From c1fdd7e47addf34c38bcdd375b2c62c455222eb8 Mon Sep 17 00:00:00 2001
From: nikita <cfwm@yandex.ru>
Date: Wed, 23 May 2018 18:54:49 +0300
Subject: [PATCH] permission fix

---
 apps/course/views.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/apps/course/views.py b/apps/course/views.py
index 08596935..d55097f7 100644
--- a/apps/course/views.py
+++ b/apps/course/views.py
@@ -289,9 +289,9 @@ class LessonView(DetailView):
 
     def get(self, request, *args, **kwargs):
         response = super().get(request, *args, **kwargs)
-        if (self.object.course.status != Course.PUBLISHED and
-                (request.user.role < User.AUTHOR_ROLE or
-                 self.object.course.author != request.user)):
+        if (self.object.course.status != Course.PUBLISHED and not
+                (request.user.role == User.ADMIN_ROLE or
+                 self.object.course.author == request.user)):
             raise Http404
         return response