added is_coach permissions to user views (not tested)

rowers/rower_rules.py

@@ -43,6 +43,15 @@ def user_is_not_basic(user):
 def is_coach(user):
     return user.rower.rowerplan in ['coach','freecoach']
 
+@rules.predicate
+def is_planmember(user):
+    try:
+        r = user.rower
+    except AttributeError:
+        return False
+
+    return r.rowerplan in ['coach','plan'] # freecoach?
+
 @rules.predicate
 def is_promember(user):
     try:
@@ -50,7 +59,7 @@ def is_promember(user):
     except AttributeError:
         return False
 
-    return r.rowerplan in ['pro','coach','plan']
+    return r.rowerplan in ['pro','coach','plan'] # freecoach?
 
 @rules.predicate
 def is_protrial(user):
@@ -69,6 +78,23 @@ def is_protrial(user):
 
 ispromember = is_promember | is_protrial
 
+@rules.predicate
+def is_plan(user):
+    try:
+        r = user.rower
+    except AttributeError:
+        return False
+
+    if r.rowerplan == 'basic':
+        return r.plantrialexpires >= datetime.date.today()
+    if r.rowerplan == 'freecoach':
+        if r.mycoachgroup is not None:
+            return len(r.mycoachgroup)>=4
+
+    return False
+
+isplanmember = is_planmember | is_plantrial
+
 # User / Coach relationships (Rower object)
 
 @rules.predicate
@@ -99,6 +125,7 @@ def is_coach_user(user,rower):
 
     return False
 
+# check if rower and user are members of the same team
 @rules.predicate
 def is_rower_team_member(user,rower):
     if user.rower == rower:
@@ -115,6 +142,7 @@ def is_rower_team_member(user,rower):
 
     return False
 
+# check if user can plan for the rower
 @rules.predicate
 def can_plan_user(user,rower):
     try:
@@ -157,6 +185,7 @@ WORKOUT permissions
 
 """
 
+# check if user is owner or coach of owner of workout
 @rules.predicate
 def is_workout_user(user,workout):
     if user.is_anonymous:
@@ -172,7 +201,7 @@ def is_workout_user(user,workout):
 
     return is_coach_user(workout.user.user,user.rower)
 
-
+# check if user can see workout
 @rules.predicate
 def can_view_workout(user,workout):
     if workout.privacy != 'private':
@@ -236,15 +265,18 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu
 
 """
 
+# check if user is manager of the team
 @rules.predicate
 def is_team_manager(user,team):
     return team.manager == user
 
+# check is user is member of team
 @rules.predicate
 def is_team_member(user,team):
     members = team.rower.all()
     return user in [member.user for member in members]
 
+# check if user can view team
 @rules.predicate
 def can_view_team(user,team):
     # user based

rowers/views/statements.py

@@ -297,6 +297,9 @@ def get_workout_default_page(request,id):
         else:
             return reverse('workout_workflow_view',kwargs={'id':id})
 
+def get_user_by_id(request,id):
+    return get_object_or_404(User,pk=id)
+
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
 
     userid = int(userid)

rowers/views/userviews.py

@@ -5,31 +5,6 @@ from __future__ import unicode_literals
 
 from rowers.views.statements import *
 
-@login_required()
-def survey(request):
-
-    r = getrower(request.user)
-
-    surveyform = SurveyForm()
-
-    if request.method == 'POST':
-        form = SurveyForm(request.POST)
-        r.surveydone = True
-        r.surveydonedate = timezone.now()
-        r.save()
-
-        nexturl = request.GET.get('next')
-        return HttpResponseRedirect(nexturl)
-
-    context = {
-        'teams':get_my_teams(request.user),
-        'rower':r,
-        'form':surveyform,
-        }
-
-
-    return render(request,'survey.html',context)
-
 @login_required()
 def start_trial_view(request):
     r = getrower(request.user)
@@ -100,11 +75,11 @@ def start_plantrial_view(request):
     return HttpResponseRedirect(url)
 
 # Page where user can manage his favorite charts
-@login_required()
-def rower_favoritecharts_view(request,userid=0):
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
+def rower_favoritecharts_view(request,id=0):
     message = ''
     successmessage = ''
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+    r = getrequestrower(request,userid=id,notpermanent=True)
     favorites = FavoriteChart.objects.filter(user=r).order_by('id')
     aantal = len(favorites)
     favorites_data = [{'yparam1':f.yparam1,
@@ -167,9 +142,9 @@ def rower_favoritecharts_view(request,userid=0):
     return render(request,'favoritecharts.html',context)
 
 # page where user sets his export settings
-@login_required()
-def rower_exportsettings_view(request,userid=0):
-    r = getrequestrower(request,userid=userid)
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
+def rower_exportsettings_view(request,id=0):
+    r = getrequestrower(request,userid=id)
     if request.method == 'POST':
         form = RowerExportForm(request.POST)
         if form.is_valid():
@@ -203,9 +178,9 @@ def rower_exportsettings_view(request,userid=0):
 
 # Page where user can set his details
 # Add email address to form so user can change his email address
-@login_required()
-def rower_edit_view(request,rowerid=0,userid=0,message=""):
-    r = getrequestrower(request,rowerid=rowerid,userid=userid,notpermanent=True)
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
+def rower_edit_view(request,rowerid=0,id=0,message=""):
+    r = getrequestrower(request,rowerid=rowerid,userid=id,notpermanent=True)
 
     rowerid = r.id
 
@@ -298,9 +273,9 @@ def rower_edit_view(request,rowerid=0,userid=0,message=""):
 
 # Page where user can set his details
 # Add email address to form so user can change his email address
-@login_required()
-def rower_prefs_view(request,userid=0,message=""):
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
+def rower_prefs_view(request,id=0,message=""):
+    r = getrequestrower(request,userid=id,notpermanent=True)
 
     rowerid = r.id