462 lines
11 KiB
Python
462 lines
11 KiB
Python
import rules
|
|
import datetime
|
|
|
|
# PERMISSIONS
|
|
|
|
# USER permissions
|
|
|
|
"""
|
|
USER permissions
|
|
- There are 5 types of user: basic, pro, plan, coach, freecoach
|
|
- These methods exist on user
|
|
- user.rower
|
|
- user.is_anonymous
|
|
- user.is_staff
|
|
|
|
- These methods exist on rower
|
|
- rower.rowerplan
|
|
- rower.protrialexpires
|
|
- rower.plantrialexpires
|
|
- rower.mycoachgroup
|
|
- rower.coachinggroups
|
|
- rower.team
|
|
|
|
- These Rules apply to Rowers
|
|
- Free Coach user cannot have workouts
|
|
- Coach can edit athlete settings (if in coachinggroup)
|
|
- Coach can run analytics for athlete
|
|
- Pro and Plan user cannot run analysis for members of their groups
|
|
|
|
"""
|
|
|
|
@rules.predicate
|
|
def user_is_not_basic(user):
|
|
if user.rower.rowerplan != 'basic':
|
|
return True
|
|
|
|
if user.rower.protrialexpires >= datetime.date.today() and user.rower.plantrialexpires >= datetime.date.today():
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def is_coach(user):
|
|
return user.rower.rowerplan in ['coach','freecoach']
|
|
|
|
@rules.predicate
|
|
def is_planmember(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
return r.rowerplan in ['coach','plan'] # freecoach?
|
|
|
|
@rules.predicate
|
|
def is_promember(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
return r.rowerplan in ['pro','coach','plan'] # freecoach?
|
|
|
|
@rules.predicate
|
|
def is_protrial(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if r.rowerplan == 'basic':
|
|
return r.protrialexpires >= datetime.date.today()
|
|
if r.rowerplan == 'freecoach':
|
|
if r.mycoachgroup is not None:
|
|
return len(r.mycoachgroup)>=4
|
|
|
|
return False
|
|
|
|
ispromember = is_promember | is_protrial
|
|
|
|
@rules.predicate
|
|
def is_plantrial(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if r.rowerplan in ['basic','pro']:
|
|
return r.plantrialexpires >= datetime.date.today()
|
|
if r.rowerplan == 'freecoach':
|
|
if r.mycoachgroup is not None:
|
|
return len(r.mycoachgroup)>=4
|
|
|
|
return False
|
|
|
|
isplanmember = is_planmember | is_plantrial
|
|
|
|
# User / Coach relationships (Rower object)
|
|
|
|
@rules.predicate
|
|
def can_plan(user):
|
|
return user.rower.rowerplan in ['plan','coach','freecoach']
|
|
|
|
# checks if rower is coach of user
|
|
@rules.predicate
|
|
def is_coach_user(usercoach,userrower):
|
|
if usercoach == userrower:
|
|
return True
|
|
|
|
r = userrower.rower
|
|
|
|
coaches = []
|
|
|
|
for group in r.coachinggroups.all():
|
|
newcoaches = group.get_coaches()
|
|
for coach in newcoaches:
|
|
coaches.append(coach)
|
|
|
|
for coach in coaches:
|
|
if usercoach.rower == coach:
|
|
return True
|
|
|
|
return False
|
|
|
|
# check if rower and user are members of the same team
|
|
@rules.predicate
|
|
def is_rower_team_member(user,rower):
|
|
if user.rower == rower:
|
|
return True
|
|
|
|
teams = user.rower.team.all()
|
|
|
|
for team in teams:
|
|
if team.private == 'open':
|
|
if team in rower.team.all():
|
|
return True
|
|
if team.manager == rower.user:
|
|
return True
|
|
|
|
return False
|
|
|
|
# check if user can plan for the rower
|
|
@rules.predicate
|
|
def can_plan_user(user,rower):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if rower == r:
|
|
return True
|
|
|
|
# below
|
|
team_managers = [t.manager for t in rower.team.all() and can_plan(t.manager)]
|
|
if user_is_not_basic(user):
|
|
return user in team_managers
|
|
|
|
return False
|
|
|
|
rules.add_perm('rower.can_plan',can_plan_user) # replaces checkaccessplanuser
|
|
rules.add_perm('rower.is_coach',is_coach_user) # replaces checkaccessuser
|
|
rules.add_perm('rower.is_pro',ispromember)
|
|
|
|
# WORKOUT permissions
|
|
|
|
"""
|
|
WORKOUT permissions
|
|
- These methods exist on Workout
|
|
- workout.privacy
|
|
|
|
- These rules apply to workouts
|
|
- User can add, delete and change their own workouts
|
|
- Coach can add and change workouts for their athletes, but not delete
|
|
- Pro and Plan user cannot add or change an athlete's workout
|
|
- Pro, Basic users can view team members' workout
|
|
- Anonymous users can view team members' workout (but not see list of workouts)
|
|
|
|
- Rules for Workouts are transferred to objects related to the Workout,
|
|
- Charts
|
|
- Video Analysis
|
|
- WorkoutComment?
|
|
|
|
"""
|
|
|
|
# check if user is owner or coach of owner of workout
|
|
@rules.predicate
|
|
def is_workout_user(user,workout):
|
|
if user.is_anonymous:
|
|
return False
|
|
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if workout.user == r:
|
|
return True
|
|
|
|
return is_coach_user(user,workout.user.user)
|
|
|
|
# check if user can see workout
|
|
@rules.predicate
|
|
def can_view_workout(user,workout):
|
|
if workout.privacy != 'private':
|
|
return True
|
|
return False
|
|
|
|
|
|
rules.add_perm('workout.change_workout',is_workout_user) # replaces checkworkoutuser
|
|
rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutuserview
|
|
|
|
|
|
|
|
# checkviewworkouts
|
|
|
|
# PLANNING permissions
|
|
|
|
"""
|
|
- These rules apply to planning
|
|
- Free coach can create planned sessions and team planned sessions
|
|
- Self coach and higher can create planned sessions and team planned sessions
|
|
- Coach can create planned sessions and team planned sessions
|
|
- Self Coach and higher can create planned sessions and team planned sessions
|
|
- Pro or Basic cannot create planned sessions or team planned sessions
|
|
- WHO can comment (plannedsession_comment_view)
|
|
- Only Session manager can change session
|
|
- Strict View rules (stricter than workouts)
|
|
|
|
- TrainingTarget
|
|
- rules for view, add, change, delete
|
|
- TrainingPlan
|
|
- rules for view, add, change, delete
|
|
- Cycle
|
|
- inherits rules from TrainingPlan
|
|
- PlannedSession
|
|
- rules for view, add, change, delete, clone, save as template
|
|
- check team
|
|
|
|
- Special rules for Race (cannot be edited ex post)
|
|
|
|
"""
|
|
|
|
# Training Target rules
|
|
@rules.predicate
|
|
def can_view_target(user,target):
|
|
if user.is_anonymous:
|
|
return False
|
|
if user == target.manager.user:
|
|
return True
|
|
|
|
# a target's coach can view as well
|
|
if is_coach_user(user,target.manager.user):
|
|
return True
|
|
|
|
# the object can view as well
|
|
if user.rower in target.rowers.all():
|
|
return True
|
|
|
|
@rules.predicate
|
|
def can_change_target(user,target):
|
|
if user.is_anonymous:
|
|
return False
|
|
return user == target.manager.user
|
|
|
|
@rules.predicate
|
|
def can_delete_target(user,target):
|
|
if user.is_anonymous:
|
|
return False
|
|
return user == target.manager.user
|
|
|
|
rules.add_perm('target.view_target',can_view_target)
|
|
rules.add_perm('target.change_target',can_change_target)
|
|
rules.add_perm('target.delete_target',can_delete_target)
|
|
|
|
@rules.predicate
|
|
def can_view_plan(user,plan):
|
|
if user.is_anonymous:
|
|
return False
|
|
if user == plan.manager.user:
|
|
return True
|
|
|
|
# a plan's coach can view as well
|
|
if is_coach_user(user,plan.manager.user):
|
|
return True
|
|
|
|
# the object can view as well
|
|
if user.rower in plan.rowers.all():
|
|
return True
|
|
|
|
@rules.predicate
|
|
def can_change_plan(user,plan):
|
|
if user.is_anonymous:
|
|
return False
|
|
return user == plan.manager.user
|
|
|
|
@rules.predicate
|
|
def can_delete_plan(user,plan):
|
|
if user.is_anonymous:
|
|
return False
|
|
return user == plan.manager.user
|
|
|
|
rules.add_perm('plan.view_plan',can_view_plan)
|
|
rules.add_perm('plan.change_plan',can_change_plan)
|
|
rules.add_perm('plan.delete_plan',can_delete_plan)
|
|
|
|
@rules.predicate
|
|
def can_view_cycle(user,cycle):
|
|
try:
|
|
return can_view_cycle(user,cycle.plan)
|
|
except AttributeError:
|
|
return can_view_plan(user,cycle.plan)
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def can_change_cycle(user,cycle):
|
|
try:
|
|
return can_change_cycle(user,cycle.plan)
|
|
except AttributeError:
|
|
return can_change_plan(user,cycle.plan)
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def can_delete_cycle(user,cycle):
|
|
try:
|
|
return can_delete_cycle(user,cycle.plan)
|
|
except AttributeError:
|
|
return can_delete_plan(user,cycle.plan)
|
|
|
|
return False
|
|
|
|
|
|
rules.add_perm('cycle.view_cycle',can_view_cycle)
|
|
rules.add_perm('cycle.change_cycle',can_change_cycle)
|
|
rules.add_perm('cycle.delete_cycle',can_delete_cycle)
|
|
|
|
|
|
# check if user has view access to session
|
|
@rules.predicate
|
|
def can_view_session(user,session):
|
|
if session.sessiontype in ['race','indoorrace']:
|
|
return True
|
|
if user.is_anonymous:
|
|
return False
|
|
# session manager can view session
|
|
if user == session.manager:
|
|
return True
|
|
# if you're a rower in the session you can view it
|
|
if user.rower in session.rower.all():
|
|
return True
|
|
# coach users can view sessions created by their team members
|
|
if is_coach(user):
|
|
teams = user.rower.get_managed_teams()
|
|
teamusers = [member.u for member in t.rower.all()]
|
|
if session.manager in teamusers:
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def can_change_session(user,session):
|
|
if user.is_anonymous:
|
|
return False
|
|
# session part of a race should not be changed through the session interface
|
|
if session.sessiontype in ['race','indoorrace']:
|
|
return False
|
|
if user == session.manager:
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def can_delete_session(user,session):
|
|
if user.is_anonymous:
|
|
return False
|
|
|
|
if session.sessiontype in ['race','indoorrace']:
|
|
return False
|
|
|
|
if user == session.manager:
|
|
return True
|
|
|
|
return False
|
|
|
|
rules.add_perm('plannedsession.view_session',can_view_session)
|
|
rules.add_perm('plannedsession.change_session',can_change_session)
|
|
rules.add_perm('plannedsession.delete_session',can_delete_session)
|
|
|
|
|
|
|
|
# checkaccessplanuser (models.py)
|
|
# getrequestrower, getrequestplanrower
|
|
|
|
# TEAM (group) permissions
|
|
|
|
"""
|
|
- These methods exist on team
|
|
- team.manager
|
|
- team.private
|
|
|
|
- These rules apply to a team
|
|
- A Pro rower can be manager of only 1 team (as manager)
|
|
- A coach can have any number of teams (as manager)
|
|
- Basic user cannot manage a group
|
|
- Basic user cannot join groups led by Free Coach or Pro
|
|
- Basic athletes can be member of Coach led group
|
|
- Plan user can create 1 group (as manager) and not more
|
|
- Pro users (and higher) can join team led by other Pro (or higher) user
|
|
- On downgrade, Coach users lose all but their oldest team (add test!)
|
|
|
|
"""
|
|
|
|
# check if user is manager of the team
|
|
@rules.predicate
|
|
def is_team_manager(user,team):
|
|
return team.manager == user
|
|
|
|
# check is user is member of team
|
|
@rules.predicate
|
|
def is_team_member(user,team):
|
|
members = team.rower.all()
|
|
return user in [member.user for member in members]
|
|
|
|
# check if user can view team
|
|
@rules.predicate
|
|
def can_view_team(user,team):
|
|
# user based
|
|
if user.rower.rowerplan == 'basic' and team.manager.rower.rowerplan != 'coach':
|
|
return False
|
|
# team is public
|
|
if team.private == 'open':
|
|
return True
|
|
# team is private
|
|
return is_team_member(user,team) | is_team_manager(user,team)
|
|
|
|
|
|
# For Team functionality
|
|
rules.add_perm('teams.view_team',can_view_team)
|
|
rules.add_perm('teams.add_team',user_is_not_basic)
|
|
rules.add_perm('teams.change_team',is_team_manager)
|
|
rules.add_perm('teams.delete_team',is_team_manager)
|
|
|
|
# RACING permissions
|
|
|
|
"""
|
|
- VirtualRace
|
|
- rules to add, view, delete, change
|
|
- GeoCourse
|
|
- rules to add, view, delete, change
|
|
"""
|
|
|
|
|
|
# ANALYSIS permissions
|
|
|
|
"""
|
|
- Conditions
|
|
- Alerts
|
|
- rules to add, view, delete, change
|
|
- cpdata
|
|
"""
|