added is_coach permissions to user views (not tested)

2020-01-13 16:20:50 +01:00
parent bf1ea191e7
commit d6c492080b
3 changed files with 49 additions and 39 deletions
--- a/rowers/rower_rules.py
+++ b/rowers/rower_rules.py
@@ -43,6 +43,15 @@ def user_is_not_basic(user):
 def is_coach(user):
    return user.rower.rowerplan in ['coach','freecoach']
@rules.predicate
 def is_planmember(user):
    try:
        r = user.rower
    except AttributeError:
        return False
    return r.rowerplan in ['coach','plan'] # freecoach?
@rules.predicate
 def is_promember(user):
    try:
@@ -50,7 +59,7 @@ def is_promember(user):
    except AttributeError:
        return False
-    return r.rowerplan in ['pro','coach','plan']
+    return r.rowerplan in ['pro','coach','plan'] # freecoach?
@rules.predicate
 def is_protrial(user):
@@ -69,6 +78,23 @@ def is_protrial(user):
 ispromember = is_promember | is_protrial
@rules.predicate
 def is_plan(user):
    try:
        r = user.rower
    except AttributeError:
        return False
    if r.rowerplan == 'basic':
        return r.plantrialexpires >= datetime.date.today()
    if r.rowerplan == 'freecoach':
        if r.mycoachgroup is not None:
            return len(r.mycoachgroup)>=4
    return False
 isplanmember = is_planmember | is_plantrial
 # User / Coach relationships (Rower object)
@rules.predicate
@@ -99,6 +125,7 @@ def is_coach_user(user,rower):
    return False
 # check if rower and user are members of the same team
@rules.predicate
 def is_rower_team_member(user,rower):
    if user.rower == rower:
@@ -115,6 +142,7 @@ def is_rower_team_member(user,rower):
    return False
 # check if user can plan for the rower
@rules.predicate
 def can_plan_user(user,rower):
    try:
@@ -157,6 +185,7 @@ WORKOUT permissions
 """
 # check if user is owner or coach of owner of workout
@rules.predicate
 def is_workout_user(user,workout):
    if user.is_anonymous:
@@ -172,7 +201,7 @@ def is_workout_user(user,workout):
    return is_coach_user(workout.user.user,user.rower)
-
+# check if user can see workout
@rules.predicate
 def can_view_workout(user,workout):
    if workout.privacy != 'private':
@@ -236,15 +265,18 @@ rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutu
 """
 # check if user is manager of the team
@rules.predicate
 def is_team_manager(user,team):
    return team.manager == user
 # check is user is member of team
@rules.predicate
 def is_team_member(user,team):
    members = team.rower.all()
    return user in [member.user for member in members]
 # check if user can view team
@rules.predicate
 def can_view_team(user,team):
    # user based
--- a/rowers/views/statements.py
+++ b/rowers/views/statements.py
@@ -297,6 +297,9 @@ def get_workout_default_page(request,id):
        else:
            return reverse('workout_workflow_view',kwargs={'id':id})
 def get_user_by_id(request,id):
    return get_object_or_404(User,pk=id)
 def getrequestrower(request,rowerid=0,userid=0,notpermanent=False):
    userid = int(userid)
--- a/rowers/views/userviews.py
+++ b/rowers/views/userviews.py
@@ -5,31 +5,6 @@ from __future__ import unicode_literals
 from rowers.views.statements import *
@login_required()
 def survey(request):
    r = getrower(request.user)
    surveyform = SurveyForm()
    if request.method == 'POST':
        form = SurveyForm(request.POST)
        r.surveydone = True
        r.surveydonedate = timezone.now()
        r.save()
        nexturl = request.GET.get('next')
        return HttpResponseRedirect(nexturl)
    context = {
        'teams':get_my_teams(request.user),
        'rower':r,
        'form':surveyform,
        }
    return render(request,'survey.html',context)
@login_required()
 def start_trial_view(request):
    r = getrower(request.user)
@@ -100,11 +75,11 @@ def start_plantrial_view(request):
    return HttpResponseRedirect(url)
 # Page where user can manage his favorite charts
-@login_required()
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
-def rower_favoritecharts_view(request,userid=0):
+def rower_favoritecharts_view(request,id=0):
    message = ''
    successmessage = ''
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+    r = getrequestrower(request,userid=id,notpermanent=True)
    favorites = FavoriteChart.objects.filter(user=r).order_by('id')
    aantal = len(favorites)
    favorites_data = [{'yparam1':f.yparam1,
@@ -167,9 +142,9 @@ def rower_favoritecharts_view(request,userid=0):
    return render(request,'favoritecharts.html',context)
 # page where user sets his export settings
-@login_required()
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
-def rower_exportsettings_view(request,userid=0):
+def rower_exportsettings_view(request,id=0):
-    r = getrequestrower(request,userid=userid)
+    r = getrequestrower(request,userid=id)
    if request.method == 'POST':
        form = RowerExportForm(request.POST)
        if form.is_valid():
@@ -203,9 +178,9 @@ def rower_exportsettings_view(request,userid=0):
 # Page where user can set his details
 # Add email address to form so user can change his email address
-@login_required()
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
-def rower_edit_view(request,rowerid=0,userid=0,message=""):
+def rower_edit_view(request,rowerid=0,id=0,message=""):
-    r = getrequestrower(request,rowerid=rowerid,userid=userid,notpermanent=True)
+    r = getrequestrower(request,rowerid=rowerid,userid=id,notpermanent=True)
    rowerid = r.id
@@ -298,9 +273,9 @@ def rower_edit_view(request,rowerid=0,userid=0,message=""):
 # Page where user can set his details
 # Add email address to form so user can change his email address
-@login_required()
+@permission_required('rower.is_coach',fn=get_user_by_id,raise_exception=True)
-def rower_prefs_view(request,userid=0,message=""):
+def rower_prefs_view(request,id=0,message=""):
-    r = getrequestrower(request,userid=userid,notpermanent=True)
+    r = getrequestrower(request,userid=id,notpermanent=True)
    rowerid = r.id