sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

making planning accessible for team manager of pro users

Browse Source
This commit is contained in:
Sander Roosendaal
2019-02-19 20:04:02 +01:00
parent a0bd17b593
commit 8575443220
6 changed files with 61 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
rowers/models.py
View File

@@ -1035,6 +1035,17 @@ def checkviewworkouts(user,rower):
except Rower.DoesNotExist: except Rower.DoesNotExist:
return False return False
# check if user is plan and rower is in his group
def checkaccessplanuser(user,rower):
try:
r = Rower.objects.get(user=user)
if rower == r:
return True
team_managers = [t.manager for t in rower.team.all() if t.manager.rower.rowerplan in ['plan','coach']]
return user in team_managers
except Rower.DoesNotExist:
return False
# Check if user is coach or rower # Check if user is coach or rower
def checkaccessuser(user,rower): def checkaccessuser(user,rower):
try: try:

6
rowers/templates/menu_plan.html
View File

@@ -40,7 +40,7 @@
</li> </li>
<li id="sessions-coach"> <li id="sessions-coach">
<a href="/rowers/sessions/coach/?when={{ timeperiod }}"> <a href="/rowers/sessions/coach/?when={{ timeperiod }}">
<i class="fas fa-bullhorn fa-fw"></i>&nbsp;Coach View <i class="fas fa-bullhorn fa-fw"></i>&nbsp;Training Group View
</a> </a>
</li> </li>
<li id="sessions-print"> <li id="sessions-print">
@@ -82,7 +82,7 @@
<p>&nbsp;</p> <p>&nbsp;</p>
{% if user.is_authenticated and user|is_manager %} {% if user.is_authenticated and user|is_planmember %}
<p>&nbsp;</p> <p>&nbsp;</p>
{% if user|team_members %} {% if user|team_members %}
<ul class="cd-accordion-menu animated"> <ul class="cd-accordion-menu animated">
@@ -94,7 +94,7 @@
<li> <li>
<a href={{ request.path|userurl:member }}> <a href={{ request.path|userurl:member }}>
<i class="fas fa-user fa-fw"></i> <i class="fas fa-user fa-fw"></i>
{% if member == rower.user and not team %} {% if member == rower.user%}
&bull; &bull;
{% else %} {% else %}
&nbsp; &nbsp;

BIN
rowers/tests/testdata/testdata.csv.gz vendored
View File

Binary file not shown.

2
rowers/urls.py
View File

@@ -638,7 +638,7 @@ urlpatterns = [
name='plannedsessions_manage_view'), name='plannedsessions_manage_view'),
url(r'^sessions/coach/$',views.plannedsessions_coach_view, url(r'^sessions/coach/$',views.plannedsessions_coach_view,
name='plannedsessions_coach_view'), name='plannedsessions_coach_view'),
url(r'^sessions/coach/user/\d+/$',views.plannedsessions_coach_view, url(r'^sessions/coach/user/(?P<userid>\d+)/$',views.plannedsessions_coach_view,
name='plannedsessions_coach_view'), name='plannedsessions_coach_view'),
url(r'^sessions/print/?/$',views.plannedsessions_print_view, url(r'^sessions/print/?/$',views.plannedsessions_print_view,
name='plannedsessions_print_view'), name='plannedsessions_print_view'),

24
rowers/views/planviews.py
View File

@@ -2,7 +2,7 @@ from statements import *
@login_required() @login_required()
def plannedsession_comment_view(request,id=0,userid=0): def plannedsession_comment_view(request,id=0,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
try: try:
ps = PlannedSession.objects.get(id=id) ps = PlannedSession.objects.get(id=id)
@@ -170,7 +170,7 @@ def plannedsession_multiclone_view(
request, request,
userid=0,): userid=0,):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
startdate,enddate = get_dates_timeperiod(request) startdate,enddate = get_dates_timeperiod(request)
@@ -301,7 +301,7 @@ def plannedsession_create_view(request,
startdatestring='', startdatestring='',
enddatestring=''): enddatestring=''):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
@@ -442,7 +442,7 @@ def plannedsession_multicreate_view(request,
extrasessions=int(extrasessions) extrasessions=int(extrasessions)
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
startdate,enddate = get_dates_timeperiod(request) startdate,enddate = get_dates_timeperiod(request)
@@ -552,7 +552,7 @@ def plannedsession_multicreate_view(request,
def plannedsession_teamcreate_view(request, def plannedsession_teamcreate_view(request,
teamid=0,userid=0): teamid=0,userid=0):
therower = getrequestrower(request,userid=userid) therower = getrequestplanrower(request,userid=userid)
@@ -720,7 +720,7 @@ def plannedsession_teamcreate_view(request,
def plannedsession_teamedit_view(request, def plannedsession_teamedit_view(request,
sessionid=0,userid=0): sessionid=0,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
try: try:
@@ -880,7 +880,7 @@ def plannedsessions_coach_view(request,
teamid=0,userid=0): teamid=0,userid=0):
therower = getrower(request.user) therower = getrequestplanrower(request,userid=userid)
startdate,enddate = get_dates_timeperiod(request) startdate,enddate = get_dates_timeperiod(request)
@@ -984,7 +984,7 @@ from rowers.plannedsessions import cratiocolors
def plannedsessions_view(request, def plannedsessions_view(request,
userid=0,startdatestring='',enddatestring=''): userid=0,startdatestring='',enddatestring=''):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
if startdatestring: if startdatestring:
try: try:
@@ -1127,7 +1127,7 @@ def plannedsessions_view(request,
@login_required() @login_required()
def plannedsessions_print_view(request,userid=0): def plannedsessions_print_view(request,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
@@ -1330,7 +1330,7 @@ def plannedsessions_manage_view(request,userid=0,
redirect_field_name=None) redirect_field_name=None)
def plannedsession_clone_view(request,id=0,userid=0): def plannedsession_clone_view(request,id=0,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
startdate,enddate = get_dates_timeperiod(request) startdate,enddate = get_dates_timeperiod(request)
@@ -1391,7 +1391,7 @@ def plannedsession_clone_view(request,id=0,userid=0):
redirect_field_name=None) redirect_field_name=None)
def plannedsession_edit_view(request,id=0,userid=0): def plannedsession_edit_view(request,id=0,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)
@@ -1536,7 +1536,7 @@ def plannedsession_detach_view(request,id=0,psid=0):
@login_required() @login_required()
def plannedsession_view(request,id=0,userid=0): def plannedsession_view(request,id=0,userid=0):
r = getrequestrower(request,userid=userid) r = getrequestplanrower(request,userid=userid)

35
rowers/views/statements.py
View File

@@ -88,7 +88,7 @@ from rowers.models import (
microcyclecheckdates,mesocyclecheckdates,macrocyclecheckdates, microcyclecheckdates,mesocyclecheckdates,macrocyclecheckdates,
TrainingMesoCycleForm, TrainingMicroCycleForm, TrainingMesoCycleForm, TrainingMicroCycleForm,
RaceLogo,RowerBillingAddressForm,PaidPlan, RaceLogo,RowerBillingAddressForm,PaidPlan,
PlannedSessionComment,CoachRequest,CoachOffer, PlannedSessionComment,CoachRequest,CoachOffer,checkaccessplanuser
) )
from rowers.models import ( from rowers.models import (
RowerPowerForm,RowerForm,GraphImage,AdvancedWorkoutForm, RowerPowerForm,RowerForm,GraphImage,AdvancedWorkoutForm,
@@ -300,6 +300,39 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
return r return r
def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
userid = int(userid)
rowerid = int(rowerid)
if notpermanent == False:
if rowerid == 0 and 'rowerid' in request.session:
rowerid = request.session['rowerid']
if userid != 0:
rowerid = 0
try:
if rowerid != 0:
r = Rower.objects.get(id=rowerid)
elif userid != 0:
u = User.objects.get(id=userid)
r = getrower(u)
else:
r = getrower(request.user)
except Rower.DoesNotExist:
raise Http404("Rower doesn't exist")
if not checkaccessplanuser(request.user,r):
raise PermissionDenied("You have no access to this user")
if notpermanent == False:
request.session['rowerid'] = r.id
return r
def getrower(user): def getrower(user):
try: try: