Download as
Browse Code »

Commit 4643e1c2b864e3a8bc75ed2db62f14c3c789df35

Authored by Zambom
1 parent 5a71d4f9
Exists in master and in 2 other branches amadeus_univasf, refactoring

Avoiding non-student to access goals submit screen

Showing 1 changed file with 7 additions and 1 deletions   Show diff stats
goals/views.py
  Diff comments   View file @4643e1c
@@ -306,6 +306,9 @@ class NewWindowSubmit(LoginRequiredMixin, LogMixin, generic.edit.CreateView): @@ -306,6 +306,9 @@ class NewWindowSubmit(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
306 if not has_resource_permissions(request.user, goals): 306 if not has_resource_permissions(request.user, goals):
307 return redirect(reverse_lazy('subjects:home')) 307 return redirect(reverse_lazy('subjects:home'))
308 308
  309 + if has_subject_permissions(request.user, goals.topic.subject):
  310 + return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
  311 +
309 if MyGoals.objects.filter(item__goal = goals, user = request.user).exists(): 312 if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
310 return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug})) 313 return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
311 314
@@ -442,6 +445,9 @@ class SubmitView(LoginRequiredMixin, LogMixin, generic.edit.CreateView): @@ -442,6 +445,9 @@ class SubmitView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
442 if not has_resource_permissions(request.user, goals): 445 if not has_resource_permissions(request.user, goals):
443 return redirect(reverse_lazy('subjects:home')) 446 return redirect(reverse_lazy('subjects:home'))
444 447
  448 + if has_subject_permissions(request.user, goals.topic.subject):
  449 + return redirect(reverse_lazy('goals:view', kwargs = {'slug': goals.slug}))
  450 +
445 if MyGoals.objects.filter(item__goal = goals, user = request.user).exists(): 451 if MyGoals.objects.filter(item__goal = goals, user = request.user).exists():
446 return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug})) 452 return redirect(reverse_lazy('goals:view', args = (), kwargs = {'slug': slug}))
447 453
@@ -828,7 +834,7 @@ class CreateView(LoginRequiredMixin, LogMixin, generic.edit.CreateView): @@ -828,7 +834,7 @@ class CreateView(LoginRequiredMixin, LogMixin, generic.edit.CreateView):
828 def get_success_url(self): 834 def get_success_url(self):
829 messages.success(self.request, _('The Goals specification for the topic %s was realized successfully!')%(self.object.topic.name)) 835 messages.success(self.request, _('The Goals specification for the topic %s was realized successfully!')%(self.object.topic.name))
830 836
831 - if has_subject_permissions(self.request.user, self.object): 837 + if has_subject_permissions(self.request.user, self.object.topic.subject):
832 success_url = reverse_lazy('goals:view', kwargs = {'slug': self.object.slug}) 838 success_url = reverse_lazy('goals:view', kwargs = {'slug': self.object.slug})
833 else: 839 else:
834 success_url = reverse_lazy('goals:submit', kwargs = {'slug': self.object.slug}) 840 success_url = reverse_lazy('goals:submit', kwargs = {'slug': self.object.slug})