summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--yaksh/views.py35
1 files changed, 20 insertions, 15 deletions
diff --git a/yaksh/views.py b/yaksh/views.py
index b6f935b..be19d19 100644
--- a/yaksh/views.py
+++ b/yaksh/views.py
@@ -3505,10 +3505,11 @@ def hide_comment(request, course_id, uuid):
@email_verified
def add_marker(request, course_id, lesson_id):
user = request.user
+ if not is_moderator(user):
+ raise Http404('You are not allowed to view this page!')
course = get_object_or_404(Course, pk=course_id)
- if (not is_moderator(user) or
- not course.is_creator(user) or not course.is_creator(user)):
- raise Http404("You are not allowed to view this page")
+ if not course.is_creator(user) and not course.is_teacher(user):
+ raise Http404('This course does not belong to you')
content_type = request.POST.get("content")
question_type = request.POST.get("type")
if content_type == '1':
@@ -3612,10 +3613,11 @@ def allow_special_attempt(request, user_id, course_id, quiz_id):
def add_topic(request, content_type, course_id, lesson_id, toc_id=None,
topic_id=None):
user = request.user
+ if not is_moderator(user):
+ raise Http404('You are not allowed to view this page!')
course = get_object_or_404(Course, pk=course_id)
- if (not is_moderator(user) or
- not course.is_creator(user) or not course.is_creator(user)):
- raise Http404("You are not allowed to view this page")
+ if not course.is_creator(user) and not course.is_teacher(user):
+ raise Http404('This course does not belong to you')
if topic_id:
topic = get_object_or_404(Topic, pk=topic_id)
else:
@@ -3668,10 +3670,11 @@ def add_topic(request, content_type, course_id, lesson_id, toc_id=None,
def add_marker_quiz(request, content_type, course_id, lesson_id,
toc_id=None, question_id=None):
user = request.user
+ if not is_moderator(user):
+ raise Http404('You are not allowed to view this page!')
course = get_object_or_404(Course, pk=course_id)
- if (not is_moderator(user) or
- not course.is_creator(user) or not course.is_creator(user)):
- raise Http404("You are not allowed to view this page")
+ if not course.is_creator(user) and not course.is_teacher(user):
+ raise Http404('This course does not belong to you')
if question_id:
question = get_object_or_404(Question, pk=question_id)
else:
@@ -3761,10 +3764,11 @@ def revoke_special_attempt(request, micromanager_id):
@email_verified
def delete_toc(request, course_id, toc_id):
user = request.user
+ if not is_moderator(user):
+ raise Http404('You are not allowed to view this page!')
course = get_object_or_404(Course, pk=course_id)
- if (not is_moderator(user) or
- not course.is_creator(user) or not course.is_creator(user)):
- raise Http404("You are not allowed to view this page")
+ if not course.is_creator(user) and not course.is_teacher(user):
+ raise Http404('This course does not belong to you')
toc = get_object_or_404(TableOfContents, pk=toc_id)
redirect_url = request.POST.get("redirect_url")
if toc.content == 1:
@@ -3902,10 +3906,11 @@ def submit_marker_quiz(request, course_id, toc_id):
@email_verified
def lesson_statistics(request, course_id, lesson_id, toc_id=None):
user = request.user
+ if not is_moderator(user):
+ raise Http404('You are not allowed to view this page!')
course = get_object_or_404(Course, pk=course_id)
- if (not is_moderator(user) or
- not course.is_creator(user) or not course.is_creator(user)):
- raise Http404("You are not allowed to view this page")
+ if not course.is_creator(user) and not course.is_teacher(user):
+ raise Http404('This course does not belong to you')
context = {}
lesson = get_object_or_404(Lesson, id=lesson_id)
data = TableOfContents.objects.get_data(course_id, lesson_id)