cfl-common 5.3.0__py3-none-any.whl → 8.9.15__py3-none-any.whl

common/migrations/0057_teacher_teacher__is_admin.py

@@ -0,0 +1,19 @@
+# Generated by Django 4.2.17 on 2025-01-13 17:34
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("common", "0056_set_non_school_teachers_as_non_admins"),
+    ]
+
+    operations = [
+        migrations.AddConstraint(
+            model_name="teacher",
+            constraint=models.CheckConstraint(
+                check=models.Q(("is_admin", True), ("school__isnull", True), _negated=True), name="teacher__is_admin"
+            ),
+        ),
+    ]

common/migrations/0058_userprofile_google_refresh_token_and_more.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.1.10 on 2025-08-12 12:51
+
+import common.models
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("common", "0057_teacher_teacher__is_admin"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="userprofile",
+            name="google_refresh_token",
+            field=common.models.EncryptedCharField(blank=True, max_length=1004, null=True),
+        ),
+        migrations.AddField(
+            model_name="userprofile",
+            name="google_sub",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+    ]

common/models.py

@@ -1,21 +1,102 @@
 import re
+import typing as t
 from datetime import timedelta
 from uuid import uuid4
 
+from cryptography.fernet import Fernet
+from django.conf import settings
 from django.contrib.auth.models import User
 from django.db import models
 from django.utils import timezone
 from django_countries.fields import CountryField
-from wagtail.admin.edit_handlers import FieldPanel
-from wagtail.snippets.models import register_snippet
+
+if t.TYPE_CHECKING:
+    from django.db.models import ManyToManyField
+    from game.models import Worksheet
+
+
+class EncryptedCharField(models.CharField):
+    """
+    A custom CharField that encrypts data before saving and decrypts it when
+    retrieved.
+    """
+
+    _fernet = Fernet(settings.ENCRYPTION_KEY)
+    _prefix = "ENC:"
+
+    # pylint: disable-next=unused-argument
+    def from_db_value(self, value: t.Optional[str], expression, connection):
+        """
+        Converts a value as returned by the database to a Python object. It is
+        the reverse of get_prep_value().
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-values-to-python-objects
+        """
+        if isinstance(value, str):
+            return self.decrypt_value(value)
+        return value
+
+    def to_python(self, value: t.Optional[str]):
+        """
+        Converts the value into the correct Python object. It acts as the
+        reverse of value_to_string(), and is also called in clean().
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-values-to-python-objects
+        """
+        if isinstance(value, str):
+            return self.decrypt_value(value)
+        return value
+
+    def get_prep_value(self, value: t.Optional[str]):
+        """
+        'value' is the current value of the model's attribute, and the method
+        should return data in a format that has been prepared for use as a
+        parameter in a query.
+
+        https://docs.djangoproject.com/en/5.1/howto/custom-model-fields/#converting-python-objects-to-query-values
+        """
+        if isinstance(value, str):
+            return self.encrypt_value(value)
+        return value
+
+    def encrypt_value(self, value: str):
+        """Encrypt the value if it's not encrypted."""
+        if not value.startswith(self._prefix):
+            return self._prefix + self._fernet.encrypt(value.encode()).decode()
+        return value
+
+    def decrypt_value(self, value: str):
+        """Decrpyt the value if it's encrypted.."""
+        if value.startswith(self._prefix):
+            value = value[len(self._prefix) :]
+            return self._fernet.decrypt(value).decode()
+        return value
 
 
 class UserProfile(models.Model):
     user = models.OneToOneField(User, on_delete=models.CASCADE)
-    can_view_aggregated_data = models.BooleanField(default=False)
-    developer = models.BooleanField(default=False)
 
-    awaiting_email_verification = models.BooleanField(default=False)
+    otp_secret = models.CharField(max_length=40, null=True, blank=True)
+    last_otp_for_time = models.DateTimeField(null=True, blank=True)
+    developer = models.BooleanField(default=False)
+    is_verified = models.BooleanField(default=False)
+
+    # TODO: Make not nullable once data has been transferred
+    first_name = models.CharField(max_length=200, null=True, blank=True)
+    _first_name = models.BinaryField(null=True, blank=True)
+    last_name = models.CharField(max_length=200, null=True, blank=True)
+    _last_name = models.BinaryField(null=True, blank=True)
+    email = models.CharField(max_length=200, null=True, blank=True)
+    _email = models.BinaryField(null=True, blank=True)
+    # TODO: Make not nullable once data has been transferred
+    username = models.CharField(max_length=200, null=True, blank=True)
+    _username = models.BinaryField(null=True, blank=True)
+
+    # Google.
+    google_refresh_token = EncryptedCharField(
+        max_length=1000 + len(EncryptedCharField._prefix), null=True, blank=True
+    )
+    google_sub = models.CharField(max_length=255, null=True, blank=True)
 
     def __str__(self):
         return f"{self.user.first_name} {self.user.last_name}"
@@ -25,36 +106,26 @@ class UserProfile(models.Model):
         return now - timedelta(days=7) <= self.user.date_joined
 
 
-class EmailVerification(models.Model):
-    user = models.ForeignKey(
-        User,
-        related_name="email_verifications",
-        null=True,
-        blank=True,
-        on_delete=models.CASCADE,
-    )
-    token = models.CharField(max_length=30)
-    email = models.CharField(max_length=200, null=True, default=None, blank=True)
-    expiry = models.DateTimeField()
-    verified = models.BooleanField(default=False)
+class SchoolModelManager(models.Manager):
+    def get_original_queryset(self):
+        return super().get_queryset()
 
-    def __str__(self):
-        return f"Email verification for {self.user.username}, ({self.email})"
+    # Filter out inactive schools by default
+    def get_queryset(self):
+        return super().get_queryset().filter(is_active=True)
 
 
 class School(models.Model):
-    name = models.CharField(max_length=200)
-    postcode = models.CharField(max_length=10)
-    town = models.CharField(max_length=200)
-    latitude = models.CharField(max_length=20)
-    longitude = models.CharField(max_length=20)
-    country = CountryField(blank_label="(select country)")
+    name = models.CharField(max_length=200, unique=True)
+    country = CountryField(
+        blank_label="(select country)", null=True, blank=True
+    )
+    # TODO: Create an Address model to house address details
+    county = models.CharField(max_length=50, blank=True, null=True)
+    creation_time = models.DateTimeField(default=timezone.now, null=True)
+    is_active = models.BooleanField(default=True)
 
-    class Meta(object):
-        permissions = (
-            ("view_aggregated_data", "Can see available aggregated data"),
-            ("view_map_data", "Can see schools' location displayed on map"),
-        )
+    objects = SchoolModelManager()
 
     def __str__(self):
         return self.name
@@ -69,6 +140,19 @@ class School(models.Model):
             return classes
         return None
 
+    def admins(self):
+        teachers = self.teacher_school.all()
+        return (
+            [teacher for teacher in teachers if teacher.is_admin]
+            if teachers
+            else None
+        )
+
+    def anonymise(self):
+        self.name = uuid4().hex
+        self.is_active = False
+        self.save()
+
 
 class TeacherModelManager(models.Manager):
     def factory(self, first_name, last_name, email, password):
@@ -84,6 +168,13 @@ class TeacherModelManager(models.Manager):
 
         return Teacher.objects.create(user=user_profile, new_user=user)
 
+    def get_original_queryset(self):
+        return super().get_queryset()
+
+    # Filter out non active teachers by default
+    def get_queryset(self):
+        return super().get_queryset().filter(new_user__is_active=True)
+
 
 class Teacher(models.Model):
     user = models.OneToOneField(UserProfile, on_delete=models.CASCADE)
@@ -95,32 +186,112 @@ class Teacher(models.Model):
         on_delete=models.CASCADE,
     )
     school = models.ForeignKey(
-        School, related_name="teacher_school", null=True, on_delete=models.SET_NULL
+        School,
+        related_name="teacher_school",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
     )
     is_admin = models.BooleanField(default=False)
-    pending_join_request = models.ForeignKey(
-        School,
-        related_name="join_request",
+    blocked_time = models.DateTimeField(null=True, blank=True)
+    invited_by = models.ForeignKey(
+        "self",
+        related_name="invited_teachers",
         null=True,
         blank=True,
         on_delete=models.SET_NULL,
     )
-    blocked_time = models.DateTimeField(null=True)
 
     objects = TeacherModelManager()
 
+    class Meta:
+        constraints = [
+            models.CheckConstraint(
+                check=~models.Q(
+                    school__isnull=True,
+                    is_admin=True,
+                ),
+                name="teacher__is_admin",
+            )
+        ]
+
     def teaches(self, userprofile):
         if hasattr(userprofile, "student"):
             student = userprofile.student
-            return not student.is_independent() and student.class_field.teacher == self
+            return (
+                not student.is_independent()
+                and student.class_field.teacher == self
+            )
 
     def has_school(self):
         return self.school is not (None or "")
 
+    def has_class(self):
+        return self.class_teacher.exists()
+
     def __str__(self):
         return f"{self.new_user.first_name} {self.new_user.last_name}"
 
 
+class SchoolTeacherInvitationModelManager(models.Manager):
+    def get_original_queryset(self):
+        return super().get_queryset()
+
+    # Filter out inactive invitations by default
+    def get_queryset(self):
+        return super().get_queryset().filter(is_active=True)
+
+
+class SchoolTeacherInvitation(models.Model):
+    token = models.CharField(max_length=88)
+    school = models.ForeignKey(
+        School,
+        related_name="teacher_invitations",
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    from_teacher = models.ForeignKey(
+        Teacher,
+        related_name="school_invitations",
+        null=True,
+        on_delete=models.SET_NULL,
+    )
+    invited_teacher_first_name = models.CharField(
+        max_length=150
+    )  # Same as User model
+    # TODO: Make not nullable once data has been transferred
+    _invited_teacher_first_name = models.BinaryField(null=True, blank=True)
+    invited_teacher_last_name = models.CharField(
+        max_length=150
+    )  # Same as User model
+    # TODO: Make not nullable once data has been transferred
+    _invited_teacher_last_name = models.BinaryField(null=True, blank=True)
+    # TODO: Switch to a CharField to be able to hold hashed value
+    invited_teacher_email = models.EmailField()  # Same as User model
+    # TODO: Make not nullable once data has been transferred
+    _invited_teacher_email = models.BinaryField(null=True, blank=True)
+    invited_teacher_is_admin = models.BooleanField(default=False)
+    expiry = models.DateTimeField()
+    creation_time = models.DateTimeField(default=timezone.now, null=True)
+    is_active = models.BooleanField(default=True)
+
+    objects = SchoolTeacherInvitationModelManager()
+
+    @property
+    def is_expired(self):
+        return self.expiry < timezone.now()
+
+    def __str__(self):
+        return f"School teacher invitation for {self.invited_teacher_email} to {self.school.name}"
+
+    def anonymise(self):
+        self.invited_teacher_first_name = uuid4().hex
+        self.invited_teacher_last_name = uuid4().hex
+        self.invited_teacher_email = uuid4().hex
+        self.is_active = False
+        self.save()
+
+
 class ClassModelManager(models.Manager):
     def all_members(self, user):
         members = []
@@ -136,22 +307,50 @@ class ClassModelManager(models.Manager):
             members.extend(c.students.all())
         return members
 
+    def get_original_queryset(self):
+        return super().get_queryset()
+
+    # Filter out non active classes by default
+    def get_queryset(self):
+        return super().get_queryset().filter(is_active=True)
+
 
 class Class(models.Model):
+    locked_worksheets: "ManyToManyField[Worksheet]"
+
     name = models.CharField(max_length=200)
     teacher = models.ForeignKey(
         Teacher, related_name="class_teacher", on_delete=models.CASCADE
     )
-    access_code = models.CharField(max_length=5)
+    access_code = models.CharField(max_length=5, null=True)
     classmates_data_viewable = models.BooleanField(default=False)
     always_accept_requests = models.BooleanField(default=False)
     accept_requests_until = models.DateTimeField(null=True)
+    creation_time = models.DateTimeField(default=timezone.now, null=True)
+    is_active = models.BooleanField(default=True)
+    created_by = models.ForeignKey(
+        Teacher,
+        null=True,
+        blank=True,
+        related_name="created_classes",
+        on_delete=models.SET_NULL,
+    )
 
     objects = ClassModelManager()
 
     def __str__(self):
         return self.name
 
+    @property
+    def active_game(self):
+        games = self.game_set.filter(game_class=self, is_archived=False)
+        if len(games) >= 1:
+            assert (
+                len(games) == 1
+            )  # there should NOT be more than one active game
+            return games[0]
+        return None
+
     def has_students(self):
         students = self.students.all()
         return students.count() != 0
@@ -178,10 +377,32 @@ class Class(models.Model):
 
         return external_requests_message
 
+    def anonymise(self):
+        self.name = uuid4().hex
+        self.access_code = ""
+        self.is_active = False
+        self.save()
+
+        # Remove independent students' requests to join this class
+        self.class_request.clear()
+
     class Meta(object):
         verbose_name_plural = "classes"
 
 
+class UserSession(models.Model):
+    user = models.ForeignKey(User, on_delete=models.CASCADE)
+    login_time = models.DateTimeField(default=timezone.now)
+    school = models.ForeignKey(School, null=True, on_delete=models.SET_NULL)
+    class_field = models.ForeignKey(Class, null=True, on_delete=models.SET_NULL)
+    login_type = models.CharField(
+        max_length=100, null=True
+    )  # for student login
+
+    def __str__(self):
+        return f"{self.user} login: {self.login_time} type: {self.login_type}"
+
+
 class StudentModelManager(models.Manager):
     def get_random_username(self):
         while True:
@@ -191,7 +412,9 @@ class StudentModelManager(models.Manager):
 
     def schoolFactory(self, klass, name, password, login_id=None):
         user = User.objects.create_user(
-            username=self.get_random_username(), password=password, first_name=name
+            username=self.get_random_username(),
+            password=password,
+            first_name=name,
         )
         user_profile = UserProfile.objects.create(user=user)
 
@@ -202,28 +425,23 @@ class StudentModelManager(models.Manager):
             login_id=login_id,
         )
 
-    def independentStudentFactory(self, username, name, email, password):
+    def independentStudentFactory(self, name, email, password):
         user = User.objects.create_user(
-            username=username, email=email, password=password, first_name=name
+            username=email, email=email, password=password, first_name=name
         )
 
         user_profile = UserProfile.objects.create(user=user)
 
         return Student.objects.create(user=user_profile, new_user=user)
 
-    def independent_students(self):
-        """
-        Returns all independent students in the database.
-        :return: A list of all independent students.
-        """
-        return [
-            student for student in Student.objects.all() if student.is_independent()
-        ]
-
 
 class Student(models.Model):
     class_field = models.ForeignKey(
-        Class, related_name="students", null=True, on_delete=models.CASCADE
+        Class,
+        related_name="students",
+        null=True,
+        blank=True,
+        on_delete=models.CASCADE,
     )
     # hashed uuid used for the unique direct login url
     login_id = models.CharField(max_length=64, null=True)
@@ -236,9 +454,13 @@ class Student(models.Model):
         on_delete=models.CASCADE,
     )
     pending_class_request = models.ForeignKey(
-        Class, related_name="class_request", null=True, on_delete=models.SET_NULL
+        Class,
+        related_name="class_request",
+        null=True,
+        blank=True,
+        on_delete=models.SET_NULL,
     )
-    blocked_time = models.DateTimeField(null=True)
+    blocked_time = models.DateTimeField(null=True, blank=True)
 
     objects = StudentModelManager()
 
@@ -253,21 +475,83 @@ def stripStudentName(name):
     return re.sub("[ \t]+", " ", name.strip())
 
 
-class AimmoCharacterManager(models.Manager):
-    def sorted(self):
-        return self.get_queryset().order_by("sort_order")
+# -----------------------------------------------------------------------
+# Below are models used for data tracking and maintenance
+# -----------------------------------------------------------------------
+class JoinReleaseStudent(models.Model):
+    """
+    To keep track when a student is released to be independent student or
+    joins a class to be a school student.
+    """
+
+    JOIN = "join"
+    RELEASE = "release"
+
+    student = models.ForeignKey(
+        Student, related_name="student", on_delete=models.CASCADE
+    )
+    # either "release" or "join"
+    action_type = models.CharField(max_length=64)
+    action_time = models.DateTimeField(default=timezone.now)
+
+
+class DailyActivity(models.Model):
+    """
+    A model to record sets of daily activity. Currently used to record the
+    amount of student details download clicks, through the CSV and login
+    cards methods, per day.
+    """
+
+    date = models.DateField(default=timezone.now)
+    csv_click_count = models.PositiveIntegerField(default=0)
+    login_cards_click_count = models.PositiveIntegerField(default=0)
+    primary_coding_club_downloads = models.PositiveIntegerField(default=0)
+    python_coding_club_downloads = models.PositiveIntegerField(default=0)
+    level_control_submits = models.PositiveBigIntegerField(default=0)
+    teacher_lockout_resets = models.PositiveIntegerField(default=0)
+    indy_lockout_resets = models.PositiveIntegerField(default=0)
+    school_student_lockout_resets = models.PositiveIntegerField(default=0)
+    anonymised_unverified_teachers = models.PositiveIntegerField(default=0)
+    anonymised_unverified_independents = models.PositiveIntegerField(default=0)
+
+    class Meta:
+        verbose_name_plural = "Daily activities"
+
+    def __str__(self):
+        return f"Activity on {self.date}: CSV clicks: {self.csv_click_count}, login cards clicks: {self.login_cards_click_count}, primary pack downloads: {self.primary_coding_club_downloads}, python pack downloads: {self.python_coding_club_downloads}, level control submits: {self.level_control_submits}, teacher lockout resets: {self.teacher_lockout_resets}, indy lockout resets: {self.indy_lockout_resets}, school student lockout resets: {self.school_student_lockout_resets}, unverified teachers anonymised: {self.anonymised_unverified_teachers}, unverified independents anonymised: {self.anonymised_unverified_independents}"
+
+
+class TotalActivity(models.Model):
+    """
+    A model to record total activity. Meant to only have one entry which
+    records all total activity. An example of this is total ever registrations.
+    """
 
+    teacher_registrations = models.PositiveIntegerField(default=0)
+    student_registrations = models.PositiveIntegerField(default=0)
+    independent_registrations = models.PositiveIntegerField(default=0)
+    anonymised_unverified_teachers = models.PositiveIntegerField(default=0)
+    anonymised_unverified_independents = models.PositiveIntegerField(default=0)
+
+    class Meta:
+        verbose_name_plural = "Total activity"
+
+    def __str__(self):
+        return "Total activity"
 
-@register_snippet
-class AimmoCharacter(models.Model):
-    name = models.CharField(max_length=255)
-    description = models.TextField()
-    image_path = models.CharField(max_length=255)
-    sort_order = models.IntegerField()
 
-    objects = AimmoCharacterManager()
+class DynamicElement(models.Model):
+    """
+    This model is meant to allow us to quickly update some elements
+    dynamically on the website without having to redeploy everytime. For
+    example, if a maintenance banner needs to be added, we check the box in
+    the Django admin panel, edit the text and it'll show immediately on the
+    website.
+    """
 
-    panels = [FieldPanel("name"), FieldPanel("description"), FieldPanel("image_path")]
+    name = models.CharField(max_length=64, unique=True, editable=False)
+    active = models.BooleanField(default=False)
+    text = models.TextField(null=True, blank=True)
 
     def __str__(self) -> str:
         return self.name

common/permissions.py

@@ -1,14 +1,14 @@
 from functools import wraps
 
-from django.urls import reverse_lazy
+from common.utils import using_two_factor
+from django.http import Http404
 from django.http import HttpResponseRedirect
+from django.urls import reverse_lazy
 from rest_framework import permissions
 
-from common.utils import using_two_factor
-
 
-def has_completed_auth_setup(u):
-    return (not using_two_factor(u)) or (u.is_verified() and using_two_factor(u))
+def has_completed_auth_setup(user):
+    return (not using_two_factor(user)) or (user.userprofile.is_verified and using_two_factor(user))
 
 
 class LoggedInAsTeacher(permissions.BasePermission):
@@ -35,6 +35,20 @@ def logged_in_as_independent_student(u):
     return logged_in_as_student(u) and u.userprofile.student.is_independent()
 
 
+def logged_in_as_school_student(u):
+    return logged_in_as_student(u) and not u.userprofile.student.is_independent()
+
+
+def check_teacher_authorised(request, class_teacher):
+    current_teacher_owns_the_class = class_teacher == request.user.new_teacher
+    is_current_teacher_school_admin = (
+        class_teacher.school == request.user.new_teacher.school and request.user.new_teacher.is_admin
+    )
+
+    if not (current_teacher_owns_the_class or is_current_teacher_school_admin):
+        raise Http404
+
+
 def not_logged_in(u):
     try:
         if u.userprofile:
@@ -44,9 +58,7 @@ def not_logged_in(u):
 
 
 def not_fully_logged_in(u):
-    return not_logged_in(u) or (
-        not logged_in_as_student(u) and not logged_in_as_teacher(u)
-    )
+    return not_logged_in(u) or (not logged_in_as_student(u) and not logged_in_as_teacher(u))
 
 
 def teacher_verified(view_func):