diff --git a/courses/permissions.py b/courses/permissions.py index 5028e25..89cea59 100644 --- a/courses/permissions.py +++ b/courses/permissions.py @@ -2,6 +2,19 @@ from rolepermissions.permissions import register_object_checker from amadeus.roles import SystemAdmin @register_object_checker() +def view_topic(role, user, topic): + if (role == SystemAdmin): + return True + + if (user in topic.subject.course.professors.all() and user in topic.subject.professors.all()): + return True + + if (user in topic.subject.course.students.all() and user in topic.subject.students.all()): + return True + + return False + +@register_object_checker() def edit_topic(role, user, topic): if (role == SystemAdmin): return True @@ -12,6 +25,19 @@ def edit_topic(role, user, topic): return False @register_object_checker() +def view_subject(role, user, subject): + if (role == SystemAdmin): + return True + + if (user in subject.course.professors.all() and user in subject.professors.all()): + return True + + if (user in subject.course.students.all() and user in subject.students.all()): + return True + + return False + +@register_object_checker() def edit_subject(role, user, subject): if (role == SystemAdmin): return True diff --git a/courses/templates/course/view.html b/courses/templates/course/view.html index 844412d..ea52079 100644 --- a/courses/templates/course/view.html +++ b/courses/templates/course/view.html @@ -157,7 +157,7 @@

{% trans "End" %}: {{subject.end_date}}

- {% trans 'View Subject' %}
 + {% trans 'View Subject' %}
 {% endfor %} @@ -209,7 +209,7 @@

{% trans "End" %}: {{subject.end_date}}

- {% trans 'View Subject' %}
 + {% trans 'View Subject' %}
 {% endif %} diff --git a/courses/templatetags/custom_filters.py b/courses/templatetags/custom_filters.py index 72d149c..96c84e8 100644 --- a/courses/templatetags/custom_filters.py +++ b/courses/templatetags/custom_filters.py @@ -4,6 +4,19 @@ from rolepermissions.verifications import has_role register = template.Library() @register.filter +def hide_subscribe_view_btn(user, subject): + if not user is None: + if user.is_authenticated: + if has_role(user, 'student') and not user.is_staff: + if user in subject.course.students.all(): + if not user in subject.students.all(): + return True + else: + return True + + return False + +@register.filter def show_subject_subscribe(user, subject): if not user is None: if user.is_authenticated: diff --git a/courses/views.py b/courses/views.py index 6eed274..d9af7ce 100644 --- a/courses/views.py +++ b/courses/views.py @@ -210,6 +210,7 @@ class CourseView( NotificationMixin, generic.DetailView): courses = None context = super(CourseView, self).get_context_data(**kwargs) course = get_object_or_404(Course, slug = self.kwargs.get('slug')) + if has_role(self.request.user,'system_admin'): subjects = course.subjects.all() elif has_role(self.request.user,'professor'): @@ -381,6 +382,14 @@ class SubjectsView(LoginRequiredMixin, generic.ListView): context_object_name = 'subjects' model = Subject + def dispatch(self, *args, **kwargs): + subject = get_object_or_404(Subject, slug = self.kwargs.get('slug')) + + if(not has_object_permission('view_subject', self.request.user, subject)): + return self.handle_no_permission() + + return super(SubjectsView, self).dispatch(*args, **kwargs) + def get_queryset(self): subject = get_object_or_404(Subject, slug = self.kwargs.get('slug')) course = subject.course @@ -428,6 +437,14 @@ class TopicsView(LoginRequiredMixin, generic.ListView): context_object_name = 'topics' model = Topic + def dispatch(self, *args, **kwargs): + topic = get_object_or_404(Topic, slug = self.kwargs.get('slug')) + + if(not has_object_permission('view_topic', self.request.user, topic)): + return self.handle_no_permission() + + return super(TopicsView, self).dispatch(*args, **kwargs) + def get_queryset(self): topic = get_object_or_404(Topic, slug = self.kwargs.get('slug')) subject = topic.subject -- libgit2 0.21.2