diff options
| -rw-r--r-- | yaksh/models.py | 4 | ||||
| -rw-r--r-- | yaksh/tests.py | 2 | ||||
| -rw-r--r-- | yaksh/views.py | 5 |
3 files changed, 8 insertions, 3 deletions
diff --git a/yaksh/models.py b/yaksh/models.py index 46fb9a3..1bbd035 100644 --- a/yaksh/models.py +++ b/yaksh/models.py @@ -98,8 +98,8 @@ class Course(models.Model): def get_rejected(self): return self.rejected.all() - def is_enrolled(self, user_id): - return self.students.filter(id=user_id).exists() + def is_enrolled(self, user): + return user in self.students.all() def is_creator(self, user): return self.creator == user diff --git a/yaksh/tests.py b/yaksh/tests.py index 17e6130..848df74 100644 --- a/yaksh/tests.py +++ b/yaksh/tests.py @@ -418,7 +418,7 @@ class CourseTestCases(unittest.TestCase): self.assertSequenceEqual(self.course.get_rejected(), [self.student2]) self.assertSequenceEqual(self.course.get_enrolled(), [self.student1]) - self.assertTrue(self.course.is_enrolled(self.student1.id)) + self.assertTrue(self.course.is_enrolled(self.student1)) def test_get_quizzes(self): """ Test get_quizzes method of Courses""" diff --git a/yaksh/views.py b/yaksh/views.py index ffe8d93..20a416d 100644 --- a/yaksh/views.py +++ b/yaksh/views.py @@ -184,6 +184,8 @@ def intro(request, questionpaper_id): user = request.user ci = RequestContext(request) quest_paper = QuestionPaper.objects.get(id=questionpaper_id) + if not quest_paper.quiz.course.is_enrolled(user): + raise Http404('You are not allowed to view this page!') attempt_number = quest_paper.quiz.attempts_allowed time_lag = quest_paper.quiz.time_between_attempts quiz_enable_time = quest_paper.quiz.start_date_time @@ -822,6 +824,9 @@ def start(request, attempt_num=None, questionpaper_id=None): 'instructor/administrator. Please login again thereafter.' return complete(request, msg, attempt_num, questionpaper_id) + if not questionpaper.quiz.course.is_enrolled(user): + raise Http404('You are not allowed to view this page!') + try: old_paper = AnswerPaper.objects.get( question_paper=questionpaper, user=user, attempt_number=attempt_num) |