for r in res]
196    elif what == "name":
197        if len(term) < 4:
198            return context.search_students_form(rendered = rend,
199                                                psm = "Name too short!",
200                                                students = [],
201                                                allowed = allowed,
202                                               )
203        pt = ('StudentPersonal')
204        query = In('portal_type',pt) & Eq('SearchableText',"%s*" % term.strip())
205        logger.info('%s searches for student with name %s' % (member,term))
206        res = aq_portal(query)
207        if res:
208            for r in res:
209                pl = r.getPath().split('/')
210                search_set.append(pl[pl.index('students') + 1])
211
212if only_review or with_review or co_view:
213    #query = Eq('review_state',state)
214    #review_res = aq_portal(query)
215    #review_res = context.portal_catalog(review_state = state)
216
217    query = Eq('review_state',state)
218    review_res = aq_students(query)
219    logger.info('%s searches for students in review_state %s' % (member,state))
220
221if co_view:
222    only_review = False
223    with_review = True
224    query = In('faculty',faculties) | In('department',departments)
225    res = aq_students(query)
226    search_set = [r.id for r in res]
227elif ca_view:
228    only_review = False
229    with_review = True
230    courses = [cl.split('/')[0] for cl in certificate_levels]
231    levels = [cl.split('/')[1] for cl in certificate_levels]
232    query = In('course',courses) & In('level',levels)
233    res = aq_students(query)
234    search_set = [r.id for r in res]
235if review_res:
236    review_set = [r.id for r in review_res]
237
238#from Products.zdb import set_trace;set_trace()
239
240if only_review:
241    all = review_set
242elif with_review:
243    all = []
244    for i in search_set:
245        if i in review_set:
246            all.append(i)
247else:
248    all = search_set
249
250items = all[:500]
251students = []
252if items:
253    for item in items:
254        stcat = context.students_catalog
255        record = stcat(id = item)
256        if record:
257            record = record[0]
258        else:
259            return item+' not found in students_catalog'
260        info = {}
261        for field in stcat.schema() + stcat.indexes():
262            info[field] = getattr(record, field)
263        else:
264            students.append(info)
265    return context.search_students_form(rendered = rend,
266                             psm = "",
267                             info = user_info,
268                             students = students,
269                             allowed = allowed,
270                             co_view = co_view,
271                             ca_view = ca_view
272                             )
273return context.search_students_form(rendered = rend,
274                             psm = "No student found!",
275                             info = user_info,
276                             students = students,
277                             allowed = allowed,
278                             )
279
280
Note: See TracBrowser for help on using the repository browser.