some fixes

rowers/models.py

@@ -904,11 +904,11 @@ class Rower(models.Model):
     def get_coaches(self):
         coaches = []
         for group in self.coachinggroups.all():
-        try:
-            coach = Rower.objects.get(mycoachgroup=group)
-            coaches.append(coach)
-        except Rower.DoesNotExist:
-            pass
+            try:
+                coach = Rower.objects.get(mycoachgroup=group)
+                coaches.append(coach)
+            except Rower.DoesNotExist:
+                pass
 
         return coaches
 
@@ -2665,7 +2665,7 @@ class Workout(models.Model):
 
     def save(self, *args, **kwargs):
         user = self.user
-        if not can_add_workout(self.user):
+        if not can_add_workout(user.user):
             raise forms.ValidationError("Free Coach User cannot have any workouts")
 
         super(Workout, self).save(*args, **kwargs)

rowers/urls.py

@@ -572,7 +572,7 @@ urlpatterns = [
 #    re_path(r'^workout/compare/(?P<id1>\d+)/(?P<id2>\d+)/(?P<xparam>\w+.*)/(?P<yparam>[\w\ ]+.*)/$',views.workout_comparison_view2),
     re_path(r'^test\_callback',views.rower_process_testcallback,name='rower_process_testcallback'),
     re_path(r'^createplan/$',views.rower_create_trainingplan,name='rower_create_trainingplan'),
-    re_path(r'^createplan/user/(?P<userid>\d+)/$',views.rower_create_trainingplan,name='rower_create_trainingplan'),
+    re_path(r'^createplan/user/(?P<id>\d+)/$',views.rower_create_trainingplan,name='rower_create_trainingplan'),
     re_path(r'^deleteplan/(?P<pk>\d+)/$',login_required(
         views.TrainingPlanDelete.as_view()),name='trainingplan_delete_view'),
     re_path(r'^deletemicrocycle/(?P<pk>\d+)/$',login_required(

rowers/views/planviews.py

@@ -1906,11 +1906,12 @@ class PlannedSessionDelete(DeleteView):
         return obj
 
 
-@user_passes_test(can_add_plan,login_url="/rowers/paidplans",
+@user_passes_test(isplanmember,login_url="/rowers/paidplans",
                   message="This functionality requires a Coach or Self-Coach plan",
                   redirect_field_name=None)
-def rower_create_trainingplan(request,userid=0):
-    therower = getrequestrower(request,userid=userid)
+@permission_required('rower.add_plan',fn=get_rower_by_userid,raise_exception=True)
+def rower_create_trainingplan(request,id=0):
+    therower = getrequestrower(request,userid=id)
     theuser = therower.user
     themanager = getrower(request.user)
 
@@ -2016,7 +2017,7 @@ def rower_create_trainingplan(request,userid=0):
         },
         {
             'url':reverse(rower_create_trainingplan,
-                          kwargs={'userid':userid}),
+                          kwargs={'id':id}),
             'name': 'Manage Plans and Targets'
             }
         ]

rowers/views/statements.py

@@ -348,6 +348,11 @@ def get_user_by_id(*args,**kwargs):
 
     return get_object_or_404(User,pk=id)
 
+def get_rower_by_userid(*args,**kwargs):
+    userid = kwargs['id']
+    u = User.objects.get(id=userid)
+    return u.rower
+
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
 
     userid = int(userid)