From d85487e04071f9c11c4f1f2fc825f5b8408b9f87 Mon Sep 17 00:00:00 2001
From: Jorran de Wit <jorrandewit@outlook.com>
Date: Tue, 6 Jun 2017 16:44:39 +0200
Subject: [PATCH] Close minor submit report loophole

---
 submissions/constants.py | 14 +++++++++++---
 submissions/managers.py  | 10 +++++++++-
 submissions/views.py     |  2 +-
 3 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/submissions/constants.py b/submissions/constants.py
index 0f6656719..c3d462607 100644
--- a/submissions/constants.py
+++ b/submissions/constants.py
@@ -38,16 +38,24 @@ SUBMISSION_STATUS = (
 
 SUBMISSION_HTTP404_ON_EDITORIAL_PAGE = [
     'assignment_failed',
-    'published',
+    STATUS_PUBLISHED,
     'withdrawn',
-    'rejected',
-    'rejected_visible',
+    STATUS_REJECTED,
+    STATUS_REJECTED_VISIBLE,
 ]
 
 SUBMISSION_STATUS_OUT_OF_POOL = SUBMISSION_HTTP404_ON_EDITORIAL_PAGE + [
     'resubmitted'
 ]
 
+SUBMISSION_EXCLUDE_FROM_REPORTING = SUBMISSION_HTTP404_ON_EDITORIAL_PAGE + [
+    STATUS_AWAITING_ED_REC,
+    # STATUS_REVIEW_CLOSED,
+    # STATUS_ACCEPTED,
+    # 'voting_in_preparation',
+    # 'put_to_EC_voting',
+    # 'withdrawn',
+]
 
 # Submissions which are allowed/required to submit a EIC Recommendation
 SUBMISSION_EIC_RECOMMENDATION_REQUIRED = [
diff --git a/submissions/managers.py b/submissions/managers.py
index 016cd3284..0b9d6cd8c 100644
--- a/submissions/managers.py
+++ b/submissions/managers.py
@@ -4,7 +4,8 @@ from django.db.models import Q
 from .constants import SUBMISSION_STATUS_OUT_OF_POOL, SUBMISSION_STATUS_PUBLICLY_UNLISTED,\
                        SUBMISSION_STATUS_PUBLICLY_INVISIBLE, STATUS_UNVETTED, STATUS_VETTED,\
                        STATUS_UNCLEAR, STATUS_INCORRECT, STATUS_NOT_USEFUL, STATUS_NOT_ACADEMIC,\
-                       SUBMISSION_HTTP404_ON_EDITORIAL_PAGE, STATUS_DRAFT
+                       SUBMISSION_HTTP404_ON_EDITORIAL_PAGE, STATUS_DRAFT,\
+                       SUBMISSION_EXCLUDE_FROM_REPORTING
 
 
 class SubmissionManager(models.Manager):
@@ -73,6 +74,13 @@ class SubmissionManager(models.Manager):
         queryset = self.exclude(status__in=SUBMISSION_STATUS_PUBLICLY_INVISIBLE)
         return self._newest_version_only(queryset)
 
+    def open_for_reporting(self):
+        """
+        This query should filter submissions that do not have the right status to receive
+        a new report.
+        """
+        return self.exclude(status__in=SUBMISSION_EXCLUDE_FROM_REPORTING)
+
 
 class EditorialAssignmentManager(models.Manager):
     def get_for_user_in_pool(self, user):
diff --git a/submissions/views.py b/submissions/views.py
index 74471e8fe..cd0cfd8d7 100644
--- a/submissions/views.py
+++ b/submissions/views.py
@@ -1000,7 +1000,7 @@ def submit_report(request, arxiv_identifier_w_vn_nr):
     has the reporting deadline not been reached yet and does there exist any invitation
     for the current user on this submission.
     """
-    submission = get_object_or_404(Submission.objects.all(),
+    submission = get_object_or_404(Submission.objects.open_for_reporting(),
                                    arxiv_identifier_w_vn_nr=arxiv_identifier_w_vn_nr)
     # Check whether the user can submit a report:
     current_contributor = request.user.contributor
-- 
GitLab