Skip to content
Snippets Groups Projects
Commit cf5ff28d authored by Martin Mareš's avatar Martin Mareš
Browse files

When showing student threads, check that the student exists and is enrolled 

Closes #113.
parent 18dadb0e
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
Showing
with 8 additions and 1 deletion
owl/course.py
+ 8
1
View file @ cf5ff28d
......@@ -223,11 +223,18 @@ def topic_index(sident: str, cident: str, tident: str, student_uid: Optional[int
if student_uid is not None:
if not g.is_grader:
raise werkzeug.exceptions.Forbidden('Only graders are allowed to do that')
enroll = sess.scalar(
select(db.Enroll)
.filter_by(uid=student_uid, cid=g.course.cid, is_teacher=False)
.options(joinedload(db.Enroll.user))
)
if enroll is None:
raise werkzeug.exceptions.NotFound('No such student of this course')
if g.course.anon_grading and not g.is_teacher:
show_for_user = f'Student {student_uid}'
filename_base = str(student_uid)
else:
show_for_user = sess.get(db.User, student_uid).full_name()
show_for_user = enroll.user.full_name()
filename_base = show_for_user
else:
show_for_user = None
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment