more fixes

rowers/views/statements.py

@@ -45,7 +45,7 @@ from rowers.rower_rules import (
     can_view_plan,can_change_plan,can_delete_plan,
     can_view_cycle,can_change_cycle,can_delete_cycle,
     can_add_workout_member,can_plan_user,is_paid_coach,
-    can_start_trial, can_start_plantrial
+    can_start_trial, can_start_plantrial,can_plan
     )
 
 from django.shortcuts import render
@@ -345,7 +345,10 @@ def get_user_by_id(*args,**kwargs):
     try:
         id = args[1]
     except IndexError:
-        id = request.user.id
+        try:
+            id = kwargs['id']
+        except KeyError:
+            id = request.user.id
 
     return get_object_or_404(User,pk=id)
 
@@ -354,7 +357,6 @@ def get_rower_by_userid(request,id):
     return u.rower
 
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
-
     userid = int(userid)
     rowerid = int(rowerid)
 
@@ -380,7 +382,10 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
     except Rower.DoesNotExist:
         raise Http404("Rower doesn't exist")
 
-    if userid != 0 and not is_coach_user(request.user,u):
+    if r.user == request.user:
+        return r
+
+    if userid != 0 and not is_rower_team_member(request.user,u.rower):
         request.session['rowerid'] = request.user.rower.id
         raise PermissionDenied("You have no access to this user")
 
@@ -414,7 +419,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
     except Rower.DoesNotExist:
         raise Http404("Rower doesn't exist")
 
-    if not is_coach_user(request.user,r.user):
+    if not can_plan_user(request.user,r ):
         request.session['rowerid'] = r.id
         raise PermissionDenied("You have no access to this user")