def is_authorized(self, request, object=None): if request.method == 'GET': return request.user.is_authenticated() else: return (request.user.is_authenticated() and (is_teacher(request.user, Course.objects.all()) or request.user.is_staff))
def _can_edit(self, id_user, course_slug, post_id=None): user = User.objects.get(pk=id_user) course = Course.objects.get(slug=course_slug) can_edit = False if user.is_superuser or is_teacher(user, course): can_edit = True elif post_id is not None: postCollection = get_db().get_collection(self.col_post) post = postCollection.find_one({"_id": ObjectId(post_id)}) can_edit = post["id_user"] == id_user return can_edit
def is_authenticated(self, request, **kwargs): return (is_teacher(request.user, Course.objects.all()) or request.user.is_staff)
def teacherness_test(user): return is_teacher(user, course) or user.is_staff