diff --git a/requirements.txt b/requirements.txt index 8f8eb580..d8a99a17 100644 --- a/requirements.txt +++ b/requirements.txt @@ -174,7 +174,7 @@ ratelim==0.1.6 redis==3.2.1 requests==2.21.0 requests-oauthlib==1.2.0 -rowingdata==2.6.7 +rowingdata==2.7.2 rowingphysics==0.5.0 rq==0.13.0 rules==2.1 diff --git a/rowers/rower_rules.py b/rowers/rower_rules.py index 9a890920..8669cc43 100644 --- a/rowers/rower_rules.py +++ b/rowers/rower_rules.py @@ -259,9 +259,9 @@ def is_rower_team_member(user,rower): for team in teams: if team.private == 'open': - if team in rower.team.all(): + if team in user.rower.team.all(): return True - if team.manager == rower.user: + if team.manager == user: return True return False diff --git a/rowers/urls.py b/rowers/urls.py index 625ee831..44d4748a 100644 --- a/rowers/urls.py +++ b/rowers/urls.py @@ -356,7 +356,8 @@ urlpatterns = [ name='workout_video_view_mini'), re_path(r'^video/(?P\w.+)/$',views.workout_video_view, name='workout_video_view'), - re_path(r'^videos/',views.list_videos,name='list_videos'), + re_path(r'^videos/$',views.list_videos,name='list_videos'), + re_path(r'^videos/user/(?P\d+)/$',views.list_videos,name='list_videos'), re_path(r'^add-video/user/(?P\d+)/$',views.video_selectworkout,name='video_selectworkout'), re_path(r'^add-video/',views.video_selectworkout,name='video_selectworkout'), # re_path(r'^workout/(?P\d+)/$',views.workout_view,name='workout_view'), diff --git a/rowers/views/statements.py b/rowers/views/statements.py index 3bdac2cb..c3ba97d0 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -45,7 +45,8 @@ from rowers.rower_rules import ( can_view_plan,can_change_plan,can_delete_plan, can_view_cycle,can_change_cycle,can_delete_cycle, can_add_workout_member,can_plan_user,is_paid_coach, - can_start_trial, can_start_plantrial,can_plan,is_workout_team + can_start_trial, can_start_plantrial,can_plan,is_workout_team, + is_promember, ) from django.shortcuts import render @@ -373,8 +374,8 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False): userid = int(userid) rowerid = int(rowerid) - if userid == 0: - userid = request.user.id + #if userid == 0: + # userid = request.user.id if notpermanent == False: if rowerid == 0 and 'rowerid' in request.session: diff --git a/rowers/views/workoutviews.py b/rowers/views/workoutviews.py index b31f7bac..df4e0705 100644 --- a/rowers/views/workoutviews.py +++ b/rowers/views/workoutviews.py @@ -1762,11 +1762,6 @@ def workouts_view(request,message='',successmessage='', r = getrequestrower(request,rowerid=rowerid,userid=userid) # check if access is allowed - if not is_rower_team_member(request.user,r): - request.session['rowerid'] = request.user.rower.id - - raise PermissionDenied("Access denied") - startdate = datetime.datetime.combine(startdate,datetime.time()) @@ -5192,8 +5187,8 @@ def team_workout_upload_view(request,message="", # A page with all the recent graphs (searchable on workout name) @login_required() -def list_videos(request): - r = getrequestrower(request) +def list_videos(request,userid=0): + r = getrequestrower(request,userid=userid) workouts = Workout.objects.filter(user=r).order_by("-date", "-starttime") query = request.GET.get('q') if query: @@ -5227,6 +5222,7 @@ def list_videos(request): {'analyses': g, 'searchform':searchform, 'active':'nav-analysis', + 'rower':r, 'teams':get_my_teams(request.user), })