From b6a1a7646b86da349d7b555bc424a60231f118f9 Mon Sep 17 00:00:00 2001
From: Sander Roosendaal <roosendaalsander@gmail.com>
Date: Thu, 29 Aug 2019 07:59:13 +0200
Subject: [PATCH] fixed access to teams

---
 rowers/views/teamviews.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/rowers/views/teamviews.py b/rowers/views/teamviews.py
index fcf5b1e1..36c6b85b 100644
--- a/rowers/views/teamviews.py
+++ b/rowers/views/teamviews.py
@@ -15,12 +15,17 @@ def team_view(request,id=0,userid=0):
     myteams, memberteams, otherteams = get_teams(request)
     teams.remove_expired_invites()
 
+
     
     try:
         t = Team.objects.get(id=id)
     except Team.DoesNotExist:
         raise Http404("Team doesn't exist")
 
+    if r.rowerplan == 'basic' and t.manager.rower.rowerplan != 'coach':
+        raise PermissionDenied("You need to be on a Paid Plan to see or join this team")
+
+    
     q = User.objects.filter(rower__isnull=False,rower__team__in=myteams).distinct().exclude(rower__team__name=t.name)
     mygroups = [request.user.rower.mycoachgroup]
     q2 = User.objects.filter(rower__isnull=False,rower__coachinggroups__in=mygroups).distinct().exclude(rower__team__name=t.name)
@@ -168,8 +173,8 @@ def get_teams(request):
         private='open').exclude(
             rower=r).exclude(manager=request.user).order_by('name')
 
-    if rower.rowerplan == 'basic':
-        otherteams.exclude(manager__rower__rowerplan='freecoach')
+    if r.rowerplan == 'basic':
+        otherteams = otherteams.filter(manager__rower__rowerplan='coach')
 
     return myteams, memberteams, otherteams