From 16a0c1676bdb54537df82f7ee079b87172489425 Mon Sep 17 00:00:00 2001
From: Ivlev Denis <di-erz@yandex.ru>
Date: Wed, 7 Mar 2018 16:15:09 +0300
Subject: [PATCH] Fix course edit perms

---
 apps/course/views.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/apps/course/views.py b/apps/course/views.py
index 4b60508f..caa3bd5f 100644
--- a/apps/course/views.py
+++ b/apps/course/views.py
@@ -164,6 +164,8 @@ class CourseEditView(TemplateView):
             self.object = drafts.last()
         else:
             self.object = Course.objects.create()
+        if request.user != self.object.author and request.user.role not in [User.ADMIN_ROLE, User.AUTHOR_ROLE]:
+            raise Http404
         return super().get(request)
 
     def get_context_data(self):