Skip to content

Commit

Permalink
fix: Fix permissions check for moving students (#2347)
Browse files Browse the repository at this point in the history
  • Loading branch information
faucomte97 authored Sep 10, 2024
1 parent a814e70 commit 00cb0c7
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions portal/views/teacher/teach.py
Original file line number Diff line number Diff line change
Expand Up @@ -868,12 +868,13 @@ def teacher_move_students_to_class(request, access_code):


def check_if_move_authorised(request, old_class, new_class):
# check user is authorised to deal with class
if request.user.new_teacher != old_class.teacher:
raise Http404
teacher = request.user.new_teacher

# check teacher authorised to transfer to new class
if request.user.new_teacher.school != new_class.teacher.school:
# check teacher has permission to edit old_class and that both classes
# are in the same school
if (
not teacher.is_admin and teacher != old_class.teacher
) or teacher.school != new_class.teacher.school:
raise Http404


Expand Down

0 comments on commit 00cb0c7

Please sign in to comment.