python-schooltool.lyceum.journal 2.6.4-0ubuntu2 / usr / lib / python2.7 / dist-packages / schooltool / lyceum / journal / ftests / ajax.txt

This file is indexed.

/usr/lib/python2.7/dist-packages/schooltool/lyceum/journal/ftests/ajax.txt is in python-schooltool.lyceum.journal 2.6.4-0ubuntu2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
Functional doctest for SchoolTool Journal
=========================================

Let's log in with the manager account:

    >>> from schooltool.lyceum.journal.ftests import printGradebookTable
    >>> manager = Browser('manager', 'schooltool')

Set up a basic school year:

    >>> manager.getLink('Manage').click()
    >>> manager.getLink('School Years').click()
    >>> manager.getLink('New School Year').click()
    >>> manager.getControl('Title').value = '2005'
    >>> manager.getControl('First day').value = '2005-09-01'
    >>> manager.getControl('Last day').value = '2006-07-31'
    >>> manager.getControl('Add').click()

Add some teachers:

    >>> from schooltool.basicperson.browser.ftests.setup import addPerson
    >>> addPerson('Pete', 'Teacher', username='pete', password='pwd', groups=['teachers'])

And some students:

    >>> addPerson('Frum', 'Student', username='frum', password='pwd', groups=['students'])
    >>> addPerson('Grum', 'Student', username='grum', password='pwd', groups=['students'])

Add a term:

    >>> manager.getLink('Add a new term').click()
    >>> manager.getControl('Title').value = '2005 Fall 1'
    >>> manager.getControl('Start date').value = '2005-09-01'
    >>> manager.getControl('End date').value = '2005-10-31'
    >>> manager.getControl('Next').click()
    >>> manager.getControl('Saturday').click()
    >>> manager.getControl('Sunday').click()
    >>> manager.getControl('Add term').click()

Timetable schema:

    >>> manager.getLink('2005').click()
    >>> manager.getLink('School Timetables').click()
    >>> manager.getLink('New Timetable').click()

    >>> manager.getControl('Next').click()
    >>> manager.getControl('Days of the week').click()
    >>> manager.getControl('Same time each day').click()
    >>> manager.getControl(name='field.times').value = '9:00-10:00\n10:30-11:30'
    >>> manager.getControl('Next').click()
    >>> manager.getControl('Have names').click()
    >>> manager.getControl(name='field.periods').value = 'A\nB'
    >>> manager.getControl('Next').click()
    >>> manager.getControl('Same').click()
    >>> manager.getControl('Next').click()
    >>> manager.getControl('No').click()

A section:

    >>> from schooltool.app.browser.ftests.setup import addSection
    >>> from schooltool.app.browser.ftests.setup import addCourse
    >>> addCourse("History", "2005")

    >>> addSection("History", "2005", "2005 Fall 1",
    ...            title="History (1a)",
    ...            instructors=['Pete'],
    ...            members=['Grum', 'Frum'])

Let's schedule the section:

    >>> manager.getLink('2005').click()
    >>> manager.getLink('2005 Fall 1').click()
    >>> manager.getLink('Sections').click()
    >>> manager.getLink(url='sections/1').click()
    >>> manager.getLink('Schedule').click()
    >>> manager.getLink('Add Timetable').click()
    >>> manager.getControl('Add').click()
    >>> manager.getControl(name='period.1-.Period-').value = True
    >>> manager.getControl(name='period.1-.Period-2-').value = True
    >>> manager.getControl(name='period.2-.Period-').value = True
    >>> manager.getControl('Save').click()

Let's log in with the teacher account:

    >>> teacher = Browser()
    >>> teacher.handleErrors = False
    >>> teacher.open('http://localhost/')
    >>> teacher.getLink('Log In').click()
    >>> teacher.getControl('Username').value = 'pete'
    >>> teacher.getControl('Password').value = 'pwd'
    >>> teacher.getControl('Log in').click()

    >>> teacher.open('http://localhost/persons/frum/calendar/2005-09-06')
    >>> teacher.getLink('Journal', index=1).click()
    >>> printGradebookTable(teacher.contents)
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+
    | Nr. | First Name | Last Name | 06      | 06 B | 07 A | 13 A | 13 B | 14 A | 20 A | 20 B | 21 A | 27 A | 27 B | 28 A | Average | Absences | Tardies | Excused |
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+
    | 1   | Frum       | Student   | [_____] |      |      |      |      |      |      |      |      |      |      |      |         |          |         |         |
    | 2   | Grum       | Student   | [_____] |      |      |      |      |      |      |      |      |      |      |      |         |          |         |         |
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+

Let's add some grades:

    >>> old_url = teacher.url
    >>> cells = analyze.queryHTML('//table[@class="data"]//input[@type="text"]/@name', teacher.contents)
    >>> event_id = cells[0].split(".")[1]

    >>> grade_url = 'http://localhost/schoolyears/2005/2005-fall-1/sections/1/journal/ajax.xml?event_id=%s&person_id=%s&grade=%s'
    >>> teacher.open(grade_url % (event_id, 'frum', 9))
    >>> teacher.open(grade_url % (event_id, 'grum', 3))
    >>> teacher.open(old_url)
    >>> printGradebookTable(teacher.contents)
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+
    | Nr. | First Name | Last Name | 06      | 06 B | 07 A | 13 A | 13 B | 14 A | 20 A | 20 B | 21 A | 27 A | 27 B | 28 A | Average | Absences | Tardies | Excused |
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+
    | 1   | Frum       | Student   | [9____] |      |      |      |      |      |      |      |      |      |      |      | 9.000   |          |         |         |
    | 2   | Grum       | Student   | [3____] |      |      |      |      |      |      |      |      |      |      |      | 3.000   |          |         |         |
    +-----+------------+-----------+---------+------+------+------+------+------+------+------+------+------+------+------+---------+----------+---------+---------+

What if Grum tries to circumvent the security and use the ajax url
directly to set his grades:

    >>> grum = Browser()
    >>> grum.handleErrors = False
    >>> grum.open('http://localhost/')
    >>> grum.getLink('Log In').click()
    >>> grum.getControl('Username').value = 'grum'
    >>> grum.getControl('Password').value = 'pwd'
    >>> grum.getControl('Log in').click()
    >>> grum.open(grade_url % (event_id, 'grum', 10))
    Traceback (most recent call last):
    ...
    Unauthorized: (<zope.browserpage.metaconfigure.SectionJournalAjaxView object at ...>,
                    'browserDefault', 'schooltool.edit')

APT Browse - Built by Thomas Orozco.