sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

more fixes

Browse Source
This commit is contained in:
Sander Roosendaal
2020-01-16 16:16:44 +01:00
parent c23fd15b7c
commit 7c167767a2
5 changed files with 26 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
rowers/rower_rules.py
View File

@@ -263,9 +263,6 @@ def can_plan_user(user,rower):
if rower in t.rower.all():
return True
return user in team_managers
# paying coach can plan for all kinds of rowers
if is_paid_coach(user):
for t in teams:

5
rowers/tests/test_permissions.py
View File

@@ -967,8 +967,6 @@ class PermissionsViewTests(TestCase):
## Coach can see list of workouts of athlete
def test_coach_athlete_workout_list(self):
self.rbasic.team.add(self.teamcoach)
print(self.rbasic.team.all())
print(self.teamcoach)
login = self.c.login(username=self.ucoach.username, password=self.ucoachpassword)
self.assertTrue(login)
@@ -979,20 +977,17 @@ class PermissionsViewTests(TestCase):
response = self.c.get(url)
print(url,response.status_code)
self.assertEqual(response.status_code,200)
url = reverse('workouts_view',
kwargs={'userid':self.ubasic.id})
response = self.c.get(url)
print(url,response.status_code)
self.assertEqual(response.status_code,200)
url = reverse('workouts_view')
response = self.c.get(url)
print(url,response.status_code)
self.assertEqual(response.status_code,200)
## Self coach can create one group

35
rowers/views/planviews.py
View File

@@ -155,7 +155,7 @@ def plannedsession_comment_view(request,id=0,userid=0):
})
# Cloning sessions
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_multiclone_view(
@@ -306,7 +306,7 @@ def plannedsession_multiclone_view(
)
# Individual user creates training for himself
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_create_view(request,
@@ -316,9 +316,6 @@ def plannedsession_create_view(request,
r = getrequestplanrower(request,userid=userid)
startdate,enddate = get_dates_timeperiod(request,startdatestring=startdatestring,
enddatestring=enddatestring)
@@ -461,7 +458,7 @@ def plannedsession_create_view(request,
'timeperiod':timeperiod,
})
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_multicreate_view(request,
@@ -597,7 +594,7 @@ def plannedsession_multicreate_view(request,
return render(request,'plannedsession_multicreate.html',context)
# Manager creates sessions for entire team
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_teamcreate_view(request,
@@ -770,7 +767,7 @@ def plannedsession_teamcreate_view(request,
})
# Manager edits sessions for entire team
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@@ -1382,7 +1379,7 @@ def plannedsessions_manage_view(request,userid=0,
# Clone an existing planned session
# need clarity on cloning behavior time shift
@permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_clone_view(request,id=0,userid=0):
@@ -1445,7 +1442,7 @@ def plannedsession_clone_view(request,id=0,userid=0):
# Clone an existing planned session
# need clarity on cloning behavior time shift
@permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_teamclone_view(request,id=0):
@@ -1504,7 +1501,7 @@ def plannedsession_teamclone_view(request,id=0):
return HttpResponseRedirect(url)
@permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@user_passes_test(isplanmember, login_url="/rowers/paidplans/",
@user_passes_test(can_plan, login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_totemplate_view(request,id=0):
@@ -1532,7 +1529,7 @@ def plannedsession_totemplate_view(request,id=0):
# Edit an existing planned session
@permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
@user_passes_test(can_plan,login_url="/rowers/paidplans/",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def plannedsession_edit_view(request,id=0,userid=0):
@@ -1906,7 +1903,7 @@ class PlannedSessionDelete(DeleteView):
return obj
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def rower_create_trainingplan(request,id=0):
@@ -2035,7 +2032,7 @@ def rower_create_trainingplan(request,id=0):
'old_targets':old_targets,
})
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('target.delete_target',fn=get_target_by_pk,raise_exception=True)
@@ -2049,7 +2046,7 @@ def rower_delete_trainingtarget(request,id=0):
return HttpResponseRedirect(url)
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('target.delete_plan',fn=get_plan_by_pk,raise_exception=True)
@@ -2256,7 +2253,7 @@ class MacroCycleDelete(DeleteView):
return obj
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
def rower_trainingplan_execution_view(request,
@@ -2346,7 +2343,7 @@ def rower_trainingplan_execution_view(request,
)
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('plan.view_plan',fn=get_plan_by_pk,raise_exception=True)
@@ -2756,7 +2753,7 @@ class TrainingTargetUpdate(UpdateView):
from rowers.utils import allsundays
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('cycle.change_cycle',fn=get_meso_by_pk,raise_exception=True)
@@ -2806,7 +2803,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
from rowers.utils import allmonths
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
@user_passes_test(can_plan,login_url="/rowers/paidplans",
message="This functionality requires a Coach or Self-Coach plan",
redirect_field_name=None)
@permission_required('cycle.change_cycle',fn=get_macro_by_pk,raise_exception=True)

15
rowers/views/statements.py
View File

@@ -45,7 +45,7 @@ from rowers.rower_rules import (
can_view_plan,can_change_plan,can_delete_plan,
can_view_cycle,can_change_cycle,can_delete_cycle,
can_add_workout_member,can_plan_user,is_paid_coach,
can_start_trial, can_start_plantrial
can_start_trial, can_start_plantrial,can_plan
)
from django.shortcuts import render
@@ -345,7 +345,10 @@ def get_user_by_id(*args,**kwargs):
try:
id = args[1]
except IndexError:
id = request.user.id
try:
id = kwargs['id']
except KeyError:
id = request.user.id
return get_object_or_404(User,pk=id)
@@ -354,7 +357,6 @@ def get_rower_by_userid(request,id):
return u.rower
def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
userid = int(userid)
rowerid = int(rowerid)
@@ -380,7 +382,10 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
except Rower.DoesNotExist:
raise Http404("Rower doesn't exist")
if userid != 0 and not is_coach_user(request.user,u):
if r.user == request.user:
return r
if userid != 0 and not is_rower_team_member(request.user,u.rower):
request.session['rowerid'] = request.user.rower.id
raise PermissionDenied("You have no access to this user")
@@ -414,7 +419,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
except Rower.DoesNotExist:
raise Http404("Rower doesn't exist")
if not is_coach_user(request.user,r.user):
if not can_plan_user(request.user,r ):
request.session['rowerid'] = r.id
raise PermissionDenied("You have no access to this user")

1
rowers/views/workoutviews.py
View File

@@ -1757,7 +1757,6 @@ def workouts_view(request,message='',successmessage='',
request.session['referer'] = absolute(request)['PATH']
r = getrequestrower(request,rowerid=rowerid,userid=userid)
# check if access is allowed
if not is_rower_team_member(request.user,r):
request.session['rowerid'] = request.user.rower.id