From 48a361a43e735ceeccc235384ad2d081b0d1aab4 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Sat, 11 Jan 2020 17:05:08 +0100 Subject: [PATCH] passing tests --- rowers/urls.py | 6 ++-- rowers/views/teamviews.py | 58 ++++++++++++--------------------------- 2 files changed, 21 insertions(+), 43 deletions(-) diff --git a/rowers/urls.py b/rowers/urls.py index da05dc02..6a061af4 100644 --- a/rowers/urls.py +++ b/rowers/urls.py @@ -459,8 +459,8 @@ urlpatterns = [ re_path(r'^me/exportsettings/$',views.rower_exportsettings_view,name='rower_exportsettings_view'), re_path(r'^me/exportsettings/user/(?P\d+)/$',views.rower_exportsettings_view,name='rower_exportsettings_view'), re_path(r'^team/(?P\d+)/$',views.team_view,name='team_view'), - re_path(r'^team/(?P\d+)/memberstats/$',views.team_members_stats_view,name='team_members_stats_view'), - re_path(r'^team/(?P\d+)/edit/$',views.team_edit_view,name='team_edit_view'), + re_path(r'^team/(?P\d+)/memberstats/$',views.team_members_stats_view,name='team_members_stats_view'), + re_path(r'^team/(?P\d+)/edit/$',views.team_edit_view,name='team_edit_view'), re_path(r'^team/(?P\d+)/leaveconfirm/$',views.team_leaveconfirm_view,name='team_leaveconfirm_view'), re_path(r'^team/(?P\d+)/leave/$',views.team_leave_view,name='team_leave_view'), re_path(r'^team/(?P\d+)/deleteconfirm/$',views.team_deleteconfirm_view,name='team_deleteconfirm_view'), @@ -489,7 +489,7 @@ urlpatterns = [ name='coach_accept_coachrequest_view'), re_path(r'^me/coachoffer/(?P\w+.*)/accept/$',views.rower_accept_coachoffer_view, name='rower_accept_coachoffer_view'), - re_path(r'^team/(?P\d+)/delete/$',views.team_delete_view,name='team_delete_view'), + re_path(r'^team/(?P\d+)/delete/$',views.team_delete_view,name='team_delete_view'), re_path(r'^team/create/$',views.team_create_view,name='team_create_view'), re_path(r'^me/team/(?P\d+)/drop/(?P\d+)/$',views.manager_member_drop_view,name='manager_member_drop_view'), re_path(r'^me/invitation/(?P\d+)/reject/$',views.invitation_reject_view,name='invitation_reject_view'), diff --git a/rowers/views/teamviews.py b/rowers/views/teamviews.py index 73108d9d..67315e2c 100644 --- a/rowers/views/teamviews.py +++ b/rowers/views/teamviews.py @@ -20,12 +20,7 @@ def team_view(request,team_id=0,userid=0): myteams, memberteams, otherteams = get_teams(request) teams.remove_expired_invites() - - - try: - t = Team.objects.get(id=team_id) - except Team.DoesNotExist: - raise Http404("Team doesn't exist") + t = get_object_or_404(Team,pk=team_id) #if r.rowerplan == 'basic' and t.manager.rower.rowerplan != 'coach': # raise PermissionDenied("You need to be on a Paid Plan to see or join this team") @@ -589,12 +584,10 @@ def rower_invitations_view(request,code=None,message='',successmessage=''): }) return HttpResponseRedirect(url) -@login_required() -def team_edit_view(request,id=0): - try: - t = Team.objects.get(id=id) - except Team.DoesNotExist: - raise Http404("Team does not exist") +@permission_required('teams.change_team',fn=get_team_by_pk,raise_exception=True) +def team_edit_view(request, team_id=0): + t = get_object_or_404(Team,pk=team_id) + if request.method == 'POST': teamcreateform = TeamForm(request.POST,instance=t) @@ -614,7 +607,7 @@ def team_edit_view(request,id=0): url = reverse(team_view, kwargs={ - 'team_id':int(id), + 'team_id':int(team_id), } ) @@ -632,11 +625,11 @@ def team_edit_view(request,id=0): 'name': 'Groups' }, { - 'url':reverse(team_view,kwargs={'team_id':id}), + 'url':reverse(team_view,kwargs={'team_id':team_id}), 'name': t.name }, { - 'url':reverse(team_edit_view,kwargs={'id':id}), + 'url':reverse(team_edit_view,kwargs={'team_id':team_id}), 'name': 'Edit' } ] @@ -714,15 +707,10 @@ def team_create_view(request): }) #@login_required() -@permission_required('teams.delete_team',fn=get_team_by_pk) +@permission_required('teams.delete_team',fn=get_team_by_pk,raise_exception=True) def team_deleteconfirm_view(request,team_id): r = getrower(request.user) - try: - t = Team.objects.get(id=team_id) - except Team.DoesNotExist: - raise Http404("This team doesn't exist") - if t.manager != request.user: - raise PermissionDenied("You are not allowed to delete this team") + t = get_object_or_404(Team,pk=team_id) myteams, memberteams, otherteams = get_teams(request) @@ -750,15 +738,10 @@ def team_deleteconfirm_view(request,team_id): 'active':'nav-teams', }) -@login_required() -def team_delete_view(request,id): +@permission_required('teams.delete_team',fn=get_team_by_pk,raise_exception=True) +def team_delete_view(request,team_id): r = getrower(request.user) - try: - t = Team.objects.get(id=id) - except Team.DoesNotExist: - raise Http404("This team doesn't exist") - if t.manager != request.user: - raise PermissionDenied("You are not allowed to delete this team") + t = get_object_or_404(Team,pk=team_id) teams.remove_team(t.id) @@ -766,15 +749,10 @@ def team_delete_view(request,id): response = HttpResponseRedirect(url) return response -@login_required() -def team_members_stats_view(request,id): +@permission_required('teams.change_team',fn=get_team_by_pk,raise_exception=True) +def team_members_stats_view(request,team_id): r = getrower(request.user) - try: - t = Team.objects.get(id=id) - except Team.DoesNotExist: - raise Http404("This team doesn't exist") - if t.manager != request.user: - raise PermissionDenied("You are not allowed to see this page") + t = get_object_or_404(Team,pk=team_id) members = Rower.objects.filter(team=t).order_by("user__last_name","user__first_name") @@ -788,11 +766,11 @@ def team_members_stats_view(request,id): 'name': 'Groups' }, { - 'url':reverse(team_view,kwargs={'team_id':id}), + 'url':reverse(team_view,kwargs={'team_id':team_id}), 'name': t.name }, { - 'url':reverse(team_members_stats_view,kwargs={'id':id}), + 'url':reverse(team_members_stats_view,kwargs={'team_id':team_id}), 'name': 'Members Stats' } ]