|
|
|
|
@ -167,7 +167,7 @@ class CourseEditView(TemplateView): |
|
|
|
|
self.object = Course.objects.create( |
|
|
|
|
author=request.user, |
|
|
|
|
) |
|
|
|
|
if request.user != self.object.author and request.user.role < User.AUTHOR_ROLE: |
|
|
|
|
if (request.user != self.object.author and request.user.role < User.AUTHOR_ROLE) or request.user.role != User.ADMIN_ROLE: |
|
|
|
|
raise Http404 |
|
|
|
|
return super().get(request) |
|
|
|
|
|
|
|
|
|
@ -289,9 +289,9 @@ class LessonView(DetailView): |
|
|
|
|
|
|
|
|
|
def get(self, request, *args, **kwargs): |
|
|
|
|
response = super().get(request, *args, **kwargs) |
|
|
|
|
if (self.object.course.status != Course.PUBLISHED and |
|
|
|
|
(request.user.role < User.AUTHOR_ROLE or |
|
|
|
|
self.object.course.author != request.user)): |
|
|
|
|
if (self.object.course.status != Course.PUBLISHED and not |
|
|
|
|
(request.user.role == User.ADMIN_ROLE or |
|
|
|
|
self.object.course.author == request.user)): |
|
|
|
|
raise Http404 |
|
|
|
|
return response |
|
|
|
|
|
|
|
|
|
|
cfwme
8 years ago