From 3ecf2bd7221a7720bd621796b67b0dece06a5de0 Mon Sep 17 00:00:00 2001
From: "J.-S. Caux" <J.S.Caux@uva.nl>
Date: Sat, 21 May 2016 21:33:07 +0200
Subject: [PATCH] Prevent Submission author (proven or presumed) from
 submitting Report

---
 .../submissions/submission_detail.html        |  6 ++++-
 .../submissions/submit_report_ack.html        |  4 +++
 submissions/views.py                          | 26 +++++++++++++++++--
 3 files changed, 33 insertions(+), 3 deletions(-)

diff --git a/submissions/templates/submissions/submission_detail.html b/submissions/templates/submissions/submission_detail.html
index 2cfa21ddf..9e614a5d6 100644
--- a/submissions/templates/submissions/submission_detail.html
+++ b/submissions/templates/submissions/submission_detail.html
@@ -52,9 +52,13 @@
   </div>
   <ul>
     {% if submission.open_for_reporting %}
-    {% if perms.scipost.can_referee %}
+    {% if perms.scipost.can_referee and not is_author and not is_author_unchecked %}
     <li><h3><a href="{% url 'submissions:submit_report' submission.id %}">Contribute a Report</a></h3>
       <div class="reportingDeadline">Deadline for reporting: {{ submission.reporting_deadline }}</div></li>
+    {% elif is_author_unchecked %}
+    <li><h3>Contribute a Report [deactivated]: the system flagged you as a potential author of this Submission.
+	Please go to your <a href="{% url 'scipost:personal_page' %}">personal page</a>
+	under the Submissions tab to clarify this.</h3></li>
     {% endif %}
     {% else %}
     <li>Reporting for this Submission is closed.</li>
diff --git a/submissions/templates/submissions/submit_report_ack.html b/submissions/templates/submissions/submit_report_ack.html
index f16628bda..8e5b948e9 100644
--- a/submissions/templates/submissions/submit_report_ack.html
+++ b/submissions/templates/submissions/submit_report_ack.html
@@ -5,7 +5,11 @@
 {% block bodysup %}
 
 <section>
+  {% if errormessage %}
+  <p>{{ errormessage }}</p>
+  {% else %}
   <h1>Thank you for your Report.</h1>
+  {% endif %}
 </section>
 
 {% endblock bodysup %}
diff --git a/submissions/views.py b/submissions/views.py
index 4fc0c3236..ee363a6a0 100644
--- a/submissions/views.py
+++ b/submissions/views.py
@@ -234,11 +234,16 @@ def submission_detail(request, submission_id):
         author_replies = Comment.objects.filter(submission=submission, is_author_reply=True)
     except Comment.DoesNotExist:
         author_replies = ()
+    # To check in template whether the user can submit a report:
+    is_author = request.user.contributor in submission.authors.all()
+    is_author_unchecked = (not is_author
+                           and not (request.user.contributor in submission.authors_false_claims.all())
+                           and (request.user.last_name in submission.author_list))
     context = {'submission': submission, 'comments': comments.filter(status__gte=1, is_author_reply=False).order_by('-date_submitted'), 
                'invited_reports': reports.filter(status__gte=1, invited=True), 
                'contributed_reports': reports.filter(status__gte=1, invited=False), 
-               'author_replies': author_replies, 
-               'form': form, }
+               'author_replies': author_replies, 'form': form,
+               'is_author': is_author, 'is_author_unchecked': is_author_unchecked}
     return render(request, 'submissions/submission_detail.html', context)
 
 
@@ -629,9 +634,25 @@ def eic_recommendation(request, submission_id):
 # Reports
 ###########
 
+@login_required
 @permission_required('scipost.can_referee', raise_exception=True)
 def submit_report(request, submission_id):
     submission = get_object_or_404 (Submission, pk=submission_id)
+    # Check whether the user can submit a report:
+    is_author = request.user.contributor in submission.authors.all()
+    is_author_unchecked = (not is_author
+                           and not (request.user.contributor in submission.authors_false_claims.all())
+                           and (request.user.last_name in submission.author_list))
+    errormessage = None
+    if is_author:
+        errormessage = 'You are an author of this Submission and cannot submit a Report.'
+    if is_author_unchecked:
+        errormessage = ('The system flagged you as a potential author of this Submission. '
+                        'Please go to your personal page under the Submissions tab to clarify this.')
+    if errormessage:
+        context = {'errormessage': errormessage}
+        return render(request, 'submissions/submit_report_ack.html', context)
+        
     if request.method == 'POST':
         form = ReportForm(request.POST)
         if form.is_valid():
@@ -680,6 +701,7 @@ def submit_report(request, submission_id):
     return render(request, 'submissions/submit_report.html', context)
 
 
+@login_required
 @permission_required('scipost.can_take_charge_of_submissions', raise_exception=True)
 def vet_submitted_reports(request):
     contributor = Contributor.objects.get(user=request.user)
-- 
GitLab