diff --git a/rowers/serializers.py b/rowers/serializers.py index 2ff7f038..f215c68c 100644 --- a/rowers/serializers.py +++ b/rowers/serializers.py @@ -84,13 +84,6 @@ class StandardCollectionSerializer(serializers.ModelSerializer): 'standards' ) - - - - - - - class ShortEntrySerializer(serializers.ModelSerializer): entrycategory = CourseStandardSerializer(read_only=True) class Meta: diff --git a/rowers/views/statements.py b/rowers/views/statements.py index 4a0f46a1..9061fb13 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -490,6 +490,52 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False): request.session['rowerid'] = r.id return r +def getrequestrowercoachee(request,rowerid=0,userid=0,notpermanent=False): + userid = int(userid) + rowerid = int(rowerid) + + #if userid == 0: + # userid = request.user.id + + if notpermanent == False: + if rowerid == 0 and 'rowerid' in request.session: + rowerid = request.session['rowerid'] + + if userid != 0: + rowerid = 0 + + try: + + if rowerid != 0: + r = Rower.objects.get(id=rowerid) + u = r.user + elif userid != 0: + u = User.objects.get(id=userid) + r = getrower(u) + elif request.user.is_anonymous: + return None + else: + r = getrower(request.user) + u = r.user + + + except Rower.DoesNotExist: + raise Http404("Rower doesn't exist") + + if r.user == request.user: + request.session['rowerid'] = r.id + return r + + if userid != 0 and not is_coach_user(request.user,u): + request.session['rowerid'] = request.user.rower.id + raise PermissionDenied("You have no access to this user") + + if notpermanent == False: + request.session['rowerid'] = r.id + + request.session['rowerid'] = r.id + return r + def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False): userid = int(userid) diff --git a/rowers/views/userviews.py b/rowers/views/userviews.py index c4819735..88e3a9c0 100644 --- a/rowers/views/userviews.py +++ b/rowers/views/userviews.py @@ -219,7 +219,7 @@ def start_plantrial_view(request): def rower_favoritecharts_view(request,userid=0): message = '' successmessage = '' - r = getrequestrower(request,userid=userid,notpermanent=True) + r = getrequestrowercoachee(request,userid=userid,notpermanent=True) staticchartform = StaticChartRowerForm(instance=r) @@ -310,7 +310,7 @@ def rower_exportsettings_view(request,userid=0): 'strava_auto_delete':'stravatoken', 'trainingpeaks_auto_export':'tptoken', } - r = getrequestrower(request,userid=userid) + r = getrequestrowercoachee(request,userid=userid) if request.method == 'POST': form = RowerExportForm(request.POST) if form.is_valid(): @@ -361,7 +361,7 @@ def rower_exportsettings_view(request,userid=0): @login_required() @permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True) def rower_edit_view(request,rowerid=0,userid=0,message=""): - r = getrequestrower(request,rowerid=rowerid,userid=userid,notpermanent=True) + r = getrequestrowercoachee(request,rowerid=rowerid,userid=userid,notpermanent=True) rowerid = r.id @@ -459,7 +459,7 @@ def rower_edit_view(request,rowerid=0,userid=0,message=""): @login_required() @permission_required('rower.is_coach',fn=get_user_by_userid,raise_exception=True) def rower_prefs_view(request,userid=0,message=""): - r = getrequestrower(request,userid=userid,notpermanent=True) + r = getrequestrowercoachee(request,userid=userid,notpermanent=True) rowerid = r.id