func addTeacher(w http.ResponseWriter, r *http.Request) *webapp.Error {
c := appengine.NewContext(r)
vals, err := webapp.ParseRequiredValues(r, "email")
if err != nil {
return webapp.InternalError(err)
}
staffAccount, ok := staffContext(r)
if !ok {
return webapp.UnauthorizedError(fmt.Errorf("only staff may add teachers"))
}
account, err := account.WithEmail(c, vals["email"])
if err != nil {
return webapp.InternalError(fmt.Errorf("Couldn't find account for '%s'", vals["email"]))
}
if r.Method == "POST" {
token, err := auth.TokenForRequest(c, staffAccount.ID, r.URL.Path)
if err != nil {
return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
}
if !token.IsValid(r.FormValue(auth.TokenFieldName), time.Now()) {
return webapp.UnauthorizedError(fmt.Errorf("invalid auth token"))
}
teacher := classes.NewTeacher(account)
if err := teacher.Put(c); err != nil {
return webapp.InternalError(fmt.Errorf("Couldn't store teacher for %q: %s", account.Email, err))
}
token.Delete(c)
http.Redirect(w, r, "/staff", http.StatusSeeOther)
return nil
}
token, err := auth.NewToken(staffAccount.ID, r.URL.Path, time.Now())
if err != nil {
return webapp.InternalError(err)
}
if err := token.Store(c); err != nil {
return webapp.InternalError(err)
}
data := map[string]interface{}{
"Token": token.Encode(),
"User": account,
}
if err := addTeacherPage.Execute(w, data); err != nil {
return webapp.InternalError(err)
}
return nil
}
func addStaff(w http.ResponseWriter, r *http.Request) *webapp.Error {
c := appengine.NewContext(r)
adminAccount, ok := userContext(r)
if !ok {
return webapp.InternalError(fmt.Errorf("user not logged in"))
}
account, err := account.WithEmail(c, r.FormValue("email"))
if err != nil {
return webapp.InternalError(fmt.Errorf("Couldn't find user for email %s", r.FormValue("email")))
}
if r.Method == "POST" {
token, err := auth.TokenForRequest(c, adminAccount.ID, r.URL.Path)
if err != nil {
return webapp.UnauthorizedError(fmt.Errorf("didn't find an auth token"))
}
if !token.IsValid(r.FormValue("xsrf_token"), time.Now()) {
return webapp.UnauthorizedError(fmt.Errorf("Invalid XSRF token provided"))
}
staff := staff.New(account)
if err := staff.Store(c); err != nil {
return webapp.InternalError(fmt.Errorf("Couldn't add %s as staff", account.Email))
}
http.Redirect(w, r, "/admin", http.StatusSeeOther)
return nil
}
token, err := auth.NewToken(adminAccount.ID, r.URL.Path, time.Now())
if err != nil {
return webapp.InternalError(err)
}
if err := token.Store(c); err != nil {
return webapp.InternalError(err)
}
data := map[string]interface{}{
"Token": token.Encode(),
"User": account,
}
if err := addStaffPage.Execute(w, data); err != nil {
return webapp.InternalError(err)
}
return nil
}
func registerPaperStudent(w http.ResponseWriter, r *http.Request) *webapp.Error {
if r.Method != "POST" {
w.WriteHeader(http.StatusMethodNotAllowed)
fmt.Fprintf(w, "Method not allowed")
return nil
}
c := appengine.NewContext(r)
user, class, werr := classAndUser(w, r)
if werr != nil {
return werr
}
token, ok := checkToken(c, user.ID, r.URL.Path, r.FormValue(auth.TokenFieldName))
if !ok {
return webapp.UnauthorizedError(fmt.Errorf("Invalid auth token"))
}
fields, err := webapp.ParseRequiredValues(r, "firstname", "lastname", "email", "type")
if err != nil {
return missingFields(w)
}
acct, err := account.WithEmail(c, fields["email"])
switch err {
case nil:
// Register with existing account
break
case account.ErrUserNotFound:
// Need to create a paper account for this registration. This account will not be stored.
info := account.Info{
FirstName: fields["firstname"],
LastName: fields["lastname"],
Email: fields["email"],
}
if phone := fields["phone"]; phone != "" {
info.Phone = phone
}
acct = account.Paper(info, class.ID)
break
default:
return webapp.InternalError(fmt.Errorf("failed to look up account for %q: %s", fields["email"], err))
}
var student *students.Student
if fields["type"] == "dropin" {
// TODO(rwsims): The date here should really be the end time of the
// class on the given day.
date, err := parseLocalDate(r.FormValue("date"))
if err != nil {
return invalidData(w, "Invalid date; please use mm/dd/yyyy format")
}
student = students.NewDropIn(acct, class, date)
} else {
student = students.New(acct, class)
}
switch err := student.Add(c, time.Now()); err {
case nil:
break
case students.ErrClassIsFull:
if err := classFullPage.Execute(w, class); err != nil {
return webapp.InternalError(err)
}
default:
return webapp.InternalError(fmt.Errorf("failed to write student: %s", err))
}
token.Delete(c)
http.Redirect(w, r, fmt.Sprintf("/roster?class=%d", class.ID), http.StatusSeeOther)
return nil
}