list view improved

rowers/models.py

@@ -1024,6 +1024,25 @@ def checkworkoutuser(user,workout):
     except Rower.DoesNotExist:
 	return False
 
+# Check if workout may be viewed by this user
+def checkworkoutuserview(user,workout):
+    if user.is_anonymous():
+        return False
+    try:
+	r = Rower.objects.get(user=user)
+        if workout.user == r:
+            return True
+        teams = workout.user.team.all()
+
+        for team in teams:
+            if team in r.team.all():
+                return True
+        return False
+    except Rower.DoesNotExist:
+	return False
+
+    return False
+
 def checkviewworkouts(user,rower):
     try:
         r = user.rower

rowers/plannedsessions.py

@@ -473,13 +473,14 @@ def remove_rower_session(r,ps):
 
     return 1
 
-def get_dates_timeperiod(request,startdatestring='',enddatestring=''):
+def get_dates_timeperiod(request,startdatestring='',enddatestring='',
+                         defaulttimeperiod='thisweek'):
     # set start end date according timeperiod
 
     timeperiod = request.GET.get('when')
 
     if not timeperiod:
-        timeperiod = 'thisweek'
+        timeperiod = defaulttimeperiod
 
     startdatestring = request.GET.get('startdate')
     enddatestring = request.GET.get('enddate')
@@ -536,6 +537,10 @@ def get_dates_timeperiod(request,startdatestring='',enddatestring=''):
         enddate = startdate+timezone.timedelta(days=32)
         enddate = enddate.replace(day=1)
         enddate = enddate-timezone.timedelta(days=1)
+    elif timeperiod=='lastyear':
+        today = date.today()
+        startdate = today-timezone.timedelta(days=365)
+        enddate = today+timezone.timedelta(days=1)            
     elif daterangetester.match(timeperiod):
         tstartdatestring = daterangetester.match(timeperiod).group(1)
         tenddatestring = daterangetester.match(timeperiod).group(2)

rowers/templates/list_workouts.html

@@ -129,7 +129,7 @@
         
         {% if workouts.has_next %}
         {% if request.GET.q %}
-        <a href="/rowers/list-workouts/{{ startdate|date:"Y-m-d" }}/{{ enddate|date:"Y-m-d" }}/?page={{ workouts.next_page_number }}&q={{ request.GET.q }}">
+        <a href="{{ request.path }}?page={{ workouts.next_page_number }}&q={{ request.GET.q }}&when={{ timeperiod }}">
           <i class="fas fa-arrow-alt-right"></i>
         </a>
         <a
@@ -137,7 +137,7 @@
           <i class="fas fa-arrow-alt-to-right"></i>
         </a>
         {% else %}
-        <a href="/rowers/list-workouts/{{ startdate|date:"Y-m-d" }}/{{ enddate|date:"Y-m-d" }}/?page={{ workouts.next_page_number }}">
+        <a href="{{ request.path }}?page={{ workouts.next_page_number }}&when={{ timeperiod }}">
           <i class="fas fa-arrow-alt-right"></i>
         </a>
         <a href="?page={{ workouts.paginator.num_pages }}">
@@ -216,7 +216,7 @@
           {% if team %}
           <td colspan="2">
           {% if workout|may_edit:request %}
-          <a class="small" href="/rowers/{{ workout.user.id }}/list-workouts/">
+          <a class="small" href="/rowers/list-workouts/user/{{ workout.user.user.id }}/">
             {{ workout.user.user.first_name }}
             {{ workout.user.user.last_name }}
           </a>
@@ -245,18 +245,14 @@
             </a>
           </td>
           <td>
-          {% if workout|may_edit:request %}
             <a class="small"
                href="/rowers/workout/{{ workout.id|encode }}/stats/"
                title="Stats">
               <i class="fal fa-table fa-fw"></i>
             </a>
-	    {% else %}
-	    &nbsp;
-	    {% endif %}
           </td>
           <td>
-          {% if workout.user.user == user or user == team.manager %}
+          {% if workout|may_edit:request %}
             <a class="small" href="/rowers/workout/{{ workout.id|encode }}/delete/"
                title="Delete">
               <i class="fas fa-trash-alt fa-fw"></i>

rowers/templatetags/rowerfilters.py

@@ -470,7 +470,7 @@ def userurl(path,member):
     userstring = 'user/%s/' % member.id
 
     # remove team
-    tpattern = re.compile('\/team\/\d+/')
+    tpattern = re.compile('team\/\d+/')
     if tpattern.search(path) is not None:
         path = tpattern.sub('',path)
     
@@ -478,7 +478,7 @@ def userurl(path,member):
         replaced = pattern.sub(userstring,path)
     else:
         replaced = path+userstring
-        
+
     return replaced
 
 @register.filter
@@ -497,6 +497,7 @@ def teamurl(path,team):
     else:
         replaced = path+teamstring
 
+
     return replaced
 
 @register.filter

rowers/tests/test_permissions.py

@@ -958,6 +958,40 @@ class PermissionsViewTests(TestCase):
 
         response = self.c.get(url)
         self.assertEqual(response.status_code,200)
+
+        # stats
+        url = reverse('workout_view',
+                      kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
+                      )
+
+        response = self.c.get(url)
+        self.assertEqual(response.status_code,200)
+        
+        # workflow
+        url = reverse('workout_workflow_view',
+                      kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
+                      )
+
+        response = self.c.get(url)
+        self.assertEqual(response.status_code,200)
+
+        # stats
+        url = reverse('workout_stats_view',
+                      kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
+                      )
+
+        response = self.c.get(url)
+        self.assertEqual(response.status_code,200)
+        
+        # compare
+        url = reverse('team_comparison_select',
+                      kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
+                      )
+
+        response = self.c.get(url)
+        self.assertEqual(response.status_code,200)
+        
+
         
     ## Pro users (and higher) can join group led by other Pro (or higher) user
     def test_team_member_request_pro_pro(self):
@@ -1416,8 +1450,7 @@ class PermissionsCoachingTests(TestCase):
 ## Basic users can subscribe to any race
 
 
-# group related
 
-## group members can see but not edit each other's workouts and charts
+###
 
 ## group members can see but not edit each other's plans

rowers/views/statements.py

@@ -367,6 +367,14 @@ def get_workout_permitted(user,id):
     
     return w
         
+def get_workout_permittedview(user,id):
+    w = get_workout(id)
+    
+    if (checkworkoutuserview(user,w)==False):
+        raise PermissionDenied("Access denied")
+    
+    return w
+        
 def getvalue(data):
     perc = 0
     total = 1
@@ -944,7 +952,9 @@ from rowers.utils import (
 
 import rowers.datautils as datautils
 
-from rowers.models import checkworkoutuser,checkaccessuser,checkviewworkouts
+from rowers.models import (
+    checkworkoutuser,checkaccessuser,checkviewworkouts,checkworkoutuserview
+    )
 
 # Check if a user is a Coach member
 def iscoachmember(user):

rowers/views/workoutviews.py

@@ -737,8 +737,8 @@ def team_comparison_select(request,
 
     if id:
         firstworkout = get_workout(id)
-        if not checkworkoutuser(request.user,firstworkout):
-            raise PermissionDenied("You are not allowed to sue this workout")
+        if not checkworkoutuserview(request.user,firstworkout):
+            raise PermissionDenied("You are not allowed to use this workout")
 
         firstworkoutquery = Workout.objects.filter(id=encoder.decode_hex(id))
         workouts = firstworkoutquery | workouts
@@ -1160,10 +1160,9 @@ def multi_compare_view(request,id=0,userid=0):
 # List Workouts    
 @login_required()
 def workouts_view(request,message='',successmessage='',
-                  startdatestring='',
-                  enddatestring='',
                   teamid=0,rankingonly=False,rowerid=0,userid=0):
 
+    startdate,enddate = get_dates_timeperiod(request,defaulttimeperiod='lastyear')
     request.session['referer'] = absolute(request)['PATH']
     r = getrequestrower(request,rowerid=rowerid,userid=userid)
 
@@ -1171,15 +1170,6 @@ def workouts_view(request,message='',successmessage='',
     if not checkviewworkouts(request.user,r):
         raise PermissionDenied("Access denied")
 
-    if startdatestring:
-        startdate = iso8601.parse_date(startdatestring)
-    else:
-        startdate = datetime.date.today()-datetime.timedelta(days=365)
-
-    if enddatestring:
-        enddate = iso8601.parse_date(enddatestring)
-    else:
-        enddate = datetime.date.today()
 
 
     startdate = datetime.datetime.combine(startdate,datetime.time())
@@ -1352,7 +1342,7 @@ def workouts_view(request,message='',successmessage='',
                 'name':'Workouts'
                 },
         ]
-    
+    timeperiod = startdate.strftime('%Y-%m-%d')+'/'+enddate.strftime('%Y-%m-%d')    
     return render(request, 'list_workouts.html',
                   {'workouts': workouts,
                    'active': 'nav-workouts',
@@ -1368,6 +1358,7 @@ def workouts_view(request,message='',successmessage='',
                    'teams':get_my_teams(request.user),
                    'interactiveplot':script,
                    'the_div':div,
+                   'timeperiod':timeperiod,
                    })
 
 
@@ -2489,7 +2480,7 @@ def workout_stats_view(request,id=0,message="",successmessage=""):
 
     # prepare data frame
     datadf,row = dataprep.getrowdata_db(id=encoder.decode_hex(id))
-    if (checkworkoutuser(request.user,row)==False):
+    if (checkworkoutuserview(request.user,row)==False):
         raise PermissionDenied('Access Denied')
 
     datadf = dataprep.clean_df_stats(datadf,workstrokesonly=workstrokesonly)
@@ -2725,7 +2716,7 @@ def workout_workflow_view(request,id):
     request.session['referer'] = absolute(request)['PATH']
     request.session['lastworkout'] = id
     request.session[translation.LANGUAGE_SESSION_KEY] = USER_LANGUAGE
-    row = get_workout_permitted(request.user,id)
+    row = get_workout_permittedview(request.user,id)
     
     r = getrower(request.user)
     result = request.user.is_authenticated() and ispromember(request.user)