From ba57e253edfc2ce2383b2babd1859194bfda6a71 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Sun, 26 Jul 2020 21:45:54 +0200
Subject: [PATCH 1/3] reversing workout list for challenge submit

---
 rowers/views/racesviews.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rowers/views/racesviews.py b/rowers/views/racesviews.py
index 10f2b4b1..ed264d6f 100644
--- a/rowers/views/racesviews.py
+++ b/rowers/views/racesviews.py
@@ -3127,7 +3127,7 @@ def virtualevent_submit_result_view(request,id=0,workoutid=0):
         workouttype__in=mytypes.rowtypes,
         startdatetime__gte=startdatetime,
         startdatetime__lte=enddatetime,
-        ).order_by("date","startdatetime","id")
+        ).order_by("-date","-startdatetime","id")
 
     if not ws:
         messages.info(

From b225c32a2b05954a3b648dba2cc6b68efe1f02d0 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Tue, 28 Jul 2020 11:22:23 +0200
Subject: [PATCH 2/3] raising permissiondenied

---
 rowers/serializers.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/rowers/serializers.py b/rowers/serializers.py
index 00bc396b..25fdc7f2 100644
--- a/rowers/serializers.py
+++ b/rowers/serializers.py
@@ -170,7 +170,10 @@ class WorkoutSerializer(serializers.ModelSerializer):
 
     def create(self, validated_data):
         print(validated_data)
-        r = Rower.objects.get(user=self.context['request'].user)
+        if self.context['request'].user.is_authenticated:
+            r = Rower.objects.get(user=self.context['request'].user)
+        else:
+            raise PermissionDenied("Not allowed")
         d = validated_data['date']
         t = validated_data['starttime']
         rowdatetime = datetime.datetime(d.year,

From b2c2a16fdd1dcc0a972ba471262bf4bb92ee6572 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Tue, 28 Jul 2020 13:00:30 +0200
Subject: [PATCH 3/3] prolonged access token

---
 rowsandall_app/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rowsandall_app/settings.py b/rowsandall_app/settings.py
index acdcdf53..052829b9 100644
--- a/rowsandall_app/settings.py
+++ b/rowsandall_app/settings.py
@@ -416,7 +416,7 @@ OAUTH2_PROVIDER = {
     'ACCESS_TOKEN_MODEL': 'oauth2_provider.AccessToken',
     'APPLICATION_MODEL': 'oauth2_provider.Application',
     'REFRESH_TOKEN_MODEL': 'oauth2_provider.RefreshToken',
-    'ACCESS_TOKEN_EXPIRE_SECONDS': 3600,
+    'ACCESS_TOKEN_EXPIRE_SECONDS': 36000,
     #'OAUTH2_BACKEND_CLASS': 'oauth2_provider.oauth2_backends.JSONOAuthLibCore'
 }