Refactor course access check

2022-11-07 14:21:06 +01:00 · 2022-11-07 14:21:06 +01:00 · 05e02449c8
parent b36b0e8d96
commit 05e02449c8
2 changed files with 12 additions and 8 deletions
--- a/server/vbv_lernwelt/course/permissions.py
+++ b/server/vbv_lernwelt/course/permissions.py
@ -1,15 +1,17 @@
 from vbv_lernwelt.course.models import CourseSessionUser


-def has_course_access(request, obj):
-    if request.user.is_superuser:
-        return True
+def has_course_access_by_page_request(request, obj):
+    return has_course_access(request.user, obj.specific.get_course())

-    course = obj.specific.get_course()
+
+def has_course_access(user, course):
+    if user.is_superuser:
+        return True

    # attached to CourseSession
    course_session = CourseSessionUser.objects.filter(
-        course_session__course_id=course.id, user=request.user
+        course_session__course_id=course.id, user=user
    ).exists()

    if course_session:
--- a/server/vbv_lernwelt/course/views.py
+++ b/server/vbv_lernwelt/course/views.py
@ -6,7 +6,9 @@ from wagtail.models import Page

 from vbv_lernwelt.core.utils import api_page_cache_get_or_set
 from vbv_lernwelt.course.models import CourseCompletion
-from vbv_lernwelt.course.permissions import has_course_access
+from vbv_lernwelt.course.permissions import (
+    has_course_access_by_page_request,
+)
 from vbv_lernwelt.course.serializers import CourseCompletionSerializer
 from vbv_lernwelt.learnpath.utils import get_wagtail_type

@ -17,7 +19,7 @@ logger = structlog.get_logger(__name__)
 def course_page_api_view(request, slug):
    try:
        page = Page.objects.get(slug=slug, locale__language_code="de-CH")
-        if not has_course_access(request, page):
+        if not has_course_access_by_page_request(request, page):
            raise PermissionDenied()

        data = api_page_cache_get_or_set(
@ -56,7 +58,7 @@ def mark_course_completion(request):
        completion_status = request.data.get("completion_status", "success")

        page = Page.objects.get(translation_key=page_key, locale__language_code="de-CH")
-        if not has_course_access(request, page):
+        if not has_course_access_by_page_request(request, page):
            raise PermissionDenied()

        page_type = get_wagtail_type(page.specific)