sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

now working with permissions defined in models.py

Browse Source
This commit is contained in:
Sander Roosendaal
2020-01-11 15:23:26 +01:00
parent 67c3c1e4a3
commit 293d4dca17
7 changed files with 38 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
requirements.txt
View File

@@ -173,9 +173,10 @@ ratelim==0.1.6
redis==3.2.1
requests==2.21.0
requests-oauthlib==1.2.0
rowingdata==2.5.7
rowingdata==2.5.9
rowingphysics==0.5.0
rq==0.13.0
rules==2.1
scipy==1.2.1
SecretStorage==3.1.1
Send2Trash==1.5.0

19
rowers/models.py
View File

@@ -60,7 +60,6 @@ from rowsandall_app.settings import (
@rules.predicate
def is_team_manager(user,team):
print('aap')
return team.manager == user
@rules.predicate
@@ -85,6 +84,12 @@ def can_view_team(user,team):
# team is private
return is_team_member(user,team) | is_team_manager(user,team)
# For Team functionality
rules.add_perm('teams.view_team',can_view_team)
rules.add_perm('teams.add_team',is_coach)
rules.add_perm('teams.change_team',is_team_manager)
rules.add_perm('teams.delete_team',is_team_manager)
# END PERMISSIONS
tweetapi = twitter.Api(consumer_key=TWEET_CONSUMER_KEY,
@@ -363,7 +368,9 @@ def is_not_basic(user):
)
# For future Team functionality
@python_2_unicode_compatible
class Team(RulesModel):
choices = (
@@ -384,13 +391,7 @@ class Team(RulesModel):
viewing = models.CharField(max_length=30,choices=viewchoices,default='allmembers',verbose_name='Sharing Behavior')
class Meta:
rules_permissions = {
"add": is_coach,
"change": is_team_manager,
"delete": is_team_manager,
"view": can_view_team,
}
def __str__(self):
return self.name

10
rowers/teams.py
View File

@@ -61,7 +61,7 @@ def handle_add_workouts_team(ws,t):
def update_team(t,name,manager,private,notes,viewing):
if not is_team_manager(t,manager):
if not is_team_manager(manager,t):
return (0,'You are not the manager of this team')
try:
t.name = name
@@ -214,7 +214,7 @@ def coach_remove_athlete(coach,rower):
def mgr_remove_member(id,manager,rower):
t = Team.objects.get(id=id)
if is_team_manager(t,manager):
if is_team_manager(manager,t):
remove_member(id,rower)
send_email_member_dropped(id,rower)
return (id,'Member removed')
@@ -346,7 +346,7 @@ def create_coaching_offer(coach,user):
def create_invite(team,manager,user=None,email=''):
r = Rower.objects.get(user=manager)
if not is_team_manager(team,manager):
if not is_team_manager(manager,team):
return (0,'Not the team manager')
if user:
try:
@@ -434,7 +434,7 @@ def revoke_invite(manager,id):
except TeamInvite.DoesNotExist:
return (0,'The invitation is invalid')
if is_team_manager(invite.team,manager):
if is_team_manager(manager,invite.team):
invite.delete()
return (1,'Invitation revoked')
else:
@@ -446,7 +446,7 @@ def reject_request(manager,id):
except TeamRequest.DoesNotExist:
return (0,'The request is invalid')
if is_team_manager(rekwest.team,manager):
if is_team_manager(manager,rekwest.team):
send_request_reject_email(rekwest)
rekwest.delete()
return (1,'Request rejected')

2
rowers/tests/test_permissions.py
View File

@@ -1180,7 +1180,7 @@ class PermissionsViewTests(TestCase):
response = self.c.get(url,follow=True)
self.assertEqual(response.status_code,200)
expected_url = reverse('team_view',kwargs={'id':self.teampro.id})
expected_url = reverse('team_view',kwargs={'team_id':self.teampro.id})
self.assertRedirects(response,
expected_url = expected_url,

4
rowers/urls.py
View File

@@ -458,12 +458,12 @@ urlpatterns = [
re_path(r'^me/calcdps/$',views.rower_calcdps_view,name='rower_calcdps_view'),
re_path(r'^me/exportsettings/$',views.rower_exportsettings_view,name='rower_exportsettings_view'),
re_path(r'^me/exportsettings/user/(?P<userid>\d+)/$',views.rower_exportsettings_view,name='rower_exportsettings_view'),
re_path(r'^team/(?P<id>\d+)/$',views.team_view,name='team_view'),
re_path(r'^team/(?P<team_id>\d+)/$',views.team_view,name='team_view'),
re_path(r'^team/(?P<id>\d+)/memberstats/$',views.team_members_stats_view,name='team_members_stats_view'),
re_path(r'^team/(?P<id>\d+)/edit/$',views.team_edit_view,name='team_edit_view'),
re_path(r'^team/(?P<id>\d+)/leaveconfirm/$',views.team_leaveconfirm_view,name='team_leaveconfirm_view'),
re_path(r'^team/(?P<id>\d+)/leave/$',views.team_leave_view,name='team_leave_view'),
re_path(r'^team/(?P<id>\d+)/deleteconfirm/$',views.team_deleteconfirm_view,name='team_deleteconfirm_view'),
re_path(r'^team/(?P<team_id>\d+)/deleteconfirm/$',views.team_deleteconfirm_view,name='team_deleteconfirm_view'),
re_path(r'^team/(?P<teamid>\d+)/requestmembership/(?P<userid>\d+)/$',views.team_requestmembership_view,name='team_requestmembership_view'),
re_path(r'^me/coachrequest/(?P<id>\d+)/reject/$',views.reject_revoke_coach_request,
name='reject_revoke_coach_request'),

1
rowers/views/statements.py
View File

@@ -19,6 +19,7 @@ from django.db.models import Q
from django import template
from django.db import IntegrityError, transaction
from django.views.decorators.csrf import csrf_exempt
from django.shortcuts import get_object_or_404
from matplotlib.backends.backend_agg import FigureCanvas
import gc
from pyparsing import ParseException

32
rowers/views/teamviews.py
View File

@@ -5,10 +5,12 @@ from __future__ import unicode_literals
from rowers.views.statements import *
def get_team_by_pk(request,team_id):
return get_object_or_404(Team,pk=team_id)
#@login_required()
@permission_required('teams.view_team',fn=objectgetter(Team,'id'))
def team_view(request,id=0,userid=0):
@permission_required('teams.view_team',fn=get_team_by_pk,raise_exception=True)
def team_view(request,team_id=0,userid=0):
ismember = 0
hasrequested = 0
r = getrequestrower(request,userid=userid)
@@ -19,7 +21,7 @@ def team_view(request,id=0,userid=0):
try:
t = Team.objects.get(id=id)
t = Team.objects.get(id=team_id)
except Team.DoesNotExist:
raise Http404("Team doesn't exist")
@@ -84,7 +86,7 @@ def team_view(request,id=0,userid=0):
'name': 'Groups'
},
{
'url':reverse(team_view,kwargs={'id':id}),
'url':reverse(team_view,kwargs={'team_id':team_id}),
'name': t.name
}
]
@@ -120,7 +122,7 @@ def team_leaveconfirm_view(request,id=0):
'name': 'Groups'
},
{
'url':reverse(team_view,kwargs={'id':id}),
'url':reverse(team_view,kwargs={'team_id':id}),
'name': t.name
},
{
@@ -451,7 +453,7 @@ def team_requestmembership_view(request,teamid,userid):
url = reverse('team_view',kwargs={
'id':int(teamid),
'team_id':int(teamid),
})
@@ -572,7 +574,7 @@ def rower_invitations_view(request,code=None,message='',successmessage=''):
messages.info(request,text)
teamid=res
url = reverse(team_view,kwargs={
'id':teamid,
'team_id':teamid,
})
else:
messages.error(request,text)
@@ -610,7 +612,7 @@ def team_edit_view(request,id=0):
url = reverse(team_view,
kwargs={
'id':int(id),
'team_id':int(id),
}
)
@@ -628,7 +630,7 @@ def team_edit_view(request,id=0):
'name': 'Groups'
},
{
'url':reverse(team_view,kwargs={'id':id}),
'url':reverse(team_view,kwargs={'team_id':id}),
'name': t.name
},
{
@@ -710,11 +712,11 @@ def team_create_view(request):
})
#@login_required()
@permission_required('teams.delete_team',fn=objectgetter(Team,'id'))
def team_deleteconfirm_view(request,id):
@permission_required('teams.delete_team',fn=get_team_by_pk)
def team_deleteconfirm_view(request,team_id):
r = getrower(request.user)
try:
t = Team.objects.get(id=id)
t = Team.objects.get(id=team_id)
except Team.DoesNotExist:
raise Http404("This team doesn't exist")
if t.manager != request.user:
@@ -728,11 +730,11 @@ def team_deleteconfirm_view(request,id):
'name': 'Groups'
},
{
'url':reverse(team_view,kwargs={'id':id}),
'url':reverse(team_view,kwargs={'team_id':team_id}),
'name': t.name
},
{
'url':reverse(team_deleteconfirm_view,kwargs={'id':id}),
'url':reverse(team_deleteconfirm_view,kwargs={'team_id':team_id}),
'name': 'Leave'
}
]
@@ -784,7 +786,7 @@ def team_members_stats_view(request,id):
'name': 'Groups'
},
{
'url':reverse(team_view,kwargs={'id':id}),
'url':reverse(team_view,kwargs={'team_id':id}),
'name': t.name
},
{