diff options
Diffstat (limited to 'yaksh')
-rw-r--r-- | yaksh/templates/yaksh/courses.html | 4 | ||||
-rw-r--r-- | yaksh/views.py | 9 |
2 files changed, 10 insertions, 3 deletions
diff --git a/yaksh/templates/yaksh/courses.html b/yaksh/templates/yaksh/courses.html index 5e2266c..42f49d1 100644 --- a/yaksh/templates/yaksh/courses.html +++ b/yaksh/templates/yaksh/courses.html @@ -141,9 +141,11 @@ </div> <br><br> {% endfor %} +{% else %} + <center><h4> No new Courses allotted </h4></center> {% endif %} +<button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/add_course");'>Add New Course</button> {% if courses or allotted_courses %} - <button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/add_course");'>Add New Course</button> <button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/addquiz");'>Add New Quiz</button> {% endif %} {% endblock %} diff --git a/yaksh/views.py b/yaksh/views.py index 4944691..16454b2 100644 --- a/yaksh/views.py +++ b/yaksh/views.py @@ -1166,9 +1166,12 @@ def search_teacher(request, course_id): raise Http404('You are not allowed to view this page!') context = {} - course = get_object_or_404(Course, Q(creator=user)|Q(teachers=user), pk=course_id) + course = get_object_or_404(Course, pk=course_id) context['course'] = course + if user != course.creator and user not in course.teachers.all(): + raise Http404('You are not allowed to view this page!') + if request.method == 'POST': u_name = request.POST.get('uname') if not len(u_name) == 0: @@ -1197,6 +1200,8 @@ def add_teacher(request, course_id): course = get_object_or_404(Course, pk=course_id) if user == course.creator or user in course.teachers.all(): context['course'] = course + else: + raise Http404('You are not allowed to view this page!') if request.method == 'POST': teacher_ids = request.POST.getlist('check') @@ -1217,7 +1222,7 @@ def remove_teachers(request, course_id): user = request.user course = get_object_or_404(Course, pk=course_id) - if not is_moderator(user) and (user == course.creator or user in course.teachers.all()): + if not is_moderator(user) and (user != course.creator and user not in course.teachers.all()): raise Http404('You are not allowed to view this page!') if request.method == "POST": |