A few more fixes

rowers/rower_rules.py

@@ -98,6 +98,10 @@ def can_start_plantrial(user):
 
     return user.rower.plantrialexpires == datetime.date(1970,1,1)
 
+@rules.predicate
+def is_staff(user):
+    return user.is_staff
+
 @rules.predicate
 def is_coach(user):
     return user.rower.rowerplan in ['coach','freecoach']
@@ -274,6 +278,7 @@ def can_plan_user(user,rower):
 rules.add_perm('rower.add_plan',can_plan_user) # replaces checkaccessplanuser
 rules.add_perm('rower.is_coach',is_coach_user) # replaces checkaccessuser
 rules.add_perm('rower.is_pro',ispromember)
+rules.add_perm('rower.is_staff',is_staff)
 
 # WORKOUT permissions
 

rowers/tests/.~lock.viewnames.csv#

@@ -1 +1 @@
-,sander,sander-pc,01.02.2020 09:22,file:///home/sander/.config/libreoffice/4;
+,sander,sander-pc,01.02.2020 11:32,file:///home/sander/.config/libreoffice/4;

rowers/tests/viewnames.csv

@@ -58,12 +58,12 @@
 56,62,workout_forcecurve_view,force curve,TRUE,302,pro,200,302,pro,403,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,TRUE
 57,63,workout_unsubscribe_view,unsubscribe from comments,TRUE,302,basic,200,302,basic,200,302,basic,200,302,FALSE,FALSE,TRUE,FALSE,TRUE
 58,64,workout_comment_view,comment on workout,TRUE,302,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,TRUE
-59,65,workout_tcxemail_view,download TCX file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,TRUE,FALSE
-60,66,workout_gpxemail_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
-61,67,workout_csvemail_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
-62,68,workout_csvtoadmin_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
-63,69,workout_edit_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
-64,70,workout_map_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
+59,65,workout_tcxemail_view,download TCX file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,FALSE,TRUE
+60,66,workout_gpxemail_view,download GPX file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,FALSE,TRUE
+61,67,workout_csvemail_view,download CSV file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,FALSE,TRUE
+62,68,workout_csvtoadmin_view,send CSV to admin,TRUE,403,basic,200,200,basic,200,200,coach,200,200,TRUE,FALSE,TRUE,FALSE,TRUE
+63,69,workout_edit_view,Edit Workout,TRUE,403,basic,200,403,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,FALSE,TRUE
+64,70,workout_map_view,View workout Map,TRUE,302,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,TRUE,TRUE
 65,71,workout_update_cp_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE
 66,72,instroke_chart,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,FALSE,FALSE,FALSE
 67,73,instroke_view,,TRUE,200,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,FALSE,FALSE

rowers/views/exportviews.py

@@ -261,6 +261,7 @@ def workout_csvemail_view(request,id=0):
 
 # Get Workout CSV file and send it to user's email address
 @login_required()
+@permission_required('rower.is_staff',fn=get_user_by_userid,raise_exception=True)
 def workout_csvtoadmin_view(request,id=0):
     message = ""
     r = getrower(request.user)

rowers/views/paymentviews.py

@@ -647,6 +647,7 @@ def freecoach_register_view(request):
                        'next':nextpage,})
 
 @login_required()
+@permission_required('rower.is_staff',fn=get_user_by_userid,raise_exception=True)
 def transactions_view(request):
     if not request.user.is_staff:
         raise PermissionDenied("Not Allowed")
@@ -673,4 +674,3 @@ def transactions_view(request):
                   {
                       'dateform':dateform
                   })
-