feat(backend): course-plan student visibility, multi-voice TTS, OCR sources, branches
Ported from monorepo v4 commit 3b62075d (backend/* portion). encoach_ai_course: - workbook_attempt model + scoring + REST endpoints for student attempts - dialogue_parser splits scripts by speaker, classifies gender, strips labels - media_service: multi-voice TTS via Polly/ElevenLabs, ffmpeg concatenation, manual media upload endpoint (audio/image/video) with size validation - source_indexer: OCR fallback (pytesseract + pdf2image) for scanned PDFs, page-streaming to stay under memory limit - exercise_extractor + rag_context for RAG-grounded interactive workbooks - course_plan_pipeline: v2 generator that grounds week material on indexed sources and persists grounded_on_json metadata - security: access rules for new models encoach_lms_api: - branches model + controller (entity-scoped LMS branches) - classroom_ext + course_ext (assignment + section workflow) - classrooms controller: students/teachers/assign-course endpoints Made-with: Cursor
This commit is contained in:
@@ -26,3 +26,4 @@ from . import paymob
|
||||
from . import platform_settings
|
||||
from . import training
|
||||
from . import reports
|
||||
from . import branches
|
||||
|
||||
174
custom_addons/encoach_lms_api/controllers/branches.py
Normal file
174
custom_addons/encoach_lms_api/controllers/branches.py
Normal file
@@ -0,0 +1,174 @@
|
||||
import logging
|
||||
|
||||
from odoo import http
|
||||
from odoo.http import request
|
||||
from odoo.addons.encoach_api.controllers.base import (
|
||||
jwt_required, _json_response, _error_response, _get_json_body, _paginate,
|
||||
)
|
||||
|
||||
_logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def _entity_scope():
|
||||
"""Same convention as ``encoach_lms_api.controllers.lms_core._entity_scope``."""
|
||||
user = request.env.user.sudo()
|
||||
ids = user.entity_ids.ids if hasattr(user, 'entity_ids') else []
|
||||
if ids:
|
||||
return ids, False
|
||||
is_super = bool(
|
||||
user.id == 1 or user.has_group('base.group_system')
|
||||
)
|
||||
return ids, is_super
|
||||
|
||||
|
||||
def _ensure_entity_access(entity_id):
|
||||
if not entity_id:
|
||||
raise PermissionError('entity_id is required')
|
||||
ids, is_super = _entity_scope()
|
||||
if is_super:
|
||||
return int(entity_id)
|
||||
if not ids:
|
||||
raise PermissionError('User is not linked to any entity')
|
||||
if int(entity_id) not in ids:
|
||||
raise PermissionError('Entity access denied')
|
||||
return int(entity_id)
|
||||
|
||||
|
||||
def _default_entity_id_from_scope():
|
||||
ids, is_super = _entity_scope()
|
||||
if ids:
|
||||
return ids[0]
|
||||
if is_super:
|
||||
return False
|
||||
raise PermissionError('User is not linked to any entity')
|
||||
|
||||
|
||||
def _scoped_entity_domain(base_domain=None):
|
||||
domain = list(base_domain or [])
|
||||
ids, is_super = _entity_scope()
|
||||
if is_super:
|
||||
return domain
|
||||
if not ids:
|
||||
return domain + [('id', '=', 0)]
|
||||
return domain + [('entity_id', 'in', ids)]
|
||||
|
||||
|
||||
def _ser_branch(rec):
|
||||
return {
|
||||
'id': rec.id,
|
||||
'name': rec.name or '',
|
||||
'code': rec.code or '',
|
||||
'active': bool(rec.active),
|
||||
'notes': rec.notes or '',
|
||||
'entity_id': rec.entity_id.id if rec.entity_id else None,
|
||||
'entity_name': rec.entity_id.name if rec.entity_id else '',
|
||||
'course_count': rec.course_count or 0,
|
||||
'batch_count': rec.batch_count or 0,
|
||||
'student_count': rec.student_count or 0,
|
||||
'teacher_count': rec.teacher_count or 0,
|
||||
}
|
||||
|
||||
|
||||
class LmsBranchController(http.Controller):
|
||||
@http.route('/api/branches', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_branches(self, **kw):
|
||||
try:
|
||||
Branch = request.env['encoach.lms.branch'].sudo()
|
||||
domain = _scoped_entity_domain([])
|
||||
if kw.get('search'):
|
||||
q = kw['search']
|
||||
domain += ['|', ('name', 'ilike', q), ('code', 'ilike', q)]
|
||||
if kw.get('active') in ('true', 'false', '1', '0'):
|
||||
domain.append(('active', '=', kw.get('active') in ('true', '1')))
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Branch.search_count(domain)
|
||||
recs = Branch.search(domain, offset=offset, limit=limit, order='name asc, id asc')
|
||||
items = [_ser_branch(r) for r in recs]
|
||||
return _json_response({'items': items, 'data': items, 'total': total, 'page': page, 'size': limit})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_branches failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/branches/<int:branch_id>', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def get_branch(self, branch_id, **kw):
|
||||
try:
|
||||
rec = request.env['encoach.lms.branch'].sudo().browse(branch_id)
|
||||
if not rec.exists():
|
||||
return _error_response('Not found', 404)
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
return _json_response({'data': _ser_branch(rec)})
|
||||
except Exception as exc:
|
||||
_logger.exception('get_branch failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/branches', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def create_branch(self, **kw):
|
||||
try:
|
||||
body = _get_json_body()
|
||||
name = (body.get('name') or '').strip()
|
||||
if not name:
|
||||
return _error_response('name is required', 400)
|
||||
requested_entity = body.get('entity_id')
|
||||
if requested_entity:
|
||||
entity_id = _ensure_entity_access(int(requested_entity))
|
||||
else:
|
||||
entity_id = _default_entity_id_from_scope()
|
||||
vals = {
|
||||
'name': name,
|
||||
'entity_id': entity_id,
|
||||
'code': (body.get('code') or '').strip() or False,
|
||||
'notes': (body.get('notes') or '').strip(),
|
||||
}
|
||||
if 'active' in body:
|
||||
vals['active'] = bool(body.get('active'))
|
||||
rec = request.env['encoach.lms.branch'].sudo().create(vals)
|
||||
return _json_response({'data': _ser_branch(rec)})
|
||||
except Exception as exc:
|
||||
_logger.exception('create_branch failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/branches/<int:branch_id>', type='http', auth='public', methods=['PATCH', 'PUT'], csrf=False)
|
||||
@jwt_required
|
||||
def update_branch(self, branch_id, **kw):
|
||||
try:
|
||||
rec = request.env['encoach.lms.branch'].sudo().browse(branch_id)
|
||||
if not rec.exists():
|
||||
return _error_response('Not found', 404)
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
vals = {}
|
||||
if 'name' in body:
|
||||
vals['name'] = (body.get('name') or '').strip()
|
||||
if 'code' in body:
|
||||
vals['code'] = (body.get('code') or '').strip() or False
|
||||
if 'notes' in body:
|
||||
vals['notes'] = (body.get('notes') or '').strip()
|
||||
if 'active' in body:
|
||||
vals['active'] = bool(body.get('active'))
|
||||
if 'entity_id' in body and body.get('entity_id'):
|
||||
vals['entity_id'] = _ensure_entity_access(int(body.get('entity_id')))
|
||||
if vals:
|
||||
rec.write(vals)
|
||||
return _json_response({'data': _ser_branch(rec)})
|
||||
except Exception as exc:
|
||||
_logger.exception('update_branch failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/branches/<int:branch_id>', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def delete_branch(self, branch_id, **kw):
|
||||
try:
|
||||
rec = request.env['encoach.lms.branch'].sudo().browse(branch_id)
|
||||
if rec.exists():
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
rec.unlink()
|
||||
return _json_response({'success': True})
|
||||
except Exception as exc:
|
||||
_logger.exception('delete_branch failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@@ -1,4 +1,30 @@
|
||||
"""HTTP controller for classrooms (homerooms).
|
||||
|
||||
Routes:
|
||||
- GET /api/classrooms list (entity-scoped)
|
||||
- GET /api/classrooms/<id> fetch with full nested data
|
||||
- POST /api/classrooms create
|
||||
- PATCH /api/classrooms/<id> partial update
|
||||
- DELETE /api/classrooms/<id> delete
|
||||
|
||||
- GET /api/classrooms/<id>/students list roster
|
||||
- POST /api/classrooms/<id>/students set/add students (body: {student_ids:[..], mode:'set'|'add'})
|
||||
- DELETE /api/classrooms/<id>/students remove students (body: {student_ids:[..]})
|
||||
|
||||
- GET /api/classrooms/<id>/teachers list homeroom teachers
|
||||
- POST /api/classrooms/<id>/teachers set/add teachers (body: {teacher_ids:[..], mode:'set'|'add'})
|
||||
|
||||
- GET /api/classrooms/<id>/courses list courses
|
||||
- POST /api/classrooms/<id>/assign-course cascade course → batch + enroll students
|
||||
- DELETE /api/classrooms/<id>/courses/<cid> detach course (does NOT delete batches/enrollments)
|
||||
|
||||
- GET /api/classrooms/<id>/batches list classroom batches
|
||||
|
||||
The legacy ``/api/groups`` aliases on op.classroom remain for backward
|
||||
compatibility but new clients should target ``/api/classrooms``.
|
||||
"""
|
||||
import logging
|
||||
|
||||
from odoo import http
|
||||
from odoo.http import request
|
||||
from odoo.addons.encoach_api.controllers.base import (
|
||||
@@ -8,89 +34,592 @@ from odoo.addons.encoach_api.controllers.base import (
|
||||
_logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
def _ser_classroom(r):
|
||||
# ----------------------------------------------------------------------
|
||||
# Entity scoping helpers (same shape used in branches.py / lms_core.py)
|
||||
# ----------------------------------------------------------------------
|
||||
def _entity_scope():
|
||||
"""Same convention as ``encoach_lms_api.controllers.lms_core._entity_scope``."""
|
||||
user = request.env.user.sudo()
|
||||
ids = user.entity_ids.ids if hasattr(user, 'entity_ids') else []
|
||||
if ids:
|
||||
return ids, False
|
||||
is_super = bool(
|
||||
user.id == 1 or user.has_group('base.group_system')
|
||||
)
|
||||
return ids, is_super
|
||||
|
||||
|
||||
def _ensure_entity_access(entity_id):
|
||||
if not entity_id:
|
||||
raise PermissionError('entity_id is required')
|
||||
ids, is_super = _entity_scope()
|
||||
if is_super:
|
||||
return int(entity_id)
|
||||
if not ids:
|
||||
raise PermissionError('User is not linked to any entity')
|
||||
if int(entity_id) not in ids:
|
||||
raise PermissionError('Entity access denied')
|
||||
return int(entity_id)
|
||||
|
||||
|
||||
def _default_entity_id_from_scope():
|
||||
ids, is_super = _entity_scope()
|
||||
if ids:
|
||||
return ids[0]
|
||||
if is_super:
|
||||
return False
|
||||
raise PermissionError('User is not linked to any entity')
|
||||
|
||||
|
||||
def _scoped_entity_domain(base_domain=None):
|
||||
domain = list(base_domain or [])
|
||||
ids, is_super = _entity_scope()
|
||||
if is_super:
|
||||
return domain
|
||||
if not ids:
|
||||
return domain + [('id', '=', 0)]
|
||||
return domain + [('entity_id', 'in', ids)]
|
||||
|
||||
|
||||
def _ensure_branch_access(branch_id, *, entity_id=None):
|
||||
"""Validate that the branch exists, belongs to ``entity_id`` (when set)
|
||||
and is accessible by the current user."""
|
||||
if not branch_id:
|
||||
return None
|
||||
Branch = request.env['encoach.lms.branch'].sudo()
|
||||
branch = Branch.browse(int(branch_id))
|
||||
if not branch.exists():
|
||||
raise ValueError('Branch not found')
|
||||
_ensure_entity_access(branch.entity_id.id)
|
||||
if entity_id and branch.entity_id.id != int(entity_id):
|
||||
raise PermissionError('Branch does not belong to the requested entity.')
|
||||
return branch.id
|
||||
|
||||
|
||||
def _filter_ids_in_entity(model, ids, entity_id, *, label='record'):
|
||||
"""Return ids that exist *and* belong to ``entity_id``.
|
||||
|
||||
When ``entity_id`` is falsy (e.g. legacy classroom without an entity), we
|
||||
accept any record that has no ``entity_id`` set yet. This keeps the API
|
||||
safe by default while still allowing administrators to operate on
|
||||
pre-LMS-isolation data without surprises.
|
||||
"""
|
||||
if not ids:
|
||||
return []
|
||||
Model = request.env[model].sudo()
|
||||
recs = Model.browse([int(x) for x in ids])
|
||||
out = []
|
||||
for rec in recs:
|
||||
if not rec.exists():
|
||||
continue
|
||||
rec_entity = rec.entity_id.id if rec.entity_id else None
|
||||
if entity_id and rec_entity and rec_entity != int(entity_id):
|
||||
raise PermissionError(
|
||||
f"{label} {rec.id} belongs to a different entity"
|
||||
)
|
||||
out.append(rec.id)
|
||||
return out
|
||||
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# Serializers
|
||||
# ----------------------------------------------------------------------
|
||||
def _ser_student_short(s):
|
||||
return {
|
||||
'id': r.id,
|
||||
'name': r.name or '',
|
||||
'code': getattr(r, 'code', '') or '',
|
||||
'course_id': r.course_id.id if hasattr(r, 'course_id') and r.course_id else 0,
|
||||
'course_name': r.course_id.name if hasattr(r, 'course_id') and r.course_id else '',
|
||||
'capacity': getattr(r, 'capacity', 0) or 0,
|
||||
'id': s.id,
|
||||
'name': s.name or '',
|
||||
'email': s.email or '',
|
||||
'gr_no': getattr(s, 'gr_no', '') or '',
|
||||
}
|
||||
|
||||
|
||||
def _ser_teacher_short(f):
|
||||
return {
|
||||
'id': f.id,
|
||||
'name': f.name or '',
|
||||
'email': getattr(f, 'email', '') or '',
|
||||
}
|
||||
|
||||
|
||||
def _ser_course_short(c):
|
||||
return {
|
||||
'id': c.id,
|
||||
'name': c.name or '',
|
||||
'code': c.code or '',
|
||||
}
|
||||
|
||||
|
||||
def _ser_section_short(s):
|
||||
return {
|
||||
'id': s.id,
|
||||
'name': s.name or '',
|
||||
'code': s.code or '',
|
||||
'sequence': s.sequence or 0,
|
||||
'course_id': s.course_id.id if s.course_id else None,
|
||||
'course_name': s.course_id.name if s.course_id else '',
|
||||
}
|
||||
|
||||
|
||||
def _ser_batch_short(b):
|
||||
return {
|
||||
'id': b.id,
|
||||
'name': b.name or '',
|
||||
'code': b.code or '',
|
||||
'course_id': b.course_id.id if b.course_id else None,
|
||||
'course_name': b.course_id.name if b.course_id else '',
|
||||
'course_section_id': (
|
||||
b.course_section_id.id
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else None
|
||||
),
|
||||
'course_section_name': (
|
||||
b.course_section_id.name
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else ''
|
||||
),
|
||||
'course_section_code': (
|
||||
b.course_section_id.code
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else ''
|
||||
),
|
||||
'term_key': getattr(b, 'term_key', '') or '',
|
||||
'start_date': b.start_date and str(b.start_date) or '',
|
||||
'end_date': b.end_date and str(b.end_date) or '',
|
||||
'student_count': getattr(b, 'student_count', 0) or 0,
|
||||
'teacher_ids': b.teacher_ids.ids if hasattr(b, 'teacher_ids') else [],
|
||||
}
|
||||
|
||||
|
||||
def _ser_classroom(r, *, full=False):
|
||||
data = {
|
||||
'id': r.id,
|
||||
'name': r.name or '',
|
||||
'code': r.code or '',
|
||||
'capacity': r.capacity or 0,
|
||||
'active': bool(r.active),
|
||||
'notes': getattr(r, 'notes', '') or '',
|
||||
'entity_id': r.entity_id.id if r.entity_id else None,
|
||||
'entity_name': r.entity_id.name if r.entity_id else '',
|
||||
'branch_id': r.branch_id.id if r.branch_id else None,
|
||||
'branch_name': r.branch_id.name if r.branch_id else '',
|
||||
'student_count': r.student_count or 0,
|
||||
'teacher_count': r.teacher_count or 0,
|
||||
'course_count': r.course_count or 0,
|
||||
'batch_count': r.batch_count or 0,
|
||||
'student_ids': r.student_ids.ids,
|
||||
'teacher_ids': r.teacher_ids.ids,
|
||||
'course_ids': r.course_ids.ids,
|
||||
}
|
||||
if full:
|
||||
data['students'] = [_ser_student_short(s) for s in r.student_ids]
|
||||
data['teachers'] = [_ser_teacher_short(t) for t in r.teacher_ids]
|
||||
data['courses'] = [_ser_course_short(c) for c in r.course_ids]
|
||||
data['sections'] = [
|
||||
_ser_section_short(s)
|
||||
for s in request.env['encoach.course.section'].sudo().search([
|
||||
('course_id', 'in', r.course_ids.ids)
|
||||
], order='course_id, sequence, id')
|
||||
]
|
||||
data['batches'] = [_ser_batch_short(b) for b in r.batch_ids]
|
||||
return data
|
||||
|
||||
|
||||
def _classroom_or_404(cid):
|
||||
rec = request.env['op.classroom'].sudo().browse(int(cid))
|
||||
if not rec.exists():
|
||||
return None
|
||||
return rec
|
||||
|
||||
|
||||
def _scoped_classroom_domain(base_domain=None):
|
||||
"""Same as ``_scoped_entity_domain`` but tolerates legacy classrooms
|
||||
without ``entity_id`` for backward-compatibility (so existing rooms
|
||||
keep showing up to admins)."""
|
||||
domain = list(base_domain or [])
|
||||
ids, is_super = _entity_scope()
|
||||
if is_super:
|
||||
return domain
|
||||
if not ids:
|
||||
return domain + [('id', '=', 0)]
|
||||
return domain + ['|', ('entity_id', 'in', ids), ('entity_id', '=', False)]
|
||||
|
||||
|
||||
# ----------------------------------------------------------------------
|
||||
# Controller
|
||||
# ----------------------------------------------------------------------
|
||||
class ClassroomsController(http.Controller):
|
||||
|
||||
# ---- CRUD --------------------------------------------------------
|
||||
@http.route('/api/classrooms', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classrooms(self, **kw):
|
||||
try:
|
||||
Classroom = request.env['op.classroom'].sudo()
|
||||
domain = _scoped_classroom_domain([])
|
||||
if kw.get('search'):
|
||||
q = kw['search']
|
||||
domain += ['|', ('name', 'ilike', q), ('code', 'ilike', q)]
|
||||
if kw.get('active') in ('true', 'false', '1', '0'):
|
||||
domain.append(('active', '=', kw.get('active') in ('true', '1')))
|
||||
if kw.get('branch_id'):
|
||||
domain.append(('branch_id', '=', int(kw['branch_id'])))
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Classroom.search_count(domain)
|
||||
recs = Classroom.search(domain, offset=offset, limit=limit, order='name asc, id asc')
|
||||
items = [_ser_classroom(r) for r in recs]
|
||||
return _json_response({'items': items, 'data': items, 'total': total, 'page': page, 'size': limit})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classrooms failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def get_classroom(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('get_classroom failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def create_classroom(self, **kw):
|
||||
try:
|
||||
body = _get_json_body()
|
||||
name = (body.get('name') or '').strip()
|
||||
if not name:
|
||||
return _error_response('name is required', 400)
|
||||
entity_id = (
|
||||
_ensure_entity_access(int(body['entity_id']))
|
||||
if body.get('entity_id') else _default_entity_id_from_scope()
|
||||
)
|
||||
branch_id = _ensure_branch_access(body.get('branch_id'), entity_id=entity_id) if body.get('branch_id') else None
|
||||
|
||||
code = (body.get('code') or '').strip() or name.upper().replace(' ', '_')[:16]
|
||||
vals = {
|
||||
'name': name,
|
||||
'code': code,
|
||||
'capacity': int(body.get('capacity') or 30),
|
||||
'notes': (body.get('notes') or '').strip(),
|
||||
'entity_id': entity_id,
|
||||
'branch_id': branch_id or False,
|
||||
}
|
||||
if 'active' in body:
|
||||
vals['active'] = bool(body.get('active'))
|
||||
if body.get('student_ids'):
|
||||
vals['student_ids'] = [(6, 0, [int(x) for x in body['student_ids']])]
|
||||
if body.get('teacher_ids'):
|
||||
vals['teacher_ids'] = [(6, 0, [int(x) for x in body['teacher_ids']])]
|
||||
rec = request.env['op.classroom'].sudo().create(vals)
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('create_classroom failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>', type='http', auth='public', methods=['PATCH', 'PUT'], csrf=False)
|
||||
@jwt_required
|
||||
def update_classroom(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
vals = {}
|
||||
if 'name' in body:
|
||||
vals['name'] = (body.get('name') or '').strip()
|
||||
if 'code' in body:
|
||||
vals['code'] = (body.get('code') or '').strip() or rec.code
|
||||
if 'capacity' in body:
|
||||
vals['capacity'] = int(body.get('capacity') or rec.capacity)
|
||||
if 'notes' in body:
|
||||
vals['notes'] = (body.get('notes') or '').strip()
|
||||
if 'active' in body:
|
||||
vals['active'] = bool(body.get('active'))
|
||||
target_entity = rec.entity_id.id
|
||||
if 'entity_id' in body and body.get('entity_id'):
|
||||
target_entity = _ensure_entity_access(int(body['entity_id']))
|
||||
vals['entity_id'] = target_entity
|
||||
if 'branch_id' in body:
|
||||
vals['branch_id'] = (
|
||||
_ensure_branch_access(int(body['branch_id']), entity_id=target_entity)
|
||||
if body.get('branch_id') else False
|
||||
)
|
||||
if vals:
|
||||
rec.write(vals)
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('update_classroom failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def delete_classroom(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if rec:
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
rec.unlink()
|
||||
return _json_response({'success': True})
|
||||
except Exception as exc:
|
||||
_logger.exception('delete_classroom failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
# ---- Roster (students) ------------------------------------------
|
||||
@http.route('/api/classrooms/<int:cid>/students', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classroom_students(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
items = [_ser_student_short(s) for s in rec.student_ids]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classroom_students failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/students', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def set_classroom_students(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
raw_ids = [int(x) for x in (body.get('student_ids') or [])]
|
||||
ids = _filter_ids_in_entity(
|
||||
'op.student', raw_ids,
|
||||
rec.entity_id.id if rec.entity_id else None,
|
||||
label='Student',
|
||||
)
|
||||
mode = (body.get('mode') or 'set').lower()
|
||||
if mode == 'set':
|
||||
rec.write({'student_ids': [(6, 0, ids)]})
|
||||
else:
|
||||
rec.write({'student_ids': [(4, x) for x in ids]})
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('set_classroom_students failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/students', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def remove_classroom_students(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
ids = [int(x) for x in (body.get('student_ids') or [])]
|
||||
rec.write({'student_ids': [(3, x) for x in ids]})
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('remove_classroom_students failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
# ---- Homeroom teachers ------------------------------------------
|
||||
@http.route('/api/classrooms/<int:cid>/teachers', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classroom_teachers(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
items = [_ser_teacher_short(t) for t in rec.teacher_ids]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classroom_teachers failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/teachers', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def set_classroom_teachers(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
raw_ids = [int(x) for x in (body.get('teacher_ids') or [])]
|
||||
ids = _filter_ids_in_entity(
|
||||
'op.faculty', raw_ids,
|
||||
rec.entity_id.id if rec.entity_id else None,
|
||||
label='Teacher',
|
||||
)
|
||||
mode = (body.get('mode') or 'set').lower()
|
||||
if mode == 'set':
|
||||
rec.write({'teacher_ids': [(6, 0, ids)]})
|
||||
else:
|
||||
rec.write({'teacher_ids': [(4, x) for x in ids]})
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('set_classroom_teachers failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
# ---- Courses + cascade ------------------------------------------
|
||||
@http.route('/api/classrooms/<int:cid>/courses', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classroom_courses(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
items = [_ser_course_short(c) for c in rec.course_ids]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classroom_courses failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/sections', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classroom_sections(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
domain = [('course_id', 'in', rec.course_ids.ids)]
|
||||
if kw.get('course_id'):
|
||||
domain.append(('course_id', '=', int(kw['course_id'])))
|
||||
if kw.get('active') in ('true', 'false', '1', '0'):
|
||||
domain.append(('active', '=', kw.get('active') in ('true', '1')))
|
||||
items = [
|
||||
_ser_section_short(s)
|
||||
for s in request.env['encoach.course.section'].sudo().search(
|
||||
domain, order='course_id, sequence, id'
|
||||
)
|
||||
]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classroom_sections failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/assign-course', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def assign_classroom_course(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
body = _get_json_body()
|
||||
course_id = int(body.get('course_id') or 0)
|
||||
if not course_id:
|
||||
return _error_response('course_id is required', 400)
|
||||
classroom_entity_id = rec.entity_id.id if rec.entity_id else None
|
||||
_filter_ids_in_entity('op.course', [course_id], classroom_entity_id, label='Course')
|
||||
|
||||
section_id = int(body.get('section_id') or 0) or None
|
||||
if section_id:
|
||||
_filter_ids_in_entity(
|
||||
'encoach.course.section', [section_id],
|
||||
classroom_entity_id, label='Course section',
|
||||
)
|
||||
|
||||
teacher_ids = body.get('teacher_ids')
|
||||
if teacher_ids is not None:
|
||||
teacher_ids = _filter_ids_in_entity(
|
||||
'op.faculty', [int(x) for x in teacher_ids],
|
||||
classroom_entity_id, label='Teacher',
|
||||
)
|
||||
term_name = body.get('term_name') or None
|
||||
term_key = (body.get('term_key') or '').strip() or None
|
||||
start_date = body.get('start_date') or None
|
||||
end_date = body.get('end_date') or None
|
||||
batch = rec.assign_course(
|
||||
course_id,
|
||||
term_name=term_name,
|
||||
start_date=start_date,
|
||||
end_date=end_date,
|
||||
teacher_ids=teacher_ids,
|
||||
section_id=section_id,
|
||||
term_key=term_key,
|
||||
)
|
||||
return _json_response({
|
||||
'data': _ser_classroom(rec, full=True),
|
||||
'batch': _ser_batch_short(batch),
|
||||
})
|
||||
except Exception as exc:
|
||||
_logger.exception('assign_classroom_course failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/assign-section', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def assign_classroom_section(self, cid, **kw):
|
||||
"""Alias to make the classroom×section workflow explicit for clients."""
|
||||
return self.assign_classroom_course(cid, **kw)
|
||||
|
||||
@http.route('/api/classrooms/<int:cid>/courses/<int:course_id>', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def detach_classroom_course(self, cid, course_id, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
rec.write({'course_ids': [(3, int(course_id))]})
|
||||
return _json_response({'data': _ser_classroom(rec, full=True)})
|
||||
except Exception as exc:
|
||||
_logger.exception('detach_classroom_course failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
# ---- Batches -----------------------------------------------------
|
||||
@http.route('/api/classrooms/<int:cid>/batches', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_classroom_batches(self, cid, **kw):
|
||||
try:
|
||||
rec = _classroom_or_404(cid)
|
||||
if not rec:
|
||||
return _error_response('Not found', 404)
|
||||
if rec.entity_id:
|
||||
_ensure_entity_access(rec.entity_id.id)
|
||||
items = [_ser_batch_short(b) for b in rec.batch_ids]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as exc:
|
||||
_logger.exception('list_classroom_batches failed')
|
||||
return _error_response(str(exc), 403 if isinstance(exc, PermissionError) else 500)
|
||||
|
||||
# ---- Legacy /api/groups aliases (back-compat) -------------------
|
||||
@http.route('/api/groups', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_groups(self, **kw):
|
||||
try:
|
||||
M = request.env['op.classroom'].sudo()
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = M.search_count([])
|
||||
recs = M.search([], offset=offset, limit=limit, order='id desc')
|
||||
items = [_ser_classroom(r) for r in recs]
|
||||
return _json_response({'items': items, 'data': items, 'total': total, 'page': page, 'size': limit})
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
return self.list_classrooms(**kw)
|
||||
|
||||
@http.route('/api/groups/<int:gid>', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def get_group(self, gid, **kw):
|
||||
try:
|
||||
rec = request.env['op.classroom'].sudo().browse(gid)
|
||||
if not rec.exists():
|
||||
return _error_response('Not found', 404)
|
||||
return _json_response(_ser_classroom(rec))
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
return self.get_classroom(gid, **kw)
|
||||
|
||||
@http.route('/api/groups', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def create_group(self, **kw):
|
||||
try:
|
||||
body = _get_json_body()
|
||||
vals = {'name': body.get('name', '')}
|
||||
if body.get('code'):
|
||||
vals['code'] = body['code']
|
||||
if body.get('capacity'):
|
||||
vals['capacity'] = int(body['capacity'])
|
||||
rec = request.env['op.classroom'].sudo().create(vals)
|
||||
return _json_response(_ser_classroom(rec))
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
return self.create_classroom(**kw)
|
||||
|
||||
@http.route('/api/groups/<int:gid>', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def delete_group(self, gid, **kw):
|
||||
try:
|
||||
rec = request.env['op.classroom'].sudo().browse(gid)
|
||||
if rec.exists():
|
||||
rec.unlink()
|
||||
return _json_response({'success': True})
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/groups/transfer', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def transfer(self, **kw):
|
||||
try:
|
||||
return _json_response({'success': True})
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/groups/<int:gid>/members', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def add_members(self, gid, **kw):
|
||||
try:
|
||||
return _json_response({'success': True})
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/groups/<int:gid>/members/remove', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def remove_members(self, gid, **kw):
|
||||
try:
|
||||
return _json_response({'success': True})
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
return self.delete_classroom(gid, **kw)
|
||||
|
||||
@@ -12,10 +12,21 @@ _logger = logging.getLogger(__name__)
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
def _entity_scope():
|
||||
"""Return (entity_ids, is_superadmin) for the current user."""
|
||||
"""Return (entity_ids, is_superadmin) for the current user.
|
||||
|
||||
A user is treated as a *platform* superadmin only when they have no
|
||||
entities assigned (``entity_ids`` is empty) AND either are the bootstrap
|
||||
Odoo user (uid=1) or carry ``base.group_system`` directly. Any user
|
||||
linked to one or more entities is always entity-scoped — even Odoo
|
||||
settings admins — so multi-entity LMS isolation is enforced.
|
||||
"""
|
||||
user = request.env.user.sudo()
|
||||
is_super = bool(user.has_group('base.group_system'))
|
||||
ids = user.entity_ids.ids if hasattr(user, 'entity_ids') else []
|
||||
if ids:
|
||||
return ids, False
|
||||
is_super = bool(
|
||||
user.id == 1 or user.has_group('base.group_system')
|
||||
)
|
||||
return ids, is_super
|
||||
|
||||
|
||||
@@ -53,6 +64,49 @@ def _scoped_entity_domain(base_domain=None, field='entity_id'):
|
||||
return domain + [('id', '=', 0)]
|
||||
return domain + [(field, 'in', ids)]
|
||||
|
||||
|
||||
def _ensure_branch_access(branch_id, *, entity_id=None):
|
||||
"""Validate branch ownership and user access, return branch id."""
|
||||
if not branch_id:
|
||||
raise PermissionError('branch_id is required')
|
||||
branch = request.env['encoach.lms.branch'].sudo().browse(int(branch_id))
|
||||
if not branch.exists():
|
||||
raise ValueError('Branch not found')
|
||||
_ensure_entity_access(branch.entity_id.id)
|
||||
if entity_id and branch.entity_id.id != int(entity_id):
|
||||
raise PermissionError('Branch entity mismatch')
|
||||
return branch.id
|
||||
|
||||
|
||||
def _assert_record_in_entity(model, rec_id, entity_id, *, label='record'):
|
||||
"""Raise PermissionError if a record (M2O) doesn't belong to ``entity_id``.
|
||||
|
||||
A record without ``entity_id`` is considered legacy/unscoped and is
|
||||
allowed; this keeps pre-isolation data usable while still blocking
|
||||
explicit cross-entity references.
|
||||
"""
|
||||
if not rec_id or not entity_id:
|
||||
return int(rec_id) if rec_id else False
|
||||
rec = request.env[model].sudo().browse(int(rec_id))
|
||||
if not rec.exists():
|
||||
raise ValueError(f'{label} {rec_id} not found')
|
||||
rec_entity = rec.entity_id.id if rec.entity_id else None
|
||||
if rec_entity and rec_entity != int(entity_id):
|
||||
raise PermissionError(
|
||||
f'{label} {rec_id} belongs to a different entity'
|
||||
)
|
||||
return rec.id
|
||||
|
||||
|
||||
def _filter_ids_in_entity(model, ids, entity_id, *, label='record'):
|
||||
"""Same as ``_assert_record_in_entity`` but for a list of ids."""
|
||||
if not ids:
|
||||
return []
|
||||
out = []
|
||||
for rid in ids:
|
||||
out.append(_assert_record_in_entity(model, rid, entity_id, label=label))
|
||||
return out
|
||||
|
||||
def _serialize_course(c):
|
||||
subj = getattr(c, 'encoach_subject_id', False)
|
||||
tags = getattr(c, 'encoach_tag_ids', c.env['encoach.resource.tag'])
|
||||
@@ -85,8 +139,39 @@ def _serialize_course(c):
|
||||
'chapter_count': getattr(c, 'chapter_count', 0) or 0,
|
||||
'resource_count': getattr(c, 'resource_count', 0) or 0,
|
||||
'objective_count': getattr(c, 'objective_count', 0) or 0,
|
||||
'section_count': getattr(c, 'section_count', 0) or 0,
|
||||
'sections': [
|
||||
{
|
||||
'id': s.id,
|
||||
'name': s.name or '',
|
||||
'code': s.code or '',
|
||||
'sequence': s.sequence or 0,
|
||||
'active': bool(s.active),
|
||||
}
|
||||
for s in (c.section_ids if hasattr(c, 'section_ids') else c.env['encoach.course.section'])
|
||||
],
|
||||
'entity_id': c.entity_id.id if hasattr(c, 'entity_id') and c.entity_id else None,
|
||||
'entity_name': c.entity_id.name if hasattr(c, 'entity_id') and c.entity_id else '',
|
||||
'branch_id': c.branch_id.id if hasattr(c, 'branch_id') and c.branch_id else None,
|
||||
'branch_name': c.branch_id.name if hasattr(c, 'branch_id') and c.branch_id else '',
|
||||
}
|
||||
|
||||
|
||||
def _serialize_course_section(s):
|
||||
return {
|
||||
'id': s.id,
|
||||
'name': s.name or '',
|
||||
'code': s.code or '',
|
||||
'sequence': s.sequence or 0,
|
||||
'active': bool(s.active),
|
||||
'notes': s.notes or '',
|
||||
'course_id': s.course_id.id if s.course_id else None,
|
||||
'course_name': s.course_id.name if s.course_id else '',
|
||||
'entity_id': s.entity_id.id if s.entity_id else None,
|
||||
'entity_name': s.entity_id.name if s.entity_id else '',
|
||||
'branch_id': s.branch_id.id if s.branch_id else None,
|
||||
'branch_name': s.branch_id.name if s.branch_id else '',
|
||||
'batch_count': s.batch_count or 0,
|
||||
}
|
||||
|
||||
|
||||
@@ -121,6 +206,8 @@ def _serialize_student(s):
|
||||
'user_id': s.user_id.id if s.user_id else None,
|
||||
'entity_id': s.entity_id.id if hasattr(s, 'entity_id') and s.entity_id else None,
|
||||
'entity_name': s.entity_id.name if hasattr(s, 'entity_id') and s.entity_id else '',
|
||||
'branch_id': s.branch_id.id if hasattr(s, 'branch_id') and s.branch_id else None,
|
||||
'branch_name': s.branch_id.name if hasattr(s, 'branch_id') and s.branch_id else '',
|
||||
}
|
||||
|
||||
|
||||
@@ -145,6 +232,8 @@ def _serialize_teacher(f):
|
||||
'subject_names': [sub.name for sub in f.subject_ids] if hasattr(f, 'subject_ids') else [],
|
||||
'entity_id': f.entity_id.id if hasattr(f, 'entity_id') and f.entity_id else None,
|
||||
'entity_name': f.entity_id.name if hasattr(f, 'entity_id') and f.entity_id else '',
|
||||
'branch_id': f.branch_id.id if hasattr(f, 'branch_id') and f.branch_id else None,
|
||||
'branch_name': f.branch_id.name if hasattr(f, 'branch_id') and f.branch_id else '',
|
||||
}
|
||||
|
||||
|
||||
@@ -177,6 +266,28 @@ def _serialize_batch(b):
|
||||
'students': students,
|
||||
'entity_id': b.entity_id.id if hasattr(b, 'entity_id') and b.entity_id else None,
|
||||
'entity_name': b.entity_id.name if hasattr(b, 'entity_id') and b.entity_id else '',
|
||||
'branch_id': b.branch_id.id if hasattr(b, 'branch_id') and b.branch_id else None,
|
||||
'branch_name': b.branch_id.name if hasattr(b, 'branch_id') and b.branch_id else '',
|
||||
'classroom_id': b.classroom_id.id if hasattr(b, 'classroom_id') and b.classroom_id else None,
|
||||
'classroom_name': b.classroom_id.name if hasattr(b, 'classroom_id') and b.classroom_id else '',
|
||||
'course_section_id': (
|
||||
b.course_section_id.id
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else None
|
||||
),
|
||||
'course_section_name': (
|
||||
b.course_section_id.name
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else ''
|
||||
),
|
||||
'course_section_code': (
|
||||
b.course_section_id.code
|
||||
if hasattr(b, 'course_section_id') and b.course_section_id
|
||||
else ''
|
||||
),
|
||||
'term_key': getattr(b, 'term_key', '') or '',
|
||||
'teacher_ids': b.teacher_ids.ids if hasattr(b, 'teacher_ids') else [],
|
||||
'teacher_names': [t.name or '' for t in b.teacher_ids] if hasattr(b, 'teacher_ids') else [],
|
||||
}
|
||||
|
||||
|
||||
@@ -194,6 +305,8 @@ class LmsCoreController(http.Controller):
|
||||
pass # op.course has no status field by default
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
if kw.get('branch_id'):
|
||||
domain.append(('branch_id', '=', _ensure_branch_access(int(kw['branch_id']))))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Course.search_count(domain)
|
||||
records = Course.search(domain, offset=offset, limit=limit, order='id desc')
|
||||
@@ -239,6 +352,8 @@ class LmsCoreController(http.Controller):
|
||||
}
|
||||
if entity_id:
|
||||
vals['entity_id'] = entity_id
|
||||
if body.get('branch_id'):
|
||||
vals['branch_id'] = _ensure_branch_access(int(body['branch_id']), entity_id=entity_id)
|
||||
if body.get('description'):
|
||||
vals['description'] = body['description']
|
||||
if body.get('max_capacity'):
|
||||
@@ -292,6 +407,12 @@ class LmsCoreController(http.Controller):
|
||||
vals['encoach_tag_ids'] = [(6, 0, [int(i) for i in body['tag_ids']])]
|
||||
if 'entity_id' in body:
|
||||
vals['entity_id'] = _ensure_entity_access(int(body['entity_id'])) if body['entity_id'] else False
|
||||
effective_entity = vals.get('entity_id') or (rec.entity_id.id if rec.entity_id else False)
|
||||
if 'branch_id' in body:
|
||||
vals['branch_id'] = (
|
||||
_ensure_branch_access(int(body['branch_id']), entity_id=effective_entity)
|
||||
if body['branch_id'] else False
|
||||
)
|
||||
if vals:
|
||||
rec.write(vals)
|
||||
return _json_response({'data': _serialize_course(rec)})
|
||||
@@ -327,6 +448,172 @@ class LmsCoreController(http.Controller):
|
||||
_logger.exception('delete_course failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/sections', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_course_sections(self, course_id, **kw):
|
||||
try:
|
||||
course = request.env['op.course'].sudo().browse(course_id)
|
||||
if not course.exists():
|
||||
return _error_response('Course not found', 404)
|
||||
ids, is_super = _entity_scope()
|
||||
if not is_super and (not course.entity_id or course.entity_id.id not in ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
Section = request.env['encoach.course.section'].sudo()
|
||||
domain = [('course_id', '=', course_id)]
|
||||
if kw.get('active') in ('true', 'false', '1', '0'):
|
||||
domain.append(('active', '=', kw.get('active') in ('true', '1')))
|
||||
recs = Section.search(domain, order='sequence, id')
|
||||
items = [_serialize_course_section(r) for r in recs]
|
||||
return _json_response({'items': items, 'data': items, 'total': len(items)})
|
||||
except Exception as e:
|
||||
_logger.exception('list_course_sections failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/sections', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def create_course_section(self, course_id, **kw):
|
||||
try:
|
||||
course = request.env['op.course'].sudo().browse(course_id)
|
||||
if not course.exists():
|
||||
return _error_response('Course not found', 404)
|
||||
ids, is_super = _entity_scope()
|
||||
if not is_super and (not course.entity_id or course.entity_id.id not in ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
body = _get_json_body()
|
||||
name = (body.get('name') or '').strip()
|
||||
code = (body.get('code') or '').strip()
|
||||
if not name or not code:
|
||||
return _error_response('name and code are required', 400)
|
||||
vals = {
|
||||
'name': name,
|
||||
'code': code,
|
||||
'course_id': course_id,
|
||||
'sequence': int(body.get('sequence') or 10),
|
||||
'notes': (body.get('notes') or '').strip(),
|
||||
'active': bool(body.get('active', True)),
|
||||
}
|
||||
if body.get('branch_id'):
|
||||
vals['branch_id'] = _ensure_branch_access(
|
||||
int(body['branch_id']),
|
||||
entity_id=course.entity_id.id if course.entity_id else None,
|
||||
)
|
||||
rec = request.env['encoach.course.section'].sudo().create(vals)
|
||||
return _json_response({'data': _serialize_course_section(rec)})
|
||||
except Exception as e:
|
||||
_logger.exception('create_course_section failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/sections/<int:section_id>', type='http', auth='public', methods=['PATCH', 'PUT'], csrf=False)
|
||||
@jwt_required
|
||||
def update_course_section(self, course_id, section_id, **kw):
|
||||
try:
|
||||
section = request.env['encoach.course.section'].sudo().browse(section_id)
|
||||
if not section.exists() or section.course_id.id != course_id:
|
||||
return _error_response('Section not found', 404)
|
||||
ids, is_super = _entity_scope()
|
||||
if not is_super and (not section.entity_id or section.entity_id.id not in ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
body = _get_json_body()
|
||||
vals = {}
|
||||
if 'name' in body:
|
||||
vals['name'] = (body.get('name') or '').strip()
|
||||
if 'code' in body:
|
||||
vals['code'] = (body.get('code') or '').strip()
|
||||
if 'sequence' in body:
|
||||
vals['sequence'] = int(body.get('sequence') or 10)
|
||||
if 'notes' in body:
|
||||
vals['notes'] = (body.get('notes') or '').strip()
|
||||
if 'active' in body:
|
||||
vals['active'] = bool(body.get('active'))
|
||||
if 'branch_id' in body:
|
||||
vals['branch_id'] = (
|
||||
_ensure_branch_access(
|
||||
int(body['branch_id']),
|
||||
entity_id=section.entity_id.id if section.entity_id else None,
|
||||
)
|
||||
if body.get('branch_id') else False
|
||||
)
|
||||
if vals:
|
||||
section.write(vals)
|
||||
return _json_response({'data': _serialize_course_section(section)})
|
||||
except Exception as e:
|
||||
_logger.exception('update_course_section failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/sections/<int:section_id>', type='http', auth='public', methods=['DELETE'], csrf=False)
|
||||
@jwt_required
|
||||
def delete_course_section(self, course_id, section_id, **kw):
|
||||
try:
|
||||
section = request.env['encoach.course.section'].sudo().browse(section_id)
|
||||
if section.exists() and section.course_id.id == course_id:
|
||||
ids, is_super = _entity_scope()
|
||||
if not is_super and (not section.entity_id or section.entity_id.id not in ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
section.unlink()
|
||||
return _json_response({'success': True})
|
||||
except Exception as e:
|
||||
_logger.exception('delete_course_section failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/sections/generate-defaults', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def generate_default_course_sections(self, course_id, **kw):
|
||||
"""Idempotently create A/B/C section templates for a course.
|
||||
|
||||
Body (optional):
|
||||
- codes: ["A","B","C", ...] (defaults to ["A","B","C"])
|
||||
- branch_id: int (optional default branch for new sections)
|
||||
|
||||
Existing sections (matched by code per course) are kept untouched.
|
||||
Returns the full ordered list of sections after generation.
|
||||
"""
|
||||
try:
|
||||
course = request.env['op.course'].sudo().browse(course_id)
|
||||
if not course.exists():
|
||||
return _error_response('Course not found', 404)
|
||||
ids, is_super = _entity_scope()
|
||||
if not is_super and (not course.entity_id or course.entity_id.id not in ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
body = _get_json_body() or {}
|
||||
raw_codes = body.get('codes')
|
||||
if not isinstance(raw_codes, list) or not raw_codes:
|
||||
raw_codes = ['A', 'B', 'C']
|
||||
codes = [str(c).strip().upper() for c in raw_codes if str(c).strip()]
|
||||
branch_id = body.get('branch_id')
|
||||
if branch_id:
|
||||
branch_id = _ensure_branch_access(
|
||||
int(branch_id),
|
||||
entity_id=course.entity_id.id if course.entity_id else None,
|
||||
)
|
||||
Section = request.env['encoach.course.section'].sudo()
|
||||
existing = Section.search([('course_id', '=', course_id)])
|
||||
existing_codes = {s.code for s in existing}
|
||||
created = []
|
||||
for idx, code in enumerate(codes, start=1):
|
||||
if code in existing_codes:
|
||||
continue
|
||||
vals = {
|
||||
'name': f'Section {code}',
|
||||
'code': code,
|
||||
'course_id': course_id,
|
||||
'sequence': 10 * idx,
|
||||
'active': True,
|
||||
}
|
||||
if branch_id:
|
||||
vals['branch_id'] = branch_id
|
||||
created.append(Section.create(vals))
|
||||
recs = Section.search([('course_id', '=', course_id)], order='sequence, id')
|
||||
return _json_response({
|
||||
'created_count': len(created),
|
||||
'created_ids': [r.id for r in created],
|
||||
'items': [_serialize_course_section(r) for r in recs],
|
||||
'data': [_serialize_course_section(r) for r in recs],
|
||||
'total': len(recs),
|
||||
})
|
||||
except Exception as e:
|
||||
_logger.exception('generate_default_course_sections failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
# ── Student: My Courses (enrollment-filtered) ──────────────────
|
||||
|
||||
@http.route('/api/student/my-courses', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@@ -486,6 +773,8 @@ class LmsCoreController(http.Controller):
|
||||
domain.append(('course_detail_ids.batch_id', '=', int(kw['batch_id'])))
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
if kw.get('branch_id'):
|
||||
domain.append(('branch_id', '=', _ensure_branch_access(int(kw['branch_id']))))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Student.search_count(domain)
|
||||
records = Student.search(domain, offset=offset, limit=limit, order='id desc')
|
||||
@@ -540,6 +829,8 @@ class LmsCoreController(http.Controller):
|
||||
}
|
||||
if entity_id:
|
||||
student_vals['entity_id'] = entity_id
|
||||
if body.get('branch_id'):
|
||||
student_vals['branch_id'] = _ensure_branch_access(int(body['branch_id']), entity_id=entity_id)
|
||||
if body.get('birth_date'):
|
||||
student_vals['birth_date'] = body['birth_date']
|
||||
student = request.env['op.student'].sudo().create(student_vals)
|
||||
@@ -594,6 +885,12 @@ class LmsCoreController(http.Controller):
|
||||
student_vals['gender'] = body['gender']
|
||||
if 'entity_id' in body:
|
||||
student_vals['entity_id'] = _ensure_entity_access(int(body['entity_id'])) if body['entity_id'] else False
|
||||
effective_entity = student_vals.get('entity_id') or (rec.entity_id.id if rec.entity_id else False)
|
||||
if 'branch_id' in body:
|
||||
student_vals['branch_id'] = (
|
||||
_ensure_branch_access(int(body['branch_id']), entity_id=effective_entity)
|
||||
if body['branch_id'] else False
|
||||
)
|
||||
if student_vals:
|
||||
rec.write(student_vals)
|
||||
return _json_response({'data': _serialize_student(rec)})
|
||||
@@ -628,6 +925,8 @@ class LmsCoreController(http.Controller):
|
||||
domain.append(('partner_id.name', 'ilike', kw['search']))
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
if kw.get('branch_id'):
|
||||
domain.append(('branch_id', '=', _ensure_branch_access(int(kw['branch_id']))))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Faculty.search_count(domain)
|
||||
records = Faculty.search(domain, offset=offset, limit=limit, order='id desc')
|
||||
@@ -652,9 +951,18 @@ class LmsCoreController(http.Controller):
|
||||
entity_id = _ensure_entity_access(int(requested_entity))
|
||||
else:
|
||||
entity_id = _default_entity_id_from_scope()
|
||||
first = body.get('first_name', '')
|
||||
last = body.get('last_name', '')
|
||||
name = f"{first} {last}".strip()
|
||||
first = (body.get('first_name') or '').strip()
|
||||
last = (body.get('last_name') or '').strip()
|
||||
name = f"{first} {last}".strip() or (body.get('name') or '').strip()
|
||||
if not name:
|
||||
return _error_response('first_name/last_name (or name) is required', 400)
|
||||
if not first and ' ' in name:
|
||||
first, last = name.split(' ', 1)
|
||||
elif not first:
|
||||
first = name
|
||||
last = name
|
||||
if not last:
|
||||
last = first
|
||||
partner = request.env['res.partner'].sudo().create({
|
||||
'name': name,
|
||||
'email': body.get('email', ''),
|
||||
@@ -662,14 +970,18 @@ class LmsCoreController(http.Controller):
|
||||
})
|
||||
fac_vals = {
|
||||
'partner_id': partner.id,
|
||||
'gender': body.get('gender', ''),
|
||||
'first_name': first,
|
||||
'last_name': last,
|
||||
'name': name,
|
||||
'gender': body.get('gender') or 'male',
|
||||
'birth_date': body.get('birth_date') or '1990-01-01',
|
||||
}
|
||||
if entity_id:
|
||||
fac_vals['entity_id'] = entity_id
|
||||
if body.get('branch_id'):
|
||||
fac_vals['branch_id'] = _ensure_branch_access(int(body['branch_id']), entity_id=entity_id)
|
||||
if body.get('department_id') and hasattr(request.env['op.faculty'], 'department_id'):
|
||||
fac_vals['department_id'] = int(body['department_id'])
|
||||
if body.get('birth_date'):
|
||||
fac_vals['birth_date'] = body['birth_date']
|
||||
faculty = request.env['op.faculty'].sudo().create(fac_vals)
|
||||
return _json_response({'data': _serialize_teacher(faculty)})
|
||||
except Exception as e:
|
||||
@@ -716,6 +1028,12 @@ class LmsCoreController(http.Controller):
|
||||
vals['gender'] = body['gender']
|
||||
if 'entity_id' in body:
|
||||
vals['entity_id'] = _ensure_entity_access(int(body['entity_id'])) if body['entity_id'] else False
|
||||
effective_entity = vals.get('entity_id') or (rec.entity_id.id if rec.entity_id else False)
|
||||
if 'branch_id' in body:
|
||||
vals['branch_id'] = (
|
||||
_ensure_branch_access(int(body['branch_id']), entity_id=effective_entity)
|
||||
if body['branch_id'] else False
|
||||
)
|
||||
if vals:
|
||||
rec.write(vals)
|
||||
return _json_response({'data': _serialize_teacher(rec)})
|
||||
@@ -748,6 +1066,18 @@ class LmsCoreController(http.Controller):
|
||||
domain = _scoped_entity_domain([])
|
||||
if kw.get('entity_id'):
|
||||
domain.append(('entity_id', '=', _ensure_entity_access(int(kw['entity_id']))))
|
||||
if kw.get('branch_id'):
|
||||
domain.append(('branch_id', '=', _ensure_branch_access(int(kw['branch_id']))))
|
||||
if kw.get('classroom_id'):
|
||||
domain.append(('classroom_id', '=', int(kw['classroom_id'])))
|
||||
if kw.get('teacher_id'):
|
||||
domain.append(('teacher_ids', 'in', int(kw['teacher_id'])))
|
||||
if kw.get('course_id'):
|
||||
domain.append(('course_id', '=', int(kw['course_id'])))
|
||||
if kw.get('course_section_id'):
|
||||
domain.append(('course_section_id', '=', int(kw['course_section_id'])))
|
||||
if kw.get('term_key'):
|
||||
domain.append(('term_key', '=', str(kw['term_key'])))
|
||||
offset, limit, page = _paginate(kw)
|
||||
total = Batch.search_count(domain)
|
||||
records = Batch.search(domain, offset=offset, limit=limit, order='id desc')
|
||||
@@ -791,13 +1121,65 @@ class LmsCoreController(http.Controller):
|
||||
if body.get('code'):
|
||||
vals['code'] = body['code']
|
||||
if body.get('course_id'):
|
||||
vals['course_id'] = int(body['course_id'])
|
||||
vals['course_id'] = _assert_record_in_entity(
|
||||
'op.course', int(body['course_id']), entity_id, label='Course',
|
||||
)
|
||||
section_id = body.get('course_section_id')
|
||||
section = None
|
||||
if section_id:
|
||||
section = request.env['encoach.course.section'].sudo().browse(int(section_id))
|
||||
if not section.exists():
|
||||
return _error_response('course_section_id not found', 400)
|
||||
if vals.get('course_id') and section.course_id.id != vals['course_id']:
|
||||
return _error_response('course_section_id does not belong to course_id', 400)
|
||||
_assert_record_in_entity(
|
||||
'encoach.course.section', section.id, entity_id, label='Course section',
|
||||
)
|
||||
vals['course_section_id'] = section.id
|
||||
if entity_id:
|
||||
vals['entity_id'] = entity_id
|
||||
if body.get('branch_id'):
|
||||
vals['branch_id'] = _ensure_branch_access(int(body['branch_id']), entity_id=entity_id)
|
||||
if body.get('classroom_id'):
|
||||
vals['classroom_id'] = _assert_record_in_entity(
|
||||
'op.classroom', int(body['classroom_id']), entity_id, label='Classroom',
|
||||
)
|
||||
if body.get('teacher_ids'):
|
||||
tids = _filter_ids_in_entity(
|
||||
'op.faculty', [int(x) for x in body['teacher_ids']],
|
||||
entity_id, label='Teacher',
|
||||
)
|
||||
vals['teacher_ids'] = [(6, 0, tids)]
|
||||
if 'term_key' in body:
|
||||
vals['term_key'] = (body.get('term_key') or '').strip() or False
|
||||
if body.get('start_date'):
|
||||
vals['start_date'] = body['start_date']
|
||||
if body.get('end_date'):
|
||||
vals['end_date'] = body['end_date']
|
||||
# Auto-generate a unique batch code if the client didn't supply one.
|
||||
# `op.batch.code` is NOT NULL + UNIQUE, and AdminBatches UI doesn't ship a code field.
|
||||
if not vals.get('code'):
|
||||
Batch = request.env['op.batch'].sudo()
|
||||
course = request.env['op.course'].sudo().browse(vals['course_id']) if vals.get('course_id') else None
|
||||
course_part = ((course.code or course.name or 'C') if course else 'C')
|
||||
course_part = ''.join(ch for ch in course_part.upper() if ch.isalnum())[:6] or 'C'
|
||||
section_part = ''
|
||||
if section:
|
||||
section_part = '-' + ''.join(ch for ch in (section.code or '').upper() if ch.isalnum())[:4]
|
||||
term_part = ''
|
||||
term_key_val = vals.get('term_key')
|
||||
if term_key_val:
|
||||
term_part = '-' + ''.join(ch for ch in term_key_val.upper() if ch.isalnum())[:5]
|
||||
base = f"B{course_part}{section_part}{term_part}"[:14]
|
||||
candidate = base
|
||||
idx = 1
|
||||
while Batch.search_count([('code', '=', candidate)]):
|
||||
suffix = f"-{idx}"
|
||||
candidate = (base[: 16 - len(suffix)]) + suffix
|
||||
idx += 1
|
||||
if idx > 999:
|
||||
break
|
||||
vals['code'] = candidate[:16]
|
||||
rec = request.env['op.batch'].sudo().create(vals)
|
||||
return _json_response({'data': _serialize_batch(rec)})
|
||||
except Exception as e:
|
||||
@@ -819,10 +1201,46 @@ class LmsCoreController(http.Controller):
|
||||
for k in ('name', 'code', 'start_date', 'end_date'):
|
||||
if k in body:
|
||||
vals[k] = body[k]
|
||||
if 'course_id' in body:
|
||||
vals['course_id'] = int(body['course_id'])
|
||||
if 'entity_id' in body:
|
||||
vals['entity_id'] = _ensure_entity_access(int(body['entity_id'])) if body['entity_id'] else False
|
||||
effective_entity = vals.get('entity_id') or (rec.entity_id.id if rec.entity_id else False)
|
||||
if 'course_id' in body:
|
||||
vals['course_id'] = _assert_record_in_entity(
|
||||
'op.course', int(body['course_id']), effective_entity, label='Course',
|
||||
)
|
||||
if 'course_section_id' in body:
|
||||
if body['course_section_id']:
|
||||
section = request.env['encoach.course.section'].sudo().browse(int(body['course_section_id']))
|
||||
if not section.exists():
|
||||
return _error_response('course_section_id not found', 400)
|
||||
target_course = vals.get('course_id') or (rec.course_id.id if rec.course_id else None)
|
||||
if target_course and section.course_id.id != target_course:
|
||||
return _error_response('course_section_id does not belong to course_id', 400)
|
||||
_assert_record_in_entity(
|
||||
'encoach.course.section', section.id, effective_entity, label='Course section',
|
||||
)
|
||||
vals['course_section_id'] = section.id
|
||||
else:
|
||||
vals['course_section_id'] = False
|
||||
if 'branch_id' in body:
|
||||
vals['branch_id'] = (
|
||||
_ensure_branch_access(int(body['branch_id']), entity_id=effective_entity)
|
||||
if body['branch_id'] else False
|
||||
)
|
||||
if 'classroom_id' in body:
|
||||
vals['classroom_id'] = (
|
||||
_assert_record_in_entity(
|
||||
'op.classroom', int(body['classroom_id']), effective_entity, label='Classroom',
|
||||
) if body['classroom_id'] else False
|
||||
)
|
||||
if 'teacher_ids' in body:
|
||||
tids = _filter_ids_in_entity(
|
||||
'op.faculty', [int(x) for x in (body['teacher_ids'] or [])],
|
||||
effective_entity, label='Teacher',
|
||||
)
|
||||
vals['teacher_ids'] = [(6, 0, tids)]
|
||||
if 'term_key' in body:
|
||||
vals['term_key'] = (body.get('term_key') or '').strip() or False
|
||||
if vals:
|
||||
rec.write(vals)
|
||||
return _json_response({'data': _serialize_batch(rec)})
|
||||
@@ -956,6 +1374,94 @@ class LmsCoreController(http.Controller):
|
||||
except Exception as e:
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
# ── Per-batch teacher assignment ────────────────────────────────
|
||||
@http.route('/api/batches/<int:batch_id>/teachers', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
@jwt_required
|
||||
def list_batch_teachers(self, batch_id, **kw):
|
||||
try:
|
||||
batch = request.env['op.batch'].sudo().browse(batch_id)
|
||||
if not batch.exists():
|
||||
return _error_response('Batch not found', 404)
|
||||
scope_ids, is_super = _entity_scope()
|
||||
if not is_super and (not batch.entity_id or batch.entity_id.id not in scope_ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
teachers = []
|
||||
for t in batch.teacher_ids:
|
||||
p = t.partner_id
|
||||
teachers.append({
|
||||
'id': t.id,
|
||||
'name': p.name if p else '',
|
||||
'email': (p.email or '') if p else '',
|
||||
})
|
||||
return _json_response({
|
||||
'items': teachers,
|
||||
'data': teachers,
|
||||
'total': len(teachers),
|
||||
})
|
||||
except Exception as e:
|
||||
_logger.exception('list_batch_teachers failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
@http.route('/api/batches/<int:batch_id>/teachers', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def set_batch_teachers(self, batch_id, **kw):
|
||||
"""Assign teachers to a single batch.
|
||||
|
||||
Body:
|
||||
- teacher_ids: int[] required
|
||||
- mode: 'set' | 'add' default 'set'
|
||||
|
||||
Cross-entity teachers are rejected. ``mode='set'`` replaces the whole
|
||||
list; ``mode='add'`` unions with the existing teachers.
|
||||
"""
|
||||
try:
|
||||
batch = request.env['op.batch'].sudo().browse(batch_id)
|
||||
if not batch.exists():
|
||||
return _error_response('Batch not found', 404)
|
||||
scope_ids, is_super = _entity_scope()
|
||||
if not is_super and (not batch.entity_id or batch.entity_id.id not in scope_ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
body = _get_json_body() or {}
|
||||
mode = (body.get('mode') or 'set').lower()
|
||||
raw_ids = [int(x) for x in (body.get('teacher_ids') or [])]
|
||||
target_entity = batch.entity_id.id if batch.entity_id else None
|
||||
ids = _filter_ids_in_entity('op.faculty', raw_ids, target_entity, label='Teacher')
|
||||
if mode == 'set':
|
||||
batch.write({'teacher_ids': [(6, 0, ids)]})
|
||||
else:
|
||||
batch.write({'teacher_ids': [(4, x) for x in ids]})
|
||||
return _json_response({
|
||||
'success': True,
|
||||
'data': _serialize_batch(batch),
|
||||
'teacher_ids': batch.teacher_ids.ids,
|
||||
})
|
||||
except Exception as e:
|
||||
_logger.exception('set_batch_teachers failed')
|
||||
return _error_response(str(e), 403 if isinstance(e, PermissionError) else 500)
|
||||
|
||||
@http.route('/api/batches/<int:batch_id>/teachers/remove', type='http', auth='public', methods=['POST'], csrf=False)
|
||||
@jwt_required
|
||||
def remove_batch_teachers(self, batch_id, **kw):
|
||||
try:
|
||||
batch = request.env['op.batch'].sudo().browse(batch_id)
|
||||
if not batch.exists():
|
||||
return _error_response('Batch not found', 404)
|
||||
scope_ids, is_super = _entity_scope()
|
||||
if not is_super and (not batch.entity_id or batch.entity_id.id not in scope_ids):
|
||||
return _error_response('Forbidden', 403)
|
||||
body = _get_json_body() or {}
|
||||
ids = [int(x) for x in (body.get('teacher_ids') or [])]
|
||||
if ids:
|
||||
batch.write({'teacher_ids': [(3, x) for x in ids]})
|
||||
return _json_response({
|
||||
'success': True,
|
||||
'data': _serialize_batch(batch),
|
||||
'teacher_ids': batch.teacher_ids.ids,
|
||||
})
|
||||
except Exception as e:
|
||||
_logger.exception('remove_batch_teachers failed')
|
||||
return _error_response(str(e), 500)
|
||||
|
||||
# ── Taxonomy Relationship Endpoints ─────────────────────────────
|
||||
|
||||
@http.route('/api/courses/<int:course_id>/taxonomy', type='http', auth='public', methods=['GET'], csrf=False)
|
||||
|
||||
Reference in New Issue
Block a user