beginning of adding wrappers for routes based on authenticated access

data-creative · Apr 2, 2024 · 139719d · 139719d
1 parent 613a86c
commit 139719d
Show file tree

Hide file tree

Showing 5 changed files with 96 additions and 6 deletions.
diff --git a/app/spreadsheet_service.py b/app/spreadsheet_service.py
@@ -67,9 +67,9 @@ def get_sheet(self, sheet_name):
 
     def get_student_courses(self, email:str) -> list:
         self.set_active_document(GOOGLE_SHEETS_MASTER_DOCUMENT_ID)
-        students_sheet = self.get_sheet("students_roster")
+        students_sheet = self.get_sheet("roster")
         all_student_course_ids = students_sheet.get_all_records()
-        student_course_ids = [course["COURSE_ID"] for course in all_student_course_ids if course["STUDENT_EMAIL"] == email]
+        student_course_ids = [course["COURSE_ID"] for course in all_student_course_ids if course["EMAIL"] == email and course["USER_TYPE"] == "student"]
 
         courses_sheet = self.get_sheet("courses")
         all_courses = courses_sheet.get_all_records()
@@ -179,11 +179,11 @@ def get_assignment_scores(self, student_email:str, course_id:str, assignment_id:
         scores_to_return = []
         if assignment_details.get('SCORE_COLUMNS') != '':
             assignment_score_cols = assignment_details.get('SCORE_COLUMNS').split(',')
-            assignment_score_col_indices = [self.excel_column_to_number(c) for c in assignment_score_cols]
+            assignment_score_col_indices = [SpreadsheetService.excel_column_to_number(c) for c in assignment_score_cols]
             assignment_score_col_headers = [list(student_assignment_row.keys())[i] for i in assignment_score_col_indices]
 
             assignment_comment_cols = assignment_details.get('COMMENT_COLUMNS').split(',')
-            assignment_comment_col_indices = [self.excel_column_to_number(c) for c in assignment_comment_cols]
+            assignment_comment_col_indices = [SpreadsheetService.excel_column_to_number(c) for c in assignment_comment_cols]
             assignment_comment_col_headers = [list(student_assignment_row.keys())[i] for i in assignment_comment_col_indices]
 
             scores_to_return = []
@@ -223,9 +223,31 @@ def get_assignment_scores(self, student_email:str, course_id:str, assignment_id:
         }
 
         return details_to_return
-        
+
 
 
+    #####################
+    #   AUTH FUNCTIONS  #
+    #####################
+
+    def check_user_type(self, email:str) -> str:
+        """
+        this security is SO BAD and needs to be improved
+        but it'll work for now...
+        """
+        self.set_active_document(GOOGLE_SHEETS_MASTER_DOCUMENT_ID)
+        students_sheet = self.get_sheet("roster")
+        all_records = students_sheet.get_all_records()
+        courses_list = [row for row in all_records if row["EMAIL"] == email]
+
+        if len(courses_list) == 0:
+            return "user"
+        elif courses_list[0].get('USER_TYPE').lower() == "student":
+            return "student"
+        elif courses_list[0].get('USER_TYPE').lower() == "teacher":
+            return "teacher"
+        else:
+            return "unknown" #TODO: need a better catch here...
 
 
 if __name__ == "__main__":

diff --git a/web_app/routes/auth_routes.py b/web_app/routes/auth_routes.py
@@ -67,6 +67,8 @@ def google_oauth_callback():
         #    "locale": user_info["locale"],
         #})
 
+        session["user_type"] = get_user_type(user_info["email"])
+
     else:
         print("NO USER INFO")
     return redirect("/")
@@ -77,6 +79,10 @@ def logout():
     session.pop("current_user", None) # remove user info from the session
     return redirect("/")
 
+
+def get_user_type(email:str) -> str:
+    ss = current_app.config["SPREADSHEET_SERVICE"]
+    return ss.check_user_type(email=email)
 #
 # EMAIL / PASSWORD AUTH (NOT IMPLEMENTED)
 #

diff --git a/web_app/routes/courses_routes.py b/web_app/routes/courses_routes.py
@@ -2,7 +2,7 @@
 
 courses_routes = Blueprint("courses_routes", __name__)
 
-from web_app.routes.wrappers import authenticated_route
+from web_app.routes.wrappers import authenticated_route, student_route, teacher_route
 
 @courses_routes.route("/courses/<course_id>")
 @authenticated_route
@@ -15,8 +15,10 @@ def course(course_id):
     assignments_list = ss.get_course_assignments("[email protected]", course_id)
     return render_template("assignments.html", assignments=assignments_list, course_id=course_id)
 
+
 @courses_routes.route("/courses/<course_id>/assignments/<assignment_id>")
 @authenticated_route
+@student_route
 def assignment(course_id, assignment_id):
     print(f"COURSE {course_id}: ASSIGNMENT {assignment_id}")
     ss = current_app.config["SPREADSHEET_SERVICE"]

diff --git a/web_app/routes/wrappers.py b/web_app/routes/wrappers.py
@@ -22,3 +22,29 @@ def wrapped_view(**kwargs):
             flash("Unauthenticated. Please login!", "warning")
             return redirect("/login")
     return wrapped_view
+
+def student_route(view):
+    @functools.wraps(view)
+    def wrapped_view(**kwargs):
+        if session.get("user_type") == "student": #this security is so weak haha
+            #print("CURRENT USER:", session["current_user"])
+            return view(**kwargs)
+        else:
+            print("UNAUTHENTICATED...")
+            flash("Unauthenticated!", "warning")
+            return redirect("/")
+
+    return wrapped_view
+
+def teacher_route(view):
+    @functools.wraps(view)
+    def wrapped_view(**kwargs):
+        if session.get("user_type") == "teacher": #this security is so weak haha
+            #print("CURRENT USER:", session["current_user"])
+            return view(**kwargs)
+        else:
+            print("UNAUTHENTICATED...")
+            flash("Unauthenticated!", "warning")
+            return redirect("/")
+
+    return wrapped_view
diff --git a/web_app/templates/user_profile.html b/web_app/templates/user_profile.html
@@ -0,0 +1,34 @@
+{% extends "bootstrap_5_layout.html" %}
+{% set active_page = "user_profile" %}
+
+{% block content %}
+
+    <div class="container" style="max-width: 350px;">
+
+        <h1>User Profile</h1>
+        <div class="card card-body bg-light mt-3">
+
+                <div class="mb-3">
+                    <label for="email-input" class="form-label">Email:</label>
+                    <input disabled type="text" name="email" id="email-input" class="form-control" value="{{ user.email }}" title="Email cannot be changed" style="cursor: not-allowed;">
+                </div>
+
+                <div class="mb-3">
+                    <label for="first-name-input" class="form-label">First Name:</label>
+                    <input disabled type="text" name="first_name" id="first-name-input" class="form-control" value="{{ user.given_name }}" >
+                </div>
+
+                <div class="mb-3">
+                    <label for="last-name-input" class="form-label">Last Name:</label>
+                    <input disabled type="text" name="last_name" id="last-name-input" class="form-control" value="{{ user.family_name }}">
+                </div>
+
+        </div>
+
+        <div class="card card-body mt-3">
+            <p class="mt-0 mb-0">
+                <a href="/logout">Logout</a>
+            </p>
+        </div>
+
+{% endblock %}