This commit is contained in:
Ross
2021-08-31 22:40:37 +01:00
parent a2259626d5
commit 5e64fed9cb
+25
View File
@@ -182,6 +182,27 @@ class ExamViews(View, LoginRequiredMixin):
return False
return True
def check_user_edit_access(self, user):
"""Check if a user should be able to access a view
Args:
user ([user]): user object
Returns:
[boolean]: True if the user has access
"""
if self.app_name == "rapids" and not user.groups.filter(name='rapid_checker').exists():
return False
if self.app_name == "anatomy" and not user.groups.filter(name='anatomy_checker').exists():
return False
if self.app_name == "longs" and not user.groups.filter(name__in=('long_checker')).exists():
return False
if self.app_name == "physics" and not user.groups.filter(name='physic_checker').exists():
return False
if self.app_name == "sbas" and not user.groups.filter(name='sba_checker').exists():
return False
return True
@method_decorator(login_required)
@@ -277,6 +298,10 @@ class ExamViews(View, LoginRequiredMixin):
def exam_json_edit(self, request, pk):
if request.is_ajax() and request.method == "POST":
if not self.check_user_edit_access(request.user):
data = {"status": "error, invalid permisions"}
return JsonResponse(data, status=400)
exam = get_object_or_404(self.Exam, pk=pk)
if "add_exam_questions" in request.POST: