moved user and workout permission checks to rules

updated workoutviews, rest of views not done doesn't pass tests
2020-01-12 17:58:55 +01:00
parent 892b6c0e60
commit c82a60f02e
23 changed files with 618 additions and 711 deletions
--- a/rowers/models.py
+++ b/rowers/models.py
@@ -666,6 +666,9 @@ class CoachingGroup(models.Model):
        rs = Rower.objects.filter(coachinggroups__in=[self])
        return rs.count()

+    def get_coaches(self):
+        return Rower.objects.filter(mycoachgroup=self)
+
 # Extension of User with rowing specific data
@python_2_unicode_compatible
 class Rower(models.Model):
@@ -1173,95 +1176,7 @@ class BasePlannedSessionFormSet(BaseFormSet):
            return


-# Check if workout is owned by this user
-def checkworkoutuser(user,workout):
-    if user.is_anonymous:
-        return False
-    try:
-        r = Rower.objects.get(user=user)
-        if workout.user == r:
-            return True
-        coaches = []
-        for group in workout.user.coachinggroups.all():
-            coach = Rower.objects.get(mycoachgroup=group)
-            coaches.append(coach)
-        for coach in coaches:
-            if user.rower == coach and workout.privacy == 'visible':
-                return True
-        else:
-            return False
-    except Rower.DoesNotExist:
-        return False

-# Check if workout may be viewed by this user
-def checkworkoutuserview(user,workout):
-    if user.is_anonymous:
-        return False
-    try:
-        r = Rower.objects.get(user=user)
-        if workout.user == r:
-            return True
-        teams = workout.user.team.all()
-
-        for team in teams:
-            if team in r.team.all():
-                return True
-        return False
-    except Rower.DoesNotExist:
-        return False
-
-    return False
-
-def checkviewworkouts(user,rower):
-    try:
-        r = user.rower
-        if rower == r:
-            return True
-        teams = Team.objects.filter(manager=user)
-
-        if rower in Rower.objects.filter(team__in=teams):
-            return True
-
-        if rower in Rower.objects.filter(coachinggroups__in=[user.rower.mycoachgroup]):
-            return True
-
-
-    except Rower.DoesNotExist:
-        return False
-
-# check if user is plan and rower is in his group
-def checkaccessplanuser(user,rower):
-    try:
-        r = Rower.objects.get(user=user)
-        if rower == r:
-            return True
-        team_managers = [t.manager for t in rower.team.all() if t.manager.rower.rowerplan in ['plan','coach','freecoach']]
-        if user.rower.rowerplan != 'basic':
-            return user in team_managers
-        else:
-            return False
-
-        return False
-    except Rower.DoesNotExist:
-        return False
-
-# Check if user is coach or rower
-def checkaccessuser(user,rower):
-    try:
-        r = Rower.objects.get(user=user)
-        if rower == r:
-            return True
-        coaches = []
-        for group in rower.coachinggroups.all():
-            coach = Rower.objects.get(mycoachgroup=group)
-            coaches.append(coach)
-        for coach in coaches:
-            if user.rower == coach:
-                return True
-        else:
-            return False
-    except Rower.DoesNotExist:
-        return False

 timezones = (
    (x,x) for x in pytz.common_timezones