LIL 607

apps/course/templates/course/course_only_lessons.html

@@ -25,7 +25,7 @@
         </div>
         <div class="go__title">Вернуться</div>
       </a>
-      {% if not paid and course.price %}
+      {% if not paid and course.price and not has_full_access %}
       <a
         class="go__btn btn{% if pending %} btn_gray{% endif %} btn_md"
         {% if user.is_authenticated %}

apps/course/views.py

@@ -189,10 +189,13 @@ class CourseView(DetailView):
     def get(self, request, *args, **kwargs):
         response = super().get(request, *args, **kwargs)
         context = self.get_context_data()
-        if (not request.user.is_authenticated and self.object.status != Course.PUBLISHED) or\
-                (request.user.is_authenticated and request.user.role != User.ADMIN_ROLE and self.object.author != request.user
-                 and self.only_lessons and self.object.price and not context['paid']):
-            raise Http404
+
+        # если это не админ или автор
+        if not context.get('has_full_access'):
+            # если это не опубл курс или это страница уроков, курс платный, а юзер не оплатил курс - 404
+            if (self.object.status != Course.PUBLISHED) or \
+                (self.only_lessons and self.object.price and not context.get('paid')):
+                raise Http404
         return response
 
         # ((self.object.status != Course.PUBLISHED and request.user.role != User.ADMIN_ROLE) or
@@ -217,6 +220,9 @@ class CourseView(DetailView):
             context['only_lessons'] = self.only_lessons
             if self.only_lessons:
                 context['lessons'] = self.object.lessons.order_by('position')
+            context['is_owner'] = self.object.author == self.request.user
+            context['is_admin'] = self.request.user.role == User.ADMIN_ROLE
+            context['has_full_access'] = context['is_owner'] or context['is_admin']
         return context
 
     def get_queryset(self):
@@ -293,7 +299,7 @@ class LessonView(DetailView):
 
     def get(self, request, *args, **kwargs):
         response = super().get(request, *args, **kwargs)
-        paid = self.object.course.payments.filter(
+        paid = request.user.is_authenticated and self.object.course.payments.filter(
             user=self.request.user,
             status__in=[
                 Pingback.PINGBACK_TYPE_REGULAR,
@@ -301,10 +307,12 @@ class LessonView(DetailView):
                 Pingback.PINGBACK_TYPE_RISK_REVIEWED_ACCEPTED,
             ],
         ).exists()
-        if ((self.object.course.status != Course.PUBLISHED or (self.object.course.price and not paid)) and not
-                (request.user.role == User.ADMIN_ROLE or
-                 self.object.course.author == request.user)):
-            raise Http404
+        # если это не автор или админ
+        if not (request.user.is_authenticated and
+                (request.user.role == User.ADMIN_ROLE or self.object.course.author == request.user)):
+            # если курс не опубликован или он платный и не оплачен - 404
+            if self.object.course.status != Course.PUBLISHED or (self.object.course.price and not paid):
+                raise Http404
         return response
 
     def get_context_data(self, **kwargs):