rules first attempt

rowers/models.py

@@ -39,6 +39,9 @@ import pandas as pd
 from dateutil import parser
 import datetime
 
+import rules
+from rules.contrib.models import RulesModel
+
 from rowers.rows import validate_file_extension
 from collections import OrderedDict
 from timezonefinder import TimezoneFinder
@@ -53,6 +56,37 @@ from rowsandall_app.settings import (
     TWEET_CONSUMER_SECRET,
     )
 
+# PERMISSIONS
+
+@rules.predicate
+def is_team_manager(user,team):
+    print('aap')
+    return team.manager == user
+
+@rules.predicate
+def is_team_member(user,team):
+    members = Rower.objects.filter(team__in=[team])
+    return user in [member.user for member in members]
+
+@rules.predicate
+def is_coach(user):
+    r = Rower.objects.get(user=user)
+    return r.rowerplan in ['coach','freecoach']
+
+@rules.predicate
+def can_view_team(user,team):
+    # user based
+    r = Rower.objects.get(user=user)
+    if r.rowerplan == 'basic' and team.manager.rower.rowerplan != 'coach':
+        return False
+    # team is public
+    if team.private == 'open':
+        return True
+    # team is private
+    return is_team_member(user,team) | is_team_manager(user,team)
+
+# END PERMISSIONS
+
 tweetapi = twitter.Api(consumer_key=TWEET_CONSUMER_KEY,
                        consumer_secret=TWEET_CONSUMER_SECRET,
                        access_token_key=TWEET_ACCESS_TOKEN_KEY,
@@ -331,7 +365,7 @@ def is_not_basic(user):
 
 # For future Team functionality
 @python_2_unicode_compatible
-class Team(models.Model):
+class Team(RulesModel):
     choices = (
         ('private','private'),
         ('open','open'),
@@ -350,6 +384,13 @@ class Team(models.Model):
 
     viewing = models.CharField(max_length=30,choices=viewchoices,default='allmembers',verbose_name='Sharing Behavior')
 
+    class Meta:
+        rules_permissions = {
+            "add": is_coach,
+            "change": is_team_manager,
+            "delete": is_team_manager,
+            "view": can_view_team,
+        }
 
     def __str__(self):
         return self.name

rowers/teams.py

@@ -23,7 +23,7 @@ queuehigh = django_rq.get_queue('low')
 
 from rowers.models import (
     Rower, Workout, Team, TeamInvite,User,TeamRequest, CoachRequest, CoachOffer,
-    CoachingGroup
+    CoachingGroup,is_team_manager,is_team_member,is_coach
     )
 
 from rowers.tasks import (
@@ -60,7 +60,8 @@ def handle_add_workouts_team(ws,t):
     return 1
 
 def update_team(t,name,manager,private,notes,viewing):
-    if t.manager != manager:
+
+    if not is_team_manager(t,manager):
         return (0,'You are not the manager of this team')
     try:
         t.name = name
@@ -213,7 +214,7 @@ def coach_remove_athlete(coach,rower):
 
 def mgr_remove_member(id,manager,rower):
     t = Team.objects.get(id=id)
-    if t.manager == manager:
+    if is_team_manager(t,manager):
         remove_member(id,rower)
         send_email_member_dropped(id,rower)
         return (id,'Member removed')
@@ -345,7 +346,7 @@ def create_coaching_offer(coach,user):
 
 def create_invite(team,manager,user=None,email=''):
     r = Rower.objects.get(user=manager)
-    if team.manager != manager:
+    if not is_team_manager(team,manager):
         return (0,'Not the team manager')
     if user:
         try:
@@ -433,7 +434,7 @@ def revoke_invite(manager,id):
     except TeamInvite.DoesNotExist:
         return (0,'The invitation is invalid')
 
-    if invite.team.manager==manager:
+    if is_team_manager(invite.team,manager):
         invite.delete()
         return (1,'Invitation revoked')
     else:
@@ -445,7 +446,7 @@ def reject_request(manager,id):
     except TeamRequest.DoesNotExist:
         return (0,'The request is invalid')
 
-    if rekwest.team.manager==manager:
+    if is_team_manager(rekwest.team,manager):
         send_request_reject_email(rekwest)
         rekwest.delete()
         return (1,'Request rejected')
@@ -743,5 +744,3 @@ def send_coachoffer_accepted_email(rekwest):
     res = myqueue(queuehigh,
                   handle_sendemail_coachoffer_accepted,
                   coachemail,coachname,name)
-
-    

rowers/views/statements.py

@@ -240,7 +240,7 @@ from rq import Queue,cancel_job
 from django.core.cache import cache
 from django_mailbox.models import Message,Mailbox,MessageAttachment
 
-
+from rules.contrib.views import permission_required, objectgetter
 
 # Utility to get stroke data in a JSON response
 class JSONResponse(HttpResponse):

rowers/views/teamviews.py

@@ -6,7 +6,8 @@ from __future__ import unicode_literals
 from rowers.views.statements import *
 
 
-@login_required()
+#@login_required()
+@permission_required('teams.view_team',fn=objectgetter(Team,'id'))
 def team_view(request,id=0,userid=0):
     ismember = 0
     hasrequested = 0
@@ -22,8 +23,8 @@ def team_view(request,id=0,userid=0):
     except Team.DoesNotExist:
         raise Http404("Team doesn't exist")
 
-    if r.rowerplan == 'basic' and t.manager.rower.rowerplan != 'coach':
-        raise PermissionDenied("You need to be on a Paid Plan to see or join this team")
+    #if r.rowerplan == 'basic' and t.manager.rower.rowerplan != 'coach':
+    #    raise PermissionDenied("You need to be on a Paid Plan to see or join this team")
 
 
     q = User.objects.filter(rower__isnull=False,rower__team__in=myteams).distinct().exclude(rower__team__name=t.name)
@@ -708,7 +709,8 @@ def team_create_view(request):
                       'breadcrumbs':breadcrumbs,
                       })
 
-@login_required()
+#@login_required()
+@permission_required('teams.delete_team',fn=objectgetter(Team,'id'))
 def team_deleteconfirm_view(request,id):
     r = getrower(request.user)
     try:

rowsandall_app/settings.py

@@ -72,11 +72,13 @@ INSTALLED_APPS = [
     'tz_detect',
     'django_social_share',
     'django_countries',
+	'rules',
 ]
 
 AUTHENTICATION_BACKENDS = (
     'oauth2_provider.backends.OAuth2Backend',
     # Uncomment following if you want to access the admin
+	'rules.permissions.ObjectPermissionBackend',
     'django.contrib.auth.backends.ModelBackend',
 )