From a178516811fea31dec3f456ffcfd83311e46b0f6 Mon Sep 17 00:00:00 2001
From: Tanner Collin <git@tannercollin.com>
Date: Wed, 15 Jan 2020 01:31:41 +0000
Subject: [PATCH] Add separate session serializer for course list

---
 apiserver/apiserver/api/serializers.py | 8 ++++++--
 apiserver/apiserver/api/views.py       | 4 ++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py
index d75acfb..1a42ee2 100644
--- a/apiserver/apiserver/api/serializers.py
+++ b/apiserver/apiserver/api/serializers.py
@@ -229,6 +229,11 @@ class SessionSerializer(serializers.ModelSerializer):
     def get_student_count(self, obj):
         return len(obj.students.all())
 
+class SessionListSerializer(SessionSerializer):
+    class Meta:
+        model = models.Session
+        fields = '__all__'
+
 
 class CourseSerializer(serializers.ModelSerializer):
     class Meta:
@@ -236,12 +241,11 @@ class CourseSerializer(serializers.ModelSerializer):
         fields = '__all__'
 
 class CourseDetailSerializer(serializers.ModelSerializer):
-    sessions = SessionSerializer(many=True)
+    sessions = SessionListSerializer(many=True)
 
     class Meta:
         model = models.Course
         fields = '__all__'
-        depth = 1
 
 class AdminCourseSerializer(serializers.ModelSerializer):
     class Meta:
diff --git a/apiserver/apiserver/api/views.py b/apiserver/apiserver/api/views.py
index ac32cb5..8de4220 100644
--- a/apiserver/apiserver/api/views.py
+++ b/apiserver/apiserver/api/views.py
@@ -21,6 +21,10 @@ class IsOwnerOrAdmin(BasePermission):
     def has_object_permission(self, request, view, obj):
         return obj.user == request.user or is_admin_director(request.user)
 
+class IsInstructor(BasePermission):
+    def has_object_permission(self, request, view, obj):
+        return user.member.is_instructor
+
 
 class RetrieveUpdateViewSet(
         viewsets.GenericViewSet,