ClassViewSet retorna todos os resultados se usuário não tiver nenhum role configurado #620
Description
Problema aparece no get_queryset da classe
timtec/core/views.py
def get_queryset(self):
queryset = super(ClassViewSet, self).get_queryset()
if self.request.user.is_staff or self.request.user.is_superuser:
return queryset
course_id = self.request.query_params.get('course')
if course_id:
try:
role = self.request.user.teaching_courses.get(course__id=course_id).role
except ObjectDoesNotExist:
role = ''
# if user is not coordinator or admin, only show his classes
if not role or role == 'assistant':
queryset = queryset.filter(assistant=self.request.user)
return queryset