From 59c427ef8d79925273bcefdf1b1612754081b8ac Mon Sep 17 00:00:00 2001
From: Tom Teichler <tom.teichler@teckids.org>
Date: Mon, 16 Sep 2019 13:24:21 +0200
Subject: [PATCH] Disallow creating lesson documentation for lessons in the
 future. Close #30.

---
 biscuit/apps/alsijil/views.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/biscuit/apps/alsijil/views.py b/biscuit/apps/alsijil/views.py
index 95a400cc4..f3a0f11d1 100644
--- a/biscuit/apps/alsijil/views.py
+++ b/biscuit/apps/alsijil/views.py
@@ -1,10 +1,10 @@
 from collections import OrderedDict
-from datetime import timedelta
+from datetime import datetime, timedelta
 from typing import Optional
 
 from django.contrib.auth.decorators import login_required
 from django.db.models import Count, Exists, F, OuterRef, Q, Sum
-from django.http import Http404, HttpRequest, HttpResponse
+from django.http import Http404, Http403, HttpRequest, HttpResponse
 from django.shortcuts import get_object_or_404, render
 from django.urls import reverse
 from django.utils.translation import ugettext as _
@@ -35,6 +35,9 @@ def lesson(request: HttpRequest, year: Optional[int] = None, week: Optional[int]
     if not lesson_period:
         raise Http404(_('You either selected an invalid lesson or there is currently no lesson in progress.'))
 
+    if lesson_period.lesson.periods.time_start < datetime.now() or lesson_period.lesson.get_calendar_week < CalendarWeek():
+        raise Http403(_('You are not allowed to create a lesson documentation for a lesson in the future.'))
+
     context['lesson_period'] = lesson_period
     context['week'] = wanted_week
     context['day'] = wanted_week[lesson_period.period.weekday - 1]
-- 
GitLab