Add condition to check for course teacher

1 files changed, 20 insertions, 15 deletions

diff --git a/yaksh/views.py b/yaksh/views.py
index b6f935b..be19d19 100644
--- a/yaksh/views.py
+++ b/yaksh/views.py
@@ -3505,10 +3505,11 @@ def hide_comment(request, course_id, uuid):
 @email_verified
 def add_marker(request, course_id, lesson_id):
     user = request.user
+    if not is_moderator(user):
+        raise Http404('You are not allowed to view this page!')
     course = get_object_or_404(Course, pk=course_id)
-    if (not is_moderator(user) or
-            not course.is_creator(user) or not course.is_creator(user)):
-        raise Http404("You are not allowed to view this page")
+    if not course.is_creator(user) and not course.is_teacher(user):
+        raise Http404('This course does not belong to you')
     content_type = request.POST.get("content")
     question_type = request.POST.get("type")
     if content_type == '1':
@@ -3612,10 +3613,11 @@ def allow_special_attempt(request, user_id, course_id, quiz_id):
 def add_topic(request, content_type, course_id, lesson_id, toc_id=None,
               topic_id=None):
     user = request.user
+    if not is_moderator(user):
+        raise Http404('You are not allowed to view this page!')
     course = get_object_or_404(Course, pk=course_id)
-    if (not is_moderator(user) or
-            not course.is_creator(user) or not course.is_creator(user)):
-        raise Http404("You are not allowed to view this page")
+    if not course.is_creator(user) and not course.is_teacher(user):
+        raise Http404('This course does not belong to you')
     if topic_id:
         topic = get_object_or_404(Topic, pk=topic_id)
     else:
@@ -3668,10 +3670,11 @@ def add_topic(request, content_type, course_id, lesson_id, toc_id=None,
 def add_marker_quiz(request, content_type, course_id, lesson_id,
                     toc_id=None, question_id=None):
     user = request.user
+    if not is_moderator(user):
+        raise Http404('You are not allowed to view this page!')
     course = get_object_or_404(Course, pk=course_id)
-    if (not is_moderator(user) or
-            not course.is_creator(user) or not course.is_creator(user)):
-        raise Http404("You are not allowed to view this page")
+    if not course.is_creator(user) and not course.is_teacher(user):
+        raise Http404('This course does not belong to you')
     if question_id:
         question = get_object_or_404(Question, pk=question_id)
     else:
@@ -3761,10 +3764,11 @@ def revoke_special_attempt(request, micromanager_id):
 @email_verified
 def delete_toc(request, course_id, toc_id):
     user = request.user
+    if not is_moderator(user):
+        raise Http404('You are not allowed to view this page!')
     course = get_object_or_404(Course, pk=course_id)
-    if (not is_moderator(user) or
-            not course.is_creator(user) or not course.is_creator(user)):
-        raise Http404("You are not allowed to view this page")
+    if not course.is_creator(user) and not course.is_teacher(user):
+        raise Http404('This course does not belong to you')
     toc = get_object_or_404(TableOfContents, pk=toc_id)
     redirect_url = request.POST.get("redirect_url")
     if toc.content == 1:
@@ -3902,10 +3906,11 @@ def submit_marker_quiz(request, course_id, toc_id):
 @email_verified
 def lesson_statistics(request, course_id, lesson_id, toc_id=None):
     user = request.user
+    if not is_moderator(user):
+        raise Http404('You are not allowed to view this page!')
     course = get_object_or_404(Course, pk=course_id)
-    if (not is_moderator(user) or
-            not course.is_creator(user) or not course.is_creator(user)):
-        raise Http404("You are not allowed to view this page")
+    if not course.is_creator(user) and not course.is_teacher(user):
+        raise Http404('This course does not belong to you')
     context = {}
     lesson = get_object_or_404(Lesson, id=lesson_id)
     data = TableOfContents.objects.get_data(course_id, lesson_id)