annotating _rules with untested

rowers/rower_rules.py

@@ -72,6 +72,7 @@ USER permissions
 
 """
 
+# not tested
 @rules.predicate
 def user_is_not_basic(user):
     if user.rower.rowerplan != 'basic':
@@ -188,6 +189,7 @@ def can_add_session(user):
 
 # User / Coach relationships (Rower object)
 
+# not tested
 @rules.predicate
 def can_plan(user):
     return user.rower.rowerplan in ['plan','coach','freecoach']
@@ -219,6 +221,7 @@ def is_rower_team_member(user,rower):
     if user.rower == rower:
         return True
 
+    # below not tested
     teams = user.rower.team.all()
 
     for team in teams:
@@ -238,6 +241,7 @@ def can_add_workout_member(user,rower):
         return False
     if user == rower.user:
         return True
+    # only below tested - need test user == rower.user
     return isplanmember(user) and user.rower in rower.get_coaches()
 
 # check if user can plan for the rower
@@ -254,7 +258,7 @@ def can_plan_user(user,rower):
     if rower == r:
         return True
 
-    # below
+    # below not tested
     team_managers = [t.manager for t in rower.team.all() and can_plan(t.manager)]
     if user_is_not_basic(user):
         return user in team_managers
@@ -314,7 +318,8 @@ def is_workout_user(user,workout):
 def can_view_workout(user,workout):
     if workout.privacy != 'private':
         return True
-    return False
+    # below not tested
+    return user.rower == workout.user
 
 can_change_workout = is_workout_user
 
@@ -362,6 +367,8 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu
 """
 
 # Training Target rules
+
+# untested can_view_target to can_delete_target
 @rules.predicate
 def can_view_target(user,target):
     if user.is_anonymous:
@@ -401,6 +408,7 @@ def can_view_plan(user,plan):
         return True
 
     # a plan's coach can view as well
+    # below untested
     if is_coach_user(user,plan.manager.user):
         return True
 
@@ -414,6 +422,7 @@ def can_change_plan(user,plan):
         return False
     return user == plan.manager.user
 
+# below untested
 @rules.predicate
 def can_delete_plan(user,plan):
     if user.is_anonymous:
@@ -427,6 +436,7 @@ rules.add_perm('plan.change_plan',can_change_plan)
 rules.add_perm('plan.delete_plan',can_delete_plan)
 rules.add_perm('plan.can_add_plan',can_add_plan)
 
+# untested
 @rules.predicate
 def can_view_cycle(user,cycle):
     try:
@@ -471,9 +481,11 @@ def can_view_session(user,session):
     if user == session.manager:
         return True
     # if you're a rower in the session you can view it
+    # below untested
     if user.rower in session.rower.all():
         return True
     # coach users can view sessions created by their team members
+    # below untested
     if is_coach(user):
         teams = user.rower.get_managed_teams()
         teamusers = [member.u for member in t.rower.all()]
@@ -546,7 +558,7 @@ rules.add_perm('plannedsession.delete_session',can_delete_session)
 def is_team_manager(user,team):
     return team.manager == user
 
-# check is user is member of team
+# check is user is member of team - untested
 @rules.predicate
 def is_team_member(user,team):
     members = team.rower.all()
@@ -555,13 +567,13 @@ def is_team_member(user,team):
 # check if user can view team
 @rules.predicate
 def can_view_team(user,team):
-    # user based
+    # user based - below untested
     if user.rower.rowerplan == 'basic' and team.manager.rower.rowerplan != 'coach':
         return False
     # team is public
     if team.private == 'open':
         return True
-    # team is private
+    # team is private - below untested
     return is_team_member(user,team) | is_team_manager(user,team)
 
 @rules.predicate
@@ -599,6 +611,7 @@ def can_change_course(user,course):
 
     return course.manager == user.rower
 
+# untested
 @rules.predicate
 def can_delete_course(user,course):
     if user.is_anonymous: