def query_authorized?
      return false if current_user.blank?

      return false if course&.school != current_school