From 96ff340bb3c7b39f5395c50a1abec4594a69bab5 Mon Sep 17 00:00:00 2001 From: Sander Roosendaal Date: Fri, 26 Oct 2018 12:33:57 +0200 Subject: [PATCH] distinguishing between plan manager and plan athlete --- rowers/models.py | 6 +++-- rowers/templates/trainingplan.html | 14 ++++++++++ rowers/templatetags/rowerfilters.py | 28 +++++++++++++++++-- rowers/views.py | 42 ++++++++++++++++++++++------- 4 files changed, 76 insertions(+), 14 deletions(-) diff --git a/rowers/models.py b/rowers/models.py index 880efd19..f45fea10 100644 --- a/rowers/models.py +++ b/rowers/models.py @@ -934,7 +934,8 @@ def a_week_from_now(): # models related to training planning - draft # Do we need a separate class TestTarget? class TrainingTarget(models.Model): - rower = models.ForeignKey(Rower) + rower = models.ForeignKey(Rower,related_name='targetathlete') + manager = models.ForeignKey(Rower,related_name='targetmanager',null=True) name = models.CharField(max_length=150,blank=True) date = models.DateField( default=half_year_from_now) @@ -982,7 +983,8 @@ class TrainingTargetForm(ModelForm): class TrainingPlan(models.Model): - rower = models.ForeignKey(Rower) + rower = models.ForeignKey(Rower,related_name='planathlete') + manager = models.ForeignKey(Rower,related_name='planmanager',null=True) name = models.CharField(max_length=150,blank=True) target = models.ForeignKey(TrainingTarget,blank=True,null=True) startdate = models.DateField(default=timezone.now) diff --git a/rowers/templates/trainingplan.html b/rowers/templates/trainingplan.html index a7cdab89..3d1b853a 100644 --- a/rowers/templates/trainingplan.html +++ b/rowers/templates/trainingplan.html @@ -12,7 +12,9 @@ The training plan target is: {{ plan.target.name }} on {{ plan.target.date }}. {% endif %}

+{% if plan|mayeditplan:request %}

Edit the plan

+{% endif %}

Plan Macro, Meso and Micro Cycles

@@ -39,10 +41,12 @@ + {% if macrocycle.0|mayeditplan:request %} edit / delete / + {% endif %} sessions @@ -95,10 +99,12 @@ + {% if macrocycle.0|mayeditplan:request %} edit / delete / + {% endif %} sessions @@ -140,10 +146,12 @@ + {% if mesocycle.0|mayeditplan:request %} edit / delete / + {% endif %} sessions @@ -197,10 +205,12 @@ + {% if mesocycle.0|mayeditplan:request %} edit / delete / + {% endif %} sessions @@ -247,10 +257,12 @@ + {% if microcycle|mayeditplan:request %} edit / delete / + {% endif %} sessions @@ -306,10 +318,12 @@ + {% if microcycle|mayeditplan:request %} edit / delete / + {% endif %} sessions diff --git a/rowers/templatetags/rowerfilters.py b/rowers/templatetags/rowerfilters.py index cad2e1f6..b52f9f5b 100644 --- a/rowers/templatetags/rowerfilters.py +++ b/rowers/templatetags/rowerfilters.py @@ -10,7 +10,8 @@ register = template.Library() from rowers.utils import calculate_age from rowers.models import ( course_length,WorkoutComment, - TrainingMacroCycle,TrainingMesoCycle, TrainingMicroCycle + TrainingMacroCycle,TrainingMesoCycle, TrainingMicroCycle, + Rower ) from rowers.plannedsessions import ( race_can_register, race_can_submit,race_rower_status @@ -19,7 +20,7 @@ from rowers.plannedsessions import ( from rowers import c2stuff, runkeeperstuff from rowers.c2stuff import c2_open from rowers.runkeeperstuff import runkeeper_open - +from rowers.models import checkaccessuser from rowers.mytypes import otwtypes from rowers.utils import NoTokenError @@ -182,6 +183,29 @@ def may_edit(workout,request): return mayedit + + +@register.filter +def mayeditplan(obj,request): + + if obj is None: + return False + + if hasattr(obj,'plan'): + return mayeditplan(obj.plan,request) + + if hasattr(obj,'manager'): + if obj.manager is not None: + return request.user == obj.manager.user + + rr = Rower.objects.get(user=request.user) + if checkaccessuser(request.user,obj.rower) and rr.rowerplan not in ['basic','pro']: + mayedit = True + + + return mayedit + + @register.filter(name='times') def times(number): return range(number) diff --git a/rowers/views.py b/rowers/views.py index ad6d06cc..20b6288a 100644 --- a/rowers/views.py +++ b/rowers/views.py @@ -9017,7 +9017,6 @@ def workout_flexchart3_view(request,*args,**kwargs): else: print flexaxesform.errors - print xparam,yparam1,yparam2 if not promember: for name,d in rowingmetrics: @@ -16089,6 +16088,7 @@ def rower_create_trainingplan(request,userid=0): therower = getrequestrower(request,userid=userid) theuser = therower.user + themanager = getrower(request.user) if request.method == 'POST' and 'date' in request.POST: targetform = TrainingTargetForm(request.POST) @@ -16100,6 +16100,7 @@ def rower_create_trainingplan(request,userid=0): t = TrainingTarget(rower=therower, name=name, date=date, + manager=themanager, notes=notes) t.save() @@ -16116,6 +16117,7 @@ def rower_create_trainingplan(request,userid=0): name=name, rower=therower, target=target, + manager=themanager, startdate=startdate, enddate=enddate, ) @@ -16164,7 +16166,7 @@ def rower_delete_trainingtarget(request,id=0): except TrainingPlan.DoesNotExist: raise Http404("Training Plan Does Not Exist") - if checkaccessuser(request.user,target.rower): + if checkaccessuser(request.user,target.manager): target.delete() messages.info(request,"We have deleted the training target") else: @@ -16184,7 +16186,7 @@ def rower_delete_trainingplan(request,id=0): except TrainingPlan.DoesNotExist: raise Http404("Training Plan Does Not Exist") - if checkaccessuser(request.user,plan.rower): + if checkaccessuser(request.user,plan.manager): plan.delete() messages.info(request,"We have deleted the training plan") else: @@ -16201,7 +16203,7 @@ class TrainingPlanDelete(DeleteView): def get_object(self, *args, **kwargs): obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs) - if not checkaccessuser(self.request.user,obj.rower): + if not checkaccessuser(self.request.user,obj.manager): raise PermissionDenied('You are not allowed to delete this training plan') return obj @@ -16267,7 +16269,7 @@ class MicroCycleDelete(DeleteView): def get_object(self, *args, **kwargs): obj = super(MicroCycleDelete, self).get_object(*args, **kwargs) - if not checkaccessuser(self.request.user,obj.plan.plan.plan.rower): + if not checkaccessuser(self.request.user,obj.plan.plan.plan.manager): raise PermissionDenied('You are not allowed to delete this training plan cycle') return obj @@ -16328,7 +16330,8 @@ class MesoCycleDelete(DeleteView): def get_object(self, *args, **kwargs): obj = super(MesoCycleDelete, self).get_object(*args, **kwargs) - if not checkaccessuser(self.request.user,obj.plan.plan.rower): + + if not checkaccessuser(self.request.user,obj.plan.plan.manager): raise PermissionDenied('You are not allowed to delete this training plan cycle') return obj @@ -16481,15 +16484,12 @@ class MacroCycleDelete(DeleteView): def get_object(self, *args, **kwargs): obj = super(MacroCycleDelete, self).get_object(*args, **kwargs) - if not checkaccessuser(self.request.user,obj.plan.rower): + if not checkaccessuser(self.request.user,obj.plan.manager): raise PermissionDenied('You are not allowed to delete this training plan cycle') return obj -@user_passes_test(hasplannedsessions,login_url="/rowers/promembership", - message="This functionality requires a Coach or Self-Coach plan", - redirect_field_name=None) def rower_trainingplan_view(request, id=0, userid=0, @@ -16725,6 +16725,9 @@ class TrainingMacroCycleUpdate(UpdateView): def get_object(self, *args, **kwargs): obj = super(TrainingMacroCycleUpdate, self).get_object(*args, **kwargs) + if obj.plan.manager is not None and self.request.user != obj.plan.manager: + raise PermissionDenied('You are not allowed to edit this training plan cycle') + if not checkaccessuser(self.request.user,obj.plan.rower): raise PermissionDenied('You are not allowed to edit this training plan cycle') else: @@ -16797,6 +16800,9 @@ class TrainingMesoCycleUpdate(UpdateView): def get_object(self, *args, **kwargs): obj = super(TrainingMesoCycleUpdate, self).get_object(*args, **kwargs) r = obj.plan.plan.rower + if obj.plan.plan.manager is not None and self.request.user != obj.plan.plan.manager: + raise PermissionDenied('You are not allowed to edit this training plan cycle') + if not checkaccessuser(self.request.user,r): raise PermissionDenied('You are not allowed to edit this training plan cycle') else: @@ -16875,6 +16881,9 @@ class TrainingMicroCycleUpdate(UpdateView): def get_object(self, *args, **kwargs): obj = super(TrainingMicroCycleUpdate, self).get_object(*args, **kwargs) r = obj.plan.plan.plan.rower + if obj.plan.plan.plan.manager is not None and self.request.user != obj.plan.plan.plan.manager.user: + raise PermissionDenied('You are not allowed to edit this training plan cycle') + if not checkaccessuser(self.request.user,r): raise PermissionDenied('You are not allowed to edit this training plan cycle') else: @@ -16896,11 +16905,16 @@ class TrainingPlanUpdate(UpdateView): form.instance.user = self.request.user form.instance.post_date = datetime.datetime.now() plan = form.save() + plan.manager = self.request.user.rower + plan.save() macrocyclecheckdates(plan) return super(TrainingPlanUpdate, self).form_valid(form) def get_object(self, *args, **kwargs): obj = super(TrainingPlanUpdate, self).get_object(*args, **kwargs) + if obj.manager is not None and self.request.user != obj.manager.user: + raise PermissionDenied('You are not allowed to edit this training plan cycle') + if not checkaccessuser(self.request.user,obj.rower): raise PermissionDenied('You are not allowed to edit this training plan cycle') return obj @@ -16921,7 +16935,15 @@ class TrainingTargetUpdate(UpdateView): def get_object(self, *args, **kwargs): obj = super(TrainingTargetUpdate, self).get_object(*args, **kwargs) + if obj.manager is not None and self.request.user != obj.manager.user: + raise PermissionDenied('You are not allowed to edit this training plan cycle') + if not checkaccessuser(self.request.user,obj.rower): raise PermissionDenied('You are not allowed to edit this training plan target') return obj +@user_passes_test(hasplannedsessions,login_url="/rowers/promembership", + message="This functionality requires a Coach or Self-Coach plan", + redirect_field_name=None) +def bla(): + pass