This commit is contained in:
Ross
2021-09-30 22:56:59 +01:00
parent b7ff47ac67
commit 8b78466925
3 changed files with 30 additions and 2 deletions
+25
View File
@@ -0,0 +1,25 @@
from django.core.exceptions import PermissionDenied
from .models import Exam, Question
def user_is_author_or_physics_checker(function):
def wrap(request, *args, **kwargs):
question = Question.objects.get(pk=kwargs['pk'])
if request.user in question.author.all() or request.user.groups.filter(name='physics_checker').exists():
return function(request, *args, **kwargs)
else:
raise PermissionDenied
wrap.__doc__ = function.__doc__
wrap.__name__ = function.__name__
return wrap
def user_is_exam_author_or_physics_checker(function):
def wrap(request, *args, **kwargs):
exam = Exam.objects.get(pk=kwargs['pk'])
if request.user in exam.author.all() or request.user.groups.filter(name='physics_checker').exists():
return function(request, *args, **kwargs)
else:
raise PermissionDenied
wrap.__doc__ = function.__doc__
wrap.__name__ = function.__name__
return wrap
+3
View File
@@ -1,3 +1,4 @@
from physics.decorators import user_is_author_or_physics_checker
from physics.filters import QuestionFilter, UserAnswerFilter
from generic.mixins import SuperuserRequiredMixin
from physics.tables import QuestionTable, UserAnswerTable
@@ -46,6 +47,7 @@ from rest_framework.pagination import PageNumberPagination
from django.core.exceptions import PermissionDenied
from .forms import ExamForm
from .decorators import user_is_author_or_physics_checker, user_is_exam_author_or_physics_checker
class AuthorOrCheckerRequiredMixin(object):
def get_object(self, *args, **kwargs):
@@ -62,6 +64,7 @@ def question_list(request):
@login_required
@user_is_author_or_physics_checker
def question_detail(request, pk):
question = get_object_or_404(Question, pk=pk)
return render(request, "physics/question_detail.html", {"question": question})
+2 -2
View File
@@ -3,8 +3,8 @@ from .models import Exam, Rapid
def user_is_author_or_rapid_checker(function):
def wrap(request, *args, **kwargs):
rapid = Rapid.objects.get(pk=kwargs['pk'])
if request.user in rapid.author.all() or request.user.groups.filter(name='rapid_checker').exists():
question = Rapid.objects.get(pk=kwargs['pk'])
if request.user in question.author.all() or request.user.groups.filter(name='rapid_checker').exists():
return function(request, *args, **kwargs)
else:
raise PermissionDenied