Ignore:
Timestamp:
13 Apr 2015, 11:25:52 (10 years ago)
Author:
Henrik Bettermann
Message:

Students are only allowed to download course registration slips if they are
in state 'registered' and their current level corresponds with the course
registration level.

Location:
main/waeup.kofa/trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.kofa/trunk/CHANGES.txt

    r12844 r12853  
    441.3.2.dev0 (unreleased)
    55=======================
     6
     7* Students are only allowed to download course registration slips if they are
     8  in state 'registered' and their current level corresponds with the course
     9  registration level.
    610
    711* Add ReportsManager role.
  • main/waeup.kofa/trunk/src/waeup/kofa/students/browser.py

    r12807 r12853  
    13591359        'adm_code', 'sex', 'suspended_comment', 'current_level')
    13601360
     1361
     1362    def update(self):
     1363        if self.context.student.state != REGISTERED \
     1364            or self.context.student.current_level != self.context.level:
     1365            self.flash(_('Forbidden'), type="warning")
     1366            self.redirect(self.url(self.context))
     1367
    13611368    @property
    13621369    def title(self):
  • main/waeup.kofa/trunk/src/waeup/kofa/students/tests/test_browser.py

    r12847 r12853  
    24782478        self.assertTrue(
    24792479            self.student['studycourse']['200']['COURSE1'].carry_over is True)
    2480         # Students can open the pdf course registration slip
    2481         self.browser.open(self.student_path + '/studycourse/200')
    2482         self.browser.getLink("Download course registration slip").click()
    2483         self.assertEqual(self.browser.headers['Status'], '200 Ok')
    2484         self.assertEqual(self.browser.headers['Content-Type'], 'application/pdf')
    24852480        # Students can remove course tickets
    24862481        self.browser.open(self.student_path + '/studycourse/200/edit')
     
    25172512        self.assertTrue('K1000000 - students.browser.StudyLevelEditFormPage - '
    25182513            'K1000000 - added: COURSE1|200|2004' in logcontent)
     2514        # Students can't open the pdf course registration slip right
     2515        self.assertFalse(
     2516            'Download course registration slip' in self.browser.contents)
     2517        self.browser.open(
     2518            self.student_path + '/studycourse/200/course_registration_slip.pdf')
     2519        self.assertTrue('Forbidden' in self.browser.contents)
    25192520        # Course list can be registered
     2521        self.browser.open(self.student_path + '/studycourse/200/edit')
    25202522        self.browser.getControl("Register course list").click()
    25212523        self.assertTrue('Course list has been registered' in self.browser.contents)
    25222524        self.assertEqual(self.student.state, 'courses registered')
     2525        # and students can open the pdf course registration slip right
     2526        self.browser.getLink("Download course registration slip").click()
     2527        self.assertEqual(self.browser.headers['Status'], '200 Ok')
     2528        self.assertEqual(self.browser.headers['Content-Type'], 'application/pdf')
     2529        # Students can't view the download link if current_session
     2530        # does not correspond with level_session.
     2531        self.student['studycourse'].current_level = 300
     2532        self.browser.open(self.student_path + '/studycourse/200/edit')
     2533        self.assertFalse(
     2534            'Download course registration slip' in self.browser.contents)
     2535        self.assertFalse(
     2536            'Download course registration slip' in self.browser.contents)
     2537        self.browser.open(
     2538            self.student_path + '/studycourse/200/course_registration_slip.pdf')
     2539        self.assertTrue('Forbidden' in self.browser.contents)
    25232540        # Students can view the transcript
    25242541        #self.browser.open(self.studycourse_path)
  • main/waeup.kofa/trunk/src/waeup/kofa/students/viewlets.py

    r12843 r12853  
    453453        if not is_current:
    454454            return ''
     455        if self.context.student.state != REGISTERED \
     456            or self.context.student.current_level != self.context.level:
     457            return ''
    455458        return self.view.url(self.view.context, self.target)
    456459
Note: See TracChangeset for help on using the changeset viewer.