sander/rowsandall
Private
Public Access
1
0
Fork 0
Code Activity

fixed rights

Browse Source
This commit is contained in:
Sander Roosendaal
2020-02-29 17:27:42 +01:00
parent 30ad6bef11
commit f13e9f7fba
4 changed files with 36 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
rowers/tests/.~lock.viewnames.csv# Normal file
View File

@@ -0,0 +1 @@
,sander,sander-pc,29.02.2020 17:14,file:///home/sander/.config/libreoffice/4;

2
rowers/tests/viewnames.csv
View File

@@ -62,7 +62,7 @@
60,66,workout_gpxemail_view,download GPX file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,TRUE,TRUE,
61,67,workout_csvemail_view,download CSV file,TRUE,403,basic,200,302,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,TRUE,TRUE,
62,68,workout_csvtoadmin_view,send CSV to admin,TRUE,403,basic,200,200,basic,200,200,coach,200,200,TRUE,FALSE,TRUE,TRUE,TRUE,
63,69,workout_edit_view,Edit Workout,TRUE,403,basic,200,403,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,TRUE,TRUE,
63,69,workout_edit_view,Edit Workout,TRUE,302,basic,200,403,basic,403,403,coach,200,403,FALSE,FALSE,TRUE,TRUE,TRUE,
64,70,workout_map_view,View workout Map,TRUE,302,basic,200,302,basic,200,302,coach,200,302,FALSE,FALSE,TRUE,TRUE,TRUE,
65,71,workout_update_cp_view,Update CP data based on new workout,TRUE,403,pro,302,302,pro,403,403,coach,302,302,FALSE,FALSE,TRUE,TRUE,TRUE,
66,72,instroke_chart,View In-Stroke data chart,TRUE,302,pro,302,302,pro,403,403,coach,302,302,FALSE,FALSE,FALSE,FALSE,FALSE,
1 id view function anonymous anonymous_response own own_response own_nonperm member member_response member_nonperm coachee coachee_response coachee_nonperm is_staff userid workoutid dotest realtest kwargs
62 60 66 workout_gpxemail_view download GPX file TRUE 403 basic 200 302 basic 403 403 coach 200 403 FALSE FALSE TRUE TRUE TRUE
63 61 67 workout_csvemail_view download CSV file TRUE 403 basic 200 302 basic 403 403 coach 200 403 FALSE FALSE TRUE TRUE TRUE
64 62 68 workout_csvtoadmin_view send CSV to admin TRUE 403 basic 200 200 basic 200 200 coach 200 200 TRUE FALSE TRUE TRUE TRUE
65 63 69 workout_edit_view Edit Workout TRUE 403 302 basic 200 403 basic 403 403 coach 200 403 FALSE FALSE TRUE TRUE TRUE
66 64 70 workout_map_view View workout Map TRUE 302 basic 200 302 basic 200 302 coach 200 302 FALSE FALSE TRUE TRUE TRUE
67 65 71 workout_update_cp_view Update CP data based on new workout TRUE 403 pro 302 302 pro 403 403 coach 302 302 FALSE FALSE TRUE TRUE TRUE
68 66 72 instroke_chart View In-Stroke data chart TRUE 302 pro 302 302 pro 403 403 coach 302 302 FALSE FALSE FALSE FALSE FALSE

11
rowers/views/statements.py
View File

@@ -474,6 +474,17 @@ def get_workout(id):
return w
def get_workoutuser(id,request):
try:
id = encoder.decode_hex(id)
w = Workout.objects.get(id=id)
except Workout.DoesNotExist:
raise Http404("Workout doesn't exist")
if not is_workout_user(request.user,w):
raise PermissionDenied
return w
def getvalue(data):
perc = 0

48
rowers/views/workoutviews.py
View File

@@ -394,7 +394,7 @@ def workout_video_create_view(request,id=0):
redirect_field_name=None)
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def workout_forcecurve_view(request,id=0,workstrokesonly=False):
row = get_workout(id)
row = get_workoutuser(id, request)
promember=0
mayedit=0
@@ -462,7 +462,7 @@ def workout_forcecurve_view(request,id=0,workstrokesonly=False):
# Switch from GPS to Impeller (only for SpeedCoach 2, if impeller data)
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def otw_use_impeller(request,id=0):
w = get_workout(id)
w = get_workoutuser(id, request)
row = rdata(w.csvfilename)
@@ -484,7 +484,7 @@ def otw_use_impeller(request,id=0):
# Switch from Impeller to GPS (only for SpeedCoach 2, if impeller data)
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def otw_use_gps(request,id=0):
w = get_workout(id)
w = get_workoutuser(id, request)
row = rdata(w.csvfilename)
@@ -508,7 +508,7 @@ def otw_use_gps(request,id=0):
@login_required()
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def workout_histo_view(request,id=0):
w = get_workout(id)
w = get_workoutuser(id, request)
r = getrequestrower(request)
promember = 1
@@ -747,7 +747,7 @@ def fitness_metric_view(request,mode='rower',days=42):
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality. If you are already a Pro user, please log in to access this functionality",
redirect_field_name=None)
def workout_update_cp_view(request,id=0):
row = get_workout(id)
row = get_workoutuser(id, request)
row.rankingpiece = True
row.save()
@@ -767,7 +767,7 @@ def workout_update_cp_view(request,id=0):
# Reload the workout and calculate the summary from the stroke data (lapIDx)
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def workout_recalcsummary_view(request,id=0):
row = get_workout(id)
row = get_workoutuser(id, request)
filename = row.csvfilename
rowdata = rdata(filename)
@@ -2005,7 +2005,7 @@ def workout_fusion_list(request,id=0,
if id:
theid = encoder.decode_hex(id)
w = get_workout(id)
w = get_workoutuser(id, request)
r = w.user
workouts = Workout.objects.filter(user=r,
@@ -2034,7 +2034,7 @@ def workout_fusion_list(request,id=0,
workouts = paginator.page(1)
except EmptyPage:
workouts = paginator.page(paginator.num_pages)
row = get_workout(id)
row = get_workoutuser(id, request)
breadcrumbs = [
@@ -2172,7 +2172,7 @@ def workout_view(request,id=0):
def workout_undo_smoothenpace_view(
request,id=0,message="",successmessage=""
):
row = get_workout(id)
row = get_workoutuser(id, request)
r = getrower(request.user)
filename = row.csvfilename
@@ -2203,7 +2203,7 @@ def workout_undo_smoothenpace_view(
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality. If you are already a Pro user, please log in to access this functionality",
redirect_field_name=None)
def workout_smoothenpace_view(request,id=0,message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
previousurl = request.META.get('HTTP_REFERER')
@@ -2263,7 +2263,7 @@ def workout_smoothenpace_view(request,id=0,message="",successmessage=""):
message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality. If you are already a Pro user, please log in to access this functionality",
redirect_field_name=None)
def workout_crewnerd_summary_view(request,id=0,message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
r = getrower(request.user)
breadcrumbs = [
{
@@ -2343,7 +2343,7 @@ def workout_crewnerd_summary_view(request,id=0,message="",successmessage=""):
def workout_downloadwind_view(request,id=0,
airportcode=None,
message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
f1 = row.csvfilename
@@ -2411,7 +2411,7 @@ def workout_downloadwind_view(request,id=0,
def workout_downloadmetar_view(request,id=0,
airportcode=None,
message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
f1 = row.csvfilename
@@ -2480,7 +2480,7 @@ def workout_downloadmetar_view(request,id=0,
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
@user_passes_test(ispromember,login_url="/rowers/paidplans",message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",redirect_field_name=None)
def workout_wind_view(request,id=0,message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
r = getrower(request.user)
breadcrumbs = [
{
@@ -2610,7 +2610,7 @@ def workout_wind_view(request,id=0,message="",successmessage=""):
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
@user_passes_test(ispromember,login_url="/rowers/paidplans",message="This functionality requires a Pro plan or higher. If you are already a Pro user, please log in to access this functionality",redirect_field_name=None)
def workout_stream_view(request,id=0,message="",successmessage=""):
row = get_workout(id)
row = get_workoutuser(id, request)
r = getrower(request.user)
@@ -2694,7 +2694,7 @@ def workout_stream_view(request,id=0,message="",successmessage=""):
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
@user_passes_test(ispromember, login_url="/rowers/paidplans",redirect_field_name=None)
def workout_otwsetpower_view(request,id=0,message="",successmessage=""):
w = get_workout(id)
w = get_workoutuser(id, request)
r = getrower(request.user)
mayedit = 1
@@ -2819,7 +2819,7 @@ def workout_otwsetpower_view(request,id=0,message="",successmessage=""):
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def instroke_view(request,id=0):
w = get_workout(id)
w = get_workoutuser(id, request)
r = getrower(request.user)
mayedit = 1
@@ -2868,7 +2868,7 @@ def instroke_view(request,id=0):
# generate instroke chart
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def instroke_chart(request,id=0,metric=''):
w = get_workout(id)
w = get_workoutuser(id, request)
@@ -2923,7 +2923,7 @@ def instroke_chart(request,id=0,metric=''):
def workout_data_view(request, id=0):
r = getrower(request.user)
w = get_workout(id)
w = get_workoutuser(id, request)
breadcrumbs = [
@@ -3905,16 +3905,14 @@ def workout_comment_view(request,id=0):
# The basic edit page
@login_required()
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def workout_edit_view(request,id=0,message="",successmessage=""):
request.session[translation.LANGUAGE_SESSION_KEY] = USER_LANGUAGE
request.session['referer'] = absolute(request)['PATH']
row = get_workout(id)
row = get_workoutuser(id,request)
if request.user.rower.rowerplan == 'basic' and 'speedcoach2' in row.workoutsource:
data = getsmallrowdata_db(['wash'],ids=[encoder.decode_hex(id)])
@@ -4230,7 +4228,7 @@ def workout_uploadimage_view(request,id):
r = getrower(request.user)
w = get_workout(id)
w = get_workoutuser(id, request)
breadcrumbs = [
{
@@ -4329,7 +4327,7 @@ def workout_uploadimage_view(request,id):
@permission_required('workout.change_workout',fn=get_workout_by_opaqueid,raise_exception=True)
def workout_add_chart_view(request,id,plotnr=1):
w = get_workout(id)
w = get_workoutuser(id, request)
r = getrower(request.user)
plotnr = int(plotnr)