Updare perms

apps/course/views.py

@@ -167,9 +167,8 @@ class CourseEditView(TemplateView):
             self.object = Course.objects.create(
                 author=request.user,
             )
-        #TODO
+        if not request.user.has_assess(self.object):
-        #if (request.user != self.object.author and request.user.role < User.AUTHOR_ROLE) or request.user.role != User.ADMIN_ROLE:
+            raise Http404
-        #    raise Http404
         return super().get(request)
 
     def get_context_data(self):
@@ -190,13 +189,10 @@ class CourseView(DetailView):
         response = super().get(request, *args, **kwargs)
         context = self.get_context_data()
         if (not request.user.is_authenticated and self.object.status != Course.PUBLISHED) or\
-                (request.user.is_authenticated and request.user.role < User.AUTHOR_ROLE and self.object.author != request.user and self.only_lessons and not context['paid']):
+                (request.user.is_authenticated and request.user.has_assess(self.object)):
             raise Http404
         return response
 
-        # ((self.object.status != Course.PUBLISHED and request.user.role != User.ADMIN_ROLE) or
-        # (self.object.status != Course.PUBLISHED and request.user.role != User.AUTHOR_ROLE and self.object.author != request.user)):
-
     def get_context_data(self, **kwargs):
         context = super().get_context_data(**kwargs)
         if self.request.user.is_authenticated:
@@ -290,9 +286,7 @@ class LessonView(DetailView):
 
     def get(self, request, *args, **kwargs):
         response = super().get(request, *args, **kwargs)
-        if (self.object.course.status != Course.PUBLISHED and not
+        if not request.user.has_assess(self.object):
-                (request.user.role == User.ADMIN_ROLE or
-                 self.object.course.author == request.user)):
             raise Http404
         return response