From e7cffb2c85bf742f088b5825e1e353e15346daa9 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Sat, 22 Feb 2020 15:38:47 +0100 Subject: [PATCH 1/4] fixed is_team_member rule --- rowers/rower_rules.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rowers/rower_rules.py b/rowers/rower_rules.py index 9a890920..8669cc43 100644 --- a/rowers/rower_rules.py +++ b/rowers/rower_rules.py @@ -259,9 +259,9 @@ def is_rower_team_member(user,rower): for team in teams: if team.private == 'open': - if team in rower.team.all(): + if team in user.rower.team.all(): return True - if team.manager == rower.user: + if team.manager == user: return True return False From 9b2f5eb7d194bdf682cdef5fbe8ef86ec42749b9 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Sat, 22 Feb 2020 15:58:28 +0100 Subject: [PATCH 2/4] bug fixing --- rowers/views/statements.py | 3 ++- rowers/views/workoutviews.py | 7 +------ 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/rowers/views/statements.py b/rowers/views/statements.py index 3bdac2cb..46bc0bce 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -45,7 +45,8 @@ from rowers.rower_rules import ( can_view_plan,can_change_plan,can_delete_plan, can_view_cycle,can_change_cycle,can_delete_cycle, can_add_workout_member,can_plan_user,is_paid_coach, - can_start_trial, can_start_plantrial,can_plan,is_workout_team + can_start_trial, can_start_plantrial,can_plan,is_workout_team, + is_promember, ) from django.shortcuts import render diff --git a/rowers/views/workoutviews.py b/rowers/views/workoutviews.py index ecdd672b..e2534c19 100644 --- a/rowers/views/workoutviews.py +++ b/rowers/views/workoutviews.py @@ -1762,12 +1762,7 @@ def workouts_view(request,message='',successmessage='', r = getrequestrower(request,rowerid=rowerid,userid=userid) # check if access is allowed - if not is_rower_team_member(request.user,r): - request.session['rowerid'] = request.user.rower.id - - raise PermissionDenied("Access denied") - - + startdate = datetime.datetime.combine(startdate,datetime.time()) enddate = datetime.datetime.combine(enddate,datetime.time(23,59,59)) From cea9b79428f16a80d08ba9f43e701a19c43f3aff Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Sun, 23 Feb 2020 10:06:59 +0100 Subject: [PATCH 3/4] bug fixing related to permissions --- rowers/urls.py | 3 ++- rowers/views/statements.py | 4 ++-- rowers/views/workoutviews.py | 7 ++++--- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/rowers/urls.py b/rowers/urls.py index 625ee831..44d4748a 100644 --- a/rowers/urls.py +++ b/rowers/urls.py @@ -356,7 +356,8 @@ urlpatterns = [ name='workout_video_view_mini'), re_path(r'^video/(?P\w.+)/$',views.workout_video_view, name='workout_video_view'), - re_path(r'^videos/',views.list_videos,name='list_videos'), + re_path(r'^videos/$',views.list_videos,name='list_videos'), + re_path(r'^videos/user/(?P\d+)/$',views.list_videos,name='list_videos'), re_path(r'^add-video/user/(?P\d+)/$',views.video_selectworkout,name='video_selectworkout'), re_path(r'^add-video/',views.video_selectworkout,name='video_selectworkout'), # re_path(r'^workout/(?P\d+)/$',views.workout_view,name='workout_view'), diff --git a/rowers/views/statements.py b/rowers/views/statements.py index 46bc0bce..c3ba97d0 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -374,8 +374,8 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False): userid = int(userid) rowerid = int(rowerid) - if userid == 0: - userid = request.user.id + #if userid == 0: + # userid = request.user.id if notpermanent == False: if rowerid == 0 and 'rowerid' in request.session: diff --git a/rowers/views/workoutviews.py b/rowers/views/workoutviews.py index e2534c19..cf92e55c 100644 --- a/rowers/views/workoutviews.py +++ b/rowers/views/workoutviews.py @@ -1762,7 +1762,7 @@ def workouts_view(request,message='',successmessage='', r = getrequestrower(request,rowerid=rowerid,userid=userid) # check if access is allowed - + startdate = datetime.datetime.combine(startdate,datetime.time()) enddate = datetime.datetime.combine(enddate,datetime.time(23,59,59)) @@ -5187,8 +5187,8 @@ def team_workout_upload_view(request,message="", # A page with all the recent graphs (searchable on workout name) @login_required() -def list_videos(request): - r = getrequestrower(request) +def list_videos(request,userid=0): + r = getrequestrower(request,userid=userid) workouts = Workout.objects.filter(user=r).order_by("-date", "-starttime") query = request.GET.get('q') if query: @@ -5222,6 +5222,7 @@ def list_videos(request): {'analyses': g, 'searchform':searchform, 'active':'nav-analysis', + 'rower':r, 'teams':get_my_teams(request.user), }) From 5dbe7d8dad7a388840c8dd1d33848cf18fe79836 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Sun, 23 Feb 2020 10:07:24 +0100 Subject: [PATCH 4/4] updated rowingdata version --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index 8f8eb580..d8a99a17 100644 --- a/requirements.txt +++ b/requirements.txt @@ -174,7 +174,7 @@ ratelim==0.1.6 redis==3.2.1 requests==2.21.0 requests-oauthlib==1.2.0 -rowingdata==2.6.7 +rowingdata==2.7.2 rowingphysics==0.5.0 rq==0.13.0 rules==2.1