Merge pull request #642 from pateljannat/course-permissions

fix: permissions

lms/www/assignments/assignment.py

@@ -1,12 +1,12 @@
 import frappe
 from frappe import _
-from lms.lms.utils import can_create_courses
+from lms.lms.utils import has_course_moderator_role, has_course_instructor_role
 
 
 def get_context(context):
 	context.no_cache = 1
 
-	if not can_create_courses():
+	if not has_course_moderator_role() or not has_course_instructor_role():
 		message = "You do not have permission to access this page."
 		if frappe.session.user == "Guest":
 			message = "Please login to access this page."

lms/www/batch/quiz.py

@@ -1,13 +1,13 @@
 import frappe
 from frappe.utils import cstr
 from frappe import _
-from lms.lms.utils import can_create_courses
+from lms.lms.utils import has_course_instructor_role, has_course_moderator_role
 
 
 def get_context(context):
 	context.no_cache = 1
 
-	if not can_create_courses():
+	if not has_course_moderator_role() or not has_course_instructor_role():
 		message = "You do not have permission to access this page."
 		if frappe.session.user == "Guest":
 			message = "Please login to access this page."

lms/www/batch/quiz_list.py

@@ -1,12 +1,12 @@
 import frappe
-from lms.lms.utils import can_create_courses, has_course_moderator_role
+from lms.lms.utils import has_course_instructor_role, has_course_moderator_role
 from frappe import _
 
 
 def get_context(context):
 	context.no_cache = 1
 
-	if not can_create_courses():
+	if not has_course_moderator_role() or not has_course_instructor_role():
 		message = "You do not have permission to access this page."
 		if frappe.session.user == "Guest":
 			message = "Please login to access this page."

lms/www/courses/course.py

@@ -23,7 +23,7 @@ def get_context(context):
 		redirect_to_courses_list()
 
 	if course_name == "new-course":
-		if not can_create_courses():
+		if not can_create_courses(course_name):
 			message = "You do not have permission to access this page."
 			if frappe.session.user == "Guest":
 				message = "Please login to access this page."

lms/www/courses/create.py

@@ -15,7 +15,7 @@ def get_context(context):
 	except KeyError:
 		redirect_to_courses_list()
 
-	if not can_create_courses():
+	if not can_create_courses(course_name):
 		message = "You do not have permission to access this page."
 		if frappe.session.user == "Guest":
 			message = "Please login to access this page."

lms/www/courses/index.py

@@ -1,13 +1,13 @@
 import frappe
 from frappe import _
 from lms.lms.utils import (
-	can_create_courses,
 	check_profile_restriction,
 	get_restriction_details,
 	has_course_moderator_role,
 	get_courses_under_review,
 	get_average_rating,
 	check_multicurrency,
+	has_course_instructor_role,
 )
 from lms.overrides.user import get_enrolled_courses, get_authored_courses
 
@@ -21,7 +21,17 @@ def get_context(context):
 	context.created_courses = get_authored_courses(None, False)
 	context.review_courses = get_courses_under_review()
 	context.restriction = check_profile_restriction()
-	context.show_creators_section = can_create_courses()
+
+	portal_course_creation = frappe.db.get_single_value(
+		"LMS Settings", "portal_course_creation"
+	)
+	context.show_creators_section = (
+		True
+		if portal_course_creation == "Anyone"
+		or has_course_moderator_role()
+		or has_course_instructor_role()
+		else False
+	)
 	context.show_review_section = (
 		has_course_moderator_role() and frappe.session.user != "Guest"
 	)

lms/www/courses/outline.py

@@ -10,7 +10,7 @@ def get_context(context):
 	if not frappe.db.exists("LMS Course", course_name):
 		redirect_to_courses_list()
 
-	if not can_create_courses():
+	if not can_create_courses(course_name):
 		message = "You do not have permission to access this page."
 		if frappe.session.user == "Guest":
 			message = "Please login to access this page."