diff --git a/rowers/tests/testdata/testdata.tcx.gz b/rowers/tests/testdata/testdata.tcx.gz index 185420d1..1148cc31 100644 Binary files a/rowers/tests/testdata/testdata.tcx.gz and b/rowers/tests/testdata/testdata.tcx.gz differ diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py index 43f8d257..9ee2464b 100644 --- a/rowers/views/apiviews.py +++ b/rowers/views/apiviews.py @@ -36,6 +36,7 @@ class XMLParser(BaseParser): @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) def strokedataform(request, id=0): id = encoder.decode_hex(id) @@ -199,6 +200,7 @@ def api_get_dataframe(startdatetime, df): @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) def strokedataform_v2(request, id=0): id = encoder.decode_hex(id) @@ -378,6 +380,7 @@ def get_crewnerd_liked(request): @csrf_exempt @login_required() @api_view(["POST"]) +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @permission_classes([IsAuthenticated]) @parser_classes([XMLParser]) def strokedata_tcx(request): @@ -480,6 +483,7 @@ def strokedata_tcx(request): @csrf_exempt @login_required() @api_view(["POST"]) +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @permission_classes([IsAuthenticated]) def strokedatajson_v3(request): """ @@ -618,6 +622,7 @@ def strokedatajson_v3(request): # Return the GET stroke data according to the API definition @csrf_exempt @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @api_view(["GET", "POST"]) @permission_classes([IsAuthenticated]) def strokedatajson_v2(request, id): @@ -776,6 +781,7 @@ def strokedatajson_v2(request, id): @csrf_exempt @login_required() +@permission_required('rower.is_not_freecoach', fn=get_user_by_userid, raise_exception=True) @api_view(['GET', 'POST']) @permission_classes([IsAuthenticated]) def strokedatajson(request, id=0):