Merge branch 'release/v13.68'

rowers/serializers.py

@@ -84,13 +84,6 @@ class StandardCollectionSerializer(serializers.ModelSerializer):
             'standards'
         )
 
-
-
-
-
-
-
-
 class ShortEntrySerializer(serializers.ModelSerializer):
     entrycategory = CourseStandardSerializer(read_only=True)
     class Meta:

rowers/views/statements.py

@@ -490,6 +490,52 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
     request.session['rowerid'] = r.id
     return r
 
+def getrequestrowercoachee(request,rowerid=0,userid=0,notpermanent=False):
+    userid = int(userid)
+    rowerid = int(rowerid)
+
+    #if userid == 0:
+    #    userid = request.user.id
+
+    if notpermanent == False:
+        if rowerid == 0 and 'rowerid' in request.session:
+            rowerid = request.session['rowerid']
+
+        if userid != 0:
+            rowerid = 0
+
+    try:
+
+        if rowerid != 0:
+            r = Rower.objects.get(id=rowerid)
+            u = r.user
+        elif userid != 0:
+            u = User.objects.get(id=userid)
+            r = getrower(u)
+        elif request.user.is_anonymous:
+            return None
+        else:
+            r = getrower(request.user)
+            u = r.user
+
+
+    except Rower.DoesNotExist:
+        raise Http404("Rower doesn't exist")
+
+    if r.user == request.user:
+        request.session['rowerid'] = r.id
+        return r
+
+    if userid != 0 and not is_coach_user(request.user,u):
+        request.session['rowerid'] = request.user.rower.id
+        raise PermissionDenied("You have no access to this user")
+
+    if notpermanent == False:
+        request.session['rowerid'] = r.id
+
+    request.session['rowerid'] = r.id
+    return r
+
 def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
 
     userid = int(userid)

rowers/views/userviews.py

@@ -219,7 +219,7 @@ def start_plantrial_view(request):
 def rower_favoritecharts_view(request,userid=0):
     message = ''
     successmessage = ''
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+    r = getrequestrowercoachee(request,userid=userid,notpermanent=True)
 
     staticchartform = StaticChartRowerForm(instance=r)
 
@@ -310,7 +310,7 @@ def rower_exportsettings_view(request,userid=0):
         'strava_auto_delete':'stravatoken',
         'trainingpeaks_auto_export':'tptoken',
     }
-    r = getrequestrower(request,userid=userid)
+    r = getrequestrowercoachee(request,userid=userid)
     if request.method == 'POST':
         form = RowerExportForm(request.POST)
         if form.is_valid():
@@ -361,7 +361,7 @@ def rower_exportsettings_view(request,userid=0):
 @login_required()
 @permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
 def rower_edit_view(request,rowerid=0,userid=0,message=""):
-    r = getrequestrower(request,rowerid=rowerid,userid=userid,notpermanent=True)
+    r = getrequestrowercoachee(request,rowerid=rowerid,userid=userid,notpermanent=True)
 
     rowerid = r.id
 
@@ -459,7 +459,7 @@ def rower_edit_view(request,rowerid=0,userid=0,message=""):
 @login_required()
 @permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True)
 def rower_prefs_view(request,userid=0,message=""):
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+    r = getrequestrowercoachee(request,userid=userid,notpermanent=True)
 
     rowerid = r.id