implemented changes in planviews - not tested

rowers/rower_rules.py

@@ -240,11 +240,107 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu
 
 """
 
+# Training Target rules
+@rules.predicate
+def can_view_target(user,target):
+    if user.is_anonymous:
+        return False
+    if user == target.manager.user:
+        return True
+
+    # a target's coach can view as well
+    if is_coach_user(user,target.manager.user):
+        return True
+
+    # the object can view as well
+    if user.rower in target.rowers.all():
+        return True
+
+@rules.predicate
+def can_change_target(user,target):
+    if user.is_anonymous:
+        return False
+    return user == target.manager.user
+
+@rules.predicate
+def can_delete_target(user,target):
+    if user.is_anonymous:
+        return False
+    return user == target.manager.user
+
+rules.add_perm('target.view_target',can_view_target)
+rules.add_perm('target.change_target',can_change_target)
+rules.add_perm('target.delete_target',can_delete_target)
+
+@rules.predicate
+def can_view_plan(user,plan):
+    if user.is_anonymous:
+        return False
+    if user == plan.manager.user:
+        return True
+
+    # a plan's coach can view as well
+    if is_coach_user(user,plan.manager.user):
+        return True
+
+    # the object can view as well
+    if user.rower in plan.rowers.all():
+        return True
+
+@rules.predicate
+def can_change_plan(user,plan):
+    if user.is_anonymous:
+        return False
+    return user == plan.manager.user
+
+@rules.predicate
+def can_delete_plan(user,plan):
+    if user.is_anonymous:
+        return False
+    return user == plan.manager.user
+
+rules.add_perm('plan.view_plan',can_view_plan)
+rules.add_perm('plan.change_plan',can_change_plan)
+rules.add_perm('plan.delete_plan',can_delete_plan)
+
+@rules.predicate
+def can_view_cycle(user,cycle):
+    try:
+        return can_view_cycle(user,cycle.plan)
+    except AttributeError:
+        return can_view_plan(user,cycle.plan)
+
+    return False
+
+@rules.predicate
+def can_change_cycle(user,cycle):
+    try:
+        return can_change_cycle(user,cycle.plan)
+    except AttributeError:
+        return can_change_plan(user,cycle.plan)
+
+    return False
+
+@rules.predicate
+def can_delete_cycle(user,cycle):
+    try:
+        return can_delete_cycle(user,cycle.plan)
+    except AttributeError:
+        return can_delete_plan(user,cycle.plan)
+
+    return False
+
+
+rules.add_perm('cycle.view_cycle',can_view_cycle)
+rules.add_perm('cycle.change_cycle',can_change_cycle)
+rules.add_perm('cycle.delete_cycle',can_delete_cycle)
+
+
 # check if user has view access to session
 @rules.predicate
 def can_view_session(user,session):
     if session.sessiontype in ['race','indoorrace']:
-        return True    
+        return True
     if user.is_anonymous:
         return False
     # session manager can view session
@@ -274,8 +370,24 @@ def can_change_session(user,session):
 
     return False
 
+@rules.predicate
+def can_delete_session(user,session):
+    if user.is_anonymous:
+        return False
+
+    if session.sessiontype in ['race','indoorrace']:
+        return False
+
+    if user == session.manager:
+        return True
+
+    return False
+
 rules.add_perm('plannedsession.view_session',can_view_session)
 rules.add_perm('plannedsession.change_session',can_change_session)
+rules.add_perm('plannedsession.delete_session',can_delete_session)
+
+
 
 # checkaccessplanuser (models.py)
 # getrequestrower, getrequestplanrower