a2nr
/
elemes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: progress path fix

This commit is contained in:
a2nr 2026-05-12 14:49:18 +07:00
parent 86d2851593
commit 5f150da651
2 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
frontend/src/routes/progress/+page.svelte
View File

@ -1,6 +1,6 @@
<script lang="ts">
import { onMount } from 'svelte';
import { auth, authIsTeacher } from '$stores/auth';
import { auth, authIsTeacher, authToken } from '$stores/auth';
interface LessonHeader {
filename: string;
@ -17,18 +17,22 @@
let lessons = $state<LessonHeader[]>([]);
let loading = $state(true);
onMount(async () => {
await loadData();
// Reactively load data when auth is ready
$effect(() => {
if ($authIsTeacher && $authToken) {
loadData();
} else if (!$authIsTeacher) {
// If not a teacher, we can stop loading (will show "no access" message)
loading = false;
}
});
async function loadData() {
if (!$authIsTeacher) {
loading = false;
return;
}
if (!$authIsTeacher || !$authToken) return;
loading = true;
try {
const res = await fetch(`/api/progress-report.json?token=${encodeURIComponent(auth.token)}`);
const res = await fetch(`/api/progress-report.json?token=${encodeURIComponent($authToken)}`);
const data = await res.json();
students = data.students ?? [];
lessons = data.lessons ?? [];
@ -49,7 +53,7 @@
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({
teacher_token: auth.token,
teacher_token: $authToken,
student_token: studentToken,
lesson_name: lessonName
})
@ -74,17 +78,17 @@
<h1>Laporan Progress Siswa</h1>
{#if !$authIsTeacher}
<p class="empty">Anda tidak memiliki akses ke halaman ini.</p>
{:else if loading}
{#if loading}
<p class="loading">Memuat data...</p>
{:else if !$authIsTeacher}
<p class="empty">Anda tidak memiliki akses ke halaman ini.</p>
{:else if students.length === 0}
<p class="empty">Belum ada data siswa.</p>
{:else}
<div class="summary-bar">
<span><strong>{students.length}</strong> siswa</span>
<span><strong>{totalLessons}</strong> pelajaran</span>
<a href="/api/progress-report/export-csv?token={encodeURIComponent(auth.token)}" class="btn btn-secondary btn-sm">
<a href="/api/progress-report/export-csv?token={encodeURIComponent($authToken)}" class="btn btn-secondary btn-sm">
Export CSV
</a>
</div>

21
routes/progress.py
View File

@ -85,8 +85,19 @@ def api_progress_report():
if not token:
token = request.cookies.get('student_token', '').strip()
if not token or not validate_token(token):
return jsonify({'success': False, 'message': 'Unauthorized'}), 401
if not token:
logging.warning("Unauthorized access attempt to progress-report.json: No token provided")
return jsonify({'success': False, 'message': 'Unauthorized: Token is required'}), 401
student_info = validate_token(token)
if not student_info:
logging.warning(f"Unauthorized access attempt to progress-report.json: Invalid token '{token[:6]}...'")
return jsonify({'success': False, 'message': 'Unauthorized: Invalid token'}), 401
# Security: Only teacher can see the full progress report
if not student_info.get('is_teacher'):
logging.warning(f"Unauthorized access attempt to progress-report.json: Student '{student_info.get('student_name')}' is not a teacher")
return jsonify({'success': False, 'message': 'Forbidden: Teacher access only'}), 403
all_students_progress, ordered_lessons = get_all_students_progress(
get_lessons_with_learning_objectives,
@ -105,9 +116,13 @@ def export_progress_csv():
if not token:
token = request.cookies.get('student_token', '').strip()
if not token or not validate_token(token):
if not token:
return jsonify({'success': False, 'message': 'Unauthorized'}), 401
student_info = validate_token(token)
if not student_info or not student_info.get('is_teacher'):
return jsonify({'success': False, 'message': 'Forbidden'}), 403
all_students_progress, _ordered_lessons = get_all_students_progress(
get_lessons_with_learning_objectives,
)