diff --git a/rowers/rower_rules.py b/rowers/rower_rules.py index f55cbc61..dad9d33d 100644 --- a/rowers/rower_rules.py +++ b/rowers/rower_rules.py @@ -43,6 +43,15 @@ def user_is_not_basic(user): def is_coach(user): return user.rower.rowerplan in ['coach','freecoach'] +@rules.predicate +def is_planmember(user): + try: + r = user.rower + except AttributeError: + return False + + return r.rowerplan in ['coach','plan'] # freecoach? + @rules.predicate def is_promember(user): try: @@ -50,7 +59,7 @@ def is_promember(user): except AttributeError: return False - return r.rowerplan in ['pro','coach','plan'] + return r.rowerplan in ['pro','coach','plan'] # freecoach? @rules.predicate def is_protrial(user): @@ -69,6 +78,23 @@ def is_protrial(user): ispromember = is_promember | is_protrial +@rules.predicate +def is_plan(user): + try: + r = user.rower + except AttributeError: + return False + + if r.rowerplan == 'basic': + return r.plantrialexpires >= datetime.date.today() + if r.rowerplan == 'freecoach': + if r.mycoachgroup is not None: + return len(r.mycoachgroup)>=4 + + return False + +isplanmember = is_planmember | is_plantrial + # User / Coach relationships (Rower object) @rules.predicate @@ -99,6 +125,7 @@ def is_coach_user(user,rower): return False +# check if rower and user are members of the same team @rules.predicate def is_rower_team_member(user,rower): if user.rower == rower: @@ -115,6 +142,7 @@ def is_rower_team_member(user,rower): return False +# check if user can plan for the rower @rules.predicate def can_plan_user(user,rower): try: @@ -157,6 +185,7 @@ WORKOUT permissions """ +# check if user is owner or coach of owner of workout @rules.predicate def is_workout_user(user,workout): if user.is_anonymous: @@ -172,7 +201,7 @@ def is_workout_user(user,workout): return is_coach_user(workout.user.user,user.rower) - +# check if user can see workout @rules.predicate def can_view_workout(user,workout): if workout.privacy != 'private': @@ -236,15 +265,18 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu """ +# check if user is manager of the team @rules.predicate def is_team_manager(user,team): return team.manager == user +# check is user is member of team @rules.predicate def is_team_member(user,team): members = team.rower.all() return user in [member.user for member in members] +# check if user can view team @rules.predicate def can_view_team(user,team): # user based diff --git a/rowers/views/statements.py b/rowers/views/statements.py index b4d4bbf9..b3820bca 100644 --- a/rowers/views/statements.py +++ b/rowers/views/statements.py @@ -297,6 +297,9 @@ def get_workout_default_page(request,id): else: return reverse('workout_workflow_view',kwargs={'id':id}) +def get_user_by_id(request,id): + return get_object_or_404(User,pk=id) + def getrequestrower(request,rowerid=0,userid=0,notpermanent=False): userid = int(userid) diff --git a/rowers/views/userviews.py b/rowers/views/userviews.py index 205104fe..b9e89509 100644 --- a/rowers/views/userviews.py +++ b/rowers/views/userviews.py @@ -5,31 +5,6 @@ from __future__ import unicode_literals from rowers.views.statements import * -@login_required() -def survey(request): - - r = getrower(request.user) - - surveyform = SurveyForm() - - if request.method == 'POST': - form = SurveyForm(request.POST) - r.surveydone = True - r.surveydonedate = timezone.now() - r.save() - - nexturl = request.GET.get('next') - return HttpResponseRedirect(nexturl) - - context = { - 'teams':get_my_teams(request.user), - 'rower':r, - 'form':surveyform, - } - - - return render(request,'survey.html',context) - @login_required() def start_trial_view(request): r = getrower(request.user) @@ -100,11 +75,11 @@ def start_plantrial_view(request): return HttpResponseRedirect(url) # Page where user can manage his favorite charts -@login_required() -def rower_favoritecharts_view(request,userid=0): +@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True) +def rower_favoritecharts_view(request,id=0): message = '' successmessage = '' - r = getrequestrower(request,userid=userid,notpermanent=True) + r = getrequestrower(request,userid=id,notpermanent=True) favorites = FavoriteChart.objects.filter(user=r).order_by('id') aantal = len(favorites) favorites_data = [{'yparam1':f.yparam1, @@ -167,9 +142,9 @@ def rower_favoritecharts_view(request,userid=0): return render(request,'favoritecharts.html',context) # page where user sets his export settings -@login_required() -def rower_exportsettings_view(request,userid=0): - r = getrequestrower(request,userid=userid) +@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True) +def rower_exportsettings_view(request,id=0): + r = getrequestrower(request,userid=id) if request.method == 'POST': form = RowerExportForm(request.POST) if form.is_valid(): @@ -203,9 +178,9 @@ def rower_exportsettings_view(request,userid=0): # Page where user can set his details # Add email address to form so user can change his email address -@login_required() -def rower_edit_view(request,rowerid=0,userid=0,message=""): - r = getrequestrower(request,rowerid=rowerid,userid=userid,notpermanent=True) +@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True) +def rower_edit_view(request,rowerid=0,id=0,message=""): + r = getrequestrower(request,rowerid=rowerid,userid=id,notpermanent=True) rowerid = r.id @@ -298,9 +273,9 @@ def rower_edit_view(request,rowerid=0,userid=0,message=""): # Page where user can set his details # Add email address to form so user can change his email address -@login_required() -def rower_prefs_view(request,userid=0,message=""): - r = getrequestrower(request,userid=userid,notpermanent=True) +@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True) +def rower_prefs_view(request,id=0,message=""): + r = getrequestrower(request,userid=id,notpermanent=True) rowerid = r.id