Merge branch 'master' of git.fsmpi.rwth-aachen.de:videoagwebsite/videoagwebsite

db.py

@@ -103,7 +103,7 @@ def searchquery(text, columns, match, tables, suffix, *suffixparams):
 	if subexprs == []:
 		return []
 	expr = 'SELECT *,SUM(_prio) AS _score FROM (%s) AS _tmp %s'%(' UNION '.join(subexprs), suffix)
-	return query(expr, *params, *suffixparams)
+	return query(expr, *(list(params)+list(suffixparams)))
 
 LDAP_USERRE = re.compile(r'[^a-z0-9]')
 if 'LDAP_HOST' in config:

l2pauth.py

@@ -43,6 +43,5 @@ def finish_oauth():
 		session['l2p_courses'] = []
 		for course in l2pget('viewAllCourseInfo', token['access_token'])['dataSet']:
 			session['l2p_courses'].append(course['uniqueid'])
-		flash('Folgende Kurse wurden freigegeben: '+', '.join(session['l2p_courses']))
 	del session['oauthscope']
 	oauthget('token', refresh_token=token['refresh_token'], grant_type='invalidate')

server.py

@@ -31,7 +31,7 @@ def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
 	def wrapper(func):
 		def sched_wrapper():
 			with app.test_request_context():
-				func(*args, *kargs)
+				func(*args, **kargs)
 			scheduler.enter(delay, priority, sched_wrapper)
 		scheduler.enter(firstdelay, priority, sched_wrapper)
 		return func
@@ -69,6 +69,72 @@ def mod_required(func):
 			return func(*args, **kwargs)
 	return decorator
 
+def evalauth(auths):
+	cauths = []
+	lauths = []
+	vauths = []
+	for auth in auths:
+		if auth['course_id']:
+			cauths.append(auth)
+		elif auth['lecture_id']:
+			lauths.append(auth)
+		elif auth['video_id']:
+			vauths.append(auth)
+	if vauths:
+		return vauths
+	elif lauths:
+	 	return lauths
+	elif cauths:
+		return cauths
+	return [{'auth_type': 'public'}]
+
+@app.template_filter()
+def checkauth(auths, username=None, password=None):
+	auths = evalauth(auths)
+	for auth in auths:
+		if auth['auth_type'] == 'public':
+			return True
+		elif auth['auth_type'] == 'password':
+			if auth['auth_user'] == username and auth['auth_password'] == password:
+				return True
+		elif auth['auth_type'] == 'l2p':
+			if auth['auth_param'] in session.get('l2p_courses', []):
+				return True
+		elif auth['auth_type'] == 'rwth':
+			if session.get('rwthintern', False):
+				return True
+	return False
+
+@app.template_filter()
+def authdescr(auths):
+	auths = evalauth(auths)
+	public = False
+	password = False
+	l2p_courses = []
+	rwth_intern = False
+	for auth in auths:
+		if auth['auth_type'] == 'public':
+			public = True
+		elif auth['auth_type'] == 'password':
+			password = True
+		elif auth['auth_type'] == 'l2p':
+			l2p_courses.append(auth['auth_param'])
+		elif auth['auth_type'] == 'rwth':
+			rwth_intern = True
+	if public or not auths:
+		return 'public', 'Öffentlich verfügbar'
+	if rwth_intern:
+		if password:
+			return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
+		return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
+	if l2p_courses:
+		if password:
+			return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
+		return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
+	if password:
+		return 'password', 'Nur für Nutzer mit Passwort verfügbar'
+	return 'public', 'Öffentlich verfügbar'
+
 app.jinja_env.globals['navbar'] = []
 # iconlib can be 'bootstrap'
 # ( see: http://getbootstrap.com/components/#glyphicons )
@@ -233,12 +299,22 @@ def lecture(id):
 			WHERE videos.lecture_id = ? AND (? OR videos.visible)
 			ORDER BY formats.prio DESC
 			''', lecture['course_id'], lecture['id'], ismod())
+	auths = query('SELECT auth.* FROM auth WHERE (auth.lecture_id = ? OR auth.course_id = ?)',
+			lecture['id'], lecture['course_id'])
 	if not videos:
 		flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
-	course = query('SELECT * FROM courses WHERE id = ? AND (? OR (visible AND listed))', lecture['course_id'], ismod())
+	course = query('SELECT * FROM courses WHERE id = ? AND (? OR (visible AND listed))', lecture['course_id'], ismod())[0]
 	if not course:
 		return render_endpoint('course', 'Diese Veranstaltung existiert nicht!'), 404
 	chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
+	if not checkauth(auths):
+		mode, text = authdescr(auths)
+		if mode == 'rwth':
+			flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
+		elif mode == 'l2p':
+			flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
+		else:
+			flash(text+'.')
 	return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=course, lecture=lecture, videos=videos, chapters=chapters)
 
 
@@ -365,7 +441,7 @@ def auth(): # For use with nginx auth_request
 	ip = request.headers.get('X-Real-IP', '')
 	if url.endswith('jpg'):
 		return "OK", 200
-	videos = query('''SELECT videos.path, videos.id, lectures.id AS lecture_id, courses.id AS course_id, auth.*
+	videos = query('''SELECT videos.path, videos.id, auth.*
       FROM videos
       JOIN lectures ON (videos.lecture_id = lectures.id)
       JOIN courses ON (lectures.course_id = courses.id)
@@ -374,36 +450,23 @@ def auth(): # For use with nginx auth_request
       AND (? OR (courses.visible AND lectures.visible AND videos.visible))
 			ORDER BY auth.video_id DESC, auth.lecture_id DESC, auth.course_id DESC''',
 			url, ismod())
+
 	if not videos:
 		return "Not allowed", 403
-	allowed = False
-	types = []
 	auth = request.authorization
-	for video in videos:
-		if videos[0] and ((videos[0]['video_id'] and not video['video_id']) \
-				or (videos[0]['lecture_id'] and not video['lecture_id'])):
-			break
-		types.append(video['auth_type'])
-		if video['auth_type'] == 'public':
-			allowed = True
-			break
-		elif video['auth_type'] == 'password':
-			if auth and video['auth_user'] == auth.username and video['auth_passwd'] == auth.password:
-				allowed = True
-				break
-		elif video['auth_type'] == 'l2p':
-			if video['auth_param'] in session.get('l2p_courses', []):
-				allowed = True
-				break
-		elif video['auth_type'] == 'rwth':
-			if session.get('rwthintern', False):
-				allowed = True
-				break
-	if not types[0] or allowed or ismod() or \
-			(auth and check_mod(*ldapauth(auth.username, auth.password))):
+	username = password = None
+	if auth:
+		username = auth.username
+		password = auth.password
+	if checkauth(videos, username=username, password=password):
 		return 'OK', 200
 		modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
-	elif 'password' in types:
+	password_auth = False
+	for video in videos:
+		if video['auth_type'] == 'password':
+			password_auth = True
+			break
+	if password_auth:
 		return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
 	return "Not allowed", 403
 

templates/base.html

@@ -106,7 +106,7 @@
 				<div class="col-xs-12 col-md-offset-{{ page_border }} col-md-{{ 12-(2*page_border) }}">
 				{% endif %}
 					{% for msg in get_flashed_messages() %}
-					<div class="hidden-print alert alert-danger" role="alert">{{ msg }}</div>
+					<div class="hidden-print alert alert-danger" role="alert">{{ msg|safe }}</div>
 					{% endfor %}
 					{% for msg in get_announcements(min_announcement_level) if (not request.cookies['alert-info-'+msg.id|string]) %}
 					<div class="hidden-print alert alert-{{levels.get(msg.level, ('info', ''))[0]}}" role="alert">

templates/course.html

@@ -20,7 +20,11 @@
 		<div class="col-xs-12">
 			<table class="table-top-aligned table-condensed">
 				<tbody>
+					{% if ismod() %}
 					<tr><td>Semester:</td><td>{{ moderator_editor(['courses',course.id,'semester'], course.semester) }}</td></tr>
+					{% else %}
+					<tr><td>Semester:</td><td>{{ course.semester|semester(long=True) }}</td></tr>
+					{% endif %}
 					<tr><td>Veranstalter:</td><td>{{ moderator_editor(['courses',course.id,'organizer'], course.organizer) }}</td></tr>
 					<tr><td>Bemerkungen:</td><td>{{ moderator_editor(['courses',course.id,'description'], course.description) }}</td></tr>
 				</tbody>

templates/lecture.html

@@ -30,6 +30,7 @@
 			<div class="col-xs-12" style="padding: 0px">
 				{{ player(lecture, videos) }}
 			</div>
+			{% if ismod() %}
 				<div class="col-xs-12" style="padding-top: 10px;">
 					<p>Kapitel:</p>
 					<table class="table table-hover">
@@ -51,6 +52,7 @@
 					{% endfor %}
 					</table>
 				</div>
+			{% endif %}
 		</div>
 	</div>
 </div>