sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

removed checkaccessuers from planviews

Browse Source 
not checked
This commit is contained in:
Sander Roosendaal
2020-01-12 18:06:23 +01:00
parent c82a60f02e
commit 9cbeb3fc2d
1 changed files with 12 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
rowers/views/planviews.py
View File

@@ -1959,7 +1959,7 @@ class PlannedSessionDelete(DeleteView):
def get_object(self, *args, **kwargs): def get_object(self, *args, **kwargs):
obj = super(PlannedSessionDelete, self).get_object(*args, **kwargs) obj = super(PlannedSessionDelete, self).get_object(*args, **kwargs)
m = Rower.objects.get(user=obj.manager) m = Rower.objects.get(user=obj.manager)
if not checkaccessuser(self.request.user,m): if not is_coach_user(m,self.request.user.rower):
raise PermissionDenied('You are not allowed to delete this planned session') raise PermissionDenied('You are not allowed to delete this planned session')
return obj return obj
@@ -2103,7 +2103,7 @@ def rower_delete_trainingtarget(request,id=0):
except TrainingPlan.DoesNotExist: except TrainingPlan.DoesNotExist:
raise Http404("Training Plan Does Not Exist") raise Http404("Training Plan Does Not Exist")
if checkaccessuser(request.user,target.manager): if is_coach_user(target.manager,request.user.rower):
target.delete() target.delete()
messages.info(request,"We have deleted the training target") messages.info(request,"We have deleted the training target")
else: else:
@@ -2123,7 +2123,7 @@ def rower_delete_trainingplan(request,id=0):
except TrainingPlan.DoesNotExist: except TrainingPlan.DoesNotExist:
raise Http404("Training Plan Does Not Exist") raise Http404("Training Plan Does Not Exist")
if checkaccessuser(request.user,plan.manager): if is_coach_user(plan.manager.user,request.user.rower):
plan.delete() plan.delete()
messages.info(request,"We have deleted the training plan") messages.info(request,"We have deleted the training plan")
else: else:
@@ -2140,7 +2140,7 @@ class TrainingPlanDelete(DeleteView):
def get_object(self, *args, **kwargs): def get_object(self, *args, **kwargs):
obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs) obj = super(TrainingPlanDelete, self).get_object(*args, **kwargs)
if not checkaccessuser(self.request.user,obj.manager): if not is_coach_user(obj.manager.user,self.request.user):
raise PermissionDenied('You are not allowed to delete this training plan') raise PermissionDenied('You are not allowed to delete this training plan')
return obj return obj
@@ -2206,7 +2206,7 @@ class MicroCycleDelete(DeleteView):
def get_object(self, *args, **kwargs): def get_object(self, *args, **kwargs):
obj = super(MicroCycleDelete, self).get_object(*args, **kwargs) obj = super(MicroCycleDelete, self).get_object(*args, **kwargs)
if not checkaccessuser(self.request.user,obj.plan.plan.plan.manager): if not is_coach_user(obj.plan.plan.plan.manager.user,self.request.user):
raise PermissionDenied('You are not allowed to delete this training plan cycle') raise PermissionDenied('You are not allowed to delete this training plan cycle')
return obj return obj
@@ -2268,7 +2268,7 @@ class MesoCycleDelete(DeleteView):
def get_object(self, *args, **kwargs): def get_object(self, *args, **kwargs):
obj = super(MesoCycleDelete, self).get_object(*args, **kwargs) obj = super(MesoCycleDelete, self).get_object(*args, **kwargs)
if not checkaccessuser(self.request.user,obj.plan.plan.manager): if not is_coach_user(obj.plan.plan.manager.user,self.request.user):
raise PermissionDenied('You are not allowed to delete this training plan cycle') raise PermissionDenied('You are not allowed to delete this training plan cycle')
return obj return obj
@@ -2322,7 +2322,7 @@ class MacroCycleDelete(DeleteView):
def get_object(self, *args, **kwargs): def get_object(self, *args, **kwargs):
obj = super(MacroCycleDelete, self).get_object(*args, **kwargs) obj = super(MacroCycleDelete, self).get_object(*args, **kwargs)
if not checkaccessuser(self.request.user,obj.plan.manager): if not is_coach_user(obj.plan.manager.user,self.request.user):
raise PermissionDenied('You are not allowed to delete this training plan cycle') raise PermissionDenied('You are not allowed to delete this training plan cycle')
return obj return obj
@@ -2345,7 +2345,7 @@ def rower_trainingplan_execution_view(request,
plan = TrainingPlan.objects.get(id=id) plan = TrainingPlan.objects.get(id=id)
except TrainingPlan.DoesNotExist: except TrainingPlan.DoesNotExist:
raise Http404("Training Plan Does Not Exist") raise Http404("Training Plan Does Not Exist")
if not checkaccessuser(request.user,plan.manager): if not is_coach_user(plan.manager.user,request.user):
if request.user.rower not in plan.rowers.all(): if request.user.rower not in plan.rowers.all():
raise PermissionDenied("Access denied") raise PermissionDenied("Access denied")
@@ -2439,7 +2439,7 @@ def rower_trainingplan_view(request,
r = getrequestrower(request,userid=userid) r = getrequestrower(request,userid=userid)
if not checkaccessuser(request.user,plan.manager): if not is_coach_user(plan.manager.user,request.user):
if request.user.rower not in plan.rowers.all(): if request.user.rower not in plan.rowers.all():
raise PermissionDenied("Access denied") raise PermissionDenied("Access denied")
@@ -2568,7 +2568,7 @@ class TrainingMacroCycleUpdate(UpdateView):
if obj.plan.manager is not None and self.request.user.rower != obj.plan.manager: if obj.plan.manager is not None and self.request.user.rower != obj.plan.manager:
raise PermissionDenied('You are not allowed to edit this training plan cycle') raise PermissionDenied('You are not allowed to edit this training plan cycle')
if not checkaccessuser(self.request.user,obj.plan.manager): if not is_coach_user(plan.manager.user,self.request.user):
raise PermissionDenied('You are not allowed to edit this training plan cycle') raise PermissionDenied('You are not allowed to edit this training plan cycle')
else: else:
obj.type = 'userdefined' obj.type = 'userdefined'
@@ -2850,7 +2850,7 @@ def planmesocyclebyweek(request,id=0,userid=0):
except TrainingMesoCycle.DoesNotExist: except TrainingMesoCycle.DoesNotExist:
raise Http404("Training Cycle does not exist") raise Http404("Training Cycle does not exist")
if not checkaccessuser(request.user,cycle.plan.plan.manager): if not is_coach_user(cycle.plan.plan.manager.user,request.user):
raise PermissionDenied("You are not allowed to do this") raise PermissionDenied("You are not allowed to do this")
micros = TrainingMicroCycle.objects.filter(plan=cycle) micros = TrainingMicroCycle.objects.filter(plan=cycle)
@@ -2905,7 +2905,7 @@ def planmacrocyclebymonth(request,id=0,userid=0):
except TrainingMacroCycle.DoesNotExist: except TrainingMacroCycle.DoesNotExist:
raise Http404("Training Cycle does not exist") raise Http404("Training Cycle does not exist")
if not checkaccessuser(request.user,cycle.plan.manager): if not is_coach_user(cycle.plan.manager.user,request.user):
raise PermissionDenied("You are not allowed to do this") raise PermissionDenied("You are not allowed to do this")
mesos = TrainingMesoCycle.objects.filter(plan=cycle) mesos = TrainingMesoCycle.objects.filter(plan=cycle)