diff --git a/generic/views.py b/generic/views.py index 9c308e87..30bb0fd1 100644 --- a/generic/views.py +++ b/generic/views.py @@ -3125,6 +3125,58 @@ class GenericViewBase: self.checker_group = g[app_name] + def check_user_edit_access(self, user, exam_id=None): + """Check if a user should be able to access editing/reviewing an exam. + + This mirrors the older permission helper used elsewhere in the file but + references `self.exam_object` and `self.app_name` (since GenericViewBase + is instantiated per app). + """ + if user.is_superuser: + return True + + # If a user is an exam author they should have access + if exam_id is not None: + exam = get_object_or_404(self.exam_object, pk=exam_id) + if user in exam.get_author_objects(): + return True + + if getattr(exam, "authors_only", False): + return False + + # App-specific group checks (require checker role for edit/review) + if ( + self.app_name == "rapids" + and not user.groups.filter(name="rapid_checker").exists() + ): + return False + if ( + self.app_name == "anatomy" + and not user.groups.filter(name="anatomy_checker").exists() + ): + return False + if ( + self.app_name == "longs" + and not user.groups.filter(name__in=("long_checker",)).exists() + ): + return False + if ( + self.app_name == "physics" + and not user.groups.filter(name="physics_checker").exists() + ): + return False + if ( + self.app_name == "sbas" + and not user.groups.filter(name="sba_checker").exists() + ): + return False + if ( + self.app_name == "casecollection" + and not user.groups.filter(name="casecollection_checker").exists() + ): + return False + return False + def help(self, request): return render(request, f"{self.app_name}/help.html", {"app_name": self.app_name})