From 4643e1c2b864e3a8bc75ed2db62f14c3c789df35 Mon Sep 17 00:00:00 2001 From: Zambom Date: Mon, 21 Aug 2017 23:38:09 -0300 Subject: [PATCH] Avoiding non-student to access goals submit screen --- goals/views.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/goals/views.py b/goals/views.py index 25274f2..452b2d7 100644 --- a/goals/views.py +++ b/goals/views.py @@ -306,6 +306,9 @@ class NewWindowSubmit(LoginRequiredMixin, LogMixin, generic.edit.CreateView): if not has_resource_permissions(request.user, goals): return redirect(reverse_lazy('subjects:home')) + if has_subject_permissions(request.user, goals.topic.subject): + return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug})) + if MyGoals.objects.filter(item__goal = goals, user = request.user).exists(): return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug})) @@ -442,6 +445,9 @@ class SubmitView(LoginRequiredMixin, LogMixin, generic.edit.CreateView): if not has_resource_permissions(request.user, goals): return redirect(reverse_lazy('subjects:home')) + if has_subject_permissions(request.user, goals.topic.subject): + return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug})) + if MyGoals.objects.filter(item__goal = goals, user = request.user).exists(): return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug})) @@ -828,7 +834,7 @@ class CreateView(LoginRequiredMixin, LogMixin, generic.edit.CreateView): def get_success_url(self): messages.success(self.request, _('The Goals specification for the topic %s was realized successfully!')%(self.object.topic.name)) - if has_subject_permissions(self.request.user, self.object): + if has_subject_permissions(self.request.user, self.object.topic.subject): success_url = reverse_lazy('goals:view', kwargs = {'slug': self.object.slug}) else: success_url = reverse_lazy('goals:submit', kwargs = {'slug': self.object.slug}) -- libgit2 0.21.2