worked through a few more views. Need to do analysis, api, error
This commit is contained in:
Sander Roosendaal
@@ -387,11 +387,6 @@ rules.add_perm('plannedsession.view_session',can_view_session)
|
|||||||
rules.add_perm('plannedsession.change_session',can_change_session)
|
rules.add_perm('plannedsession.change_session',can_change_session)
|
||||||
rules.add_perm('plannedsession.delete_session',can_delete_session)
|
rules.add_perm('plannedsession.delete_session',can_delete_session)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# checkaccessplanuser (models.py)
|
|
||||||
# getrequestrower, getrequestplanrower
|
|
||||||
|
|
||||||
# TEAM (group) permissions
|
# TEAM (group) permissions
|
||||||
|
|
||||||
"""
|
"""
|
||||||
@@ -455,8 +450,44 @@ rules.add_perm('teams.delete_team',can_delete_team)
|
|||||||
- rules to add, view, delete, change
|
- rules to add, view, delete, change
|
||||||
- GeoCourse
|
- GeoCourse
|
||||||
- rules to add, view, delete, change
|
- rules to add, view, delete, change
|
||||||
|
- RaceLogo
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
@rules.predicate
|
||||||
|
def can_change_course(user,course):
|
||||||
|
if user.is_anonymous:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return course.manager == user.rower
|
||||||
|
|
||||||
|
@rules.predicate
|
||||||
|
def can_delete_course(user,course):
|
||||||
|
if user.is_anonymous:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return course.manager == user.rower
|
||||||
|
|
||||||
|
@rules.predicate
|
||||||
|
def can_delete_logo(user,logo):
|
||||||
|
if user.is_anonymous:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return logo.user == user
|
||||||
|
|
||||||
|
@rules.predicate
|
||||||
|
def can_change_race(user,race):
|
||||||
|
if user.is_anonymous:
|
||||||
|
return False
|
||||||
|
|
||||||
|
return race.manager == user
|
||||||
|
|
||||||
|
rules.add_perm('course.change_course',can_change_course)
|
||||||
|
rules.add_perm('course.delete_course',can_delete_course)
|
||||||
|
|
||||||
|
rules.add_perm('racelogo.delete_logo',can_delete_logo)
|
||||||
|
|
||||||
|
rules.add_perm('virtualevent.change_race',can_change_race)
|
||||||
|
|
||||||
|
|
||||||
# ANALYSIS permissions
|
# ANALYSIS permissions
|
||||||
|
|
||||||
|
|||||||
@@ -191,7 +191,7 @@ urlpatterns = [
|
|||||||
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
||||||
re_path(r'^virtualevent/(?P<id>\d+)/submit/(?P<workoutid>\b[0-9A-Fa-f]+\b)/$',
|
re_path(r'^virtualevent/(?P<id>\d+)/submit/(?P<workoutid>\b[0-9A-Fa-f]+\b)/$',
|
||||||
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
||||||
re_path(r'^virtualevent/(?P<raceid>\d+)/disqualify/(?P<recordid>\d+)/',
|
re_path(r'^virtualevent/(?P<id>\d+)/disqualify/(?P<recordid>\d+)/',
|
||||||
views.virtualevent_disqualify_view,name='virtualevent_disqualify_view'),
|
views.virtualevent_disqualify_view,name='virtualevent_disqualify_view'),
|
||||||
re_path(r'^list-workouts/$',views.workouts_view,name='workouts_view'),
|
re_path(r'^list-workouts/$',views.workouts_view,name='workouts_view'),
|
||||||
re_path(r'^list-courses/$',views.courses_view,name='courses_view'),
|
re_path(r'^list-courses/$',views.courses_view,name='courses_view'),
|
||||||
|
|||||||
@@ -81,17 +81,12 @@ def course_map_view(request,id=0):
|
|||||||
|
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('course.change_course',fn=get_course_by_pk,raise_exception=True)
|
||||||
def course_replace_view(request,id=0):
|
def course_replace_view(request,id=0):
|
||||||
try:
|
course = get_object_or_404(GeoCourse,pk=id)
|
||||||
course = GeoCourse.objects.get(id=id)
|
|
||||||
except GeoCourse.DoesNotExist:
|
|
||||||
return Http404("Course doesn't exist")
|
|
||||||
|
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
|
||||||
if course.manager != r:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
|
|
||||||
thecourses = GeoCourse.objects.filter(manager=r).exclude(id=id)
|
thecourses = GeoCourse.objects.filter(manager=r).exclude(id=id)
|
||||||
|
|
||||||
if request.method == 'POST':
|
if request.method == 'POST':
|
||||||
@@ -143,17 +138,12 @@ def course_replace_view(request,id=0):
|
|||||||
'form':form})
|
'form':form})
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('course.delete_course',fn=get_course_by_pk,raise_exception=True)
|
||||||
def course_delete_view(request,id=0):
|
def course_delete_view(request,id=0):
|
||||||
try:
|
course = get_object_or_404(GeoCourse,pk=id)
|
||||||
course = GeoCourse.objects.get(id=id)
|
|
||||||
except GeoCourse.DoesNotExist:
|
|
||||||
return Http404("Course doesn't exist")
|
|
||||||
|
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
|
||||||
if course.manager != r:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
|
|
||||||
ps = PlannedSession.objects.filter(course=course)
|
ps = PlannedSession.objects.filter(course=course)
|
||||||
nosessions = len(ps) == 0
|
nosessions = len(ps) == 0
|
||||||
|
|
||||||
@@ -165,17 +155,12 @@ def course_delete_view(request,id=0):
|
|||||||
return HttpResponseRedirect(url)
|
return HttpResponseRedirect(url)
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('course.change_course',fn=get_course_by_pk,raise_exception=True)
|
||||||
def course_edit_view(request,id=0):
|
def course_edit_view(request,id=0):
|
||||||
try:
|
course = get_object_or_404(GeoCourse,pk=id)
|
||||||
course = GeoCourse.objects.get(id=id)
|
|
||||||
except GeoCourse.DoesNotExist:
|
|
||||||
return Http404("Course doesn't exist")
|
|
||||||
|
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
|
||||||
if course.manager != r:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
|
|
||||||
ps = PlannedSession.objects.filter(course=course)
|
ps = PlannedSession.objects.filter(course=course)
|
||||||
nosessions = len(ps) == 0
|
nosessions = len(ps) == 0
|
||||||
|
|
||||||
@@ -266,11 +251,10 @@ def course_view(request,id=0):
|
|||||||
)
|
)
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('racelogo.delete_logo',fn=get_logo_by_pk,raise_exception=True)
|
||||||
def logo_delete_view(request,id=0):
|
def logo_delete_view(request,id=0):
|
||||||
try:
|
logo = get_object_or_404(RaceLogo,pk=id)
|
||||||
logo = RaceLogo.objects.get(id=id)
|
|
||||||
except RaceLogo.DoesNotExist:
|
|
||||||
raise Http404("Logo doesn't exist")
|
|
||||||
|
|
||||||
if logo.user == request.user:
|
if logo.user == request.user:
|
||||||
logo.delete()
|
logo.delete()
|
||||||
@@ -281,18 +265,11 @@ def logo_delete_view(request,id=0):
|
|||||||
return HttpResponseRedirect(url)
|
return HttpResponseRedirect(url)
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||||
def virtualevent_setlogo_view(request,id=0,logoid=0):
|
def virtualevent_setlogo_view(request,id=0,logoid=0):
|
||||||
try:
|
race = get_object_or_404(VirtualRace,pk=id)
|
||||||
race = VirtualRace.objects.get(id=id)
|
logo = get_object_or_404(RaceLogo,pk=logoid)
|
||||||
except VirtualRace.DoesNotExist:
|
|
||||||
raise Http404("Race doesn't exist")
|
|
||||||
|
|
||||||
try:
|
|
||||||
logo = RaceLogo.objects.get(id=logoid)
|
|
||||||
except RaceLogo.DoesNotExist:
|
|
||||||
raise Http404("Logo doesn't exist")
|
|
||||||
|
|
||||||
if logo.user == request.user and race.manager == request.user:
|
|
||||||
otherlogos = race.logos.all()
|
otherlogos = race.logos.all()
|
||||||
for otherlogo in otherlogos:
|
for otherlogo in otherlogos:
|
||||||
otherlogo.race.remove(race)
|
otherlogo.race.remove(race)
|
||||||
@@ -300,9 +277,6 @@ def virtualevent_setlogo_view(request,id=0,logoid=0):
|
|||||||
|
|
||||||
logo.race.add(race)
|
logo.race.add(race)
|
||||||
logo.save()
|
logo.save()
|
||||||
else:
|
|
||||||
message = "You do not own this race or this image"
|
|
||||||
messages.error(request,message)
|
|
||||||
|
|
||||||
url = reverse('virtualevent_view',
|
url = reverse('virtualevent_view',
|
||||||
kwargs={'id':id})
|
kwargs={'id':id})
|
||||||
@@ -318,10 +292,7 @@ def virtualevent_uploadimage_view(request,id=0):
|
|||||||
|
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
|
||||||
try:
|
race = get_object_or_404(VirtualRace,pk=id)
|
||||||
race = VirtualRace.objects.get(id=id)
|
|
||||||
except VirtualRace.DoesNotExist:
|
|
||||||
raise Http404("Race doesn't exist")
|
|
||||||
|
|
||||||
logos = RaceLogo.objects.filter(user=request.user).order_by("-creationdatetime")
|
logos = RaceLogo.objects.filter(user=request.user).order_by("-creationdatetime")
|
||||||
|
|
||||||
@@ -576,17 +547,12 @@ def virtualevents_view(request):
|
|||||||
)
|
)
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
def virtualevent_disqualify_view(request,raceid=0,recordid=0):
|
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||||
|
def virtualevent_disqualify_view(request,id=0,recordid=0):
|
||||||
|
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
race = get_object_or_404(VirtualRace,pk=id)
|
||||||
|
|
||||||
try:
|
|
||||||
race = VirtualRace.objects.get(id=raceid)
|
|
||||||
except VirtualRace.DoesNotExist:
|
|
||||||
raise Http404("Virtual Race does not exist")
|
|
||||||
|
|
||||||
if r.user != race.manager:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
|
|
||||||
if race.sessiontype == 'race':
|
if race.sessiontype == 'race':
|
||||||
recordobj = VirtualRaceResult
|
recordobj = VirtualRaceResult
|
||||||
@@ -1872,15 +1838,12 @@ def virtualevent_create_view(request):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||||
def virtualevent_edit_view(request,id=0):
|
def virtualevent_edit_view(request,id=0):
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
race = get_object_or_404(VirtualRace,pk=id)
|
||||||
|
|
||||||
|
|
||||||
try:
|
|
||||||
race = VirtualRace.objects.get(id=id)
|
|
||||||
if race.manager != request.user:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
except VirtualRace.DoesNotExist:
|
|
||||||
raise Http404("Virtual Race does not exist")
|
|
||||||
|
|
||||||
start_time = race.start_time
|
start_time = race.start_time
|
||||||
start_date = race.startdate
|
start_date = race.startdate
|
||||||
@@ -1970,15 +1933,10 @@ def virtualevent_edit_view(request,id=0):
|
|||||||
})
|
})
|
||||||
|
|
||||||
@login_required()
|
@login_required()
|
||||||
|
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||||
def indoorvirtualevent_edit_view(request,id=0):
|
def indoorvirtualevent_edit_view(request,id=0):
|
||||||
r = getrower(request.user)
|
r = getrower(request.user)
|
||||||
|
race = get_object_or_404(VirtualRace,pk=id)
|
||||||
try:
|
|
||||||
race = VirtualRace.objects.get(id=id)
|
|
||||||
if race.manager != request.user:
|
|
||||||
raise PermissionDenied("Access denied")
|
|
||||||
except VirtualRace.DoesNotExist:
|
|
||||||
raise Http404("Virtual Race does not exist")
|
|
||||||
|
|
||||||
start_time = race.start_time
|
start_time = race.start_time
|
||||||
start_date = race.startdate
|
start_date = race.startdate
|
||||||
|
|||||||
@@ -285,9 +285,21 @@ def getfavorites(r,row):
|
|||||||
|
|
||||||
return favorites,maxfav
|
return favorites,maxfav
|
||||||
|
|
||||||
|
def get_logo_by_pk(request,*args,**kwargs):
|
||||||
|
id = kwargs['id']
|
||||||
|
return get_object_or_404(RaceLogo,pk=id)
|
||||||
|
|
||||||
|
def get_virtualevent_by_pk(request,*args,**kwargs):
|
||||||
|
id = kwargs['id']
|
||||||
|
return get_object_or_404(VirtualRace,pk=id)
|
||||||
|
|
||||||
def get_promember(request,*args,**kwargs):
|
def get_promember(request,*args,**kwargs):
|
||||||
return request.user
|
return request.user
|
||||||
|
|
||||||
|
def get_course_by_pk(request,*args,**kwargs):
|
||||||
|
id = kwargs['id']
|
||||||
|
return get_object_or_404(GeoCourse,pk=id)
|
||||||
|
|
||||||
def get_workout_by_opaqueid(request,id,**kwargs):
|
def get_workout_by_opaqueid(request,id,**kwargs):
|
||||||
pk = encoder.decode_hex(id)
|
pk = encoder.decode_hex(id)
|
||||||
return get_object_or_404(Workout,pk=pk)
|
return get_object_or_404(Workout,pk=pk)
|
||||||
|
|||||||
Reference in New Issue
Block a user