Merge branch 'develop' into feature/opaqueid

2019-01-31 18:25:25 +01:00
parent 4c1f898143 2ab64828ad
commit 7606ab6c35
2 changed files with 48 additions and 122 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -26,8 +26,9 @@ conftest.py
 # temporary test files
 /rowers/tests/testdata/temp
-/rowers/tests/testdate/testdata.csv.gz
+/rowers/tests/testdata/testdata.csv.gz
-/rowers/tests/testdate/testdata.tcx
+/rowers/tests/testdata/testdata.tcx
 # Python egg metadata, regenerated from source files by setuptools.
 *.egg-info
@@ -48,3 +49,6 @@ manage.py
 # secrets
 config.yaml
 # test data
--- a/rowers/views.py
+++ b/rowers/views.py
@@ -1871,63 +1871,32 @@ def add_workout_from_strokedata(user,importid,data,strokedata,
 def workout_tcxemail_view(request,id=0):
    if id:
        id = encoder.decode_hex(id)
-    message = ""
+
    successmessage = ""
    r = getrower(request.user)
    w = get_workout(id)
    if (checkworkoutuser(request.user,w)):
        if r.emailbounced:
            message = "Please check your email address first. Email to this address bounced."
            messages.error(request, message)
-            url = reverse(r.defaultlandingpage,
+    if not checkworkoutuser(request.user,w):
-                  kwargs = {
+        raise PermissionDenied("Access denied")
                      'id':encoder.encode_hex(id)
                      })
            return HttpResponseRedirect(url)
    row = rdata(w.csvfilename)
-        tcxfile,tcxmessg = stravastuff.createstravaworkoutdata(w,dozip=False)
+    code = str(uuid4())
-        if tcxfile == 0:
+    tcxfilename = code+'.tcx'
            message = "Something went wrong (TCX export) "+tcxmessg
            messages.error(request,message)
            url = reverse(r.defaultlandingpage,
                  kwargs = {
                      'id':encoder.encode_hex(id)
                      })
            return HttpResponseRedirect(url)
        if tcxfile:
            res = myqueue(queuehigh,handle_sendemailtcx,
                          r.user.first_name,
                          r.user.last_name,
                          r.user.email,
                          tcxfile,
                          emailbounced = r.emailbounced
            )
-	    successmessage = "The TCX file was sent to you per email"
+    row.exporttotcx(tcxfilename)
            messages.info(request,successmessage)
-            
+    with open(tcxfilename,'r') as f:
-        url = reverse(r.defaultlandingpage,
+        response = HttpResponse(f)
-                      kwargs = {
+        response['Content-Disposition'] = 'attachment; filename="%s"' % tcxfilename
-                          'id':encoder.encode_hex(id)
+        response['Content-Type'] = 'application/octet-stream'
                      })
 	response = HttpResponseRedirect(url)
-    else:
+    os.remove(tcxfilename)
 	message = "You are not allowed to export this workout"
        messages.error(request,message)
        url = reverse(r.defaultlandingpage,
                      kwargs = {
                          'id':encoder.encode_hex(id)
                      })
 	response = HttpResponseRedirect(url)
    return response
@login_required()
 def plannedsessions_icsemail_view(request,userid=0):
    r = getrequestrower(request,userid=userid)
@@ -2025,52 +1994,27 @@ def course_kmldownload_view(request,id=0):
 def workout_gpxemail_view(request,id=0):
    if id != 0:
        id = encoder.decode_hex(id)
-    message = ""
+    r = getrower(request.user)
    successmessage = ""
    r = Rower.objects.get(user=request.user)
    if r.emailbounced:
        message = "Please check your email address first. Email to this address bounced."
        messages.error(request, message)
        url = reverse(r.defaultlandingpage,
                      kwargs = {
                          'id':encoder.encode_hex(id)
                      })
        return HttpResponseRedirect(url)
    w = get_workout(id)
-    if (checkworkoutuser(request.user,w)):
+    if not checkworkoutuser(request.user,w):
-	filename = w.csvfilename
+        raise PermissionDenied("Access denied")
        row = rdata(filename)
        gpxfilename = filename[:-4]+'.gpx'
        row.exporttogpx(gpxfilename)
        res = myqueue(queuehigh,handle_sendemailtcx,
                      r.user.first_name,
 		      r.user.last_name,
 		      r.user.email,gpxfilename,
                      emailbounced = r.emailbounced
        )
 	successmessage = "The GPX file was sent to you per email"
        messages.info(request,successmessage)
        url = reverse(r.defaultlandingpage,
                      kwargs = {
                          'id':encoder.encode_hex(id)
                      })
-	response = HttpResponseRedirect(url)
+    row = rdata(w.csvfilename)
    code = str(uuid4())
    gpxfilename = code+'.gpx'
    row.exporttogpx(gpxfilename)
    with open(gpxfilename,'r') as f:
        response = HttpResponse(f)
        response['Content-Disposition'] = 'attachment; filename="%s"' % gpxfilename
        response['Content-Type'] = 'application/octet-stream'
    os.remove(gpxfilename)
    else:
 	message = "You are not allowed to export this workout"
        messages.error(request,message)
 	url = reverse(r.defaultlandingpage,
 		      kwargs = {
 			  'id':encoder.encode_hex(w.id),
 			  })
 	response = HttpResponseRedirect(url)
    return response
 # Get Workout summary CSV file
@@ -2117,46 +2061,24 @@ def workouts_summaries_email_view(request):
 def workout_csvemail_view(request,id=0):
    if id:
        id = encoder.decode_hex(id)
    message = ""
    r = getrower(request.user)
    if r.emailbounced:
        message = "Please check your email address first. Email to this address bounced."
        messages.error(request, message)
        return HttpResponseRedirect(
            reverse(r.defaultlandingpage,
 		    kwargs = {
 			'id':encoder.encode_hex(w.id),
 		    })
        )
    w = get_workout(id)
-    if (checkworkoutuser(request.user,w)):
+    if not checkworkoutuser(request.user,w):
-	csvfile = w.csvfilename
+        raise PermissionDenied("Access denied")
-        res = myqueue(queuehigh,handle_sendemailcsv,r.user.first_name,
+
-		      r.user.last_name,
+    rowdata = rdata(w.csvfilename)
-		      r.user.email,csvfile,
+    code = str(uuid4())
-                      emailbounced = r.emailbounced
+    filename = code+'.csv'
-           )
+
    response = HttpResponse(rowdata.df.to_csv())
    response['Content-Disposition'] = 'attachment; filename="%s"' % filename
    response['Content-Type'] = 'application/octet-stream'
 	successmessage = "The CSV file was sent to you per email"
        messages.info(request,successmessage)
 	url = reverse(r.defaultlandingpage,
 		      kwargs = {
 			  'id':encoder.encode_hex(w.id),
 			  })
 	response = HttpResponseRedirect(url)
    else:
 	message = "You are not allowed to export this workout"
        messages.error(request,message)
 	url = reverse(r.defaultlandingpage,
 		      kwargs = {
 			  'id':encoder.encode_hex(w.id),
 			  })
 	response = HttpResponseRedirect(url)
    return response
 # Get Workout CSV file and send it to user's email address
@login_required()