Ignore:
Timestamp:
30 Mar 2009, 21:14:56 (16 years ago)
Author:
Henrik Bettermann
Message:

improve security level for lecturers

Location:
WAeUP_SRP/trunk/skins/waeup_student
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • WAeUP_SRP/trunk/skins/waeup_student/getFormattedStudentEntry.py

    r4001 r4033  
    3030    students_object = context.portal_url.getPortalObject().campus.students
    3131    student = getattr(students_object, brain.id)
    32     app_obj = student.application.getContent()
    33     d['email'] = getattr(app_obj, 'app_email', '')
    34            
     32    try:
     33        app_obj = student.application.getContent()
     34        d['email'] = getattr(app_obj, 'app_email', '')
     35    except:
     36        d['email'] = 'not accessible'
    3537return d           
  • WAeUP_SRP/trunk/skins/waeup_student/lecturer_course_edit.py

    r3820 r4033  
    3232requested_id = context.getStudentId()
    3333if not 'Lecturers' in groups and not context.isSectionOfficer():
    34     logger.info('%s tried to access course result of %s but is not a lecturer' % (member_id,requested_id))
     34    logger.info('%s tried to access course result record of %s but is not a lecturer' % (member_id,requested_id))
    3535    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
    3636
    3737student_id = requested_id
     38student_record = context.students_catalog.getRecordByKey(student_id)
     39if student_record.review_state != 'courses_validated':
     40    logger.info('%s tried to access non-validated course result record of %s' % (member_id,requested_id))
     41    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
     42
    3843
    3944level_id = context.getId()
     
    5156#set_trace()
    5257if str(lecturer_id) != member_id and not context.isSectionOfficer():
    53     logger.info('%s tried to access course result %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
     58    logger.info('%s tried to access course result record %s of %s but is not a lecturer of this course' % (member_id,course_id,requested_id))
    5459    return REQUEST.RESPONSE.redirect("%s/srp_anonymous_view" % context.portal_url())
    5560
Note: See TracChangeset for help on using the changeset viewer.