bug fixing - bugs detected by manually poking around on the site

need additional testing suite to systematically go through all permissions need additional permissions check at Model level - models.py
2020-01-17 14:33:56 +01:00
parent c186895e7a
commit 1c9bdc24b5
6 changed files with 19 additions and 18 deletions
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -193,15 +193,15 @@ def can_add_session(user):
 def can_plan(user):
    return user.rower.rowerplan in ['plan','coach','freecoach']

-# checks if rower is coach of user
+# checks if rower is coach of user (or is user himself)
@rules.predicate
 def is_coach_user(usercoach,userrower):
-    if not is_coach(usercoach):
-        return False
-
    if usercoach == userrower:
        return True

+    if not is_coach(usercoach):
+        return False
+
    r = userrower.rower

    coaches = []