Changeset 4033


Ignore:
Timestamp:
30 Mar 2009, 21:14:56 (16 years ago)
Author:
Henrik Bettermann
Message:

improve security level for lecturers

Location:
WAeUP_SRP/trunk/skins
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/trunk/skins/waeup_ois/getLecturerCourseResults.py

    r3818 r4033  
    4040    row['session_id'] =  r['session_id']
    4141    row['level_id'] =  level_id = r['level_id']
     42    row['level_string'] = context.portal_vocabularies.student_levels.get(r['level_id'])
     43    row['session_string'] = context.portal_vocabularies.sessions.get(r['session_id'])
    4244    #row['score'] =  r['score']
    4345    row['student_id'] = student_id = r['student_id']
  • WAeUP_SRP/trunk/skins/waeup_ois/lecturer_students_list.pt

    r3818 r4033  
    1717                  </td>                           
    1818                  <td><span tal:replace="student/student_record/matric_no" /></td>   
    19                   <td><span tal:replace="student/student_record/session" /></td>
    20                   <td><span tal:replace="student/student_record/level" /></td>
    2119                  <td><span tal:replace="student/student_record/review_state" /></td>
    22                   <td><span tal:replace="student/session_id" /></td>
    23                   <td><span tal:replace="student/level_id" /></td>
     20                  <td><span tal:replace="student/session_string" /></td>
     21                  <td><span tal:replace="student/level_string" /></td>
    2422                 
    2523                  <td tal:condition="student/editable">
    2624                    <a href="edit" tal:attributes="href string:${student/url}/lecturer_course_edit/${info/course_id}"
    2725                    target="edit_course_result"
    28                     onclick="javascript:window.open('','edit_course_result','width=600, height=350, directories=no, toolbar=no, location=no, menubar=no, scrollbars=yes, status=no, resizable=no, dependent=no')">
     26                    onclick="javascript:window.open('','edit_course_result','width=600, height=500, directories=no, toolbar=no, location=no, menubar=no, scrollbars=yes, status=no, resizable=no, dependent=no')">
    2927                    [edit]
    3028                    </a>
  • WAeUP_SRP/trunk/skins/waeup_student/getFormattedStudentEntry.py

    r4001 r4033  
    3030    students_object = context.portal_url.getPortalObject().campus.students
    3131    student = getattr(students_object, brain.id)
    32     app_obj = student.application.getContent()
    33     d['email'] = getattr(app_obj, 'app_email', '')
    34            
     32    try:
     33        app_obj = student.application.getContent()
     34        d['email'] = getattr(app_obj, 'app_email', '')
     35    except:
     36        d['email'] = 'not accessible'
    3537return d           
  • WAeUP_SRP/trunk/skins/waeup_student/lecturer_course_edit.py

    r3820 r4033  
    3232requested_id = context.getStudentId()
    3333if not 'Lecturers' in groups and not context.isSectionOfficer():
    34     logger.info('%s tried to access course result of %s but is not a lecturer' % (member_id,requested_id))
     34    logger.info('%s tried to access course result record of %s but is not a lecturer' % (member_id,requested_id))
    3535    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
    3636
    3737student_id = requested_id
     38student_record = context.students_catalog.getRecordByKey(student_id)
     39if student_record.review_state != 'courses_validated':
     40    logger.info('%s tried to access non-validated course result record of %s' % (member_id,requested_id))
     41    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
     42
    3843
    3944level_id = context.getId()
     
    5156#set_trace()
    5257if str(lecturer_id) != member_id and not context.isSectionOfficer():
    53     logger.info('%s tried to access course result %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
     58    logger.info('%s tried to access course result record %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
    5459    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
    5560
Note: See TracChangeset for help on using the changeset viewer.