template details

rowers/templates/trainingplan.html

@@ -366,7 +366,7 @@
 
 <p>Click on the cycle to fold out its contents.</p>
 
-<p>Click on the plan cycles to edit their names, start and end dates.
+<p>
   The gray "filler"
   cycles are generated, adjusted and deleted automatically to
   ensure the entire plan

rowers/templates/trainingplan_create.html

@@ -72,9 +72,17 @@
           <td> {{ plan.enddate }}</td>
           <td><a href="/rowers/plan/{{ plan.id }}">{{ plan.name }}</a></td>
           <td> {% if plan.status %} active {% else %} inactive {% endif %}</td>
-          <td> <a href="/rowers/editplan/{{ plan.id }}">Edit</a></td>
+          <td>
+            {% if request.user == plan.manager %}
+            <a href="/rowers/editplan/{{ plan.id }}">Edit</a>
+            {% endif %}
+          </td>
           <td> <a href="/rowers/plan/{{ plan.id }}">Plan</a></td>
-          <td> <a href="/rowers/deleteplan/{{ plan.id }}">Delete</a></td>
+          <td>
+            {% if request.user == plan.manager %}
+            <a href="/rowers/deleteplan/{{ plan.id }}">Delete</a>
+            {% endif %}
+          </td>
         </tr>
         {% endfor %}
       </tbody>

rowers/views.py

@@ -16588,7 +16588,8 @@ def rower_trainingplan_view(request,
     r = getrequestrower(request,userid=userid)
         
     if not checkaccessuser(request.user,plan.manager):
-        raise PermissionDenied("Access denied")
+        if request.user.rower not in plan.rowers.all():
+            raise PermissionDenied("Access denied")
 
     createmacrofillers(plan)
     macrocycles = TrainingMacroCycle.objects.filter(