284 lines
6.8 KiB
Python
284 lines
6.8 KiB
Python
import rules
|
|
import datetime
|
|
|
|
# PERMISSIONS
|
|
|
|
# USER permissions
|
|
|
|
"""
|
|
USER permissions
|
|
- There are 5 types of user: basic, pro, plan, coach, freecoach
|
|
- These methods exist on user
|
|
- user.rower
|
|
- user.is_anonymous
|
|
- user.is_staff
|
|
|
|
- These methods exist on rower
|
|
- rower.rowerplan
|
|
- rower.protrialexpires
|
|
- rower.plantrialexpires
|
|
- rower.mycoachgroup
|
|
- rower.coachinggroups
|
|
- rower.team
|
|
|
|
- These Rules apply to Rowers
|
|
- Free Coach user cannot have workouts
|
|
- Coach can edit athlete settings (if in coachinggroup)
|
|
- Coach can run analytics for athlete
|
|
- Pro and Plan user cannot run analysis for members of their groups
|
|
|
|
"""
|
|
|
|
@rules.predicate
|
|
def user_is_not_basic(user):
|
|
if user.rower.rowerplan != 'basic':
|
|
return True
|
|
|
|
if user.rower.protrialexpires >= datetime.date.today() and user.rower.plantrialexpires >= datetime.date.today():
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def is_coach(user):
|
|
return user.rower.rowerplan in ['coach','freecoach']
|
|
|
|
@rules.predicate
|
|
def is_promember(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
return r.rowerplan in ['pro','coach','plan']
|
|
|
|
@rules.predicate
|
|
def is_protrial(user):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if r.rowerplan == 'basic':
|
|
return r.protrialexpires >= datetime.date.today()
|
|
if r.rowerplan == 'freecoach':
|
|
if r.mycoachgroup is not None:
|
|
return len(r.mycoachgroup)>=4
|
|
|
|
return False
|
|
|
|
ispromember = is_promember | is_protrial
|
|
|
|
# User / Coach relationships (Rower object)
|
|
|
|
@rules.predicate
|
|
def can_plan(user):
|
|
return user.rower.rowerplan in ['plan','coach','freecoach']
|
|
|
|
# checks if rower is coach of user
|
|
@rules.predicate
|
|
def is_coach_user(user,rower):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if rower == r:
|
|
return True
|
|
|
|
coaches = []
|
|
|
|
for group in r.coachinggroups.all():
|
|
newcoaches = group.get_coaches()
|
|
for coach in newcoaches:
|
|
coaches.append(coach)
|
|
|
|
for coach in coaches:
|
|
if rower == coach:
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def is_rower_team_member(user,rower):
|
|
if user.rower == rower:
|
|
return True
|
|
|
|
teams = user.rower.team.all()
|
|
|
|
for team in teams:
|
|
if team.private == 'open':
|
|
if team in rower.team.all():
|
|
return True
|
|
if team.manager == rower.user:
|
|
return True
|
|
|
|
return False
|
|
|
|
@rules.predicate
|
|
def can_plan_user(user,rower):
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if rower == r:
|
|
return True
|
|
|
|
# below
|
|
team_managers = [t.manager for t in rower.team.all() and can_plan(t.manager)]
|
|
if user_is_not_basic(user):
|
|
return user in team_managers
|
|
|
|
return False
|
|
|
|
rules.add_perm('rower.can_plan',can_plan_user) # replaces checkaccessplanuser
|
|
rules.add_perm('rower.is_coach',is_coach_user) # replaces checkaccessuser
|
|
|
|
|
|
# WORKOUT permissions
|
|
|
|
"""
|
|
WORKOUT permissions
|
|
- These methods exist on Workout
|
|
- workout.privacy
|
|
|
|
- These rules apply to workouts
|
|
- User can add, delete and change their own workouts
|
|
- Coach can add and change workouts for their athletes, but not delete
|
|
- Pro and Plan user cannot add or change an athlete's workout
|
|
- Pro, Basic users can view team members' workout
|
|
- Anonymous users can view team members' workout (but not see list of workouts)
|
|
|
|
- Rules for Workouts are transferred to objects related to the Workout,
|
|
- Charts
|
|
- Video Analysis
|
|
- WorkoutComment?
|
|
|
|
"""
|
|
|
|
@rules.predicate
|
|
def is_workout_user(user,workout):
|
|
if user.is_anonymous:
|
|
return False
|
|
|
|
try:
|
|
r = user.rower
|
|
except AttributeError:
|
|
return False
|
|
|
|
if workout.user == r:
|
|
return True
|
|
|
|
return is_coach_user(workout.user.user,user.rower)
|
|
|
|
|
|
@rules.predicate
|
|
def can_view_workout(user,workout):
|
|
if workout.privacy != 'private':
|
|
return True
|
|
return False
|
|
|
|
|
|
rules.add_perm('workout.change_workout',is_workout_user) # replaces checkworkoutuser
|
|
rules.add_perm('workout.view_workout',can_view_workout) # replaces checkworkoutuserview
|
|
|
|
|
|
|
|
# checkviewworkouts
|
|
|
|
# PLANNING permissions
|
|
|
|
"""
|
|
- These rules apply to planning
|
|
- Free coach can create planned sessions and team planned sessions
|
|
- Self coach and higher can create planned sessions and team planned sessions
|
|
- Coach can create planned sessions and team planned sessions
|
|
- Self Coach and higher can create planned sessions and team planned sessions
|
|
- Pro or Basic cannot create planned sessions or team planned sessions
|
|
- WHO can comment (plannedsession_comment_view)
|
|
- Only Session manager can change session
|
|
- Strict View rules (stricter than workouts)
|
|
|
|
- TrainingTarget
|
|
- rules for view, add, change, delete
|
|
- TrainingPlan
|
|
- rules for view, add, change, delete
|
|
- Cycle
|
|
- inherits rules from TrainingPlan
|
|
- PlannedSession
|
|
- rules for view, add, change, delete, clone, save as template
|
|
- check team
|
|
|
|
- Special rules for Race (cannot be edited ex post)
|
|
|
|
"""
|
|
|
|
# checkaccessplanuser (models.py)
|
|
# getrequestrower, getrequestplanrower
|
|
|
|
# TEAM (group) permissions
|
|
|
|
"""
|
|
- These methods exist on team
|
|
- team.manager
|
|
- team.private
|
|
|
|
- These rules apply to a team
|
|
- A Pro rower can be manager of only 1 team (as manager)
|
|
- A coach can have any number of teams (as manager)
|
|
- Basic user cannot manage a group
|
|
- Basic user cannot join groups led by Free Coach or Pro
|
|
- Basic athletes can be member of Coach led group
|
|
- Plan user can create 1 group (as manager) and not more
|
|
- Pro users (and higher) can join team led by other Pro (or higher) user
|
|
- On downgrade, Coach users lose all but their oldest team (add test!)
|
|
|
|
"""
|
|
|
|
@rules.predicate
|
|
def is_team_manager(user,team):
|
|
return team.manager == user
|
|
|
|
@rules.predicate
|
|
def is_team_member(user,team):
|
|
members = team.rower.all()
|
|
return user in [member.user for member in members]
|
|
|
|
@rules.predicate
|
|
def can_view_team(user,team):
|
|
# user based
|
|
if user.rower.rowerplan == 'basic' and team.manager.rower.rowerplan != 'coach':
|
|
return False
|
|
# team is public
|
|
if team.private == 'open':
|
|
return True
|
|
# team is private
|
|
return is_team_member(user,team) | is_team_manager(user,team)
|
|
|
|
|
|
# For Team functionality
|
|
rules.add_perm('teams.view_team',can_view_team)
|
|
rules.add_perm('teams.add_team',user_is_not_basic)
|
|
rules.add_perm('teams.change_team',is_team_manager)
|
|
rules.add_perm('teams.delete_team',is_team_manager)
|
|
|
|
# RACING permissions
|
|
|
|
"""
|
|
- VirtualRace
|
|
- rules to add, view, delete, change
|
|
- GeoCourse
|
|
- rules to add, view, delete, change
|
|
"""
|
|
|
|
|
|
# ANALYSIS permissions
|
|
|
|
"""
|
|
- Conditions
|
|
- Alerts
|
|
- rules to add, view, delete, change
|
|
- cpdata
|
|
"""
|