Fix former GiP students still reserving rooms

website/room_reservation/views.py

@@ -84,10 +84,17 @@ def load_json(self):
     def can_edit(self, reservation):
         """Return true if the reservation can be edited by the logged in user."""
         return (
-            self.request.user.has_perms(
-                ["room_reservation.change_reservation", "room_reservation.delete_reservation"], reservation
-            )
-            or self.request.user == reservation.reservee
+            self.request.user == reservation.reservee
+            or self.request.user.is_superuser
+        )
+
+    def can_create(self):
+        """Return true if the reservation can be created by the logged in user."""
+        current_semester = Semester.objects.get_or_create_current_semester()
+
+        return (
+            self.request.user.registration_set.filter(projects_set__semester=current_semester).exists()
+            or self.request.user.is_superuser
         )
 
 
@@ -147,6 +154,9 @@ def post(self, request, *args, **kwargs):
             room, start_time, end_time = self.load_json()
         except (KeyError, JSONDecodeError):
             return HttpResponseBadRequest(json.dumps({"ok": "False", "message": "Bad request"}))
+
+        if not self.can_create():
+            return JsonResponse({"ok": False, "message": "You are not allowed to make reservations."})
 
         ok, message = self.validate(room, start_time, end_time)
         if not ok: