worked through a few more views. Need to do analysis, api, error
This commit is contained in:
Sander Roosendaal
@@ -387,11 +387,6 @@ rules.add_perm('plannedsession.view_session',can_view_session)
|
||||
rules.add_perm('plannedsession.change_session',can_change_session)
|
||||
rules.add_perm('plannedsession.delete_session',can_delete_session)
|
||||
|
||||
|
||||
|
||||
# checkaccessplanuser (models.py)
|
||||
# getrequestrower, getrequestplanrower
|
||||
|
||||
# TEAM (group) permissions
|
||||
|
||||
"""
|
||||
@@ -455,8 +450,44 @@ rules.add_perm('teams.delete_team',can_delete_team)
|
||||
- rules to add, view, delete, change
|
||||
- GeoCourse
|
||||
- rules to add, view, delete, change
|
||||
- RaceLogo
|
||||
"""
|
||||
|
||||
@rules.predicate
|
||||
def can_change_course(user,course):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
|
||||
return course.manager == user.rower
|
||||
|
||||
@rules.predicate
|
||||
def can_delete_course(user,course):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
|
||||
return course.manager == user.rower
|
||||
|
||||
@rules.predicate
|
||||
def can_delete_logo(user,logo):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
|
||||
return logo.user == user
|
||||
|
||||
@rules.predicate
|
||||
def can_change_race(user,race):
|
||||
if user.is_anonymous:
|
||||
return False
|
||||
|
||||
return race.manager == user
|
||||
|
||||
rules.add_perm('course.change_course',can_change_course)
|
||||
rules.add_perm('course.delete_course',can_delete_course)
|
||||
|
||||
rules.add_perm('racelogo.delete_logo',can_delete_logo)
|
||||
|
||||
rules.add_perm('virtualevent.change_race',can_change_race)
|
||||
|
||||
|
||||
# ANALYSIS permissions
|
||||
|
||||
|
||||
@@ -191,7 +191,7 @@ urlpatterns = [
|
||||
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
||||
re_path(r'^virtualevent/(?P<id>\d+)/submit/(?P<workoutid>\b[0-9A-Fa-f]+\b)/$',
|
||||
views.virtualevent_submit_result_view,name='virtualevent_submit_result_view'),
|
||||
re_path(r'^virtualevent/(?P<raceid>\d+)/disqualify/(?P<recordid>\d+)/',
|
||||
re_path(r'^virtualevent/(?P<id>\d+)/disqualify/(?P<recordid>\d+)/',
|
||||
views.virtualevent_disqualify_view,name='virtualevent_disqualify_view'),
|
||||
re_path(r'^list-workouts/$',views.workouts_view,name='workouts_view'),
|
||||
re_path(r'^list-courses/$',views.courses_view,name='courses_view'),
|
||||
|
||||
@@ -81,17 +81,12 @@ def course_map_view(request,id=0):
|
||||
|
||||
|
||||
@login_required()
|
||||
@permission_required('course.change_course',fn=get_course_by_pk,raise_exception=True)
|
||||
def course_replace_view(request,id=0):
|
||||
try:
|
||||
course = GeoCourse.objects.get(id=id)
|
||||
except GeoCourse.DoesNotExist:
|
||||
return Http404("Course doesn't exist")
|
||||
course = get_object_or_404(GeoCourse,pk=id)
|
||||
|
||||
r = getrower(request.user)
|
||||
|
||||
if course.manager != r:
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
thecourses = GeoCourse.objects.filter(manager=r).exclude(id=id)
|
||||
|
||||
if request.method == 'POST':
|
||||
@@ -143,17 +138,12 @@ def course_replace_view(request,id=0):
|
||||
'form':form})
|
||||
|
||||
@login_required()
|
||||
@permission_required('course.delete_course',fn=get_course_by_pk,raise_exception=True)
|
||||
def course_delete_view(request,id=0):
|
||||
try:
|
||||
course = GeoCourse.objects.get(id=id)
|
||||
except GeoCourse.DoesNotExist:
|
||||
return Http404("Course doesn't exist")
|
||||
course = get_object_or_404(GeoCourse,pk=id)
|
||||
|
||||
r = getrower(request.user)
|
||||
|
||||
if course.manager != r:
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
ps = PlannedSession.objects.filter(course=course)
|
||||
nosessions = len(ps) == 0
|
||||
|
||||
@@ -165,17 +155,12 @@ def course_delete_view(request,id=0):
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
@login_required()
|
||||
@permission_required('course.change_course',fn=get_course_by_pk,raise_exception=True)
|
||||
def course_edit_view(request,id=0):
|
||||
try:
|
||||
course = GeoCourse.objects.get(id=id)
|
||||
except GeoCourse.DoesNotExist:
|
||||
return Http404("Course doesn't exist")
|
||||
course = get_object_or_404(GeoCourse,pk=id)
|
||||
|
||||
r = getrower(request.user)
|
||||
|
||||
if course.manager != r:
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
ps = PlannedSession.objects.filter(course=course)
|
||||
nosessions = len(ps) == 0
|
||||
|
||||
@@ -266,11 +251,10 @@ def course_view(request,id=0):
|
||||
)
|
||||
|
||||
@login_required()
|
||||
@permission_required('racelogo.delete_logo',fn=get_logo_by_pk,raise_exception=True)
|
||||
def logo_delete_view(request,id=0):
|
||||
try:
|
||||
logo = RaceLogo.objects.get(id=id)
|
||||
except RaceLogo.DoesNotExist:
|
||||
raise Http404("Logo doesn't exist")
|
||||
logo = get_object_or_404(RaceLogo,pk=id)
|
||||
|
||||
|
||||
if logo.user == request.user:
|
||||
logo.delete()
|
||||
@@ -281,18 +265,11 @@ def logo_delete_view(request,id=0):
|
||||
return HttpResponseRedirect(url)
|
||||
|
||||
@login_required()
|
||||
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||
def virtualevent_setlogo_view(request,id=0,logoid=0):
|
||||
try:
|
||||
race = VirtualRace.objects.get(id=id)
|
||||
except VirtualRace.DoesNotExist:
|
||||
raise Http404("Race doesn't exist")
|
||||
race = get_object_or_404(VirtualRace,pk=id)
|
||||
logo = get_object_or_404(RaceLogo,pk=logoid)
|
||||
|
||||
try:
|
||||
logo = RaceLogo.objects.get(id=logoid)
|
||||
except RaceLogo.DoesNotExist:
|
||||
raise Http404("Logo doesn't exist")
|
||||
|
||||
if logo.user == request.user and race.manager == request.user:
|
||||
otherlogos = race.logos.all()
|
||||
for otherlogo in otherlogos:
|
||||
otherlogo.race.remove(race)
|
||||
@@ -300,9 +277,6 @@ def virtualevent_setlogo_view(request,id=0,logoid=0):
|
||||
|
||||
logo.race.add(race)
|
||||
logo.save()
|
||||
else:
|
||||
message = "You do not own this race or this image"
|
||||
messages.error(request,message)
|
||||
|
||||
url = reverse('virtualevent_view',
|
||||
kwargs={'id':id})
|
||||
@@ -318,10 +292,7 @@ def virtualevent_uploadimage_view(request,id=0):
|
||||
|
||||
r = getrower(request.user)
|
||||
|
||||
try:
|
||||
race = VirtualRace.objects.get(id=id)
|
||||
except VirtualRace.DoesNotExist:
|
||||
raise Http404("Race doesn't exist")
|
||||
race = get_object_or_404(VirtualRace,pk=id)
|
||||
|
||||
logos = RaceLogo.objects.filter(user=request.user).order_by("-creationdatetime")
|
||||
|
||||
@@ -576,17 +547,12 @@ def virtualevents_view(request):
|
||||
)
|
||||
|
||||
@login_required()
|
||||
def virtualevent_disqualify_view(request,raceid=0,recordid=0):
|
||||
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||
def virtualevent_disqualify_view(request,id=0,recordid=0):
|
||||
|
||||
r = getrower(request.user)
|
||||
race = get_object_or_404(VirtualRace,pk=id)
|
||||
|
||||
try:
|
||||
race = VirtualRace.objects.get(id=raceid)
|
||||
except VirtualRace.DoesNotExist:
|
||||
raise Http404("Virtual Race does not exist")
|
||||
|
||||
if r.user != race.manager:
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
if race.sessiontype == 'race':
|
||||
recordobj = VirtualRaceResult
|
||||
@@ -1872,15 +1838,12 @@ def virtualevent_create_view(request):
|
||||
})
|
||||
|
||||
@login_required()
|
||||
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||
def virtualevent_edit_view(request,id=0):
|
||||
r = getrower(request.user)
|
||||
race = get_object_or_404(VirtualRace,pk=id)
|
||||
|
||||
|
||||
try:
|
||||
race = VirtualRace.objects.get(id=id)
|
||||
if race.manager != request.user:
|
||||
raise PermissionDenied("Access denied")
|
||||
except VirtualRace.DoesNotExist:
|
||||
raise Http404("Virtual Race does not exist")
|
||||
|
||||
start_time = race.start_time
|
||||
start_date = race.startdate
|
||||
@@ -1970,15 +1933,10 @@ def virtualevent_edit_view(request,id=0):
|
||||
})
|
||||
|
||||
@login_required()
|
||||
@permission_required('virtualevent.change_race',fn=get_virtualevent_by_pk,raise_exception=True)
|
||||
def indoorvirtualevent_edit_view(request,id=0):
|
||||
r = getrower(request.user)
|
||||
|
||||
try:
|
||||
race = VirtualRace.objects.get(id=id)
|
||||
if race.manager != request.user:
|
||||
raise PermissionDenied("Access denied")
|
||||
except VirtualRace.DoesNotExist:
|
||||
raise Http404("Virtual Race does not exist")
|
||||
race = get_object_or_404(VirtualRace,pk=id)
|
||||
|
||||
start_time = race.start_time
|
||||
start_date = race.startdate
|
||||
|
||||
@@ -285,9 +285,21 @@ def getfavorites(r,row):
|
||||
|
||||
return favorites,maxfav
|
||||
|
||||
def get_logo_by_pk(request,*args,**kwargs):
|
||||
id = kwargs['id']
|
||||
return get_object_or_404(RaceLogo,pk=id)
|
||||
|
||||
def get_virtualevent_by_pk(request,*args,**kwargs):
|
||||
id = kwargs['id']
|
||||
return get_object_or_404(VirtualRace,pk=id)
|
||||
|
||||
def get_promember(request,*args,**kwargs):
|
||||
return request.user
|
||||
|
||||
def get_course_by_pk(request,*args,**kwargs):
|
||||
id = kwargs['id']
|
||||
return get_object_or_404(GeoCourse,pk=id)
|
||||
|
||||
def get_workout_by_opaqueid(request,id,**kwargs):
|
||||
pk = encoder.decode_hex(id)
|
||||
return get_object_or_404(Workout,pk=pk)
|
||||
|
||||
Reference in New Issue
Block a user