summaryrefslogtreecommitdiff
path: root/yaksh
diff options
context:
space:
mode:
Diffstat (limited to 'yaksh')
-rw-r--r--yaksh/templates/yaksh/courses.html4
-rw-r--r--yaksh/views.py9
2 files changed, 10 insertions, 3 deletions
diff --git a/yaksh/templates/yaksh/courses.html b/yaksh/templates/yaksh/courses.html
index 5e2266c..42f49d1 100644
--- a/yaksh/templates/yaksh/courses.html
+++ b/yaksh/templates/yaksh/courses.html
@@ -141,9 +141,11 @@
</div>
<br><br>
{% endfor %}
+{% else %}
+ <center><h4> No new Courses allotted </h4></center>
{% endif %}
+<button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/add_course");'>Add New Course</button>
{% if courses or allotted_courses %}
- <button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/add_course");'>Add New Course</button>
<button class="btn primary" type="button" onClick='location.replace("{{URL_ROOT}}/exam/manage/addquiz");'>Add New Quiz</button>
{% endif %}
{% endblock %}
diff --git a/yaksh/views.py b/yaksh/views.py
index 4944691..16454b2 100644
--- a/yaksh/views.py
+++ b/yaksh/views.py
@@ -1166,9 +1166,12 @@ def search_teacher(request, course_id):
raise Http404('You are not allowed to view this page!')
context = {}
- course = get_object_or_404(Course, Q(creator=user)|Q(teachers=user), pk=course_id)
+ course = get_object_or_404(Course, pk=course_id)
context['course'] = course
+ if user != course.creator and user not in course.teachers.all():
+ raise Http404('You are not allowed to view this page!')
+
if request.method == 'POST':
u_name = request.POST.get('uname')
if not len(u_name) == 0:
@@ -1197,6 +1200,8 @@ def add_teacher(request, course_id):
course = get_object_or_404(Course, pk=course_id)
if user == course.creator or user in course.teachers.all():
context['course'] = course
+ else:
+ raise Http404('You are not allowed to view this page!')
if request.method == 'POST':
teacher_ids = request.POST.getlist('check')
@@ -1217,7 +1222,7 @@ def remove_teachers(request, course_id):
user = request.user
course = get_object_or_404(Course, pk=course_id)
- if not is_moderator(user) and (user == course.creator or user in course.teachers.all()):
+ if not is_moderator(user) and (user != course.creator and user not in course.teachers.all()):
raise Http404('You are not allowed to view this page!')
if request.method == "POST":