improved (fixed) rules and two additional tests for permissions

2020-01-16 14:56:52 +01:00
parent 94b5e59100
commit c23fd15b7c
4 changed files with 180 additions and 17 deletions
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -72,7 +72,7 @@ USER permissions

 """

-# not tested
+# used in can_plan_user
@rules.predicate
 def user_is_not_basic(user):
    if user.rower.rowerplan != 'basic':
@@ -156,7 +156,7 @@ def can_add_team(user):

@rules.predicate
 def can_add_plan(user):
-    return isplanmember(user)
+    return isplanmember(user) or is_coach(user)

@rules.predicate
 def can_add_workout(user):
@@ -189,7 +189,6 @@ def can_add_session(user):

 # User / Coach relationships (Rower object)

-# not tested
@rules.predicate
 def can_plan(user):
    return user.rower.rowerplan in ['plan','coach','freecoach']
@@ -197,6 +196,9 @@ def can_plan(user):
 # checks if rower is coach of user
@rules.predicate
 def is_coach_user(usercoach,userrower):
+    if not is_coach(usercoach):
+        return False
+
    if usercoach == userrower:
        return True

@@ -221,8 +223,7 @@ def is_rower_team_member(user,rower):
    if user.rower == rower:
        return True

-    # below not tested
-    teams = user.rower.team.all()
+    teams = rower.team.all()

    for team in teams:
        if team.private == 'open':
@@ -247,22 +248,30 @@ def can_add_workout_member(user,rower):
 # check if user can plan for the rower
@rules.predicate
 def can_plan_user(user,rower):
-    if not isplanmember(user):
+    # user must have planning permission
+    if not can_plan(user):
        return False

-    try:
-        r = user.rower
-    except AttributeError:
-        return False
-
-    if rower == r:
+    # if has planning permission, can always plan for himself
+    if rower == user.rower:
        return True

-    # below not tested
-    team_managers = [t.manager for t in rower.team.all() and can_plan(t.manager)]
-    if user_is_not_basic(user):
+    teams = user.rower.get_managed_teams()
+    # free coach, plan etc cannot plan for basic
+    if not is_paid_coach(user) and user_is_not_basic(user):
+        for t in teams:
+            if rower in t.rower.all():
+                return True
+
+
        return user in team_managers

+    # paying coach can plan for all kinds of rowers
+    if is_paid_coach(user):
+        for t in teams:
+            if rower in t.rower.all():
+                return True
+
    return False

 rules.add_perm('rower.add_plan',can_plan_user) # replaces checkaccessplanuser