more fixes

2020-01-15 15:55:41 +01:00
parent 88703bb34e
commit 8683d8eaa4
10 changed files with 29 additions and 44 deletions
--- a/rowers/models.py
+++ b/rowers/models.py
@@ -1351,7 +1351,7 @@ class TrainingPlan(models.Model):
    def save(self, *args, **kwargs):
        manager = self.manager
-        if not can_add_plan(manager):
+        if not can_add_plan(manager.user):
            raise ValidationError(
                "Basic user cannot have a training plan"
            )
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -86,7 +86,7 @@ def user_is_not_basic(user):
 def is_coach(user):
    return user.rower.rowerplan in ['coach','freecoach']
-def is_paidcoach(user):
+def is_paid_coach(user):
    return user.rower.rowerplan == 'coach'
@rules.predicate
@@ -228,6 +228,9 @@ def can_add_workout_member(user,rower):
 # check if user can plan for the rower
@rules.predicate
 def can_plan_user(user,rower):
    if not isplanmember(user):
        return False
    try:
        r = user.rower
    except AttributeError:
@@ -243,7 +246,7 @@ def can_plan_user(user,rower):
    return False
-rules.add_perm('rower.can_plan',can_plan_user) # replaces checkaccessplanuser
+rules.add_perm('rower.add_plan',can_plan_user) # replaces checkaccessplanuser
 rules.add_perm('rower.is_coach',is_coach_user) # replaces checkaccessuser
 rules.add_perm('rower.is_pro',ispromember)
--- a/rowers/teams.py
+++ b/rowers/teams.py
@@ -173,12 +173,15 @@ def rower_get_coaches(rower):
 def coach_getcoachees(coach):
    rowers = []
    if coach.mycoachgroup and is_coach(coach.user):
-        return Rower.objects.filter(
+        rs =  Rower.objects.filter(
            coachinggroups__in=[coach.mycoachgroup]
        ).distinct().order_by("user__last_name","user__first_name")
-    else:
+        for r in rs:
-        return []
+            rowers.append(r)
    return rowers
 def coach_remove_athlete(coach,rower):
    try:
--- a/rowers/templates/menu_other.html
+++ b/rowers/templates/menu_other.html
@@ -46,6 +46,4 @@
 </ul> <!-- cd-accordion-menu -->
 {% include 'menuscript.html' %}
--- a/rowers/templates/menu_profile.html
+++ b/rowers/templates/menu_profile.html
@@ -44,13 +44,13 @@
 {% if user.is_authenticated and user|is_manager and rower %}
 <p>&nbsp;</p>
-{% if user|coach_rowers %}
+{% if request.user|coach_rowers %}
 <ul class="cd-accordion-menu animated">
  <li class="has-children" id="athletes">
    <input type="checkbox" name="athlete-selector" id="athlete-selector">
    <label for="athlete-selector"><i class="fas fa-users fa-fw"></i>&nbsp;Athletes</label>
    <ul>
-      {% for member in user|coach_rowers %}
+      {% for member in request.user|coach_rowers %}
      <a href={{ request.path|userurl:member.user }}>
        <i class="fas fa-user fa-fw"></i>
        {% if member.user == rower.user %}
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -1909,7 +1909,6 @@ class PlannedSessionDelete(DeleteView):
@user_passes_test(isplanmember,login_url="/rowers/paidplans",
                  message="This functionality requires a Coach or Self-Coach plan",
                  redirect_field_name=None)
@permission_required('rower.add_plan',fn=get_rower_by_userid,raise_exception=True)
 def rower_create_trainingplan(request,id=0):
    therower = getrequestrower(request,userid=id)
    theuser = therower.user
@@ -1977,7 +1976,8 @@ def rower_create_trainingplan(request,id=0):
            p.save()
            for athlete in athletes:
-                p.rowers.add(athlete)
+                if can_plan_user(request.user,athlete):
                    p.rowers.add(athlete)
    targets = TrainingTarget.objects.filter(
@@ -2012,7 +2012,7 @@ def rower_create_trainingplan(request,id=0):
    breadcrumbs = [
        {
            'url':reverse(plannedsessions_view,
-                          kwargs={'userid':userid}),
+                          kwargs={'userid':id}),
            'name': 'Plan'
        },
        {
--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -44,7 +44,7 @@ from rowers.rower_rules import (
    can_view_target,can_change_target,can_delete_target,
    can_view_plan,can_change_plan,can_delete_plan,
    can_view_cycle,can_change_cycle,can_delete_cycle,
-    can_add_workout_member,
+    can_add_workout_member,can_plan_user,is_paid_coach
    )
 from django.shortcuts import render
@@ -348,9 +348,8 @@ def get_user_by_id(*args,**kwargs):
    return get_object_or_404(User,pk=id)
-def get_rower_by_userid(*args,**kwargs):
+def get_rower_by_userid(request,id):
-    userid = kwargs['id']
+    u = User.objects.get(id=id)
    u = User.objects.get(id=userid)
    return u.rower
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
@@ -381,6 +380,7 @@ def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
        raise Http404("Rower doesn't exist")
    if userid != 0 and not is_coach_user(request.user,u):
        request.session['rowerid'] = request.user.rower.id
        raise PermissionDenied("You have no access to this user")
    if notpermanent == False:
@@ -414,6 +414,7 @@ def getrequestplanrower(request,rowerid=0,userid=0,notpermanent=False):
        raise Http404("Rower doesn't exist")
    if not is_coach_user(request.user,r.user):
        request.session['rowerid'] = r.id
        raise PermissionDenied("You have no access to this user")
    if notpermanent == False:
@@ -1038,23 +1039,6 @@ def iscoachmember(user):
    return result
 def cancreateteam(user):
    if user.is_anonymous:
        return False
    try:
        r = Rower.objects.get(user=user)
    except Rower.DoesNotExist:
        r = Rower(user=user)
        r.save()
    if user.is_authenticated and ('coach' in r.rowerplan):
        return True
    elif user.is_athenticated() and r.rowerplan in ['plan','pro']:
        ts = Team.objects.filter(manager=user)
        if len(otherteams) >= 1:
            return False
 from rowers.utils import ProcessorCustomerError
--- a/rowers/views/teamviews.py
+++ b/rowers/views/teamviews.py
@@ -648,15 +648,10 @@ def team_edit_view(request, team_id=0):
                      'team':t,
                      })
-#@user_passes_test(cancreateteam,login_url="/rowers/paidplans",redirect_field_name=None)
+@user_passes_test(can_add_team,login_url="/rowers/paidplans",redirect_field_name=None)
 def team_create_view(request):
    r = getrequestrower(request)
    if not user_is_not_basic(request.user):
        messages.error(request,"You must upgrade to Pro or higher to create teams/training groups")
        url = reverse('paidplans')
        return HttpResponseRedirect(url)
    if request.method == 'POST':
        teamcreateform = TeamForm(request.POST)
        if teamcreateform.is_valid():
--- a/rowers/views/workoutviews.py
+++ b/rowers/views/workoutviews.py
@@ -1760,7 +1760,9 @@ def workouts_view(request,message='',successmessage='',
    # check if access is allowed
    if not is_rower_team_member(request.user,r):
-       raise PermissionDenied("Access denied")
+        request.session['rowerid'] = request.user.rower.id
        raise PermissionDenied("Access denied")
--- a/templates/newbase.html
+++ b/templates/newbase.html
@@ -246,7 +246,7 @@
            {% endif %}
          {% endif %}
          {% if user.rower.protrialexpires and user.rower.protrialexpires|is_future_date %}
-          {% if user.rower.plantrialexpires and user.rower.rowerplan != 'plan' %}
+          {% if user.rower.plantrialexpires and user.rower.plantrialexpires|is_future_date and user.rower.rowerplan != 'plan' %}
          <li class="grid_4">
            <p class="successmessage">
              {{ user.rower.protrialexpires|date_dif|ddays }} days left of your Self-Coach trial           - Would you like to <a href="/rowers/paidplans/">upgrade now?</a>
`@@ -46,6 +46,4 @@`
	`</ul> <!-- cd-accordion-menu -->`	`</ul> <!-- cd-accordion-menu -->`




	`{% include 'menuscript.html' %}`	`{% include 'menuscript.html' %}`