Merge pull request #934 from BCStudentSoftwareDevTeam/Individual-cour…

…se-management-929

Restricted permissions to the course management page

app/controllers/serviceLearning/routes.py

@@ -22,20 +22,23 @@
 @serviceLearning_bp.route('/serviceLearning/courseManagement', methods = ['GET'])
 @serviceLearning_bp.route('/serviceLearning/courseManagement/<username>', methods = ['GET'])
 def serviceCourseManagement(username=None):
-    if g.current_user.isStudent:
-        abort(403)
-    if g.current_user.isCeltsAdmin or g.current_user.isFaculty:
-        setRedirectTarget("/serviceLearning/courseManagement")
+    try:
         user = User.get(User.username==username) if username else g.current_user
+    except DoesNotExist:
+        abort(404)
+
+    isRequestingForSelf = g.current_user == user 
+    if g.current_user.isCeltsAdmin or (g.current_user.isFaculty and isRequestingForSelf):
+        setRedirectTarget(request.full_path)
         courseDict = getServiceLearningCoursesData(user)
         termList = selectSurroundingTerms(g.current_term, prevTerms=0)
         return render_template('serviceLearning/slcManagement.html',
             user=user,
             courseDict=courseDict,
             termList=termList)
     else:
-        flash("Unauthorized to view page", 'warning')
-        return redirect(url_for('main.events', selectedTerm=g.current_term))
+        abort(403)
+
 
 @serviceLearning_bp.route('/serviceLearning/viewProposal/<courseID>', methods=['GET'])
 @serviceLearning_bp.route('/serviceLearning/editProposal/upload/<courseID>', methods=['GET'])