From c3b774fcaacd26a744c39f84b6c2bfbe080ff190 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Sun, 9 Apr 2017 10:29:08 +0200
Subject: [PATCH] Fix: submissions with non-public status might be publicly
accessible
---
.../scipost/assets/css/scipost-physics.scss | 4 ++--
scipost/views.py | 3 +--
submissions/managers.py | 2 +-
submissions/views.py | 22 ++++++-------------
4 files changed, 11 insertions(+), 20 deletions(-)
diff --git a/scipost/static/scipost/assets/css/scipost-physics.scss b/scipost/static/scipost/assets/css/scipost-physics.scss
index d0d2f46ec..2ef6f06c4 100644
--- a/scipost/static/scipost/assets/css/scipost-physics.scss
+++ b/scipost/static/scipost/assets/css/scipost-physics.scss
@@ -17,8 +17,8 @@
display: block;
&.active {
- border: 1px solid #6885c3;
- color: #6885c3;
+ color: #002b49;
+ background: rgba(255, 255, 255, 0.5);
}
}
}
diff --git a/scipost/views.py b/scipost/views.py
index 6ba474479..0e2fd0e17 100644
--- a/scipost/views.py
+++ b/scipost/views.py
@@ -122,9 +122,8 @@ def documentsSearchResults(query):
commentary_query,
vetted=True,
).order_by('-pub_date')
- submission_search_queryset = Submission.objects.filter(
+ submission_search_queryset = Submission.objects.public().filter(
submission_query,
- ).exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED,
).order_by('-submission_date')
thesislink_search_list = ThesisLink.objects.filter(
thesislink_query,
diff --git a/submissions/managers.py b/submissions/managers.py
index 01249dd9d..9346d76a5 100644
--- a/submissions/managers.py
+++ b/submissions/managers.py
@@ -14,7 +14,7 @@ class SubmissionManager(models.Manager):
.order_by('-submission_date')
def public(self):
- return self.exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED)
+ return self.filter(is_current=True).exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED)
class EditorialAssignmentManager(models.Manager):
diff --git a/submissions/views.py b/submissions/views.py
index 2e28d88ef..b82aeebb2 100644
--- a/submissions/views.py
+++ b/submissions/views.py
@@ -208,34 +208,26 @@ class SubmissionListView(ListView):
paginate_by = 10
def get_queryset(self):
+ queryset = Submission.objects.public()
if 'to_journal' in self.kwargs:
- queryset = Submission.objects.filter(
+ queryset = queryset.filter(
latest_activity__gte=timezone.now() + datetime.timedelta(days=-60),
submitted_to_journal=self.kwargs['to_journal']
- ).exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED
- ).exclude(is_current=False).order_by('-submission_date')
- # Submission.objects.filter(submitted_to_journal=self.kwargs['to_journal'])
+ )
elif 'discipline' in self.kwargs and 'nrweeksback' in self.kwargs:
discipline = self.kwargs['discipline']
nrweeksback = self.kwargs['nrweeksback']
- queryset = Submission.objects.filter(
+ queryset = queryset.filter(
discipline=discipline,
latest_activity__gte=timezone.now() + datetime.timedelta(weeks=-int(nrweeksback)))
elif 'Submit' in self.request.GET:
- queryset = Submission.objects.filter(
+ queryset = queryset.filter(
title__icontains=self.request.GET.get('title_keyword', ''),
author_list__icontains=self.request.GET.get('author', ''),
abstract__icontains=self.request.GET.get('abstract_keyword', '')
)
- else:
- queryset = Submission.objects.filter(
- latest_activity__gte=timezone.now() + datetime.timedelta(days=-60)
- ).exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED
- ).exclude(is_current=False).order_by('-submission_date')
-
- queryset = queryset.exclude(status__in=SUBMISSION_STATUS_PUBLICLY_UNLISTED,
- ).order_by('-submission_date')
- return queryset
+
+ return queryset.order_by('-submission_date')
def get_context_data(self, **kwargs):
# Call the base implementation first to get a context
--
GitLab