From 0667227fc7ac593682769a9297587df39cc7a677 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Tue, 30 Apr 2024 07:10:24 +0200 Subject: [PATCH] fix --- rowers/views/apiviews.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py index 43f8d257..9ee2464b 100644 --- a/rowers/views/apiviews.py +++ b/rowers/views/apiviews.py @@ -36,6 +36,7 @@ class XMLParser(BaseParser): @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) def strokedataform(request, id=0): id = encoder.decode_hex(id) @@ -199,6 +200,7 @@ def api_get_dataframe(startdatetime, df): @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) def strokedataform_v2(request, id=0): id = encoder.decode_hex(id) @@ -378,6 +380,7 @@ def get_crewnerd_liked(request): @csrf_exempt @login_required() @api_view(["POST"]) +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @permission_classes([IsAuthenticated]) @parser_classes([XMLParser]) def strokedata_tcx(request): @@ -480,6 +483,7 @@ def strokedata_tcx(request): @csrf_exempt @login_required() @api_view(["POST"]) +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @permission_classes([IsAuthenticated]) def strokedatajson_v3(request): """ @@ -618,6 +622,7 @@ def strokedatajson_v3(request): # Return the GET stroke data according to the API definition @csrf_exempt @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @api_view(["GET", "POST"]) @permission_classes([IsAuthenticated]) def strokedatajson_v2(request, id): @@ -776,6 +781,7 @@ def strokedatajson_v2(request, id): @csrf_exempt @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @api_view(['GET', 'POST']) @permission_classes([IsAuthenticated]) def strokedatajson(request, id=0):