From 93f18f69738b9417b4d265d4eff5241552538bdd Mon Sep 17 00:00:00 2001 From: Ivlev Denis Date: Thu, 5 Jul 2018 17:34:05 +0300 Subject: [PATCH] Updare perms --- apps/course/views.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/apps/course/views.py b/apps/course/views.py index 90957d68..ef24d492 100644 --- a/apps/course/views.py +++ b/apps/course/views.py @@ -167,9 +167,8 @@ class CourseEditView(TemplateView): self.object = Course.objects.create( author=request.user, ) - #TODO - #if (request.user != self.object.author and request.user.role < User.AUTHOR_ROLE) or request.user.role != User.ADMIN_ROLE: - # raise Http404 + if not request.user.has_assess(self.object): + raise Http404 return super().get(request) def get_context_data(self): @@ -190,13 +189,10 @@ class CourseView(DetailView): response = super().get(request, *args, **kwargs) context = self.get_context_data() if (not request.user.is_authenticated and self.object.status != Course.PUBLISHED) or\ - (request.user.is_authenticated and request.user.role < User.AUTHOR_ROLE and self.object.author != request.user and self.only_lessons and not context['paid']): + (request.user.is_authenticated and request.user.has_assess(self.object)): raise Http404 return response - # ((self.object.status != Course.PUBLISHED and request.user.role != User.ADMIN_ROLE) or - # (self.object.status != Course.PUBLISHED and request.user.role != User.AUTHOR_ROLE and self.object.author != request.user)): - def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) if self.request.user.is_authenticated: @@ -290,9 +286,7 @@ class LessonView(DetailView): def get(self, request, *args, **kwargs): response = super().get(request, *args, **kwargs) - if (self.object.course.status != Course.PUBLISHED and not - (request.user.role == User.ADMIN_ROLE or - self.object.course.author == request.user)): + if not request.user.has_assess(self.object): raise Http404 return response