diff --git a/routes b/routes index 16c16692e..711599b14 100644 --- a/routes +++ b/routes @@ -88,7 +88,7 @@ /users/#CryptoUUIDUser CUserR GET POST !lecturerANDparticipant /correctors CHiWisR GET /communication CCommR GET POST - /notes CNotesR GET POST !corrector !tutor -- THIS route is used to check for overall course corrector access! + /notes CNotesR GET POST !corrector -- THIS route is used to check for overall course corrector access! /subs CCorrectionsR GET POST /ex SheetListR GET !course-registered !materials !corrector /ex/new SheetNewR GET POST @@ -124,7 +124,7 @@ /load/*FilePath MFileR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor /download MArchiveR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor /zip MZipR GET !timeANDcourse-registered !timeANDmaterials !corrector !tutor - /tuts CTutorialListR GET !tutor + /tuts CTutorialListR GET !tutor -- THIS route is used to check for overall course tutor access! /tuts/new CTutorialNewR GET POST /tuts/#TutorialName TutorialR: /edit TEditR GET POST diff --git a/src/Handler/Tutorial.hs b/src/Handler/Tutorial.hs index b5743fb2c..140743ce8 100644 --- a/src/Handler/Tutorial.hs +++ b/src/Handler/Tutorial.hs @@ -201,10 +201,13 @@ postTCommR tid ssh csh tutn = do E.where_ $ tutorialUser E.^. TutorialParticipantUser E.==. E.val uid E.&&. tutorialUser E.^. TutorialParticipantTutorial E.==. E.val tutid - isAssociated <- evalAccessForDB (Just uid) (CourseR tid ssh csh CNotesR) False + isAssociatedCorrector <- evalAccessForDB (Just uid) (CourseR tid ssh csh CNotesR) False + isAssociatedTutor <- evalAccessForDB (Just uid) (CourseR tid ssh csh CTutorialListR) False + + mr <- getMsgRenderer return $ if | isTutorialUser -> Authorized - | otherwise -> isAssociated + | otherwise -> orAR mr isAssociatedCorrector isAssociatedTutor }