basic users can now see alerts created by their coaches

2020-01-08 09:34:37 +01:00
parent f11a4f0579
commit c03f3600b4
1 changed files with 10 additions and 7 deletions
--- a/rowers/views/analysisviews.py
+++ b/rowers/views/analysisviews.py
@@ -4322,9 +4322,10 @@ def agegrouprecordview(request,sex='male',weightcategory='hwt',
                   })

 # alert overview view
-@user_passes_test(ispromember, login_url="/rowers/paidplans",
-                  message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
-                  redirect_field_name=None)
+#@user_passes_test(ispromember, login_url="/rowers/paidplans",
+#                  message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
+#                  redirect_field_name=None)
+@login_required
 def alerts_view(request,userid=0):
    r = getrequestrower(request,userid=userid)

@@ -4436,9 +4437,7 @@ def alert_create_view(request,userid=0):
                      })

 # alert report view
-@user_passes_test(ispromember, login_url="/rowers/paidplans",
-                  message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",
-                  redirect_field_name=None)
+@login_required()
 def alert_report_view(request,id=0,userid=0,nperiod=0):
    r = getrequestrower(request,userid=userid)
    if userid == 0:
@@ -4505,7 +4504,7 @@ def alert_edit_view(request,id=0,userid=0):
        raise Http404("This alert doesn't exist")


-    if alert.manager != request.user:
+    if not alert.manager != request.user:
        raise PermissionDenied('You are not allowed to edit this Alert')

    FilterFormSet = formset_factory(ConditionEditForm, formset=BaseConditionFormSet,extra=0)
@@ -4603,6 +4602,7 @@ def alert_edit_view(request,id=0,userid=0):
                      })

 # alert delete view
+
 class AlertDelete(DeleteView):
    login_requird = True
    model = Alert
@@ -4650,6 +4650,9 @@ class AlertDelete(DeleteView):
    def get_object(self, *args, **kwargs):
        obj = super(AlertDelete, self).get_object(*args, **kwargs)

+        if obj.manager != self.request.user:
+            raise PermissionDenied("You are not allowed to delete this Alert")
+
        # some checks

        return obj