source: WAeUP_SRP/trunk/skins/waeup_student/lecturer_course_edit.py @ 3816

Last change on this file since 3816 was 3786, checked in by Henrik Bettermann, 16 years ago

more beds for futminna

moree security for course_result_list
File size: 3.0 KB
RevLine 
[3611]1## Script (Python) "lecturer_course_edit"
2##bind container=container
3##bind context=context
4##bind namespace=
5##bind script=script
6##bind subpath=traverse_subpath
7##parameters=REQUEST, cpsdocument_edit_button=None, cpsdocument_edit_and_view_button=None, action=None
8##title=
9# $Id: course_edit.py 1071 2006-12-16 15:53:13Z joachim $
10"""
[3617]11This method is for demonstration purposes only.
[3611]12There is noi security to deter lecturers from editing courses they are not allowed to edit.
13"""
14try:
15    from Products.zdb import set_trace
16except:
17    def set_trace():
18        pass
19from urllib import urlencode
20from Products.CPSDocument.utils import getFormUidUrlArg
21from Products.AdvancedQuery import Eq, Between, Le,In
22import DateTime
23current = DateTime.DateTime()
24import logging
[3617]25logger = logging.getLogger('Skins.lecturer_course_edit')
[3611]26wf = context.portal_workflow
27request = REQUEST
28edit = "edit" in request.form.keys()
29mtool = context.portal_membership
30member = mtool.getAuthenticatedMember()
31groups = member.getGroups()
32
33member_id = str(member)
34requested_id = context.getStudentId()
[3752]35if not 'Lecturers' in groups and not context.isSectionOfficer():
[3611]36    logger.info('%s tried to access course result of %s' % (member_id,requested_id))
37    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
38
39student_id = requested_id
40
41level_id = context.getId()
42course_id = traverse_subpath[0]
43query = Eq('student_id',student_id) &\
44        Eq('level_id', level_id) &\
45        Eq('code', course_id)
46
47course_results = context.course_results.evalAdvancedQuery(query)
48mode = 'edit'
49object = {}
50course = course_results[0]
51for field in context.course_results.schema():
[3707]52    object[field] = getattr(course,field,None)
53    if repr(object[field]) == 'Missing.Value':
54        object[field] = None
55#set_trace()     
[3611]56lt = context.portal_layouts
57res,psm, ds = lt.renderLayout(schema_id = 'student_course_result',
58                               layout_id = 'student_course_result',
59                               layout_mode = mode,
60                               context=context,
61                               mapping=edit and REQUEST,
62                               ob=object,
63                               commit = False)
64
65while True:
66    if psm == 'invalid':
67        psm = "Please correct your input"
68        break
69    elif psm == '':
70        break
71    if edit:
72        data = {}
73        dm = ds.getDataModel()
74        for field in context.course_results.schema():
75            if dm.has_key("%s" % field):
76                data[field] = dm.get(field)
77        data['key'] = object['key']
78        context.course_results.modifyRecord(**data)
[3786]79        logger.info('%s edited course result %s of %s' % (member_id,course_id,student_id))
[3611]80        psm = 'psm_content_changed'
81        break
[3617]82return context.lecturer_course_edit_form(rendered = res,
[3611]83                                psm = psm,
84                                mode = mode,
85                                ds = ds,
86                               )
Note: See TracBrowser for help on using the repository browser.