From 94b5e59100c3e0db210ec48343103cb305360d0f Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Wed, 15 Jan 2020 21:55:43 +0100 Subject: [PATCH] annotating _rules with untested --- rowers/rower_rules.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/rowers/rower_rules.py b/rowers/rower_rules.py index 586957d1..27b81814 100644 --- a/rowers/rower_rules.py +++ b/rowers/rower_rules.py @@ -72,6 +72,7 @@ USER permissions """ +# not tested @rules.predicate def user_is_not_basic(user): if user.rower.rowerplan != 'basic': @@ -188,6 +189,7 @@ def can_add_session(user): # User / Coach relationships (Rower object) +# not tested @rules.predicate def can_plan(user): return user.rower.rowerplan in ['plan','coach','freecoach'] @@ -219,6 +221,7 @@ def is_rower_team_member(user,rower): if user.rower == rower: return True + # below not tested teams = user.rower.team.all() for team in teams: @@ -238,6 +241,7 @@ def can_add_workout_member(user,rower): return False if user == rower.user: return True + # only below tested - need test user == rower.user return isplanmember(user) and user.rower in rower.get_coaches() # check if user can plan for the rower @@ -254,7 +258,7 @@ def can_plan_user(user,rower): if rower == r: return True - # below + # below not tested team_managers = [t.manager for t in rower.team.all() and can_plan(t.manager)] if user_is_not_basic(user): return user in team_managers @@ -314,7 +318,8 @@ def is_workout_user(user,workout): def can_view_workout(user,workout): if workout.privacy != 'private': return True - return False + # below not tested + return user.rower == workout.user can_change_workout = is_workout_user @@ -362,6 +367,8 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu """ # Training Target rules + +# untested can_view_target to can_delete_target @rules.predicate def can_view_target(user,target): if user.is_anonymous: @@ -401,6 +408,7 @@ def can_view_plan(user,plan): return True # a plan's coach can view as well + # below untested if is_coach_user(user,plan.manager.user): return True @@ -414,6 +422,7 @@ def can_change_plan(user,plan): return False return user == plan.manager.user +# below untested @rules.predicate def can_delete_plan(user,plan): if user.is_anonymous: @@ -427,6 +436,7 @@ rules.add_perm('plan.change_plan',can_change_plan) rules.add_perm('plan.delete_plan',can_delete_plan) rules.add_perm('plan.can_add_plan',can_add_plan) +# untested @rules.predicate def can_view_cycle(user,cycle): try: @@ -471,9 +481,11 @@ def can_view_session(user,session): if user == session.manager: return True # if you're a rower in the session you can view it + # below untested if user.rower in session.rower.all(): return True # coach users can view sessions created by their team members + # below untested if is_coach(user): teams = user.rower.get_managed_teams() teamusers = [member.u for member in t.rower.all()] @@ -546,7 +558,7 @@ rules.add_perm('plannedsession.delete_session',can_delete_session) def is_team_manager(user,team): return team.manager == user -# check is user is member of team +# check is user is member of team - untested @rules.predicate def is_team_member(user,team): members = team.rower.all() @@ -555,13 +567,13 @@ def is_team_member(user,team): # check if user can view team @rules.predicate def can_view_team(user,team): - # user based + # user based - below untested if user.rower.rowerplan == 'basic' and team.manager.rower.rowerplan != 'coach': return False # team is public if team.private == 'open': return True - # team is private + # team is private - below untested return is_team_member(user,team) | is_team_manager(user,team) @rules.predicate @@ -599,6 +611,7 @@ def can_change_course(user,course): return course.manager == user.rower +# untested @rules.predicate def can_delete_course(user,course): if user.is_anonymous: