moved user and workout permission checks to rules

updated workoutviews, rest of views not done doesn't pass tests
2020-01-12 17:58:55 +01:00
parent 892b6c0e60
commit c82a60f02e
23 changed files with 618 additions and 711 deletions
--- a/rowers/views/planviews.py
+++ b/rowers/views/planviews.py
@@ -1697,21 +1697,16 @@ def plannedsession_edit_view(request,id=0,userid=0):
                  })


-@login_required()
+@permission_required('workout.change_workout',fn=objectgetter(Workout, 'id'))
 def plannedsession_detach_view(request,id=0,psid=0):

    r = getrequestrower(request)

-    try:
-        ps = PlannedSession.objects.get(id=psid)
-    except PlannedSession.DoesNotExist:
-        raise Http404("Planned Session does not exist")
+
+    ps = get_object_or_404(PlannedSession,pk=psid)

    w = get_workout(id)

-    if (checkworkoutuser(request.user,w)==False):
-        return HttpResponseForbidden("Permission Error")
-
    remove_workout_plannedsession(w,ps)

    url = reverse(plannedsession_view,kwargs={'id':psid})