Changeset 2539 for WAeUP_SRP/base/skins/waeup_student

Timestamp:

5 Nov 2007, 18:07:42 (17 years ago)

Author:

joachim

Message:

disallow calling from the url, commented out code removed (in custom)

File:

• WAeUP_SRP/base/skins/waeup_student/create_level.py (modified) (8 diffs)

WAeUP_SRP/base/skins/waeup_student/create_level.py

@@ -18 +18 @@
     aq_portal = context.portal_catalog_real.evalAdvancedQuery
 aq_courses = context.courses_catalog.evalAdvancedQuery
+aq_results = context.course_results.evalAdvancedQuery
 
 current = DateTime.DateTime()
 request = context.REQUEST
-#session = request.SESSION
 response = request.RESPONSE
 redirect = response.redirect
@@ -28 +28 @@
 member = mtool.getAuthenticatedMember()
 member_id = str(member)
+requested_id = context.getStudentId()
+#set_trace()
+create_level =  request.form.get('create_level',None)
+if not create_level or not requested_id or\
+   (not context.isStaff() and member_id != requested_id):
+    logger.info('%s tried to access %s' % (member_id,requested_id))
+    return redirect("%s/srp_anonymous_view" % context.portal_url())
+student_id = context.getStudentId()
+
 lt = context.portal_layouts
 wt = context.waeup_tool
-student = context.students_catalog(id=context.getStudentId())[0]
+student = context.students_catalog(id=student_id)[0]
 cert_id = student.course
 current_level = student.level
 current_session = student.session
 in_progress =  request.get('in_progress','not started')
-#level_created =  request.get('level_created','xxx')
-create_level =  request.get('create_level',None)
+if aq_results(Eq('student_id',student_id) & Eq('level_id',current_level)):
+    logger.info('%s tried to create already existing level %s' % (student.id,current_level))
+    return 
 
-##if context.hasObject(current_level) and create_level:
-##    if getattr(context,current_level).objectIds():
-##        logger.info('%s tried to add already existing level %s' % (student.id,current_level))
-##    return
 logger.info('%s started to create level %s' % (student.id,current_level))
-
-##if in_progress in ('not started','started'):
-##    session.set('in_progress','started')
-##    view = context.in_progress_view(refresh=20,page='create_level?in_progress=started')
-##    response.setHeader('Content-type','text/html; charset=ISO-8859-15')
-##    response.setHeader('Content-length','%d' % (len(view)))
-##    response.setStatus('OK')
-##    response.write(view)
-##    response.write('')
-##    if in_progress == 'started':
-##        return
 
 if context.hasObject(current_level):
@@ -61 +56 @@
     level = getattr(context,"%s" % current_level)
     context.portal_workflow.doActionFor(level,'open')
-    #study_session = context.getSessionString()
     level.getContent().edit(mapping={'session': current_session})
     context.portal_workflow.doActionFor(level,'close_for_edit')
-    #context.waeup_tool.doCommit()
 level_id = level.getId()
-student_id = context.getStudentId()
 session_id = context.getLevelSession(level.getContent(),student_id,level_id)
 results = []
@@ -108 +100 @@
         d = context.getCourseInfo(co.CosCode)
         d['course_id'] = course_id
-        #d['grade'] = co.GRADE
         d['carry_over'] = carry_over
-        # course_id = level.invokeFactory('StudentCourseResult',"%s_co" % course_id)
-        # course_result = getattr(level,course_id)
-        # context.portal_workflow.doActionFor(course_result,'open')
-        # course_result.getContent().edit(mapping=d)
-        # context.waeup_tool.doCommit()
         d['code'] = course_id
         d['student_id'] = student_id
@@ -121 +107 @@
         records.append(d)
 
-#level['create_course_results'](cert_id,current_level)
 res = context.portal_catalog(portal_type="Certificate", id = cert_id)
 if res:
@@ -136 +121 @@
         l += course_id,
         d = context.getCourseInfo(c.getId)
-        # course_id = level.invokeFactory('StudentCourseResult',c.getId)
-        # course_result = getattr(level,course_id)
-        # context.portal_workflow.doActionFor(course_result,'open')
-        # d['core_or_elective'] = True
-        # course_result.getContent().edit(mapping=d)
-        # context.waeup_tool.doCommit()
         d['carry_over'] = False
         d['core_or_elective'] = getattr(c.getObject().getContent(),'core_or_elective')
@@ -148 +127 @@
         d['level_id'] = level_id
         d['session_id'] = session_id
-        #context.course_results.addRecord(**d)
         records.append(d)
 if records:
@@ -154 +132 @@
 logger.info('%s finished to create level %s' % (student.id,current_level))
 
-#if current_session == '05':
-#    next_session = '06'
-#    next_level = "%s" % (int(current_level) + 100)
-#    study_course = getattr(student,'study_course')
-#    context.portal_workflow.doActionFor(study_course,'open')
-#    study_course_doc = study_course.getContent()
-#    study_course_doc.edit(mapping= {'current_level': next_level,
-#                                    'current_session': next_session,})
-#    context.portal_workflow.doActionFor(study_course,'close_for_edit')
-
 return response.redirect("%s/%s" % (context.absolute_url(),current_level))