From 17833f21f02da4ec17a6d29066b6c1c0f0400d29 Mon Sep 17 00:00:00 2001
From: Julian Leucker <leuckerj@gmail.com>
Date: Thu, 3 Sep 2020 17:20:27 +0200
Subject: [PATCH] Check permissions correctly

---
 .../alsijil/class_register/week_view.html     | 47 ++++++++++---------
 1 file changed, 25 insertions(+), 22 deletions(-)

diff --git a/aleksis/apps/alsijil/templates/alsijil/class_register/week_view.html b/aleksis/apps/alsijil/templates/alsijil/class_register/week_view.html
index 798797354..c18a79471 100644
--- a/aleksis/apps/alsijil/templates/alsijil/class_register/week_view.html
+++ b/aleksis/apps/alsijil/templates/alsijil/class_register/week_view.html
@@ -115,30 +115,33 @@
               <div class="collapsible-body">
                 <div class="collection">
                   {% for period in periods %}
-                    <a class="collection-item avatar"
-                       href="{% url 'lesson_by_week_and_period' week.year week.week period.id %}">
-                      {% include "alsijil/partials/lesson_status_icon.html" with period=period css_class="circle" color_suffix=" " %}
-                      <table class="hide-on-med-and-down">
-                        <tr>
-                          <th>{% trans "Subject" %}</th>
-                          <td>{{ period.period.period }}. {{ period.get_subject.name }}</td>
-                        </tr>
-                        {% if not group %}
+                    {% has_perm "alsijil.view_lessondocumentation" user period as can_view_lesson_documentation %}
+                    {% if can_view_lesson_documentation %}
+                      <a class="collection-item avatar"
+                         href="{% url 'lesson_by_week_and_period' week.year week.week period.id %}">
+                        {% include "alsijil/partials/lesson_status_icon.html" with period=period css_class="circle" color_suffix=" " %}
+                        <table class="hide-on-med-and-down">
                           <tr>
-                            <th>{% trans "Group" %}</th>
-                            <td>{{ period.lesson.group_names }}</td>
+                            <th>{% trans "Subject" %}</th>
+                            <td>{{ period.period.period }}. {{ period.get_subject.name }}</td>
                           </tr>
-                        {% endif %}
-                        <tr>
-                          <th>{% trans "Teachers" %}</th>
-                          <td>{{ period.lesson.teacher_names }}</td>
-                        </tr>
-                        <tr>
-                          <th>{% trans "Lesson Topic" %}</th>
-                          <td>{{ period.get_lesson_documentation.topic }}</td>
-                        </tr>
-                      </table>
-                    </a>
+                          {% if not group %}
+                            <tr>
+                              <th>{% trans "Group" %}</th>
+                              <td>{{ period.lesson.group_names }}</td>
+                            </tr>
+                          {% endif %}
+                          <tr>
+                            <th>{% trans "Teachers" %}</th>
+                            <td>{{ period.lesson.teacher_names }}</td>
+                          </tr>
+                          <tr>
+                            <th>{% trans "Lesson Topic" %}</th>
+                            <td>{{ period.get_lesson_documentation.topic }}</td>
+                          </tr>
+                        </table>
+                      </a>
+                    {% endif %}
                   {% endfor %}
                 </div>
               </div>
-- 
GitLab