removed checkaccessuers from planviews

not checked
2020-01-12 18:06:23 +01:00
parent c82a60f02e
commit 9cbeb3fc2d
1 changed files with 12 additions and 12 deletions
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -1959,7 +1959,7 @@ class PlannedSessionDelete(DeleteView):
    def get_object(self, *args, **kwargs):
        obj = super(PlannedSessionDelete, self).get_object(*args, **kwargs)
        m = Rower.objects.get(user=obj.manager)
-        if not checkaccessuser(self.request.user,m):
+        if not is_coach_user(m,self.request.user.rower):
            raise PermissionDenied('You are not allowed to delete this planned session')

        return obj
@@ -2103,7 +2103,7 @@ def rower_delete_trainingtarget(request,id=0):
    except TrainingPlan.DoesNotExist:
        raise Http404("Training Plan Does Not Exist")

-    if checkaccessuser(request.user,target.manager):
+    if is_coach_user(target.manager,request.user.rower):
        target.delete()
        messages.info(request,"We have deleted the training target")
    else:
@@ -2123,7 +2123,7 @@ def rower_delete_trainingplan(request,id=0):
    except TrainingPlan.DoesNotExist:
        raise Http404("Training Plan Does Not Exist")

-    if checkaccessuser(request.user,plan.manager):
+    if is_coach_user(plan.manager.user,request.user.rower):
        plan.delete()
        messages.info(request,"We have deleted the training plan")
    else:
@@ -2140,7 +2140,7 @@ class TrainingPlanDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs)
-        if not checkaccessuser(self.request.user,obj.manager):
+        if not is_coach_user(obj.manager.user,self.request.user):
            raise PermissionDenied('You are not allowed to delete this training plan')

        return obj
@@ -2206,7 +2206,7 @@ class MicroCycleDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(MicroCycleDelete, self).get_object(*args, **kwargs)
-        if not checkaccessuser(self.request.user,obj.plan.plan.plan.manager):
+        if not is_coach_user(obj.plan.plan.plan.manager.user,self.request.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')
        return obj

@@ -2268,7 +2268,7 @@ class MesoCycleDelete(DeleteView):
    def get_object(self, *args, **kwargs):
        obj = super(MesoCycleDelete, self).get_object(*args, **kwargs)

-        if not checkaccessuser(self.request.user,obj.plan.plan.manager):
+        if not is_coach_user(obj.plan.plan.manager.user,self.request.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')

        return obj
@@ -2322,7 +2322,7 @@ class MacroCycleDelete(DeleteView):

    def get_object(self, *args, **kwargs):
        obj = super(MacroCycleDelete, self).get_object(*args, **kwargs)
-        if not checkaccessuser(self.request.user,obj.plan.manager):
+        if not is_coach_user(obj.plan.manager.user,self.request.user):
            raise PermissionDenied('You are not allowed to delete this training plan cycle')

        return obj
@@ -2345,7 +2345,7 @@ def rower_trainingplan_execution_view(request,
            plan = TrainingPlan.objects.get(id=id)
        except TrainingPlan.DoesNotExist:
            raise Http404("Training Plan Does Not Exist")
-        if not checkaccessuser(request.user,plan.manager):
+        if not is_coach_user(plan.manager.user,request.user):
            if request.user.rower not in plan.rowers.all():
                raise PermissionDenied("Access denied")

@@ -2439,7 +2439,7 @@ def rower_trainingplan_view(request,

    r = getrequestrower(request,userid=userid)

-    if not checkaccessuser(request.user,plan.manager):
+    if not is_coach_user(plan.manager.user,request.user):
        if request.user.rower not in plan.rowers.all():
            raise PermissionDenied("Access denied")

@@ -2568,7 +2568,7 @@ class TrainingMacroCycleUpdate(UpdateView):
        if obj.plan.manager is not None and self.request.user.rower != obj.plan.manager:
            raise PermissionDenied('You are not allowed to edit this training plan cycle')

-        if not checkaccessuser(self.request.user,obj.plan.manager):
+        if not is_coach_user(plan.manager.user,self.request.user):
            raise PermissionDenied('You are not allowed to edit this training plan cycle')
        else:
            obj.type = 'userdefined'
@@ -2850,7 +2850,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
    except TrainingMesoCycle.DoesNotExist:
        raise Http404("Training Cycle does not exist")

-    if not checkaccessuser(request.user,cycle.plan.plan.manager):
+    if not is_coach_user(cycle.plan.plan.manager.user,request.user):
        raise PermissionDenied("You are not allowed to do this")

    micros = TrainingMicroCycle.objects.filter(plan=cycle)
@@ -2905,7 +2905,7 @@ def planmacrocyclebymonth(request,id=0,userid=0):
    except TrainingMacroCycle.DoesNotExist:
        raise Http404("Training Cycle does not exist")

-    if not checkaccessuser(request.user,cycle.plan.manager):
+    if not is_coach_user(cycle.plan.manager.user,request.user):
        raise PermissionDenied("You are not allowed to do this")

    mesos = TrainingMesoCycle.objects.filter(plan=cycle)