sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

list view improved

Browse Source
This commit is contained in:
Sander Roosendaal
2019-02-22 13:51:08 +01:00
parent e0c6e8d449
commit 0d1884962b
7 changed files with 86 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
rowers/models.py
View File

@@ -1024,6 +1024,25 @@ def checkworkoutuser(user,workout):
except Rower.DoesNotExist: except Rower.DoesNotExist:
return False return False
# Check if workout may be viewed by this user
def checkworkoutuserview(user,workout):
if user.is_anonymous():
return False
try:
r = Rower.objects.get(user=user)
if workout.user == r:
return True
teams = workout.user.team.all()
for team in teams:
if team in r.team.all():
return True
return False
except Rower.DoesNotExist:
return False
return False
def checkviewworkouts(user,rower): def checkviewworkouts(user,rower):
try: try:
r = user.rower r = user.rower

9
rowers/plannedsessions.py
View File

@@ -473,13 +473,14 @@ def remove_rower_session(r,ps):
return 1 return 1
def get_dates_timeperiod(request,startdatestring='',enddatestring=''): def get_dates_timeperiod(request,startdatestring='',enddatestring='',
defaulttimeperiod='thisweek'):
# set start end date according timeperiod # set start end date according timeperiod
timeperiod = request.GET.get('when') timeperiod = request.GET.get('when')
if not timeperiod: if not timeperiod:
timeperiod = 'thisweek' timeperiod = defaulttimeperiod
startdatestring = request.GET.get('startdate') startdatestring = request.GET.get('startdate')
enddatestring = request.GET.get('enddate') enddatestring = request.GET.get('enddate')
@@ -536,6 +537,10 @@ def get_dates_timeperiod(request,startdatestring='',enddatestring=''):
enddate = startdate+timezone.timedelta(days=32) enddate = startdate+timezone.timedelta(days=32)
enddate = enddate.replace(day=1) enddate = enddate.replace(day=1)
enddate = enddate-timezone.timedelta(days=1) enddate = enddate-timezone.timedelta(days=1)
elif timeperiod=='lastyear':
today = date.today()
startdate = today-timezone.timedelta(days=365)
enddate = today+timezone.timedelta(days=1)
elif daterangetester.match(timeperiod): elif daterangetester.match(timeperiod):
tstartdatestring = daterangetester.match(timeperiod).group(1) tstartdatestring = daterangetester.match(timeperiod).group(1)
tenddatestring = daterangetester.match(timeperiod).group(2) tenddatestring = daterangetester.match(timeperiod).group(2)

12
rowers/templates/list_workouts.html
View File

@@ -129,7 +129,7 @@
{% if workouts.has_next %} {% if workouts.has_next %}
{% if request.GET.q %} {% if request.GET.q %}
<a href="/rowers/list-workouts/{{ startdate|date:"Y-m-d" }}/{{ enddate|date:"Y-m-d" }}/?page={{ workouts.next_page_number }}&q={{ request.GET.q }}"> <a href="{{ request.path }}?page={{ workouts.next_page_number }}&q={{ request.GET.q }}&when={{ timeperiod }}">
<i class="fas fa-arrow-alt-right"></i> <i class="fas fa-arrow-alt-right"></i>
</a> </a>
<a <a
@@ -137,7 +137,7 @@
<i class="fas fa-arrow-alt-to-right"></i> <i class="fas fa-arrow-alt-to-right"></i>
</a> </a>
{% else %} {% else %}
<a href="/rowers/list-workouts/{{ startdate|date:"Y-m-d" }}/{{ enddate|date:"Y-m-d" }}/?page={{ workouts.next_page_number }}"> <a href="{{ request.path }}?page={{ workouts.next_page_number }}&when={{ timeperiod }}">
<i class="fas fa-arrow-alt-right"></i> <i class="fas fa-arrow-alt-right"></i>
</a> </a>
<a href="?page={{ workouts.paginator.num_pages }}"> <a href="?page={{ workouts.paginator.num_pages }}">
@@ -216,7 +216,7 @@
{% if team %} {% if team %}
<td colspan="2"> <td colspan="2">
{% if workout|may_edit:request %} {% if workout|may_edit:request %}
<a class="small" href="/rowers/{{ workout.user.id }}/list-workouts/"> <a class="small" href="/rowers/list-workouts/user/{{ workout.user.user.id }}/">
{{ workout.user.user.first_name }} {{ workout.user.user.first_name }}
{{ workout.user.user.last_name }} {{ workout.user.user.last_name }}
</a> </a>
@@ -245,18 +245,14 @@
</a> </a>
</td> </td>
<td> <td>
{% if workout|may_edit:request %}
<a class="small" <a class="small"
href="/rowers/workout/{{ workout.id|encode }}/stats/" href="/rowers/workout/{{ workout.id|encode }}/stats/"
title="Stats"> title="Stats">
<i class="fal fa-table fa-fw"></i> <i class="fal fa-table fa-fw"></i>
</a> </a>
{% else %}
&nbsp;
{% endif %}
</td> </td>
<td> <td>
{% if workout.user.user == user or user == team.manager %} {% if workout|may_edit:request %}
<a class="small" href="/rowers/workout/{{ workout.id|encode }}/delete/" <a class="small" href="/rowers/workout/{{ workout.id|encode }}/delete/"
title="Delete"> title="Delete">
<i class="fas fa-trash-alt fa-fw"></i> <i class="fas fa-trash-alt fa-fw"></i>

5
rowers/templatetags/rowerfilters.py
View File

@@ -470,7 +470,7 @@ def userurl(path,member):
userstring = 'user/%s/' % member.id userstring = 'user/%s/' % member.id
# remove team # remove team
tpattern = re.compile('\/team\/\d+/') tpattern = re.compile('team\/\d+/')
if tpattern.search(path) is not None: if tpattern.search(path) is not None:
path = tpattern.sub('',path) path = tpattern.sub('',path)
@@ -478,7 +478,7 @@ def userurl(path,member):
replaced = pattern.sub(userstring,path) replaced = pattern.sub(userstring,path)
else: else:
replaced = path+userstring replaced = path+userstring
return replaced return replaced
@register.filter @register.filter
@@ -497,6 +497,7 @@ def teamurl(path,team):
else: else:
replaced = path+teamstring replaced = path+teamstring
return replaced return replaced
@register.filter @register.filter

37
rowers/tests/test_permissions.py
View File

@@ -958,6 +958,40 @@ class PermissionsViewTests(TestCase):
response = self.c.get(url) response = self.c.get(url)
self.assertEqual(response.status_code,200) self.assertEqual(response.status_code,200)
# stats
url = reverse('workout_view',
kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
)
response = self.c.get(url)
self.assertEqual(response.status_code,200)
# workflow
url = reverse('workout_workflow_view',
kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
)
response = self.c.get(url)
self.assertEqual(response.status_code,200)
# stats
url = reverse('workout_stats_view',
kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
)
response = self.c.get(url)
self.assertEqual(response.status_code,200)
# compare
url = reverse('team_comparison_select',
kwargs={'id':encoder.encode_hex(self.uplan2_workouts[0].id)}
)
response = self.c.get(url)
self.assertEqual(response.status_code,200)
## Pro users (and higher) can join group led by other Pro (or higher) user ## Pro users (and higher) can join group led by other Pro (or higher) user
def test_team_member_request_pro_pro(self): def test_team_member_request_pro_pro(self):
@@ -1416,8 +1450,7 @@ class PermissionsCoachingTests(TestCase):
## Basic users can subscribe to any race ## Basic users can subscribe to any race
# group related
## group members can see but not edit each other's workouts and charts ###
## group members can see but not edit each other's plans ## group members can see but not edit each other's plans

12
rowers/views/statements.py
View File

@@ -367,6 +367,14 @@ def get_workout_permitted(user,id):
return w return w
def get_workout_permittedview(user,id):
w = get_workout(id)
if (checkworkoutuserview(user,w)==False):
raise PermissionDenied("Access denied")
return w
def getvalue(data): def getvalue(data):
perc = 0 perc = 0
total = 1 total = 1
@@ -944,7 +952,9 @@ from rowers.utils import (
import rowers.datautils as datautils import rowers.datautils as datautils
from rowers.models import checkworkoutuser,checkaccessuser,checkviewworkouts from rowers.models import (
checkworkoutuser,checkaccessuser,checkviewworkouts,checkworkoutuserview
)
# Check if a user is a Coach member # Check if a user is a Coach member
def iscoachmember(user): def iscoachmember(user):

23
rowers/views/workoutviews.py
View File

@@ -737,8 +737,8 @@ def team_comparison_select(request,
if id: if id:
firstworkout = get_workout(id) firstworkout = get_workout(id)
if not checkworkoutuser(request.user,firstworkout): if not checkworkoutuserview(request.user,firstworkout):
raise PermissionDenied("You are not allowed to sue this workout") raise PermissionDenied("You are not allowed to use this workout")
firstworkoutquery = Workout.objects.filter(id=encoder.decode_hex(id)) firstworkoutquery = Workout.objects.filter(id=encoder.decode_hex(id))
workouts = firstworkoutquery | workouts workouts = firstworkoutquery | workouts
@@ -1160,10 +1160,9 @@ def multi_compare_view(request,id=0,userid=0):
# List Workouts # List Workouts
@login_required() @login_required()
def workouts_view(request,message='',successmessage='', def workouts_view(request,message='',successmessage='',
startdatestring='',
enddatestring='',
teamid=0,rankingonly=False,rowerid=0,userid=0): teamid=0,rankingonly=False,rowerid=0,userid=0):
startdate,enddate = get_dates_timeperiod(request,defaulttimeperiod='lastyear')
request.session['referer'] = absolute(request)['PATH'] request.session['referer'] = absolute(request)['PATH']
r = getrequestrower(request,rowerid=rowerid,userid=userid) r = getrequestrower(request,rowerid=rowerid,userid=userid)
@@ -1171,15 +1170,6 @@ def workouts_view(request,message='',successmessage='',
if not checkviewworkouts(request.user,r): if not checkviewworkouts(request.user,r):
raise PermissionDenied("Access denied") raise PermissionDenied("Access denied")
if startdatestring:
startdate = iso8601.parse_date(startdatestring)
else:
startdate = datetime.date.today()-datetime.timedelta(days=365)
if enddatestring:
enddate = iso8601.parse_date(enddatestring)
else:
enddate = datetime.date.today()
startdate = datetime.datetime.combine(startdate,datetime.time()) startdate = datetime.datetime.combine(startdate,datetime.time())
@@ -1352,7 +1342,7 @@ def workouts_view(request,message='',successmessage='',
'name':'Workouts' 'name':'Workouts'
}, },
] ]
timeperiod = startdate.strftime('%Y-%m-%d')+'/'+enddate.strftime('%Y-%m-%d')
return render(request, 'list_workouts.html', return render(request, 'list_workouts.html',
{'workouts': workouts, {'workouts': workouts,
'active': 'nav-workouts', 'active': 'nav-workouts',
@@ -1368,6 +1358,7 @@ def workouts_view(request,message='',successmessage='',
'teams':get_my_teams(request.user), 'teams':get_my_teams(request.user),
'interactiveplot':script, 'interactiveplot':script,
'the_div':div, 'the_div':div,
'timeperiod':timeperiod,
}) })
@@ -2489,7 +2480,7 @@ def workout_stats_view(request,id=0,message="",successmessage=""):
# prepare data frame # prepare data frame
datadf,row = dataprep.getrowdata_db(id=encoder.decode_hex(id)) datadf,row = dataprep.getrowdata_db(id=encoder.decode_hex(id))
if (checkworkoutuser(request.user,row)==False): if (checkworkoutuserview(request.user,row)==False):
raise PermissionDenied('Access Denied') raise PermissionDenied('Access Denied')
datadf = dataprep.clean_df_stats(datadf,workstrokesonly=workstrokesonly) datadf = dataprep.clean_df_stats(datadf,workstrokesonly=workstrokesonly)
@@ -2725,7 +2716,7 @@ def workout_workflow_view(request,id):
request.session['referer'] = absolute(request)['PATH'] request.session['referer'] = absolute(request)['PATH']
request.session['lastworkout'] = id request.session['lastworkout'] = id
request.session[translation.LANGUAGE_SESSION_KEY] = USER_LANGUAGE request.session[translation.LANGUAGE_SESSION_KEY] = USER_LANGUAGE
row = get_workout_permitted(request.user,id) row = get_workout_permittedview(request.user,id)
r = getrower(request.user) r = getrower(request.user)
result = request.user.is_authenticated() and ispromember(request.user) result = request.user.is_authenticated() and ispromember(request.user)