Commit 47b56274 authored by Andreas Valder's avatar Andreas Valder
Browse files

Merge branch 'master' of git.fsmpi.rwth-aachen.de:videoagwebsite/videoagwebsite

parents c74e6a72 04f11fab
......@@ -103,7 +103,7 @@ def searchquery(text, columns, match, tables, suffix, *suffixparams):
if subexprs == []:
return []
expr = 'SELECT *,SUM(_prio) AS _score FROM (%s) AS _tmp %s'%(' UNION '.join(subexprs), suffix)
return query(expr, *params, *suffixparams)
return query(expr, *(list(params)+list(suffixparams)))
LDAP_USERRE = re.compile(r'[^a-z0-9]')
if 'LDAP_HOST' in config:
......
......@@ -43,6 +43,5 @@ def finish_oauth():
session['l2p_courses'] = []
for course in l2pget('viewAllCourseInfo', token['access_token'])['dataSet']:
session['l2p_courses'].append(course['uniqueid'])
flash('Folgende Kurse wurden freigegeben: '+', '.join(session['l2p_courses']))
del session['oauthscope']
oauthget('token', refresh_token=token['refresh_token'], grant_type='invalidate')
......@@ -31,7 +31,7 @@ def sched_func(delay, priority=0, firstdelay=None, args=[], kargs={}):
def wrapper(func):
def sched_wrapper():
with app.test_request_context():
func(*args, *kargs)
func(*args, **kargs)
scheduler.enter(delay, priority, sched_wrapper)
scheduler.enter(firstdelay, priority, sched_wrapper)
return func
......@@ -69,6 +69,72 @@ def mod_required(func):
return func(*args, **kwargs)
return decorator
def evalauth(auths):
cauths = []
lauths = []
vauths = []
for auth in auths:
if auth['course_id']:
cauths.append(auth)
elif auth['lecture_id']:
lauths.append(auth)
elif auth['video_id']:
vauths.append(auth)
if vauths:
return vauths
elif lauths:
return lauths
elif cauths:
return cauths
return [{'auth_type': 'public'}]
@app.template_filter()
def checkauth(auths, username=None, password=None):
auths = evalauth(auths)
for auth in auths:
if auth['auth_type'] == 'public':
return True
elif auth['auth_type'] == 'password':
if auth['auth_user'] == username and auth['auth_password'] == password:
return True
elif auth['auth_type'] == 'l2p':
if auth['auth_param'] in session.get('l2p_courses', []):
return True
elif auth['auth_type'] == 'rwth':
if session.get('rwthintern', False):
return True
return False
@app.template_filter()
def authdescr(auths):
auths = evalauth(auths)
public = False
password = False
l2p_courses = []
rwth_intern = False
for auth in auths:
if auth['auth_type'] == 'public':
public = True
elif auth['auth_type'] == 'password':
password = True
elif auth['auth_type'] == 'l2p':
l2p_courses.append(auth['auth_param'])
elif auth['auth_type'] == 'rwth':
rwth_intern = True
if public or not auths:
return 'public', 'Öffentlich verfügbar'
if rwth_intern:
if password:
return 'rwth', 'Nur für RWTH-Angehörige und Nutzer mit Passwort verfügbar'
return 'rwth', 'Nur für RWTH-Angehörige verfügbar'
if l2p_courses:
if password:
return 'l2p', 'Nur für Teilnehmer der Veranstaltung und Nutzer mit Passwort verfügbar'
return 'l2p', 'Nur für Teilnehmer der Veranstaltung verfügbar'
if password:
return 'password', 'Nur für Nutzer mit Passwort verfügbar'
return 'public', 'Öffentlich verfügbar'
app.jinja_env.globals['navbar'] = []
# iconlib can be 'bootstrap'
# ( see: http://getbootstrap.com/components/#glyphicons )
......@@ -233,12 +299,22 @@ def lecture(id):
WHERE videos.lecture_id = ? AND (? OR videos.visible)
ORDER BY formats.prio DESC
''', lecture['course_id'], lecture['id'], ismod())
auths = query('SELECT auth.* FROM auth WHERE (auth.lecture_id = ? OR auth.course_id = ?)',
lecture['id'], lecture['course_id'])
if not videos:
flash('Zu dieser Vorlesung wurden noch keine Videos veröffentlicht!')
course = query('SELECT * FROM courses WHERE id = ? AND (? OR (visible AND listed))', lecture['course_id'], ismod())
course = query('SELECT * FROM courses WHERE id = ? AND (? OR (visible AND listed))', lecture['course_id'], ismod())[0]
if not course:
return render_endpoint('course', 'Diese Veranstaltung existiert nicht!'), 404
chapters = query('SELECT * FROM chapters WHERE lecture_id = ? AND NOT deleted AND (? OR visible) ORDER BY time ASC', id, ismod())
if not checkauth(auths):
mode, text = authdescr(auths)
if mode == 'rwth':
flash(text+'. <a target="_blank" href="'+url_for('start_rwthauth')+'">Hier authorisieren</a>.')
elif mode == 'l2p':
flash(text+'. <a target="_blank" href="'+url_for('start_l2pauth')+'">Hier authorisieren</a>.')
else:
flash(text+'.')
return render_template('embed.html' if request.endpoint == 'embed' else 'lecture.html', course=course, lecture=lecture, videos=videos, chapters=chapters)
......@@ -365,7 +441,7 @@ def auth(): # For use with nginx auth_request
ip = request.headers.get('X-Real-IP', '')
if url.endswith('jpg'):
return "OK", 200
videos = query('''SELECT videos.path, videos.id, lectures.id AS lecture_id, courses.id AS course_id, auth.*
videos = query('''SELECT videos.path, videos.id, auth.*
FROM videos
JOIN lectures ON (videos.lecture_id = lectures.id)
JOIN courses ON (lectures.course_id = courses.id)
......@@ -374,36 +450,23 @@ def auth(): # For use with nginx auth_request
AND (? OR (courses.visible AND lectures.visible AND videos.visible))
ORDER BY auth.video_id DESC, auth.lecture_id DESC, auth.course_id DESC''',
url, ismod())
if not videos:
return "Not allowed", 403
allowed = False
types = []
auth = request.authorization
for video in videos:
if videos[0] and ((videos[0]['video_id'] and not video['video_id']) \
or (videos[0]['lecture_id'] and not video['lecture_id'])):
break
types.append(video['auth_type'])
if video['auth_type'] == 'public':
allowed = True
break
elif video['auth_type'] == 'password':
if auth and video['auth_user'] == auth.username and video['auth_passwd'] == auth.password:
allowed = True
break
elif video['auth_type'] == 'l2p':
if video['auth_param'] in session.get('l2p_courses', []):
allowed = True
break
elif video['auth_type'] == 'rwth':
if session.get('rwthintern', False):
allowed = True
break
if not types[0] or allowed or ismod() or \
(auth and check_mod(*ldapauth(auth.username, auth.password))):
username = password = None
if auth:
username = auth.username
password = auth.password
if checkauth(videos, username=username, password=password):
return 'OK', 200
modify('INSERT INTO log VALUES (?, "", ?, "video", ?, ?)', ip, datetime.now(), videos[0]['id'], url)
elif 'password' in types:
password_auth = False
for video in videos:
if video['auth_type'] == 'password':
password_auth = True
break
if password_auth:
return Response("Login required", 401, {'WWW-Authenticate': 'Basic realm="Login Required"'})
return "Not allowed", 403
......
......@@ -106,7 +106,7 @@
<div class="col-xs-12 col-md-offset-{{ page_border }} col-md-{{ 12-(2*page_border) }}">
{% endif %}
{% for msg in get_flashed_messages() %}
<div class="hidden-print alert alert-danger" role="alert">{{ msg }}</div>
<div class="hidden-print alert alert-danger" role="alert">{{ msg|safe }}</div>
{% endfor %}
{% for msg in get_announcements(min_announcement_level) if (not request.cookies['alert-info-'+msg.id|string]) %}
<div class="hidden-print alert alert-{{levels.get(msg.level, ('info', ''))[0]}}" role="alert">
......
......@@ -20,7 +20,11 @@
<div class="col-xs-12">
<table class="table-top-aligned table-condensed">
<tbody>
{% if ismod() %}
<tr><td>Semester:</td><td>{{ moderator_editor(['courses',course.id,'semester'], course.semester) }}</td></tr>
{% else %}
<tr><td>Semester:</td><td>{{ course.semester|semester(long=True) }}</td></tr>
{% endif %}
<tr><td>Veranstalter:</td><td>{{ moderator_editor(['courses',course.id,'organizer'], course.organizer) }}</td></tr>
<tr><td>Bemerkungen:</td><td>{{ moderator_editor(['courses',course.id,'description'], course.description) }}</td></tr>
</tbody>
......
......@@ -30,27 +30,29 @@
<div class="col-xs-12" style="padding: 0px">
{{ player(lecture, videos) }}
</div>
<div class="col-xs-12" style="padding-top: 10px;">
<p>Kapitel:</p>
<table class="table table-hover">
<tr>
<th>Index</th>
<th>Start</th>
<th>Kapitel</th>
<th>Sichtbar</th>
<th></th>
</tr>
{% for c in chapters|sort(attribute='time') %}
<tr onclick="videojs('videoplayer').currentTime({{c['time']}})">
<td>{{ loop.index }}</td>
<td>{{ vtttime(c['time']) }}</td>
<td>{{ moderator_editor(['chapters',c.id,'text'],c['text']) }}</td>
<td>{{ moderator_checkbox(['chapters',c.id,'visible'], c.visible) }}</td>
<td>{{ moderator_delete(['chapters',c.id,'deleted']) }}</td>
</tr>
{% endfor %}
</table>
</div>
{% if ismod() %}
<div class="col-xs-12" style="padding-top: 10px;">
<p>Kapitel:</p>
<table class="table table-hover">
<tr>
<th>Index</th>
<th>Start</th>
<th>Kapitel</th>
<th>Sichtbar</th>
<th></th>
</tr>
{% for c in chapters|sort(attribute='time') %}
<tr onclick="videojs('videoplayer').currentTime({{c['time']}})">
<td>{{ loop.index }}</td>
<td>{{ vtttime(c['time']) }}</td>
<td>{{ moderator_editor(['chapters',c.id,'text'],c['text']) }}</td>
<td>{{ moderator_checkbox(['chapters',c.id,'visible'], c.visible) }}</td>
<td>{{ moderator_delete(['chapters',c.id,'deleted']) }}</td>
</tr>
{% endfor %}
</table>
</div>
{% endif %}
</div>
</div>
</div>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment