added permissions in analysis views
This commit is contained in:
Sander Roosendaal
@@ -212,6 +212,7 @@ def is_coach_user(usercoach,userrower):
|
|||||||
coaches.append(coach)
|
coaches.append(coach)
|
||||||
|
|
||||||
for coach in coaches:
|
for coach in coaches:
|
||||||
|
print(usercoach.rower,coach)
|
||||||
if usercoach.rower == coach:
|
if usercoach.rower == coach:
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|||||||
@@ -841,6 +841,8 @@ class PermissionsViewTests(TestCase):
|
|||||||
|
|
||||||
self.assertEqual(response.status_code,200)
|
self.assertEqual(response.status_code,200)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@patch('rowers.dataprep.read_cols_df_sql', side_effect = mocked_read_df_cols_sql_multistats)
|
@patch('rowers.dataprep.read_cols_df_sql', side_effect = mocked_read_df_cols_sql_multistats)
|
||||||
def test_coach_edit_athlete_analysis_not(self,mocked_df):
|
def test_coach_edit_athlete_analysis_not(self,mocked_df):
|
||||||
self.rbasic.team.add(self.teamcoach)
|
self.rbasic.team.add(self.teamcoach)
|
||||||
@@ -851,7 +853,7 @@ class PermissionsViewTests(TestCase):
|
|||||||
|
|
||||||
url = reverse('cumstats',
|
url = reverse('cumstats',
|
||||||
kwargs={
|
kwargs={
|
||||||
'theuser':self.ubasic.id,
|
'userid':self.ubasic.id,
|
||||||
}
|
}
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -859,6 +861,24 @@ class PermissionsViewTests(TestCase):
|
|||||||
|
|
||||||
self.assertEqual(response.status_code,403)
|
self.assertEqual(response.status_code,403)
|
||||||
|
|
||||||
|
@patch('rowers.dataprep.read_cols_df_sql', side_effect = mocked_read_df_cols_sql_multistats)
|
||||||
|
def test_coach_edit_athlete_analysis_not2(self,mocked_df):
|
||||||
|
self.rbasic.team.add(self.teamcoach)
|
||||||
|
|
||||||
|
login = self.c.login(username=self.ucoach.username, password=self.ucoachpassword)
|
||||||
|
self.assertTrue(login)
|
||||||
|
|
||||||
|
|
||||||
|
url = reverse('analysis_new',
|
||||||
|
kwargs={
|
||||||
|
'userid':self.ubasic.id,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
response = self.c.get(url)
|
||||||
|
|
||||||
|
self.assertEqual(response.status_code,403)
|
||||||
|
|
||||||
|
|
||||||
## Coach can upload on behalf of athlete - if team allows
|
## Coach can upload on behalf of athlete - if team allows
|
||||||
@patch('rowers.dataprep.create_engine')
|
@patch('rowers.dataprep.create_engine')
|
||||||
|
|||||||
@@ -5,7 +5,8 @@ from __future__ import unicode_literals
|
|||||||
|
|
||||||
#from __future__ import print_function
|
#from __future__ import print_function
|
||||||
from .statements import *
|
from .statements import *
|
||||||
nu = datetime.datetime.now()self.ucoach = UserFactory()
|
nu = datetime.datetime.now()
|
||||||
|
self.ucoach = UserFactory()
|
||||||
self.rcoach = Rower.objects.create(
|
self.rcoach = Rower.objects.create(
|
||||||
user=self.ucoach,
|
user=self.ucoach,
|
||||||
birthdate=faker.profile()['birthdate'],
|
birthdate=faker.profile()['birthdate'],
|
||||||
|
|||||||
@@ -274,7 +274,7 @@ urlpatterns = [
|
|||||||
re_path(r'^histodata/$',views.histo_data,name='histo_data'),
|
re_path(r'^histodata/$',views.histo_data,name='histo_data'),
|
||||||
# re_path(r'^histo/user/(?P<theuser>\d+)/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.histo,name='histo'),
|
# re_path(r'^histo/user/(?P<theuser>\d+)/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.histo,name='histo'),
|
||||||
re_path(r'^histo/$',views.histo,name='histo'),
|
re_path(r'^histo/$',views.histo,name='histo'),
|
||||||
re_path(r'^cumstats/user/(?P<theuser>\d+)/$',views.cumstats,name='cumstats'),
|
re_path(r'^cumstats/user/(?P<userid>\d+)/$',views.cumstats,name='cumstats'),
|
||||||
# re_path(r'^cumstats/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
# re_path(r'^cumstats/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
||||||
# re_path(r'^cumstats/user/(?P<theuser>\d+)/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
# re_path(r'^cumstats/user/(?P<theuser>\d+)/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
||||||
# re_path(r'^cumstats/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
# re_path(r'^cumstats/(?P<startdatestring>\d+-\d+-\d+)/(?P<enddatestring>\d+-\d+-\d+)/$',views.cumstats,name='cumstats'),
|
||||||
|
|||||||
@@ -670,6 +670,7 @@ def boxplotdata(workouts,options):
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def analysis_view_data(request,userid=0):
|
def analysis_view_data(request,userid=0):
|
||||||
if not request.is_ajax():
|
if not request.is_ajax():
|
||||||
url = reverse('analysis_new')
|
url = reverse('analysis_new')
|
||||||
@@ -728,6 +729,7 @@ def analysis_view_data(request,userid=0):
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def histo(request,theuser=0,
|
def histo(request,theuser=0,
|
||||||
startdate=timezone.now()-datetime.timedelta(days=365),
|
startdate=timezone.now()-datetime.timedelta(days=365),
|
||||||
enddate=timezone.now(),
|
enddate=timezone.now(),
|
||||||
@@ -1333,6 +1335,7 @@ def planrequired_view(request):
|
|||||||
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
|
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Coach or Self-Coach plan",
|
message="This functionality requires a Coach or Self-Coach plan",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
|
||||||
def fitnessmetric_view(request,id=0,mode='rower',
|
def fitnessmetric_view(request,id=0,mode='rower',
|
||||||
startdate=timezone.now()-timezone.timedelta(days=365),
|
startdate=timezone.now()-timezone.timedelta(days=365),
|
||||||
enddate=timezone.now()):
|
enddate=timezone.now()):
|
||||||
@@ -2151,6 +2154,7 @@ def rankings_view2(request,theuser=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def otwrankings_view(request,theuser=0,
|
def otwrankings_view(request,theuser=0,
|
||||||
startdate=timezone.now()-datetime.timedelta(days=365),
|
startdate=timezone.now()-datetime.timedelta(days=365),
|
||||||
enddate=timezone.now(),
|
enddate=timezone.now(),
|
||||||
@@ -2556,6 +2560,7 @@ def otwcp_toadmin_view(request,theuser=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def oterankings_view(request,theuser=0,
|
def oterankings_view(request,theuser=0,
|
||||||
startdate=timezone.now()-datetime.timedelta(days=365),
|
startdate=timezone.now()-datetime.timedelta(days=365),
|
||||||
enddate=timezone.now(),
|
enddate=timezone.now(),
|
||||||
@@ -2907,6 +2912,7 @@ def oterankings_view(request,theuser=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def user_multiflex_select(request,
|
def user_multiflex_select(request,
|
||||||
startdatestring="",
|
startdatestring="",
|
||||||
enddatestring="",
|
enddatestring="",
|
||||||
@@ -3113,6 +3119,7 @@ def user_multiflex_select(request,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def multiflex_data(request,userid=0,
|
def multiflex_data(request,userid=0,
|
||||||
options={
|
options={
|
||||||
'includereststrokes':False,
|
'includereststrokes':False,
|
||||||
@@ -3366,6 +3373,7 @@ def multiflex_data(request,userid=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def multiflex_view(request,userid=0,
|
def multiflex_view(request,userid=0,
|
||||||
options={
|
options={
|
||||||
'includereststrokes':False,
|
'includereststrokes':False,
|
||||||
@@ -3533,6 +3541,7 @@ def multiflex_view(request,userid=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def user_boxplot_select(request,
|
def user_boxplot_select(request,
|
||||||
startdatestring="",
|
startdatestring="",
|
||||||
enddatestring="",
|
enddatestring="",
|
||||||
@@ -3741,6 +3750,7 @@ def user_boxplot_select(request,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def boxplot_view_data(request,userid=0,
|
def boxplot_view_data(request,userid=0,
|
||||||
options={
|
options={
|
||||||
'includereststrokes':False,
|
'includereststrokes':False,
|
||||||
@@ -3858,6 +3868,7 @@ def boxplot_view_data(request,userid=0,
|
|||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def boxplot_view(request,userid=0,
|
def boxplot_view(request,userid=0,
|
||||||
options={
|
options={
|
||||||
'includereststrokes':False,
|
'includereststrokes':False,
|
||||||
@@ -3976,7 +3987,8 @@ def boxplot_view(request,userid=0,
|
|||||||
|
|
||||||
# Cumulative stats page
|
# Cumulative stats page
|
||||||
@user_passes_test(ispromember,login_url="/rowers/paidplans",message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",redirect_field_name=None)
|
@user_passes_test(ispromember,login_url="/rowers/paidplans",message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",redirect_field_name=None)
|
||||||
def cumstats(request,theuser=0,
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
|
def cumstats(request,userid=0,
|
||||||
startdate=timezone.now()-datetime.timedelta(days=30),
|
startdate=timezone.now()-datetime.timedelta(days=30),
|
||||||
enddate=timezone.now(),
|
enddate=timezone.now(),
|
||||||
deltadays=-1,
|
deltadays=-1,
|
||||||
@@ -3989,7 +4001,7 @@ def cumstats(request,theuser=0,
|
|||||||
'rankingonly':False,
|
'rankingonly':False,
|
||||||
}):
|
}):
|
||||||
|
|
||||||
r = getrequestrower(request,userid=theuser)
|
r = getrequestrower(request,userid=userid)
|
||||||
theuser = r.user
|
theuser = r.user
|
||||||
|
|
||||||
if 'waterboattype' in request.session:
|
if 'waterboattype' in request.session:
|
||||||
@@ -4107,7 +4119,7 @@ def cumstats(request,theuser=0,
|
|||||||
|
|
||||||
options = {
|
options = {
|
||||||
'modality': modality,
|
'modality': modality,
|
||||||
'theuser': theuser.id,
|
'userid': theuser.id,
|
||||||
'waterboattype':waterboattype,
|
'waterboattype':waterboattype,
|
||||||
'startdatestring':startdatestring,
|
'startdatestring':startdatestring,
|
||||||
'enddatestring':enddatestring,
|
'enddatestring':enddatestring,
|
||||||
@@ -4361,6 +4373,7 @@ def alerts_view(request,userid=0):
|
|||||||
@user_passes_test(ispromember, login_url="/rowers/paidplans",
|
@user_passes_test(ispromember, login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def alert_create_view(request,userid=0):
|
def alert_create_view(request,userid=0):
|
||||||
r = getrequestrower(request,userid=userid)
|
r = getrequestrower(request,userid=userid)
|
||||||
FilterFormSet = formset_factory(ConditionEditForm, formset=BaseConditionFormSet,extra=1)
|
FilterFormSet = formset_factory(ConditionEditForm, formset=BaseConditionFormSet,extra=1)
|
||||||
@@ -4439,6 +4452,7 @@ def alert_create_view(request,userid=0):
|
|||||||
|
|
||||||
# alert report view
|
# alert report view
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def alert_report_view(request,id=0,userid=0,nperiod=0):
|
def alert_report_view(request,id=0,userid=0,nperiod=0):
|
||||||
r = getrequestrower(request,userid=userid)
|
r = getrequestrower(request,userid=userid)
|
||||||
if userid == 0:
|
if userid == 0:
|
||||||
@@ -4496,6 +4510,7 @@ def alert_report_view(request,id=0,userid=0,nperiod=0):
|
|||||||
@user_passes_test(ispromember, login_url="/rowers/paidplans",
|
@user_passes_test(ispromember, login_url="/rowers/paidplans",
|
||||||
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
|
||||||
redirect_field_name=None)
|
redirect_field_name=None)
|
||||||
|
@permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
|
||||||
def alert_edit_view(request,id=0,userid=0):
|
def alert_edit_view(request,id=0,userid=0):
|
||||||
r = getrequestrower(request,userid=userid)
|
r = getrequestrower(request,userid=userid)
|
||||||
|
|
||||||
|
|||||||
@@ -341,12 +341,15 @@ def get_workout_default_page(request,id):
|
|||||||
return reverse('workout_workflow_view',kwargs={'id':id})
|
return reverse('workout_workflow_view',kwargs={'id':id})
|
||||||
|
|
||||||
def get_user_by_userid(*args,**kwargs):
|
def get_user_by_userid(*args,**kwargs):
|
||||||
|
request = args[0]
|
||||||
|
print(kwargs,request.user.id,'get_user_by_id')
|
||||||
try:
|
try:
|
||||||
id = kwargs['userid']
|
id = kwargs['userid']
|
||||||
except KeyError:
|
except KeyError:
|
||||||
id = request.user.id
|
id = request.user.id
|
||||||
|
|
||||||
return get_object_or_404(User,pk=id)
|
u = get_object_or_404(User,pk=id)
|
||||||
|
return u
|
||||||
|
|
||||||
def get_user_by_id(*args,**kwargs):
|
def get_user_by_id(*args,**kwargs):
|
||||||
request = args[0]
|
request = args[0]
|
||||||
@@ -360,7 +363,7 @@ def get_user_by_id(*args,**kwargs):
|
|||||||
|
|
||||||
return get_object_or_404(User,pk=id)
|
return get_object_or_404(User,pk=id)
|
||||||
|
|
||||||
def get_rower_by_userid(request,id):
|
def get_rower_by_id(request,id):
|
||||||
u = User.objects.get(id=id)
|
u = User.objects.get(id=id)
|
||||||
return u.rower
|
return u.rower
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user