added first plan test
This commit is contained in:
Sander Roosendaal
@@ -48,4 +48,3 @@ def login_required_message(function=None, message=default_message):
|
||||
if function:
|
||||
return actual_decorator(function)
|
||||
return actual_decorator
|
||||
|
||||
|
||||
@@ -907,6 +907,9 @@ class Rower(models.Model):
|
||||
|
||||
super(Rower, self).save(*args, **kwargs)
|
||||
|
||||
def get_managed_teams(self):
|
||||
return Team.objects.filter(manager=self.user)
|
||||
|
||||
class DeactivateUserForm(forms.ModelForm):
|
||||
class Meta:
|
||||
model = User
|
||||
|
||||
@@ -159,7 +159,7 @@ def can_plan_user(user,rower):
|
||||
|
||||
rules.add_perm('rower.can_plan',can_plan_user) # replaces checkaccessplanuser
|
||||
rules.add_perm('rower.is_coach',is_coach_user) # replaces checkaccessuser
|
||||
|
||||
rules.add_perm('rower.is_pro',ispromember)
|
||||
|
||||
# WORKOUT permissions
|
||||
|
||||
@@ -240,6 +240,26 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu
|
||||
|
||||
"""
|
||||
|
||||
# check if user has view access to session
|
||||
@rules.predicate
|
||||
def can_view_session(user,session):
|
||||
# session manager can view session
|
||||
if user == session.manager:
|
||||
return True
|
||||
# if you're a rower in the session you can view it
|
||||
if user.rower in session.rower.all():
|
||||
return True
|
||||
# coach users can view sessions created by their team members
|
||||
if is_coach(user):
|
||||
teams = user.rower.get_managed_teams()
|
||||
teamusers = [member.u for member in t.rower.all()]
|
||||
if session.manager in teamusers:
|
||||
return True
|
||||
|
||||
return False
|
||||
|
||||
rules.add_perm('plannedsession.view_session',can_view_session)
|
||||
|
||||
# checkaccessplanuser (models.py)
|
||||
# getrequestrower, getrequestplanrower
|
||||
|
||||
|
||||
@@ -282,11 +282,17 @@ def getfavorites(r,row):
|
||||
|
||||
return favorites,maxfav
|
||||
|
||||
def get_promember(request,*args,**kwargs):
|
||||
return request.user
|
||||
|
||||
def get_workout_by_opaqueid(request,id,**kwargs):
|
||||
pk = encoder.decode_hex(id)
|
||||
return get_object_or_404(Workout,pk=pk)
|
||||
|
||||
|
||||
def get_session_by_pk(request,id):
|
||||
return get_object_or_404(PlannedSession,pk=id)
|
||||
|
||||
def get_workout_default_page(request,id):
|
||||
if request.user.is_anonymous:
|
||||
return reverse('workout_view',kwargs={'id':id})
|
||||
|
||||
@@ -10,6 +10,8 @@ from rowers.rower_rules import *
|
||||
def get_team_by_pk(request,team_id):
|
||||
return get_object_or_404(Team,pk=team_id)
|
||||
|
||||
|
||||
|
||||
#@login_required()
|
||||
@permission_required('teams.view_team',fn=get_team_by_pk,raise_exception=True)
|
||||
def team_view(request,team_id=0,userid=0):
|
||||
|
||||
@@ -1129,9 +1129,6 @@ def workouts_join_select(request,
|
||||
except Team.DoesNotExist:
|
||||
theteam = 0
|
||||
|
||||
if r.rowerplan == 'basic' and theteam==0:
|
||||
raise PermissionDenied("Access denied")
|
||||
|
||||
if theteam and (theteam.viewing == 'allmembers' or theteam.manager == request.user):
|
||||
workouts = Workout.objects.filter(team=theteam,
|
||||
startdatetime__gte=startdate,
|
||||
@@ -1564,7 +1561,8 @@ def virtualevent_compare_view(request,id=0):
|
||||
})
|
||||
|
||||
|
||||
@login_required()
|
||||
@permission_required('plannedsession.view_session',
|
||||
fn=get_session_by_pk,raise_exception=True)
|
||||
def plannedsession_compare_view(request,id=0,userid=0):
|
||||
r = getrequestrower(request,userid=userid)
|
||||
|
||||
@@ -1573,18 +1571,6 @@ def plannedsession_compare_view(request,id=0,userid=0):
|
||||
except PlannedSession.DoesNotExist:
|
||||
raise Http404("Planned session does not exist")
|
||||
|
||||
m = ps.manager
|
||||
mm = m.rower
|
||||
|
||||
if ps.manager != request.user:
|
||||
if r.rowerplan == 'coach':
|
||||
teams = Team.objects.filter(manager=request.user)
|
||||
members = Rower.objects.filter(team__in=teams).distinct()
|
||||
teamusers = [m.user for m in members]
|
||||
if ps.manager not in teamusers:
|
||||
raise PermissionDenied("You do not have access to this session")
|
||||
elif r not in ps.rower.all():
|
||||
raise PermissionDenied("You do not have access to this session")
|
||||
|
||||
workouts = Workout.objects.filter(plannedsession=ps)
|
||||
|
||||
@@ -5876,7 +5862,7 @@ class VideoDelete(DeleteView):
|
||||
|
||||
def get_object(self, *args, **kwargs):
|
||||
obj = super(VideoDelete, self).get_object(*args, **kwargs)
|
||||
if not is_coach_user(obj.workout.user,self.request.user):
|
||||
if not is_coach_user(self.request.user,obj.workout.user):
|
||||
raise PermissionDenied('You are not allowed to delete this analysis')
|
||||
|
||||
return obj
|
||||
|
||||
Reference in New Issue
Block a user