passing tests

2020-01-13 19:40:22 +01:00
parent 926ff6d5e5
commit 489271317c
5 changed files with 29 additions and 25 deletions
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -103,15 +103,12 @@ def can_plan(user):

 # checks if rower is coach of user
@rules.predicate
-def is_coach_user(user,rower):
-    try:
-        r = user.rower
-    except AttributeError:
-        return False
-
-    if rower == r:
+def is_coach_user(usercoach,userrower):
+    if usercoach == userrower:
        return True

+    r = userrower.rower
+
    coaches = []

    for group in r.coachinggroups.all():
@@ -120,7 +117,7 @@ def is_coach_user(user,rower):
            coaches.append(coach)

    for coach in coaches:
-        if rower == coach:
+        if usercoach.rower == coach:
            return True

    return False
@@ -199,7 +196,7 @@ def is_workout_user(user,workout):
    if workout.user == r:
        return True

-    return is_coach_user(workout.user.user,user.rower)
+    return is_coach_user(user,workout.user.user)

 # check if user can see workout
@rules.predicate
--- a/rowers/tests/test_permissions.py
+++ b/rowers/tests/test_permissions.py
@@ -13,6 +13,7 @@ from django.db import transaction

 import rowers.teams as teams
 import rowers.plannedsessions as plannedsessions
+from rowers.rower_rules import is_coach_user

@override_settings(TESTING=True)
 class PermissionsFreeCoach(TestCase):
--- a/rowers/urls.py
+++ b/rowers/urls.py
@@ -518,7 +518,7 @@ urlpatterns = [
    re_path(r'^me/tprefresh/$',views.rower_tp_token_refresh,name='rower_tp_token_refresh'),
    re_path(r'^me/c2refresh/$',views.rower_c2_token_refresh,name='rower_c2_token_refresh'),
    re_path(r'^me/favoritecharts/$',views.rower_favoritecharts_view,name='rower_favoritecharts_view'),
-    re_path(r'^me/favoritecharts/user/(?P<userid>\d+)/$',views.rower_favoritecharts_view,name='rower_favoritecharts_view'),
+    re_path(r'^me/favoritecharts/user/(?P<id>\d+)/$',views.rower_favoritecharts_view,name='rower_favoritecharts_view'),
 #    re_path(r'^me/workflowconfig/$',views.workout_workflow_config_view),
    re_path(r'^me/workflowconfig2/$',views.workout_workflow_config2_view,name='workout_workflow_config2_view'),
    re_path(r'^me/workflowconfig2/user/(?P<userid>\d+)/$',views.workout_workflow_config2_view,name='workout_workflow_config2_view'),
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -1959,7 +1959,7 @@ class PlannedSessionDelete(DeleteView):
    def get_object(self, *args, **kwargs):
        obj = super(PlannedSessionDelete, self).get_object(*args, **kwargs)
        m = Rower.objects.get(user=obj.manager)
-        if not is_coach_user(m.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,m.user):
            raise PermissionDenied('You are not allowed to delete this planned session')

        return obj
@@ -2103,7 +2103,7 @@ def rower_delete_trainingtarget(request,id=0):
    except TrainingPlan.DoesNotExist:
        raise Http404("Training Plan Does Not Exist")

-    if is_coach_user(target.manager,request.user.rower):
+    if is_coach_user(request.user,target.manager):
        target.delete()
        messages.info(request,"We have deleted the training target")
    else:
@@ -2123,7 +2123,7 @@ def rower_delete_trainingplan(request,id=0):
    except TrainingPlan.DoesNotExist:
        raise Http404("Training Plan Does Not Exist")

-    if is_coach_user(plan.manager.user,request.user.rower):
+    if is_coach_user(request.user,plan.manager.user):
        plan.delete()
        messages.info(request,"We have deleted the training plan")
    else:
@@ -2140,7 +2140,7 @@ class TrainingPlanDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs)
-        if not is_coach_user(obj.manager.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,obj.manager.user):
            raise PermissionDenied('You are not allowed to delete this training plan')

        return obj
@@ -2206,7 +2206,7 @@ class MicroCycleDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(MicroCycleDelete, self).get_object(*args, **kwargs)
-        if not is_coach_user(obj.plan.plan.plan.manager.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,obj.plan.plan.plan.manager.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')
        return obj

@@ -2268,7 +2268,7 @@ class MesoCycleDelete(DeleteView):
    def get_object(self, *args, **kwargs):
        obj = super(MesoCycleDelete, self).get_object(*args, **kwargs)

-        if not is_coach_user(obj.plan.plan.manager.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,obj.plan.plan.manager.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')

        return obj
@@ -2322,7 +2322,7 @@ class MacroCycleDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(MacroCycleDelete, self).get_object(*args, **kwargs)
-        if not is_coach_user(obj.plan.manager.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,obj.plan.manager.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')

        return obj
@@ -2345,7 +2345,7 @@ def rower_trainingplan_execution_view(request,
            plan = TrainingPlan.objects.get(id=id)
        except TrainingPlan.DoesNotExist:
            raise Http404("Training Plan Does Not Exist")
-        if not is_coach_user(plan.manager.user,request.user.rower):
+        if not is_coach_user(request.user,plan.manager.user):
            if request.user.rower not in plan.rowers.all():
                raise PermissionDenied("Access denied")

@@ -2439,7 +2439,7 @@ def rower_trainingplan_view(request,

    r = getrequestrower(request,userid=userid)

-    if not is_coach_user(plan.manager.user,request.user.rower):
+    if not is_coach_user(request.user,plan.manager.user):
        if request.user.rower not in plan.rowers.all():
            raise PermissionDenied("Access denied")

@@ -2568,7 +2568,7 @@ class TrainingMacroCycleUpdate(UpdateView):
        if obj.plan.manager is not None and self.request.user.rower != obj.plan.manager:
            raise PermissionDenied('You are not allowed to edit this training plan cycle')

-        if not is_coach_user(obj.plan.manager.user,self.request.user.rower):
+        if not is_coach_user(self.request.user,obj.plan.manager.user):
            raise PermissionDenied('You are not allowed to edit this training plan cycle')
        else:
            obj.type = 'userdefined'
@@ -2850,7 +2850,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
    except TrainingMesoCycle.DoesNotExist:
        raise Http404("Training Cycle does not exist")

-    if not is_coach_user(cycle.plan.plan.manager.user,request.user.rower):
+    if not is_coach_user(request.user,cycle.plan.plan.manager.user):
        raise PermissionDenied("You are not allowed to do this")

    micros = TrainingMicroCycle.objects.filter(plan=cycle)
@@ -2905,7 +2905,7 @@ def planmacrocyclebymonth(request,id=0,userid=0):
    except TrainingMacroCycle.DoesNotExist:
        raise Http404("Training Cycle does not exist")

-    if not is_coach_user(cycle.plan.manager.user,request.user.rower):
+    if not is_coach_user(request.user,cycle.plan.manager.user):
        raise PermissionDenied("You are not allowed to do this")

    mesos = TrainingMesoCycle.objects.filter(plan=cycle)
--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -297,7 +297,13 @@ def get_workout_default_page(request,id):
        else:
            return reverse('workout_workflow_view',kwargs={'id':id})

-def get_user_by_id(request,id):
+def get_user_by_id(*args,**kwargs):
+    request = args[0]
+    try:
+        id = args[1]
+    except IndexError:
+        id = request.user.id
+
    return get_object_or_404(User,pk=id)

 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
@@ -327,7 +333,7 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
    except Rower.DoesNotExist:
        raise Http404("Rower doesn't exist")

-    if userid != 0 and not is_coach_user(u,request.user.rower):
+    if userid != 0 and not is_coach_user(request.user,u):
        raise PermissionDenied("You have no access to this user")

    if notpermanent == False:
@@ -360,7 +366,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
    except Rower.DoesNotExist:
        raise Http404("Rower doesn't exist")

-    if not is_coach_user(r.user,request.user.rower):
+    if not is_coach_user(request.user,r.user):
        raise PermissionDenied("You have no access to this user")

    if notpermanent == False: