Avoiding non-student to access goals submit screen

Zambom
1 parent 5a71d4f9
Showing 1 changed file with 7 additions and 1 deletions Show diff stats
goals/views.py
@@ -306,6 +306,9 @@ class NewWindowSubmit(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
 		if not has_resource_permissions(request.user, goals):
 			return redirect(reverse_lazy('subjects:home'))
  
+		if has_subject_permissions(request.user, goals.topic.subject):
+			return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
+
 		if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
 			return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
  
@@ -442,6 +445,9 @@ class SubmitView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
 		if not has_resource_permissions(request.user, goals):
 			return redirect(reverse_lazy('subjects:home'))
  
+		if has_subject_permissions(request.user, goals.topic.subject):
+			return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
+
 		if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
 			return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
  
@@ -828,7 +834,7 @@ class CreateView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
 	def get_success_url(self):
 		messages.success(self.request, _('The Goals specification for the topic %s was realized successfully!')%(self.object.topic.name))
  
-		if has_subject_permissions(self.request.user, self.object):
+		if has_subject_permissions(self.request.user, self.object.topic.subject):
 			success_url = reverse_lazy('goals:view', kwargs = {'slug': self.object.slug})
 		else:
 			success_url = reverse_lazy('goals:submit', kwargs = {'slug': self.object.slug})
...	...	@@ -306,6 +306,9 @@ class NewWindowSubmit(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
306	306	if not has_resource_permissions(request.user, goals):
307	307	return redirect(reverse_lazy('subjects:home'))
308	308
	309	+ if has_subject_permissions(request.user, goals.topic.subject):
	310	+ return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
	311	+
309	312	if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
310	313	return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
311	314
...	...	@@ -442,6 +445,9 @@ class SubmitView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
442	445	if not has_resource_permissions(request.user, goals):
443	446	return redirect(reverse_lazy('subjects:home'))
444	447
	448	+ if has_subject_permissions(request.user, goals.topic.subject):
	449	+ return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
	450	+
445	451	if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
446	452	return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
447	453
...	...	@@ -828,7 +834,7 @@ class CreateView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
828	834	def get_success_url(self):
829	835	messages.success(self.request, _('The Goals specification for the topic %s was realized successfully!')%(self.object.topic.name))
830	836
831		- if has_subject_permissions(self.request.user, self.object):
	837	+ if has_subject_permissions(self.request.user, self.object.topic.subject):
832	838	success_url = reverse_lazy('goals:view', kwargs = {'slug': self.object.slug})
833	839	else:
834	840	success_url = reverse_lazy('goals:submit', kwargs = {'slug': self.object.slug})
...	...