diff --git a/rowers/templates/plannedsessionview.html b/rowers/templates/plannedsessionview.html index d8ecb60b..8ace4c3a 100644 --- a/rowers/templates/plannedsessionview.html +++ b/rowers/templates/plannedsessionview.html @@ -16,7 +16,7 @@
{% if user.is_authenticated and psdict.id.1|is_session_manager:user %} - + Edit Session {% else %}   diff --git a/rowers/views.py b/rowers/views.py index 87602e00..d202dc58 100644 --- a/rowers/views.py +++ b/rowers/views.py @@ -181,8 +181,36 @@ class JSONResponse(HttpResponse): kwargs['content_type'] = 'application/json' super(JSONResponse, self).__init__(content, **kwargs) +def getrequestrower(request,rowerid=0,userid=0,notpermanent=False): + if notpermanent == False: + if rowerid == 0 and 'rowerid' in request.session: + rowerid = request.session['rowerid'] + + if userid != 0: + rowerid = 0 + + try: + + if rowerid != 0: + r = Rower.objects.get(id=rowerid) + elif userid != 0: + u = User.objects.get(id=userid) + r = getrower(u) + else: + r = getrower(request.user) + + except Rower.DoesNotExist: + raise Http404("Rower doesn't exist") + if not checkaccessuser(request.user,r): + raise PermissionDenied("You have no access to this user") + + if notpermanent == False: + request.session['rowerid'] = r.id + + return r + def getrower(user): try: @@ -6425,17 +6453,7 @@ def workouts_view(request,message='',successmessage='', teamid=0,rankingonly=False,rowerid=0,userid=0): request.session['referer'] = absolute(request)['PATH'] - try: - if rowerid != 0: - r = Rower.objects.get(id=rowerid) - elif userid != 0: - u = User.objects.get(id=userid) - r = getrower(u) - else: - r = getrower(request.user) - - except Rower.DoesNotExist: - raise Http404("Rower doesn't exist") + r = getrequestrower(request,rowerid=rowerid,userid=userid) # check if access is allowed if not checkaccessuser(request.user,r): @@ -11190,12 +11208,7 @@ def rower_exportsettings_view(request): # Add email address to form so user can change his email address @login_required() def rower_edit_view(request,rowerid=0,message=""): - if rowerid==0: - r = getrower(request.user) - else: - r = Rower.objects.get(id=rowerid) - if not checkaccessuser(request.user,r): - raise PermissionDenied("You have no access to these user settings") + r = getrequestrower(request,rowerid=rowerid,notpermanent=True) rowerid = r.id @@ -12141,16 +12154,8 @@ def plannedsession_multiclone_view( rowerid=0, startdate=timezone.now()-datetime.timedelta(days=30), enddate=timezone.now()): - - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + + r = getrequestrower(request,rowerid=rowerid) if 'startdate' in request.session: startdate = iso8601.parse_date(request.session['startdate']) @@ -12246,15 +12251,8 @@ def plannedsession_multiclone_view( @user_passes_test(hasplannedsessions,login_url="/rowers/planmembership/", redirect_field_name=None) def plannedsession_create_view(request,timeperiod='thisweek',rowerid=0): - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + + r = getrequestrower(request,rowerid=rowerid) if request.method == 'POST': sessioncreateform = PlannedSessionForm(request.POST) @@ -12349,15 +12347,7 @@ def plannedsession_multicreate_view(request,timeperiod='thisweek', extrasessions=int(extrasessions) - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod) sps = get_sessions(r,startdate=startdate,enddate=enddate) @@ -12720,15 +12710,7 @@ def plannedsessions_coach_view(request,timeperiod='thisweek', @login_required() def plannedsessions_view(request,timeperiod='thisweek',rowerid=0): - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod) @@ -12765,15 +12747,7 @@ def plannedsessions_view(request,timeperiod='thisweek',rowerid=0): @login_required() def plannedsessions_print_view(request,timeperiod='thisweek',rowerid=0): - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod) @@ -12802,15 +12776,7 @@ def plannedsessions_manage_view(request,timeperiod='thisweek',rowerid=0, if request.is_ajax(): is_ajax = True - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod) @@ -12928,15 +12894,8 @@ def plannedsessions_manage_view(request,timeperiod='thisweek',rowerid=0, redirect_field_name=None) def plannedsession_clone_view(request,id=0,rowerid=0, timeperiod='thisweek'): - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod) @@ -12981,16 +12940,8 @@ def plannedsession_clone_view(request,id=0,rowerid=0, @user_passes_test(hasplannedsessions,login_url="/rowers/planmembership/", redirect_field_name=None) def plannedsession_edit_view(request,id=0,timeperiod='thisweek',rowerid=0): - - if rowerid==0: - r = getrower(request.user) - else: - try: - r = Rower.objects.get(id=rowerid) - except Rower.DoesNotExist: - raise Http404("This rower doesn't exist") - if not checkaccessuser(request.user,r): - raise PermissionDenied("You don't have access to this plan") + + r = getrequestrower(request,rowerid=rowerid) startdate,enddate = get_dates_timeperiod(timeperiod)