fix: be more permissive on mark completion
only let the request.user mark his completions...
This commit is contained in:
Livio Bieri
parent
8ee64d52ae
commit
1ab6566716
|
|
@ -25,6 +25,7 @@ from vbv_lernwelt.iam.permissions import (
|
||||||
has_course_access,
|
has_course_access,
|
||||||
has_course_access_by_page_request,
|
has_course_access_by_page_request,
|
||||||
is_circle_expert,
|
is_circle_expert,
|
||||||
|
can_mark_course_completion,
|
||||||
)
|
)
|
||||||
from vbv_lernwelt.learning_mentor.models import LearningMentor
|
from vbv_lernwelt.learning_mentor.models import LearningMentor
|
||||||
|
|
||||||
|
|
@ -97,7 +98,10 @@ def mark_course_completion_view(request):
|
||||||
course_session_id = request.data.get("course_session_id")
|
course_session_id = request.data.get("course_session_id")
|
||||||
page = Page.objects.get(id=page_id)
|
page = Page.objects.get(id=page_id)
|
||||||
|
|
||||||
if not has_course_access_by_page_request(request, page):
|
if not can_mark_course_completion(
|
||||||
|
user=request.user, # noqa
|
||||||
|
course_session_id=course_session_id,
|
||||||
|
):
|
||||||
raise PermissionDenied()
|
raise PermissionDenied()
|
||||||
|
|
||||||
mark_course_completion(
|
mark_course_completion(
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,10 @@ def has_course_access_by_page_request(request, obj):
|
||||||
return has_course_access(request.user, obj.specific.get_course().id)
|
return has_course_access(request.user, obj.specific.get_course().id)
|
||||||
|
|
||||||
|
|
||||||
|
def can_mark_course_completion(user: User, course_session_id: int) -> bool:
|
||||||
|
return is_course_session_member(user, course_session_id)
|
||||||
|
|
||||||
|
|
||||||
def has_course_access(user, course_id):
|
def has_course_access(user, course_id):
|
||||||
if user.is_superuser:
|
if user.is_superuser:
|
||||||
return True
|
return True
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue