more fixes

rowers/rower_rules.py

@@ -263,9 +263,6 @@ def can_plan_user(user,rower):
             if rower in t.rower.all():
                 return True
 
-
-        return user in team_managers
-
     # paying coach can plan for all kinds of rowers
     if is_paid_coach(user):
         for t in teams:

rowers/tests/test_permissions.py

@@ -967,8 +967,6 @@ class PermissionsViewTests(TestCase):
     ## Coach can see list of workouts of athlete
     def test_coach_athlete_workout_list(self):
         self.rbasic.team.add(self.teamcoach)
-        print(self.rbasic.team.all())
-        print(self.teamcoach)
 
         login = self.c.login(username=self.ucoach.username, password=self.ucoachpassword)
         self.assertTrue(login)
@@ -979,20 +977,17 @@ class PermissionsViewTests(TestCase):
 
 
         response = self.c.get(url)
-        print(url,response.status_code)
         self.assertEqual(response.status_code,200)
 
         url = reverse('workouts_view',
                       kwargs={'userid':self.ubasic.id})
 
         response = self.c.get(url)
-        print(url,response.status_code)
         self.assertEqual(response.status_code,200)
 
         url = reverse('workouts_view')
 
         response = self.c.get(url)
-        print(url,response.status_code)
         self.assertEqual(response.status_code,200)
 
     ## Self coach can create one group

rowers/views/planviews.py

@@ -155,7 +155,7 @@ def plannedsession_comment_view(request,id=0,userid=0):
             })
 
 # Cloning sessions
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_multiclone_view(
@@ -306,7 +306,7 @@ def plannedsession_multiclone_view(
                   )
 
 # Individual user creates training for himself
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_create_view(request,
@@ -316,9 +316,6 @@ def plannedsession_create_view(request,
 
     r = getrequestplanrower(request,userid=userid)
 
-
-
-
     startdate,enddate = get_dates_timeperiod(request,startdatestring=startdatestring,
                                              enddatestring=enddatestring)
 
@@ -461,7 +458,7 @@ def plannedsession_create_view(request,
                       'timeperiod':timeperiod,
                   })
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_multicreate_view(request,
@@ -597,7 +594,7 @@ def plannedsession_multicreate_view(request,
     return render(request,'plannedsession_multicreate.html',context)
 
 # Manager creates sessions for entire team
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_teamcreate_view(request,
@@ -770,7 +767,7 @@ def plannedsession_teamcreate_view(request,
                   })
 
 # Manager edits sessions for entire team
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
@@ -1382,7 +1379,7 @@ def plannedsessions_manage_view(request,userid=0,
 # Clone an existing planned session
 # need clarity on cloning behavior time shift
 @permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_clone_view(request,id=0,userid=0):
@@ -1445,7 +1442,7 @@ def plannedsession_clone_view(request,id=0,userid=0):
 # Clone an existing planned session
 # need clarity on cloning behavior time shift
 @permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_teamclone_view(request,id=0):
@@ -1504,7 +1501,7 @@ def plannedsession_teamclone_view(request,id=0):
     return HttpResponseRedirect(url)
 
 @permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
-@user_passes_test(isplanmember, login_url="/rowers/paidplans/",
+@user_passes_test(can_plan, login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_totemplate_view(request,id=0):
@@ -1532,7 +1529,7 @@ def plannedsession_totemplate_view(request,id=0):
 
 # Edit an existing planned session
 @permission_required('plannedsession.change_session',fn=get_session_by_pk,raise_exception=True)
-@user_passes_test(isplanmember,login_url="/rowers/paidplans/",
+@user_passes_test(can_plan,login_url="/rowers/paidplans/",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def plannedsession_edit_view(request,id=0,userid=0):
@@ -1906,7 +1903,7 @@ class PlannedSessionDelete(DeleteView):
         return obj
 
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def rower_create_trainingplan(request,id=0):
@@ -2035,7 +2032,7 @@ def rower_create_trainingplan(request,id=0):
                       'old_targets':old_targets,
                       })
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('target.delete_target',fn=get_target_by_pk,raise_exception=True)
@@ -2049,7 +2046,7 @@ def rower_delete_trainingtarget(request,id=0):
     return HttpResponseRedirect(url)
 
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('target.delete_plan',fn=get_plan_by_pk,raise_exception=True)
@@ -2256,7 +2253,7 @@ class MacroCycleDelete(DeleteView):
         return obj
 
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 def rower_trainingplan_execution_view(request,
@@ -2346,7 +2343,7 @@ def rower_trainingplan_execution_view(request,
                   )
 
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('plan.view_plan',fn=get_plan_by_pk,raise_exception=True)
@@ -2756,7 +2753,7 @@ class TrainingTargetUpdate(UpdateView):
 
 from rowers.utils import allsundays
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('cycle.change_cycle',fn=get_meso_by_pk,raise_exception=True)
@@ -2806,7 +2803,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
 
 from rowers.utils import allmonths
 
-@user_passes_test(isplanmember,login_url="/rowers/paidplans",
+@user_passes_test(can_plan,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
 @permission_required('cycle.change_cycle',fn=get_macro_by_pk,raise_exception=True)

rowers/views/statements.py

@@ -45,7 +45,7 @@ from rowers.rower_rules import (
     can_view_plan,can_change_plan,can_delete_plan,
     can_view_cycle,can_change_cycle,can_delete_cycle,
     can_add_workout_member,can_plan_user,is_paid_coach,
-    can_start_trial, can_start_plantrial
+    can_start_trial, can_start_plantrial,can_plan
     )
 
 from django.shortcuts import render
@@ -345,7 +345,10 @@ def get_user_by_id(*args,**kwargs):
     try:
         id = args[1]
     except IndexError:
-        id = request.user.id
+        try:
+            id = kwargs['id']
+        except KeyError:
+            id = request.user.id
 
     return get_object_or_404(User,pk=id)
 
@@ -354,7 +357,6 @@ def get_rower_by_userid(request,id):
     return u.rower
 
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
-
     userid = int(userid)
     rowerid = int(rowerid)
 
@@ -380,7 +382,10 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
     except Rower.DoesNotExist:
         raise Http404("Rower doesn't exist")
 
-    if userid != 0 and not is_coach_user(request.user,u):
+    if r.user == request.user:
+        return r
+
+    if userid != 0 and not is_rower_team_member(request.user,u.rower):
         request.session['rowerid'] = request.user.rower.id
         raise PermissionDenied("You have no access to this user")
 
@@ -414,7 +419,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
     except Rower.DoesNotExist:
         raise Http404("Rower doesn't exist")
 
-    if not is_coach_user(request.user,r.user):
+    if not can_plan_user(request.user,r ):
         request.session['rowerid'] = r.id
         raise PermissionDenied("You have no access to this user")
 

rowers/views/workoutviews.py

@@ -1757,7 +1757,6 @@ def workouts_view(request,message='',successmessage='',
     request.session['referer'] = absolute(request)['PATH']
     r = getrequestrower(request,rowerid=rowerid,userid=userid)
 
-
     # check if access is allowed
     if not is_rower_team_member(request.user,r):
         request.session['rowerid'] = request.user.rower.id