Add user access check for editing/reviewing exams in GenericViewBase

This commit is contained in:
Ross
2025-11-08 22:07:28 +00:00
parent d26cac04a7
commit 321c7ef895
+52
View File
@@ -3125,6 +3125,58 @@ class GenericViewBase:
self.checker_group = g[app_name]
def check_user_edit_access(self, user, exam_id=None):
"""Check if a user should be able to access editing/reviewing an exam.
This mirrors the older permission helper used elsewhere in the file but
references `self.exam_object` and `self.app_name` (since GenericViewBase
is instantiated per app).
"""
if user.is_superuser:
return True
# If a user is an exam author they should have access
if exam_id is not None:
exam = get_object_or_404(self.exam_object, pk=exam_id)
if user in exam.get_author_objects():
return True
if getattr(exam, "authors_only", False):
return False
# App-specific group checks (require checker role for edit/review)
if (
self.app_name == "rapids"
and not user.groups.filter(name="rapid_checker").exists()
):
return False
if (
self.app_name == "anatomy"
and not user.groups.filter(name="anatomy_checker").exists()
):
return False
if (
self.app_name == "longs"
and not user.groups.filter(name__in=("long_checker",)).exists()
):
return False
if (
self.app_name == "physics"
and not user.groups.filter(name="physics_checker").exists()
):
return False
if (
self.app_name == "sbas"
and not user.groups.filter(name="sba_checker").exists()
):
return False
if (
self.app_name == "casecollection"
and not user.groups.filter(name="casecollection_checker").exists()
):
return False
return False
def help(self, request):
return render(request, f"{self.app_name}/help.html", {"app_name": self.app_name})