Skip to content
Snippets Groups Projects
Commit 52a1592b authored by Jiří Setnička's avatar Jiří Setnička
Browse files

Formulář akce nad účastníky: Kontrolujeme práva na contest

Formulář se totiž dá spustit i na stránce kola, kam mají přístup všichni,
ale akce by měla provést jen nad účastníky, které organizátor spravuje
v rámci jeho contestu.
parent 7d8b9e19
Branches master
No related tags found
2 merge requests!10Nastavení kol a úloh,!9WIP: Zárodek uživatelské části webu a submitování
This commit is part of merge request !10. Comments created here will be created in the context of that merge request.
...@@ -64,9 +64,9 @@ class ParticipantsActionForm(FlaskForm): ...@@ -64,9 +64,9 @@ class ParticipantsActionForm(FlaskForm):
def do_action(self, round: db.Round, rights: mo.rights.Rights, query: Query) -> bool: def do_action(self, round: db.Round, rights: mo.rights.Rights, query: Query) -> bool:
"""Do participation modification on partipations from given query """Do participation modification on partipations from given query
(possibly filtered by checkboxes). Expects that rights for round/contest (possibly filtered by checkboxes). `rights` param is used to check rights
are checked before calling this function, `rights` param are used only for contest of each modified participation or for contest in which
for checking that we can move participation to another contest.""" participation is moved to."""
if not self.validate_on_submit(): if not self.validate_on_submit():
return False return False
...@@ -93,6 +93,7 @@ class ParticipantsActionForm(FlaskForm): ...@@ -93,6 +93,7 @@ class ParticipantsActionForm(FlaskForm):
rights.get_for_contest(contest) rights.get_for_contest(contest)
if not rights.have_right(mo.rights.Right.manage_contest): if not rights.have_right(mo.rights.Right.manage_contest):
flash(f"Nemáte právo ke správě soutěže v kole {round.round_code()} v oblasti {contest_place.name}, nelze do ní přesunout účastníky", 'danger') flash(f"Nemáte právo ke správě soutěže v kole {round.round_code()} v oblasti {contest_place.name}, nelze do ní přesunout účastníky", 'danger')
return False
elif self.remove_participation.data: elif self.remove_participation.data:
pass pass
else: else:
...@@ -105,8 +106,26 @@ class ParticipantsActionForm(FlaskForm): ...@@ -105,8 +106,26 @@ class ParticipantsActionForm(FlaskForm):
flash('Data v checkboxech nelze převést na čísla, kontaktujte správce', 'danger') flash('Data v checkboxech nelze převést na čísla, kontaktujte správce', 'danger')
return False return False
count = 0 # Check all participations if we can edit them
ctants = query.all() ctants = query.all()
rights_cache = set()
for pion, _, _ in ctants:
u = pion.user
if self.action_on.data == 'checked' and u.user_id not in user_ids:
continue
if pion.contest_id in rights_cache:
continue
rights.get_for_contest(pion.contest)
if rights.have_right(mo.rights.Right.manage_contest):
rights_cache.add(pion.contest_id)
continue
flash(
f"Nemáte právo ke správě soutěže v kole {round.round_code()} v oblasti {pion.contest.place.name} "
+ f"(účastník {u.first_name} {u.last_name}). Žádná akce nebyla provedena.", 'danger'
)
return False
count = 0
for pion, _, _ in ctants: for pion, _, _ in ctants:
u = pion.user u = pion.user
if self.action_on.data == 'checked' and u.user_id not in user_ids: if self.action_on.data == 'checked' and u.user_id not in user_ids:
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment