making planning accessible for team manager of pro users

2019-02-19 20:04:02 +01:00
parent a0bd17b593
commit 8575443220
6 changed files with 61 additions and 17 deletions
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -2,7 +2,7 @@ from statements import *

@login_required()
 def plannedsession_comment_view(request,id=0,userid=0):
-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    try:
        ps = PlannedSession.objects.get(id=id)
@@ -170,7 +170,7 @@ def plannedsession_multiclone_view(
        request,
        userid=0,):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -301,7 +301,7 @@ def plannedsession_create_view(request,
                               startdatestring='',
                               enddatestring=''):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    
@@ -442,7 +442,7 @@ def plannedsession_multicreate_view(request,

    extrasessions=int(extrasessions)

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -552,7 +552,7 @@ def plannedsession_multicreate_view(request,
 def plannedsession_teamcreate_view(request,
                                   teamid=0,userid=0):

-    therower = getrequestrower(request,userid=userid)
+    therower = getrequestplanrower(request,userid=userid)

    
        
@@ -720,7 +720,7 @@ def plannedsession_teamcreate_view(request,
 def plannedsession_teamedit_view(request,
                                 sessionid=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    try:
@@ -880,7 +880,7 @@ def plannedsessions_coach_view(request,
                               teamid=0,userid=0):


-    therower = getrower(request.user)
+    therower = getrequestplanrower(request,userid=userid)

        
    startdate,enddate = get_dates_timeperiod(request)
@@ -984,7 +984,7 @@ from rowers.plannedsessions import cratiocolors
 def plannedsessions_view(request,
                         userid=0,startdatestring='',enddatestring=''):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    if startdatestring:
        try:
@@ -1127,7 +1127,7 @@ def plannedsessions_view(request,
@login_required()
 def plannedsessions_print_view(request,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
        
@@ -1330,7 +1330,7 @@ def plannedsessions_manage_view(request,userid=0,
                  redirect_field_name=None)
 def plannedsession_clone_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -1391,7 +1391,7 @@ def plannedsession_clone_view(request,id=0,userid=0):
                  redirect_field_name=None)
 def plannedsession_edit_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    

@@ -1536,7 +1536,7 @@ def plannedsession_detach_view(request,id=0,psid=0):
@login_required()
 def plannedsession_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    

--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -88,7 +88,7 @@ from rowers.models import (
    microcyclecheckdates,mesocyclecheckdates,macrocyclecheckdates,
    TrainingMesoCycleForm, TrainingMicroCycleForm,
    RaceLogo,RowerBillingAddressForm,PaidPlan,
-    PlannedSessionComment,CoachRequest,CoachOffer,
+    PlannedSessionComment,CoachRequest,CoachOffer,checkaccessplanuser
    )
 from rowers.models import (
    RowerPowerForm,RowerForm,GraphImage,AdvancedWorkoutForm,
@@ -300,6 +300,39 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):

    return r

+def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
+
+    userid = int(userid)
+    rowerid = int(rowerid)
+
+    if notpermanent == False:
+        if rowerid == 0 and 'rowerid' in request.session:
+            rowerid = request.session['rowerid']
+            
+        if userid != 0:
+            rowerid = 0
+        
+    try:
+        
+        if rowerid != 0:
+            r = Rower.objects.get(id=rowerid)
+        elif userid != 0:
+            u = User.objects.get(id=userid)
+            r = getrower(u)
+        else:
+	    r = getrower(request.user)
+            
+    except Rower.DoesNotExist:
+        raise Http404("Rower doesn't exist")
+
+    if not checkaccessplanuser(request.user,r):
+        raise PermissionDenied("You have no access to this user")
+
+    if notpermanent == False:
+        request.session['rowerid'] = r.id
+
+    return r
+

 def getrower(user):
    try: