LIL-237. Check user perms in lesson detail view

apps/course/templates/course/course.html

@@ -212,7 +212,7 @@
       <div class="lessons__title title">Содержание курса</div>
       <div class="lessons__list">
         {% for lesson in course.lessons.all %}
-        <a href="{% url 'lesson' pk=lesson.id %}">
+        <a href="{% if request.user.role == request.user.AUTHOR_ROLE or request.user.role == request.user.ADMIN_ROLE %}{% url 'lesson' pk=lesson.id %}{% else %}#{% endif %}">
           <div class="lessons__item">
             <div class="lessons__subtitle subtitle">{{ lesson.title }}</div>
             <div class="lessons__row">

apps/course/views.py

@@ -166,7 +166,7 @@ class CourseView(DetailView):
 
     def get(self, request, *args, **kwargs):
         response = super().get(request, *args, **kwargs)
-        if (self.object != Course.PUBLISHED and
+        if (self.object.status != Course.PUBLISHED and
                 (request.user.role not in [User.AUTHOR_ROLE, User.ADMIN_ROLE] or
                  self.object.author != request.user)):
             raise Http404
@@ -241,11 +241,20 @@ class CoursesView(ListView):
         return 'course/courses.html'
 
 
+@method_decorator(login_required, name='dispatch')
 class LessonView(DetailView):
     model = Lesson
     context_object_name = 'lesson'
     template_name = 'course/lesson.html'
 
+    def get(self, request, *args, **kwargs):
+        response = super().get(request, *args, **kwargs)
+        if (self.object.course.status != Course.PUBLISHED and
+                (request.user.role not in [User.AUTHOR_ROLE, User.ADMIN_ROLE] or
+                 self.object.course.author != request.user)):
+            raise Http404
+        return response
+
 
 class SearchView(CoursesView):
     template_name = 'course/result.html'