diff --git a/backend/pigeonhole/apps/projects/permissions.py b/backend/pigeonhole/apps/projects/permissions.py index 77efdd16..587dfe0d 100644 --- a/backend/pigeonhole/apps/projects/permissions.py +++ b/backend/pigeonhole/apps/projects/permissions.py @@ -7,17 +7,13 @@ class CanAccessProject(permissions.BasePermission): # to the project data. def has_permission(self, request, view): user = request.user - subject_id = view.kwargs.get('course_id') - # If the user is a teacher, grant access. - # if isinstance(user, Teacher): - # if user.course.filter(id=subject_id).exists(): - # return True - # elif isinstance(user, Teacher) and user.is_admin: - # return True - # # If the user is a student, grant access only to their own projects. - # elif isinstance(user, Student): - # if user.course.filter(id=subject_id).exists(): - # return True - # elif request.user.is_superuser: - # return True + course_id = view.kwargs.get('course_id') + if user.is_student: + if user.course.filter(course_id=course_id).exists(): + return True + elif user.is_teacher: + if user.course.filter(course_id=course_id).exists(): + return True + elif user.is_admin or user.is_superuser: + return True return False diff --git a/backend/pigeonhole/apps/users/models.py b/backend/pigeonhole/apps/users/models.py index 80247fda..5f6d02c9 100644 --- a/backend/pigeonhole/apps/users/models.py +++ b/backend/pigeonhole/apps/users/models.py @@ -6,7 +6,7 @@ class Roles(models.IntegerChoices): - SUPERUSER = 1 + ADMIN = 1 TEACHER = 2 STUDENT = 3 @@ -29,8 +29,8 @@ def name(self): return f"{self.first_name.strip()} {self.last_name.strip()}" @property - def is_super(self): - return self.role == Roles.SUPERUSER + def is_admin(self): + return self.role == Roles.ADMIN @property def is_teacher(self):