Changeset 3820 for WAeUP_SRP/trunk/skins


Ignore:
Timestamp:
16 Dec 2008, 07:43:06 (16 years ago)
Author:
Henrik Bettermann
Message:

improve security setting for lecturer course editing

Location:
WAeUP_SRP/trunk/skins
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/trunk/skins/waeup_default/get_csv_names.py

    r3167 r3820  
    22# $Id$
    33"""
    4 Return the sessions as an vocabulary
    5 
    64"""
    75files = context.waeup_tool.get_csv_filenames()
  • WAeUP_SRP/trunk/skins/waeup_ois/getStudyLevelInfo.py

    r3819 r3820  
    9898complete1 = 0
    9999for r in normal1:
    100    if r['grade']:
     100   if r['grade'] and r['atl']:
    101101       complete1 += 1
    102102if len(normal1) == complete1:
     
    108108complete2 = 0
    109109for r in normal1:
    110    if r['grade']:
     110   if r['grade'] and r['atl']:
    111111       complete2 += 1
    112112if len(normal2) == complete2:
     
    118118complete3 = 0
    119119for r in normal1:
    120    if r['grade']:
     120   if r['grade'] and r['atl']:
    121121       complete3 += 1
    122122if len(normal3) == complete3:
  • WAeUP_SRP/trunk/skins/waeup_student/lecturer_course_edit.py

    r3818 r3820  
    5050lecturer_id = getattr(course,'lecturer',None)
    5151#set_trace()
    52 if str(lecturer_id) != member_id:
     52if str(lecturer_id) != member_id and not context.isSectionOfficer():
    5353    logger.info('%s tried to access course result %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
    5454    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
Note: See TracChangeset for help on using the changeset viewer.