passing tests - user / workouts permissions done
This commit is contained in:
Sander Roosendaal
@@ -1697,7 +1697,7 @@ def plannedsession_edit_view(request,id=0,userid=0):
|
||||
})
|
||||
|
||||
|
||||
@permission_required('workout.change_workout',fn=objectgetter(Workout, 'id'))
|
||||
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
|
||||
def plannedsession_detach_view(request,id=0,psid=0):
|
||||
|
||||
r = getrequestrower(request)
|
||||
@@ -1959,7 +1959,7 @@ class PlannedSessionDelete(DeleteView):
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(PlannedSessionDelete, self).get_object(*args, **kwargs)
|
||||
m = Rower.objects.get(user=obj.manager)
|
||||
if not is_coach_user(m,self.request.user.rower):
|
||||
if not is_coach_user(m.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to delete this planned session')
|
||||
|
||||
return obj
|
||||
@@ -2140,7 +2140,7 @@ class TrainingPlanDelete(DeleteView):
|
||||
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs)
|
||||
if not is_coach_user(obj.manager.user,self.request.user):
|
||||
if not is_coach_user(obj.manager.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to delete this training plan')
|
||||
|
||||
return obj
|
||||
@@ -2206,7 +2206,7 @@ class MicroCycleDelete(DeleteView):
|
||||
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(MicroCycleDelete, self).get_object(*args, **kwargs)
|
||||
if not is_coach_user(obj.plan.plan.plan.manager.user,self.request.user):
|
||||
if not is_coach_user(obj.plan.plan.plan.manager.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to delete this training plan cycle')
|
||||
return obj
|
||||
|
||||
@@ -2268,7 +2268,7 @@ class MesoCycleDelete(DeleteView):
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(MesoCycleDelete, self).get_object(*args, **kwargs)
|
||||
|
||||
if not is_coach_user(obj.plan.plan.manager.user,self.request.user):
|
||||
if not is_coach_user(obj.plan.plan.manager.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to delete this training plan cycle')
|
||||
|
||||
return obj
|
||||
@@ -2322,7 +2322,7 @@ class MacroCycleDelete(DeleteView):
|
||||
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(MacroCycleDelete, self).get_object(*args, **kwargs)
|
||||
if not is_coach_user(obj.plan.manager.user,self.request.user):
|
||||
if not is_coach_user(obj.plan.manager.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to delete this training plan cycle')
|
||||
|
||||
return obj
|
||||
@@ -2345,7 +2345,7 @@ def rower_trainingplan_execution_view(request,
|
||||
plan = TrainingPlan.objects.get(id=id)
|
||||
except TrainingPlan.DoesNotExist:
|
||||
raise Http404("Training Plan Does Not Exist")
|
||||
if not is_coach_user(plan.manager.user,request.user):
|
||||
if not is_coach_user(plan.manager.user,request.user.rower):
|
||||
if request.user.rower not in plan.rowers.all():
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
@@ -2439,7 +2439,7 @@ def rower_trainingplan_view(request,
|
||||
|
||||
r = getrequestrower(request,userid=userid)
|
||||
|
||||
if not is_coach_user(plan.manager.user,request.user):
|
||||
if not is_coach_user(plan.manager.user,request.user.rower):
|
||||
if request.user.rower not in plan.rowers.all():
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
@@ -2568,7 +2568,7 @@ class TrainingMacroCycleUpdate(UpdateView):
|
||||
if obj.plan.manager is not None and self.request.user.rower != obj.plan.manager:
|
||||
raise PermissionDenied('You are not allowed to edit this training plan cycle')
|
||||
|
||||
if not is_coach_user(plan.manager.user,self.request.user):
|
||||
if not is_coach_user(obj.plan.manager.user,self.request.user.rower):
|
||||
raise PermissionDenied('You are not allowed to edit this training plan cycle')
|
||||
else:
|
||||
obj.type = 'userdefined'
|
||||
@@ -2850,7 +2850,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
|
||||
except TrainingMesoCycle.DoesNotExist:
|
||||
raise Http404("Training Cycle does not exist")
|
||||
|
||||
if not is_coach_user(cycle.plan.plan.manager.user,request.user):
|
||||
if not is_coach_user(cycle.plan.plan.manager.user,request.user.rower):
|
||||
raise PermissionDenied("You are not allowed to do this")
|
||||
|
||||
micros = TrainingMicroCycle.objects.filter(plan=cycle)
|
||||
@@ -2905,7 +2905,7 @@ def planmacrocyclebymonth(request,id=0,userid=0):
|
||||
except TrainingMacroCycle.DoesNotExist:
|
||||
raise Http404("Training Cycle does not exist")
|
||||
|
||||
if not is_coach_user(cycle.plan.manager.user,request.user):
|
||||
if not is_coach_user(cycle.plan.manager.user,request.user.rower):
|
||||
raise PermissionDenied("You are not allowed to do this")
|
||||
|
||||
mesos = TrainingMesoCycle.objects.filter(plan=cycle)
|
||||
|
||||
Reference in New Issue
Block a user