PyPI - rapid-router - Versions diffs - 7.5.11__py2.py3-none-any.whl → 7.5.12__py2.py3-none-any.whl - Mend

rapid-router 7.5.11py2.py3-none-any.whl → 7.5.12py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

game/__init__.py CHANGED Viewed

	@@ -1 +1 @@
1	- __version__ = "7.5.11"
1	+ __version__ = "7.5.12"

game/tests/test_level_editor.py CHANGED Viewed

@@ -488,3 +488,38 @@ class LevelEditorTestCase(TestCase):
         # Teacher shouldn't see any shared levels now
         response = self.client.get(levels_url)
         assert len(response.context["directly_shared_levels"]) == 0
+    def test_level_cannot_be_created_with_invalid_fields(self):
+        email, password = signup_teacher_directly()
+        create_organisation_directly(email)
+        _, _, access_code = create_class_directly(email)
+        create_school_student_directly(access_code)
+        level_data = self.LEVEL_DATA1
+        level_data["subtitle"] = "<a>invalid subtitle</a>"
+        self.login(email, password)
+        url = reverse("save_level_for_editor")
+        response = self.client.post(url, {"data": json.dumps(self.LEVEL_DATA1)})
+        assert response.status_code == 401
+        level_data["subtitle"] = "valid subtitle"
+        level_data["lesson"] = "<a>invalid lesson</a>"
+        response = self.client.post(url, {"data": json.dumps(self.LEVEL_DATA1)})
+        assert response.status_code == 401
+        level_data["lesson"] = "valid lesson"
+        level_data["hint"] = "<a>invalid hint</a>"
+        response = self.client.post(url, {"data": json.dumps(self.LEVEL_DATA1)})
+        assert response.status_code == 401
+        level_data["hint"] = "valid hint"
+        response = self.client.post(url, {"data": json.dumps(self.LEVEL_DATA1)})
+        assert response.status_code == 200

game/views/level_editor.py CHANGED Viewed

@@ -221,80 +221,88 @@ def save_level_for_editor(request, levelId=None):
     if not permissions.can_save_level(request.user, level):
         return HttpResponseUnauthorized()
-    pattern = re.compile("^(\w?[ ]?)*$")
+    name_pattern = re.compile("^(\w?[ ]?)*$")
+    fields_pattern = re.compile("^[\w.?!', ]*$")
+    name_is_safe = name_pattern.match(data["name"])
+    fields_are_safe = all(
+        [
+            field not in data or fields_pattern.match(data[field])
+            for field in ["subtitle", "lesson", "hint"]
+        ]
+    )
-    if pattern.match(data["name"]):
-        level_management.save_level(level, data)
+    if not (name_is_safe and fields_are_safe):
+        return HttpResponseUnauthorized()
-        is_user_school_student = (
-                hasattr(level.owner, "student")
-                and not level.owner.student.is_independent()
-        )
-        is_user_independent = (
-                hasattr(level.owner, "student") and level.owner.student.is_independent()
-        )
-        is_user_teacher = hasattr(level.owner, "teacher")
-        # when level is created
-        if levelId is None:
-            teacher = None
-            # if level owner is a school student, share with teacher automatically if they aren't an admin
-            if is_user_school_student:
-                teacher = level.owner.student.class_field.teacher
-                if not teacher.is_admin:
-                    level.shared_with.add(teacher.new_user)
-                if not data["anonymous"]:
-                    level_management.email_new_custom_level(
-                        teacher.new_user.email,
-                        request.build_absolute_uri(reverse("level_moderation")),
-                        request.build_absolute_uri(
-                            reverse("play_custom_level", kwargs={"levelId": level.id})
-                        ),
-                        str(level.owner.student),
-                        level.owner.student.class_field.name,
-                    )
+    level_management.save_level(level, data)
-            elif is_user_teacher:
-                teacher = level.owner.teacher
+    is_user_school_student = (
+        hasattr(level.owner, "student") and not level.owner.student.is_independent()
+    )
+    is_user_independent = (
+        hasattr(level.owner, "student") and level.owner.student.is_independent()
+    )
+    is_user_teacher = hasattr(level.owner, "teacher")
-            # if level owner is a teacher or an indy user, approval isn't needed
-            if not is_user_school_student:
-                level.needs_approval = False
+    # when level is created
+    if levelId is None:
+        teacher = None
-            # share with all admins of the school if user is in a school
-            if not is_user_independent:
-                if not teacher.school is None:
-                    school_admins = teacher.school.admins()
+        # if level owner is a school student, share with teacher automatically if they aren't an admin
+        if is_user_school_student:
+            teacher = level.owner.student.class_field.teacher
+            if not teacher.is_admin:
+                level.shared_with.add(teacher.new_user)
+            if not data["anonymous"]:
+                level_management.email_new_custom_level(
+                    teacher.new_user.email,
+                    request.build_absolute_uri(reverse("level_moderation")),
+                    request.build_absolute_uri(
+                        reverse("play_custom_level", kwargs={"levelId": level.id})
+                    ),
+                    str(level.owner.student),
+                    level.owner.student.class_field.name,
+                )
-                    [
-                        level.shared_with.add(school_admin.new_user)
-                        for school_admin in school_admins
-                        if school_admin.new_user != request.user
-                    ]
+        elif is_user_teacher:
+            teacher = level.owner.teacher
-        # anytime a student edits their level
-        if is_user_school_student:
-            if not level.needs_approval:
-                level.needs_approval = True
-                if not data["anonymous"]:
-                    level_management.email_new_custom_level(
-                        level.owner.student.class_field.teacher.new_user.email,
-                        request.build_absolute_uri(reverse("level_moderation")),
-                        request.build_absolute_uri(
-                            reverse("play_custom_level", kwargs={"levelId": level.id})
-                        ),
-                        str(level.owner.student),
-                        level.owner.student.class_field.name,
-                    )
+        # if level owner is a teacher or an indy user, approval isn't needed
+        if not is_user_school_student:
+            level.needs_approval = False
-        level.save()
-        response = {"id": level.id}
-        return HttpResponse(json.dumps(response), content_type="application/json")
-    else:
-        return HttpResponseUnauthorized()
+        # share with all admins of the school if user is in a school
+        if not is_user_independent:
+            if not teacher.school is None:
+                school_admins = teacher.school.admins()
+                [
+                    level.shared_with.add(school_admin.new_user)
+                    for school_admin in school_admins
+                    if school_admin.new_user != request.user
+                ]
+    # anytime a student edits their level
+    if is_user_school_student:
+        if not level.needs_approval:
+            level.needs_approval = True
+            if not data["anonymous"]:
+                level_management.email_new_custom_level(
+                    level.owner.student.class_field.teacher.new_user.email,
+                    request.build_absolute_uri(reverse("level_moderation")),
+                    request.build_absolute_uri(
+                        reverse("play_custom_level", kwargs={"levelId": level.id})
+                    ),
+                    str(level.owner.student),
+                    level.owner.student.class_field.name,
+                )
+    level.save()
+    response = {"id": level.id}
+    return HttpResponse(json.dumps(response), content_type="application/json")
 @transaction.atomic
@@ -397,9 +405,11 @@ class SharingInformationForEditor(APIView):
                 )
                 valid_recipients["classes"].append(
                     {
-                        "name": f"{class_.name} ({app_tags.make_into_username(class_.teacher.new_user)})"
-                        if teacher.is_admin
-                        else class_.name,
+                        "name": (
+                            f"{class_.name} ({app_tags.make_into_username(class_.teacher.new_user)})"
+                            if teacher.is_admin
+                            else class_.name
+                        ),
                         "id": class_.id,
                         "students": [
                             {

{rapid_router-7.5.11.dist-info → rapid_router-7.5.12.dist-info}/METADATA RENAMED Viewed

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: rapid-router
-Version: 7.5.11
+Version: 7.5.12
 Classifier: Programming Language :: Python
 Classifier: Programming Language :: Python :: 3.12
 Classifier: Framework :: Django

{rapid_router-7.5.11.dist-info → rapid_router-7.5.12.dist-info}/RECORD RENAMED Viewed

@@ -3,7 +3,7 @@ example_project/rapid_router_test_settings.py,sha256=3PPkhCEztAn-WGLQ-Bf2hA5n1q_
 example_project/settings.py,sha256=-Lsw_DJow_LaKaTE4DNfY69o3cclXUHNoWNybPBHIqY,4333
 example_project/urls.py,sha256=XHug_cpNy21yOef3E1-wWT5VkTuxpl6ZXIlCj6jDjWA,422
 example_project/wsgi.py,sha256=U1W6WzZxZaIdYZ5tks7w9fqp5WS5qvn2iThsVcskrWw,829
-game/__init__.py,sha256=DHyr2_MrVRAX7unYwkdusAq3A8cPjNHokQpjTxqtuLM,23
+game/__init__.py,sha256=pFUKWsutX3VUz-kNRAZXm5PflBdJ7dAo_wTAJT9qHdM,23
 game/admin.py,sha256=BLwwaqQYuqmMdwqnvhdan19iGxdcoBX4CXFk_ROG5-M,1431
 game/app_settings.py,sha256=mlg-1AiP7AR5JNOHAXXLuCrYWaZMmSihvSYk9c2c8YY,857
 game/cache.py,sha256=dtOiFl6Z4I2Q9-8Hz24ZI-5C0asXYSQhF2Be5q74N8g,2227
@@ -774,7 +774,7 @@ game/templatetags/game/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3
 game/templatetags/game/utils.py,sha256=quMDcxpoi998hHiOH6CtoxITgpVPo4iWeINFk5AHFPU,406
 game/tests/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 game/tests/test_api.py,sha256=RI2PBnSD2dOGmCdXgH8SsoHuBSRJzUv8zBA3Hzb_ASU,5688
-game/tests/test_level_editor.py,sha256=sMTbCUfxjT84fDlxJMS9dIzOIST0f8yKF_JT0FMGv8I,19565
+game/tests/test_level_editor.py,sha256=ttUMFpfpJp1Vc90X15v2i6AOItvPTwnA1BeuZ3sj9m8,20767
 game/tests/test_level_moderation.py,sha256=OcU8nx0Ih4FCR9b_tp0w4n6zWVdJ3gzftz6fa0iz67U,7057
 game/tests/test_level_selection.py,sha256=IbrIPKDozvQ-05JAmLxHw9DsTfTwTBF2VJQPU8dn2XI,11800
 game/tests/test_models.py,sha256=L1F5yHtVdDmVuhw7uGDBiOOTYi9rgZVIjzd248-eqLc,2592
@@ -794,14 +794,14 @@ game/views/api.py,sha256=j5Qwabpj0x9oJJ5iHhgGKeJ1RcHZgR5-eg3VGHPCyjE,8994
 game/views/helper.py,sha256=SR11w5rpshwSvC7v5dDFazTrH-Vpn9gOe93OLpwrVlE,548
 game/views/language_code_conversions.py,sha256=oaBqaPd5n1a4XmD1UWacpKrFYZ8Gk6CDII9sTrLDQDM,2590
 game/views/level.py,sha256=8Z5ZXnspK5Bnhy8-BeVt_Evf2JSSrRklGO7Fw3W78BA,16887
-game/views/level_editor.py,sha256=uvR-cYxb6zWUEN2kH6ZfmcaFEb6XilgARFKyRMsyIq4,18130
+game/views/level_editor.py,sha256=qJlHPs85hFCJoXrkwql37UduGs0MKxpAtwm5EpzEwi0,18227
 game/views/level_moderation.py,sha256=GwnvXlHRxGNjgjr3pcCCmnxCHEX4UCJlsGw2VA6rncA,5303
 game/views/level_selection.py,sha256=UI345nDv5iTRQ7VttiLKLzezJlaSlaKOnhlALZgMU9Q,9896
 game/views/level_solutions.py,sha256=lfwLFvw4gFuptTkL2J_ibhnuiysl3Yao15sn2qoQlcE,97194
 game/views/scoreboard.py,sha256=Lxy7XtoG7VwWpTb-c22BGC6eN8uCmmOnQ2qjY-oXA3k,16914
 game/views/scoreboard_csv.py,sha256=yx4tOwx5QsHyU1S1BUPUqRBWIh5idq8QVtBID-NqZto,1768
-rapid_router-7.5.11.dist-info/licenses/LICENSE.md,sha256=9AbRlCDqD2D1tPibimysFv3zg3AIc49-eyv9aEsyq9w,115
-rapid_router-7.5.11.dist-info/METADATA,sha256=6e0hhpQtzVd_iFyG4jHkhU1AX-I8O_ONb4Yi4uPMxJM,9209
-rapid_router-7.5.11.dist-info/WHEEL,sha256=JNWh1Fm1UdwIQV075glCn4MVuCRs0sotJIq-J6rbxCU,109
-rapid_router-7.5.11.dist-info/top_level.txt,sha256=rKP4ryr1t8Wcnx8grJHDViM3T5cMYH_0vygDjC04ArA,21
-rapid_router-7.5.11.dist-info/RECORD,,
+rapid_router-7.5.12.dist-info/licenses/LICENSE.md,sha256=9AbRlCDqD2D1tPibimysFv3zg3AIc49-eyv9aEsyq9w,115
+rapid_router-7.5.12.dist-info/METADATA,sha256=k3d-4OlAyJnh6YOk_Z4lfUmSSKwfTzjgGMlV3KMydHQ,9209
+rapid_router-7.5.12.dist-info/WHEEL,sha256=JNWh1Fm1UdwIQV075glCn4MVuCRs0sotJIq-J6rbxCU,109
+rapid_router-7.5.12.dist-info/top_level.txt,sha256=rKP4ryr1t8Wcnx8grJHDViM3T5cMYH_0vygDjC04ArA,21
+rapid_router-7.5.12.dist-info/RECORD,,

{rapid_router-7.5.11.dist-info → rapid_router-7.5.12.dist-info}/WHEEL RENAMED Viewed

File without changes

{rapid_router-7.5.11.dist-info → rapid_router-7.5.12.dist-info}/licenses/LICENSE.md RENAMED Viewed

File without changes

{rapid_router-7.5.11.dist-info → rapid_router-7.5.12.dist-info}/top_level.txt RENAMED Viewed

File without changes

rapid-router 7.5.11__py2.py3-none-any.whl → 7.5.12__py2.py3-none-any.whl

rapid-router 7.5.11py2.py3-none-any.whl → 7.5.12py2.py3-none-any.whl