Make API good

index.html

@@ -9,7 +9,7 @@
  src="https://cdn.jsdelivr.net/npm/[email protected]/distrib/jsxgraphcore.js"></script>
 <link rel="stylesheet" type="text/css" href="https://cdn.jsdelivr.net/npm/[email protected]/distrib/jsxgraph.css" />
 <script src="https://www.youtube.com/iframe_api"></script>
-<script type="text/javascript" src="./src/Media/geogebra/scripts/deployggb.js"></script>
+<script type="module" src="./src/Media/geogebra/scripts/deployggb.js"></script>
 <script src="https://cdn.jsdelivr.net/gh/ericnograles/[email protected]/dist/index.js"></script>
 <!-- <link rel="stylesheet" type="text/css" href="/src/css/handsontable.full.css" /> -->
 

package.json

@@ -69,6 +69,7 @@
     "lorem-ipsum": "^2.0.4",
     "math-expressions": "^2.0.0-alpha59",
     "nanoid": "^3.1.31",
+    "plotly.js-dist-min": "^2.20.0",
     "react": "^18.2.0",
     "react-copy-to-clipboard": "^5.0.3",
     "react-datetime": "^3.1.1",

public/api/MakeNewAssignment.php

@@ -0,0 +1,168 @@
+<?php
+header("Access-Control-Allow-Origin: *");
+header("Access-Control-Allow-Headers: access");
+header("Access-Control-Allow-Methods: GET");
+header("Access-Control-Allow-Credentials: true");
+header('Content-Type: application/json');
+
+include "db_connection.php";
+
+$jwtArray = include "jwtArray.php";
+$userId = $jwtArray['userId'];
+$_POST = json_decode(file_get_contents("php://input"),true);
+$driveId = mysqli_real_escape_string($conn,$_POST["driveId"]);
+$doenetId = mysqli_real_escape_string($conn,$_POST["doenetId"]);
+$versionId = mysqli_real_escape_string($conn,$_POST["versionId"]);
+$cid = mysqli_real_escape_string($conn,$_POST["cid"]);
+
+//make assignment 
+$dueDate = mysqli_real_escape_string($conn,$_POST["dueDate"]);
+if ($dueDate == ''){ $dueDate = '0001-01-01 01:01:01';}
+$assignedDate = mysqli_real_escape_string($conn,$_POST["assignedDate"]);
+if ($assignedDate == ''){ $assignedDate = '0001-01-01 01:01:01';}
+$timeLimit = mysqli_real_escape_string($conn,$_POST["timeLimit"]);
+if ($timeLimit == ''){ $timeLimit = NULL;}
+$numberOfAttemptsAllowed = mysqli_real_escape_string($conn,$_POST["numberOfAttemptsAllowed"]);
+if ($numberOfAttemptsAllowed == ''){ $numberOfAttemptsAllowed = '0';}
+$attemptAggregation = mysqli_real_escape_string($conn,$_POST["attemptAggregation"]);
+if ($attemptAggregation == ''){ $attemptAggregation = 'l';}
+$totalPointsOrPercent = mysqli_real_escape_string($conn,$_POST["totalPointsOrPercent"]);
+if ($totalPointsOrPercent == ''){ $totalPointsOrPercent = '0';}
+$gradeCategory = mysqli_real_escape_string($conn,$_POST["gradeCategory"]);
+if ($gradeCategory == ''){ $gradeCategory = 'e';}
+$individualize = mysqli_real_escape_string($conn,$_POST["individualize"]);
+if ($individualize == ''){ $individualize = '0';}
+else if ($individualize){ $individualize = '1';}
+$showSolution = mysqli_real_escape_string($conn,$_POST["showSolution"]);
+if ($showSolution == ''){ $showSolution = '0';}
+else if($showSolution){ $showSolution = '1';}
+$showSolutionInGradebook = mysqli_real_escape_string($conn,$_POST["showSolutionInGradebook"]);
+if ($showSolutionInGradebook == ''){ $showSolutionInGradebook = '0';}
+else if($showSolutionInGradebook){ $showSolutionInGradebook = '1';}
+$showFeedback = mysqli_real_escape_string($conn,$_POST["showFeedback"]);
+if ($showFeedback == ''){ $showFeedback = '0';}
+else if ($showFeedback){ $showFeedback = '1';}
+$showHints = mysqli_real_escape_string($conn,$_POST["showHints"]);
+if ($showHints == ''){ $showHints = '0';}
+else if ($showHints){ $showHints = '1';}
+$showCorrectness = mysqli_real_escape_string($conn,$_POST["showCorrectness"]);
+if ($showCorrectness == ''){ $showCorrectness = '0';}
+else if ($showCorrectness){ $showCorrectness = '1';}
+$proctorMakesAvailable = mysqli_real_escape_string($conn,$_POST["proctorMakesAvailable"]);
+if ($proctorMakesAvailable == ''){ $proctorMakesAvailable = '0';}
+else if($proctorMakesAvailable){ $proctorMakesAvailable = '1';}
+$autoSubmit = mysqli_real_escape_string($conn,$_POST["autoSubmit"]);
+if ($autoSubmit == ''){ $autoSubmit = '0';}
+else if($autoSubmit){ $autoSubmit = '1';}
+
+$success = TRUE;
+$message = "";
+
+if ($doenetId == ""){
+  $success = FALSE;
+  $message = "Internal Error: missing doenetId";
+}
+else if($driveId == ''){
+  $success = FALSE;
+  $message = "Internal Error: missing driveId";
+}
+
+if ($success){
+    $sqlnew="SELECT * from assignment WHERE doenetId = '$doenetId'";
+    $resultnew = $conn->query($sqlnew); 
+    if ($resultnew->num_rows > 0){
+      $sqlUpdate = "UPDATE assignment SET 
+      doenetId=$doenetId,
+      driveId=$driveId,
+      assignedDate=$assignedDate,
+      dueDate=$dueDate,
+      timeLimit=$timeLimit,
+      numberOfAttemptsAllowed=$numberOfAttemptsAllowed,
+      attemptAggregation=$attemptAggregation,
+      totalPointsOrPercent=$totalPointsOrPercent,
+      gradeCategory=$gradeCategory,
+      individualize=$individualize,
+      showSolution=$showSolution,
+      showSolutionInGradebook=$showSolutionInGradebook,
+      showFeedback=$showFeedback,
+      showHints=$showHints,
+      showCorrectness=$showCorrectness,
+      proctorMakesAvailable=$proctorMakesAvailable,
+      autoSubmit=$autoSubmit
+      WHERE doenetId='$doenetId'
+      ";
+          $result = $conn->query($sqlUpdate); 
+
+    }else{
+      $sql="
+      INSERT INTO assignment
+      (
+      doenetId,
+      cid,
+      driveId,
+      assignedDate,
+      dueDate,
+      timeLimit,
+      numberOfAttemptsAllowed,
+      attemptAggregation,
+      totalPointsOrPercent,
+      gradeCategory,
+      individualize,
+      showSolution,
+      showSolutionInGradebook,
+      showFeedback,
+      showHints,
+      showCorrectness,
+      proctorMakesAvailable,
+      autoSubmit)
+      VALUES
+      (
+        '$doenetId',
+        '$cid',
+      '$driveId',
+      '$assignedDate',
+      '$dueDate',
+      '$timeLimit',
+      '$numberOfAttemptsAllowed',
+      '$attemptAggregation',
+      '$totalPointsOrPercent',
+      '$gradeCategory',
+      '$individualize',
+      '$showSolution',
+      '$showSolutionInGradebook',
+      '$showFeedback',
+      '$showHints',
+      '$showCorrectness',
+      '$proctorMakesAvailable',
+      '$autoSubmit')
+      ";
+
+  $result = $conn->query($sql); 
+    }
+
+
+}
+  // echo $sql;
+$sqlnew="UPDATE drive_content SET isAssigned=1 WHERE doenetId='$doenetId';";
+//  echo $sqlnew;
+$result = $conn->query($sqlnew);
+
+$sql ="UPDATE content SET isAssigned=1 WHERE doenetId='$doenetId' AND versionId='$versionId';";
+$result = $conn->query($sql); 
+
+$response_arr = array(
+  "success"=>$success,
+  "message"=>$message
+  );
+
+
+// set response code - 200 OK
+http_response_code(200);
+
+// make it json format
+echo json_encode($response_arr);
+
+
+  $conn->close();
+
+?>

public/api/addCollectionEntry.php

@@ -0,0 +1,112 @@
+<?php
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Allow-Headers: access');
+header('Access-Control-Allow-Methods: POST');
+header('Access-Control-Allow-Credentials: true');
+header('Content-Type: application/json');
+
+include 'db_connection.php';
+
+$jwtArray = include 'jwtArray.php';
+$userId = $jwtArray['userId'];
+
+$success = true;
+
+//required unless data is passed in application/x-www-form-urlencoded or multipart/form-data
+$_POST = json_decode(file_get_contents('php://input'), true);
+
+//TODO: verify should be a util method
+if (!array_key_exists('entryId', $_POST)) {
+    $success = false;
+    $message = 'Missing entryId';
+} elseif (!array_key_exists('entryDoenetId', $_POST)) {
+    $success = false;
+    $message = 'Missing entryDoenetId';
+} elseif (!array_key_exists('entryVariant', $_POST)) {
+    $success = false;
+    $message = 'Missing entryVariant';
+} elseif (!array_key_exists('doenetId', $_POST)) {
+    $success = false;
+    $message = 'Missing doenetId';
+}
+
+if ($success) {
+    $doenetId = mysqli_real_escape_string($conn, $_POST['doenetId']);
+    $entryId = mysqli_real_escape_string($conn, $_POST['entryId']);
+    $entryDoenetId = mysqli_real_escape_string($conn, $_POST['entryDoenetId']);
+    $entryVariant = mysqli_real_escape_string($conn, $_POST['entryVariant']);
+
+    //get driveId from doenetId
+    //TODO: should be a sql join query with userId
+    $sql = "SELECT driveId
+    FROM `drive_content`
+    WHERE doenetId = '$doenetId'
+    ";
+    $result = $conn->query($sql);
+    if ($result->num_rows > 0) {
+        $row = $result->fetch_assoc();
+        $driveId = $row['driveId'];
+    }
+
+    if (array_key_exists('driveId', get_defined_vars())) {
+        //check user has permission to edit drive
+        $sql = "SELECT canEditContent
+        FROM drive_user
+        WHERE userId = '$userId'
+        AND driveId = '$driveId'
+        ";
+        $result = $conn->query($sql);
+        if ($result->num_rows > 0) {
+            $row = $result->fetch_assoc();
+            $canAdd = $row['canEditContent'];
+            if (!$canAdd) {
+                http_response_code(403); //User if forbidden from operation
+                $success = false;
+                $message = 'No permission to add';
+            }
+        } else {
+            //Fail because there is no DB row for the user on this drive so we shouldn't allow an add
+            http_response_code(401); //User has bad auth
+            $success = false;
+            $message = 'Database rejected update';
+        }
+    } else {
+        //bad doenetId
+        http_response_code(400);
+        $success = false;
+        $message = 'Bad doenetId'; //TODO: is this ok to say??
+        echo json_encode(['message' => $message, 'success' => $success]);
+    }
+
+    if ($success) {
+        //retrive cid from content table
+        $sql = "SELECT cid
+        FROM content
+        WHERE doenetId = '$entryDoenetId'
+        AND isReleased = '1'
+        ";
+        $result = $conn->query($sql);
+        if ($result->num_rows > 0) {
+            $row = $result->fetch_assoc();
+            $entryContentId = $row['cid'];
+
+            $sql = "INSERT INTO collection
+            (doenetId, entryId, entryDoenetId, entryContentId, entryVariant)
+            VALUES ('$doenetId', '$entryId', '$entryDoenetId', '$entryContentId', '$entryVariant')
+            ";
+
+            $result = $conn->query($sql);
+            http_response_code(201);
+            echo json_encode(['message' => $message, 'success' => $success]);
+        } else {
+            http_response_code(404);
+        }
+    }
+} else {
+    http_response_code(400);
+    echo json_encode(['message' => $message, 'success' => $success]);
+}
+
+$conn->close();
+
+?>