From 7d39d649b621adaafd5401f8868af485f892ec3c Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Sun, 24 Sep 2017 21:15:33 +0200
Subject: [PATCH] Restrict resubmission permissions
Contributors will now only be permitted to do a
resubmission if the current contributor is already
assigned as an author on the previous submission.
This will prevent other contributors be able to read
information which is meant for the EdCol+EIC only,
coming from the previous submission.
---
submissions/forms.py | 7 ++++++-
submissions/signals.py | 7 ++++++-
submissions/views.py | 5 +++--
3 files changed, 15 insertions(+), 4 deletions(-)
diff --git a/submissions/forms.py b/submissions/forms.py
index 37f07e08e..1fd5527db 100644
--- a/submissions/forms.py
+++ b/submissions/forms.py
@@ -71,6 +71,7 @@ class SubmissionChecks:
last_submission = None
def __init__(self, *args, **kwargs):
+ self.requested_by = kwargs.pop('requested_by', None)
super().__init__(*args, **kwargs)
# Prefill `is_resubmission` property if data is coming from initial data
if kwargs.get('initial', None):
@@ -121,6 +122,11 @@ class SubmissionChecks:
self.last_submission = submission
if submission.status == STATUS_REVISION_REQUESTED:
self.is_resubmission = True
+ if self.requested_by.contributor not in submission.authors.all():
+ error_message = ('There exists a preprint with this arXiv identifier '
+ 'but an earlier version number. Resubmission is only possible'
+ ' if you are a registered author of this manuscript.')
+ raise forms.ValidationError(error_message)
elif submission.status in [STATUS_REJECTED, STATUS_REJECTED_VISIBLE]:
error_message = ('This arXiv preprint has previously undergone refereeing '
'and has been rejected. Resubmission is only possible '
@@ -238,7 +244,6 @@ class RequestSubmissionForm(SubmissionChecks, forms.ModelForm):
}
def __init__(self, *args, **kwargs):
- self.requested_by = kwargs.pop('requested_by', None)
super().__init__(*args, **kwargs)
if not self.submission_is_resubmission():
diff --git a/submissions/signals.py b/submissions/signals.py
index 53461d84c..664ff585d 100644
--- a/submissions/signals.py
+++ b/submissions/signals.py
@@ -32,8 +32,13 @@ def notify_new_editorial_assignment(sender, instance, created, **kwargs):
"""
if created:
administration = Group.objects.get(name='Editorial Administrators')
+ if instance.accepted:
+ # A new assignment is auto-accepted if user assigned himself or on resubmission.
+ text = ' assigned you Editor-in-charge.'
+ else:
+ text = ' invited you to become Editor-in-charge.'
notify.send(sender=sender, recipient=instance.to.user, actor=administration,
- verb=' invited you to become Editor-in-charge.', target=instance)
+ verb=text, target=instance)
def notify_new_referee_invitation(sender, instance, created, **kwargs):
diff --git a/submissions/views.py b/submissions/views.py
index 9d9fafc72..b91cff2ff 100644
--- a/submissions/views.py
+++ b/submissions/views.py
@@ -96,10 +96,11 @@ class RequestSubmission(CreateView):
@login_required
@permission_required('scipost.can_submit_manuscript', raise_exception=True)
def prefill_using_arxiv_identifier(request):
- query_form = SubmissionIdentifierForm(request.POST or None, initial=request.GET or None)
+ query_form = SubmissionIdentifierForm(request.POST or None, initial=request.GET or None,
+ requested_by=request.user)
if query_form.is_valid():
prefill_data = query_form.request_arxiv_preprint_form_prefill_data()
- form = RequestSubmissionForm(initial=prefill_data)
+ form = RequestSubmissionForm(initial=prefill_data, requested_by=request.user)
# Submit message to user
if query_form.submission_is_resubmission():
--
GitLab