diff options
Diffstat (limited to 'yaksh/views.py')
| -rw-r--r-- | yaksh/views.py | 57 |
1 files changed, 23 insertions, 34 deletions
diff --git a/yaksh/views.py b/yaksh/views.py index fd47ca5..923b3c2 100644 --- a/yaksh/views.py +++ b/yaksh/views.py @@ -665,8 +665,10 @@ def courses(request): if not is_moderator(user): raise Http404('You are not allowed to view this page') courses = Course.objects.filter(creator=user, is_trial=False) - return my_render_to_response('yaksh/courses.html', {'courses': courses}, - context_instance=ci) + allotted_courses = Course.objects.filter(teachers=user, is_trial=False) + context = {'courses': courses, "allotted_courses": allotted_courses} + return my_render_to_response('yaksh/courses.html', context, + context_instance=ci) @login_required @@ -1165,25 +1167,24 @@ def search_teacher(request, course_id): raise Http404('You are not allowed to view this page!') context = {} - course = get_object_or_404(Course, creator=user, pk=course_id) + course = get_object_or_404(Course, pk=course_id) context['course'] = course + if user != course.creator and user not in course.teachers.all(): + raise Http404('You are not allowed to view this page!') + if request.method == 'POST': u_name = request.POST.get('uname') - if len(u_name) == 0: - return my_render_to_response('yaksh/addteacher.html', context, - context_instance=ci) - else: + if not len(u_name) == 0: teachers = User.objects.filter(Q(username__icontains=u_name)| Q(first_name__icontains=u_name)|Q(last_name__icontains=u_name)| - Q(email__icontains=u_name)).exclude(Q(id=user.id)|Q(is_superuser=1)) + Q(email__icontains=u_name)).exclude(Q(id=user.id)|Q(is_superuser=1)| + Q(id=course.creator.id)) context['success'] = True context['teachers'] = teachers - return my_render_to_response('yaksh/addteacher.html', context, - context_instance=ci) - else: - return my_render_to_response('yaksh/addteacher.html', context, - context_instance=ci) + + return my_render_to_response('yaksh/addteacher.html', context, + context_instance=ci) @login_required @@ -1197,8 +1198,11 @@ def add_teacher(request, course_id): raise Http404('You are not allowed to view this page!') context = {} - course = get_object_or_404(Course, creator=user, pk=course_id) - context['course'] = course + course = get_object_or_404(Course, pk=course_id) + if user == course.creator or user in course.teachers.all(): + context['course'] = course + else: + raise Http404('You are not allowed to view this page!') if request.method == 'POST': teacher_ids = request.POST.getlist('check') @@ -1207,36 +1211,21 @@ def add_teacher(request, course_id): course.add_teachers(*teachers) context['status'] = True context['teachers_added'] = teachers - return my_render_to_response('yaksh/addteacher.html', context, - context_instance=ci) - else: - return my_render_to_response('yaksh/addteacher.html', context, + + return my_render_to_response('yaksh/addteacher.html', context, context_instance=ci) -@login_required -def allotted_courses(request): - """ show courses allotted to a user """ - - user = request.user - ci = RequestContext(request) - if not is_moderator(user): - raise Http404('You are not allowed to view this page!') - - courses = Course.objects.filter(teachers=user) - return my_render_to_response('yaksh/courses.html', {'courses': courses}, - context_instance=ci) - @login_required def remove_teachers(request, course_id): """ remove user from a course """ user = request.user - if not is_moderator(user): + course = get_object_or_404(Course, pk=course_id) + if not is_moderator(user) and (user != course.creator and user not in course.teachers.all()): raise Http404('You are not allowed to view this page!') - course = get_object_or_404(Course, creator=user, pk=course_id) if request.method == "POST": teacher_ids = request.POST.getlist('remove') teachers = User.objects.filter(id__in=teacher_ids) |