Merge branch 'release/v20.7.11'

rowers/views/apiviews.py

@@ -36,6 +36,7 @@ class XMLParser(BaseParser):
 
 
 @login_required()
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 def strokedataform(request, id=0):
 
     id = encoder.decode_hex(id)
@@ -199,6 +200,7 @@ def api_get_dataframe(startdatetime, df):
     
 
 @login_required()
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 def strokedataform_v2(request, id=0):
 
     id = encoder.decode_hex(id)
@@ -378,6 +380,7 @@ def get_crewnerd_liked(request):
 @csrf_exempt
 @login_required()
 @api_view(["POST"])
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 @permission_classes([IsAuthenticated])
 @parser_classes([XMLParser])
 def strokedata_tcx(request):
@@ -480,6 +483,7 @@ def strokedata_tcx(request):
 @csrf_exempt
 @login_required()
 @api_view(["POST"])
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 @permission_classes([IsAuthenticated])
 def strokedatajson_v3(request):
     """
@@ -618,6 +622,7 @@ def strokedatajson_v3(request):
 # Return the GET stroke data according to the API definition
 @csrf_exempt
 @login_required()
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 @api_view(["GET", "POST"])
 @permission_classes([IsAuthenticated])
 def strokedatajson_v2(request, id):
@@ -776,6 +781,7 @@ def strokedatajson_v2(request, id):
 
 @csrf_exempt
 @login_required()
+@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True)
 @api_view(['GET', 'POST'])
 @permission_classes([IsAuthenticated])
 def strokedatajson(request, id=0):