rules rules rules

2020-01-16 22:01:54 +01:00
parent ae366b2f17
commit c186895e7a
2 changed files with 21 additions and 2 deletions
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -243,7 +243,7 @@ def can_add_workout_member(user,rower):
    if user == rower.user:
        return True
    # only below tested - need test user == rower.user
-    return isplanmember(user) and user.rower in rower.get_coaches()
+    return is_coach(user) and user.rower in rower.get_coaches()

 # check if user can plan for the rower
@rules.predicate
@@ -324,7 +324,6 @@ def is_workout_user(user,workout):
 def can_view_workout(user,workout):
    if workout.privacy != 'private':
        return True
-    # below not tested
    return user.rower == workout.user

 can_change_workout = is_workout_user
--- a/rowers/tests/test_permissions.py
+++ b/rowers/tests/test_permissions.py
@@ -609,6 +609,8 @@ class PermissionsViewTests(TestCase):
                                      rowerplan='basic')

        self.ubasic_workouts = WorkoutFactory.create_batch(5, user=self.rbasic)
+        self.ubasic_workouts[0].privacy == 'private'
+
        self.factory = RequestFactory()
        self.ubasicpassword = faker.word()
        self.ubasic.set_password(self.ubasicpassword)
@@ -634,6 +636,24 @@ class PermissionsViewTests(TestCase):
            manager=self.ucoach)


+    ## only ubasic can view ubasic_workouts[0] which is private
+    def test_view_workout(self):
+        login = self.c.login(username=self.ucoach.username, password=self.ucoachpassword)
+        self.assertTrue(login)
+
+        url = reverse('workout_view',
+                      kwargs={'id':self.ubasic_workouts[0].id})
+        response = self.c.get(url)
+        self.assertTrue(response.status_code,403)
+
+        login = self.c.login(username=self.ubasic.username, password=self.ubasicpassword)
+        self.assertTrue(login)
+
+        url = reverse('workout_view',
+                      kwargs={'id':self.ubasic_workouts[0].id})
+        response = self.c.get(url)
+        self.assertTrue(response.status_code,200)
+
    ## Coach can have any number of groups
    def test_coach_groups_create(self):
        login = self.c.login(username=self.ucoach.username, password=self.ucoachpassword)