fix: check ptype for permission if not admin

lms/lms/api.py

@@ -31,6 +31,7 @@ from pypika import functions as fn
 
 from lms.lms.doctype.course_lesson.course_lesson import save_progress
 from lms.lms.utils import (
+	LMS_ROLES,
 	can_modify_batch,
 	can_modify_course,
 	get_average_rating,
@@ -607,12 +608,7 @@ def check_app_permission():
 	if frappe.session.user == "Administrator":
 		return True
 
-	roles = frappe.get_roles()
-	lms_roles = ["Moderator", "Course Creator", "Batch Evaluator", "LMS Student"]
-	if any(role in roles for role in lms_roles):
-		return True
-
-	return False
+	return has_lms_role()
 
 
 @frappe.whitelist()
@@ -1723,7 +1719,7 @@ def get_profile_details(username: str):
 	roles = frappe.get_roles(details.name)
 	if not has_lms_role():
 		frappe.throw(
-			_("User does not have permission to access this users profile details."), frappe.PermissionError
+			_("User does not have permission to access this user's profile details."), frappe.PermissionError
 		)
 	details.roles = roles
 	return details

lms/lms/doctype/lms_badge/lms_badge.py

@@ -70,14 +70,17 @@ def assign_badge(badge_name: str):
 		["name", "event", "reference_doctype", "condition", "user_field"],
 		as_dict=True,
 	)
+	if not badge:
+		frappe.throw(_("Badge {0} not found").format(badge_name), frappe.DoesNotExistError)
+
 	if not badge.event == "Manual Assignment":
 		return
 
 	fields = ["name"]
 	fields.append(badge.user_field)
-	list = frappe.get_all(badge.reference_doctype, filters=json.loads(badge.condition), fields=fields)
+	docs = frappe.get_all(badge.reference_doctype, filters=json.loads(badge.condition), fields=fields)
 
-	for doc in list:
+	for doc in docs:
 		assignment_name = award(badge, doc.get(badge.user_field))
 		if assignment_name:
 			assignments.append(assignment_name)

lms/lms/doctype/lms_batch/lms_batch.py

@@ -407,6 +407,9 @@ def has_permission(doc, ptype="read", user=None):
 	if "Moderator" in roles or "Batch Evaluator" in roles:
 		return True
 
+	if ptype not in ("read", "select", "print"):
+		return False
+
 	is_enrolled = frappe.db.exists("LMS Batch Enrollment", {"batch": doc.name, "member": user})
 	if is_enrolled:
 		return True

lms/lms/doctype/lms_certificate/lms_certificate.py

@@ -222,6 +222,10 @@ def has_permission(doc, ptype="read", user=None):
 	roles = frappe.get_roles(user)
 	if "Moderator" in roles or "Course Creator" in roles or "Batch Evaluator" in roles:
 		return True
+	if doc.owner == user:
+		return True
+	if ptype not in ("read", "select", "print"):
+		return False
 	return doc.published
 
 

lms/lms/doctype/lms_live_class/lms_live_class.py

@@ -177,6 +177,9 @@ def has_permission(doc, ptype="read", user=None):
 	if "Moderator" in roles or "Batch Evaluator" in roles:
 		return True
 
+	if ptype not in ("read", "select", "print"):
+		return False
+
 	return frappe.db.exists(
 		"LMS Batch Enrollment",
 		{"batch": doc.batch_name, "member": user},

lms/lms/doctype/lms_program/lms_program.py

@@ -55,6 +55,9 @@ def has_permission(doc, ptype="read", user=None):
 	if "Moderator" in roles or "Course Creator" in roles:
 		return True
 
+	if ptype not in ("read", "select", "print"):
+		return False
+
 	is_enrolled = frappe.db.exists("LMS Program Member", {"parent": doc.name, "member": user})
 	if is_enrolled:
 		return True