added a permission (view_sittings) which allows users with that permission to view...

diff --git a/README.md b/README.md
index 34e9d3ade17dc909973cc929381d7a383e714197..4ebb78d82864605f653920f191b23593f06be1a7 100644 (file)
--- a/README.md
+++ b/README.md
@@ -27,6 +27,7 @@ Features of each quiz:
 * Multiple choice question type
 * True/False question type
 * Custom message displayed for those that pass or fail a quiz
+* Custom permission (view_sittings) added, allowing users with that permission to view quiz results from users
 
 
 

diff --git a/quiz/models.py b/quiz/models.py
index c0b69138e1f5fcbd4c0cd8af3bb3640951d2fbe9..373bcac5e01ff8a3ac882af63d034fb4c0b7f03f 100644 (file)
--- a/quiz/models.py
+++ b/quiz/models.py
@@ -329,6 +329,9 @@ class Sitting(models.Model):
 
     objects = SittingManager()
 
+    class Meta:
+        permissions = (("view_sittings", "Can see completed exams."),)
+
     def get_first_question(self):
         """
         Returns the next question.

diff --git a/quiz/tests.py b/quiz/tests.py
index 1ddb2fa2f6a3a1255f58be94ccd38ad85a18ecc7..17c5ab7b333625ee9c6a94dd48f067b1a199c16b 100644 (file)
--- a/quiz/tests.py
+++ b/quiz/tests.py
@@ -1,7 +1,8 @@
 # -*- coding: iso-8859-15 -*-
 
 from django.conf import settings
-from django.contrib.auth.models import User
+from django.contrib.auth.models import User, Permission
+from django.contrib.contenttypes.models import ContentType
 from django.core.exceptions import ValidationError
 from django.core.urlresolvers import resolve
 from django.http import HttpRequest
@@ -356,6 +357,14 @@ class TestNonQuestionViews(TestCase):
                              status_code=302, target_status_code=404 or 200)
 
         self.client.login(username='yoda', password='use_d@_force')
+        response = self.client.get('/q/marking/')
+        self.assertRedirects(response, 'accounts/login/?next=/q/marking/',
+                             status_code=302, target_status_code=404 or 200)
+
+        self.assertFalse(teacher.has_perm('view_sittings', teacher))
+        teacher.user_permissions.add(
+            Permission.objects.get(codename='view_sittings'))
+
         response = self.client.get('/q/marking/')
         self.assertContains(response, 'test quiz 1')
 

diff --git a/quiz/views.py b/quiz/views.py
index 619862cfe28fe322d67d7e29c7b1c48b6bff5f26..7f63556264ad5d6bb09dbb4d4af4204f5f9d9b2d 100644 (file)
--- a/quiz/views.py
+++ b/quiz/views.py
@@ -1,6 +1,6 @@
 import random
 
-from django.contrib.auth.decorators import login_required
+from django.contrib.auth.decorators import login_required, permission_required
 from django.shortcuts import get_object_or_404, render, render_to_response
 from django.template import RequestContext
 from django.utils.decorators import method_decorator
@@ -10,6 +10,13 @@ from .forms import QuestionForm
 from .models import Quiz, Category, Progress, Sitting, Question
 
 
+class QuizMarkerMixin(object):
+    @method_decorator(login_required)
+    @method_decorator(permission_required('quiz.view_sittings'))
+    def dispatch(self, *args, **kwargs):
+        return super(QuizMarkerMixin, self).dispatch(*args, **kwargs)
+
+
 class QuizListView(ListView):
     model = Quiz
 
@@ -63,10 +70,9 @@ class QuizUserProgressView(TemplateView):
         return context
 
 
-class QuizMarkingList(ListView):
+class QuizMarkingList(QuizMarkerMixin, ListView):
     model = Sitting
 
-    @method_decorator(login_required)
     def dispatch(self, request, *args, **kwargs):
         return super(QuizMarkingList, self).dispatch(request, *args, **kwargs)
 
@@ -75,10 +81,9 @@ class QuizMarkingList(ListView):
         return queryset.filter(complete=True)
 
 
-class QuizMarkingDetail(DetailView):
+class QuizMarkingDetail(QuizMarkerMixin, DetailView):
     model = Sitting
 
-    @method_decorator(login_required)
     def dispatch(self, request, *args, **kwargs):
         return super(QuizMarkingDetail, self)\
             .dispatch(request, *args, **kwargs)