passing tests - user / workouts permissions done

2020-01-12 22:10:20 +01:00
parent 9cbeb3fc2d
commit 09ae7cbe77
7 changed files with 40 additions and 56 deletions
--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -313,16 +313,18 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):

        if rowerid != 0:
            r = Rower.objects.get(id=rowerid)
+            u = r.user
        elif userid != 0:
            u = User.objects.get(id=userid)
            r = getrower(u)
        else:
            r = getrower(request.user)
+            u = r.user

    except Rower.DoesNotExist:
        raise Http404("Rower doesn't exist")

-    if userid != 0 and not is_coach_user(u,r):
+    if userid != 0 and not is_coach_user(u,request.user.rower):
        raise PermissionDenied("You have no access to this user")

    if notpermanent == False:
@@ -355,7 +357,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
    except Rower.DoesNotExist:
        raise Http404("Rower doesn't exist")

-    if not is_coach_user(request.user,r):
+    if not is_coach_user(r.user,request.user.rower):
        raise PermissionDenied("You have no access to this user")

    if notpermanent == False:
@@ -430,7 +432,6 @@ class SessionTaskListener(threading.Thread):
        for item in self.pubsub.listen():
            if item['data'] == "KILL":
                self.pubsub.unsubscribe()
-                print(self, "unsubscribed and finished")
                break
            else:
                self.work(item)