making planning accessible for team manager of pro users

2019-02-19 20:04:02 +01:00
parent a0bd17b593
commit 8575443220
6 changed files with 61 additions and 17 deletions
--- a/rowers/models.py
+++ b/rowers/models.py
@@ -1035,6 +1035,17 @@ def checkviewworkouts(user,rower):
    except Rower.DoesNotExist:
        return False

+# check if user is plan and rower is in his group
+def checkaccessplanuser(user,rower):
+    try:
+        r = Rower.objects.get(user=user)
+        if rower == r:
+            return True
+        team_managers = [t.manager for t in rower.team.all() if t.manager.rower.rowerplan in ['plan','coach']]
+        return user in team_managers        
+    except Rower.DoesNotExist:
+        return False
+    
 # Check if user is coach or rower
 def checkaccessuser(user,rower):
    try:
--- a/rowers/templates/menu_plan.html
+++ b/rowers/templates/menu_plan.html
@@ -40,7 +40,7 @@
      </li>
      <li id="sessions-coach">
        <a href="/rowers/sessions/coach/?when={{ timeperiod }}">
-          <i class="fas fa-bullhorn fa-fw"></i>&nbsp;Coach View
+          <i class="fas fa-bullhorn fa-fw"></i>&nbsp;Training Group View
        </a>
      </li>
      <li id="sessions-print">
@@ -82,7 +82,7 @@

 <p>&nbsp;</p>

-{% if user.is_authenticated and user|is_manager %}
+{% if user.is_authenticated and user|is_planmember %}
 <p>&nbsp;</p>
 {% if user|team_members %}
 <ul class="cd-accordion-menu animated">
@@ -94,7 +94,7 @@
      <li>
        <a href={{ request.path|userurl:member }}>
          <i class="fas fa-user fa-fw"></i>
-          {% if member == rower.user and not team %}
+          {% if member == rower.user%}
          &bull;
          {% else %}
          &nbsp; 
--- a/rowers/tests/testdata/testdata.csv.gz
+++ b/rowers/tests/testdata/testdata.csv.gz
--- a/rowers/urls.py
+++ b/rowers/urls.py
@@ -638,7 +638,7 @@ urlpatterns = [
        name='plannedsessions_manage_view'),
    url(r'^sessions/coach/$',views.plannedsessions_coach_view,
        name='plannedsessions_coach_view'),
-    url(r'^sessions/coach/user/\d+/$',views.plannedsessions_coach_view,
+    url(r'^sessions/coach/user/(?P<userid>\d+)/$',views.plannedsessions_coach_view,
        name='plannedsessions_coach_view'),
    url(r'^sessions/print/?/$',views.plannedsessions_print_view,
        name='plannedsessions_print_view'),
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -2,7 +2,7 @@ from statements import *

@login_required()
 def plannedsession_comment_view(request,id=0,userid=0):
-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    try:
        ps = PlannedSession.objects.get(id=id)
@@ -170,7 +170,7 @@ def plannedsession_multiclone_view(
        request,
        userid=0,):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -301,7 +301,7 @@ def plannedsession_create_view(request,
                               startdatestring='',
                               enddatestring=''):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    
@@ -442,7 +442,7 @@ def plannedsession_multicreate_view(request,

    extrasessions=int(extrasessions)

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -552,7 +552,7 @@ def plannedsession_multicreate_view(request,
 def plannedsession_teamcreate_view(request,
                                   teamid=0,userid=0):

-    therower = getrequestrower(request,userid=userid)
+    therower = getrequestplanrower(request,userid=userid)

    
        
@@ -720,7 +720,7 @@ def plannedsession_teamcreate_view(request,
 def plannedsession_teamedit_view(request,
                                 sessionid=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    try:
@@ -880,7 +880,7 @@ def plannedsessions_coach_view(request,
                               teamid=0,userid=0):


-    therower = getrower(request.user)
+    therower = getrequestplanrower(request,userid=userid)

        
    startdate,enddate = get_dates_timeperiod(request)
@@ -984,7 +984,7 @@ from rowers.plannedsessions import cratiocolors
 def plannedsessions_view(request,
                         userid=0,startdatestring='',enddatestring=''):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    if startdatestring:
        try:
@@ -1127,7 +1127,7 @@ def plannedsessions_view(request,
@login_required()
 def plannedsessions_print_view(request,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
        
@@ -1330,7 +1330,7 @@ def plannedsessions_manage_view(request,userid=0,
                  redirect_field_name=None)
 def plannedsession_clone_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    
    startdate,enddate = get_dates_timeperiod(request)
@@ -1391,7 +1391,7 @@ def plannedsession_clone_view(request,id=0,userid=0):
                  redirect_field_name=None)
 def plannedsession_edit_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    

@@ -1536,7 +1536,7 @@ def plannedsession_detach_view(request,id=0,psid=0):
@login_required()
 def plannedsession_view(request,id=0,userid=0):

-    r = getrequestrower(request,userid=userid)
+    r = getrequestplanrower(request,userid=userid)

    

--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -88,7 +88,7 @@ from rowers.models import (
    microcyclecheckdates,mesocyclecheckdates,macrocyclecheckdates,
    TrainingMesoCycleForm, TrainingMicroCycleForm,
    RaceLogo,RowerBillingAddressForm,PaidPlan,
-    PlannedSessionComment,CoachRequest,CoachOffer,
+    PlannedSessionComment,CoachRequest,CoachOffer,checkaccessplanuser
    )
 from rowers.models import (
    RowerPowerForm,RowerForm,GraphImage,AdvancedWorkoutForm,
@@ -300,6 +300,39 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):

    return r

+def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
+
+    userid = int(userid)
+    rowerid = int(rowerid)
+
+    if notpermanent == False:
+        if rowerid == 0 and 'rowerid' in request.session:
+            rowerid = request.session['rowerid']
+            
+        if userid != 0:
+            rowerid = 0
+        
+    try:
+        
+        if rowerid != 0:
+            r = Rower.objects.get(id=rowerid)
+        elif userid != 0:
+            u = User.objects.get(id=userid)
+            r = getrower(u)
+        else:
+	    r = getrower(request.user)
+            
+    except Rower.DoesNotExist:
+        raise Http404("Rower doesn't exist")
+
+    if not checkaccessplanuser(request.user,r):
+        raise PermissionDenied("You have no access to this user")
+
+    if notpermanent == False:
+        request.session['rowerid'] = r.id
+
+    return r
+

 def getrower(user):
    try: