persmission on team members session

2018-02-23 13:26:44 +01:00
parent 353b93dc22
commit 5c55b4977c
1 changed files with 9 additions and 2 deletions
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -12638,7 +12638,14 @@ def plannedsession_view(request,id=0,rowerid=0,
        coursescript = ''
        coursediv = ''

-    if ps.manager != request.user and r not in ps.rower.all():
+    if ps.manager != request.user:
+        if r.rowerplan == 'coach':
+            teams = Team.objects.filter(manager=request.user)
+            members = Rower.objects.filter(team__in=teams).distinct()
+            teamusers = [m.user for m in members]
+            if ps.manager not in teamusers:
+                raise PermissionDenied("You do not have access to this session")
+        elif r not in ps.rower.all():
            raise PermissionDenied("You do not have access to this session")

    resultsdict = get_session_metrics(ps)