From 571849d506e3c422850e6554ba20a28daedfd2bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20Pracha=C5=99?= <jan.prachar@gmail.com>
Date: Thu, 11 Mar 2021 22:57:50 +0100
Subject: [PATCH] =?UTF-8?q?Oprava=20zobrazen=C3=AD=20tla=C4=8D=C3=ADtek,?=
 =?UTF-8?q?=20na=20kter=C3=BD=20nem=C3=A1=20u=C5=BEivatel=20opr=C3=A1vn?=
 =?UTF-8?q?=C4=9Bn=C3=AD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 mo/rights.py                      | 6 ++++++
 mo/web/org_contest.py             | 1 +
 mo/web/org_round.py               | 5 +++--
 mo/web/org_score.py               | 1 +
 mo/web/templates/org_contest.html | 6 +++++-
 mo/web/templates/org_round.html   | 6 +++---
 mo/web/templates/org_score.html   | 2 ++
 7 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/mo/rights.py b/mo/rights.py
index 29553db0..cff7377b 100644
--- a/mo/rights.py
+++ b/mo/rights.py
@@ -255,6 +255,9 @@ class RoundRights(Rights):
     def can_view_statement(self) -> bool:
         return self._check_view_statement(self.round)
 
+    def can_view_submits(self) -> bool:
+        return self.have_right(Right.view_submits)
+
 
 class ContestRights(Rights):
     """Práva k soutěži."""
@@ -281,6 +284,9 @@ class ContestRights(Rights):
     def can_view_statement(self) -> bool:
         return self._check_view_statement(self.contest.round)
 
+    def can_view_submits(self) -> bool:
+        return self.have_right(Right.view_submits)
+
 
 class Gatekeeper:
     """Dveřník rozhoduje, jaká práva má uživatel k danému objektu.
diff --git a/mo/web/org_contest.py b/mo/web/org_contest.py
index 367ef536..7baebcd4 100644
--- a/mo/web/org_contest.py
+++ b/mo/web/org_contest.py
@@ -372,6 +372,7 @@ def org_contest(id: int, site_id: Optional[int] = None):
         can_edit_points=rr.can_edit_points(),
         can_create_solutions=rr.can_upload_feedback() or rr.can_upload_solutions(),
         can_view_statement=rr.can_view_statement(),
+        can_view_submits=rr.can_view_submits(),
         tasks=tasks, places_counts=places_counts,
     )
 
diff --git a/mo/web/org_round.py b/mo/web/org_round.py
index 96b94c61..ca617b49 100644
--- a/mo/web/org_round.py
+++ b/mo/web/org_round.py
@@ -167,7 +167,7 @@ def add_contest(round: db.Round, form: AddContestForm) -> bool:
 @app.route('/org/contest/r/<int:id>/', methods=('GET', 'POST'))
 def org_round(id: int):
     sess = db.get_session()
-    round, _, rr = get_round_rr(id, None, True)
+    round, _, rr = get_round_rr(id, None, False)
 
     can_manage_round = rr.have_right(Right.manage_round)
     can_manage_contestants = rr.have_right(Right.manage_contest)
@@ -228,6 +228,7 @@ def org_round(id: int):
         can_handle_submits=rr.have_right(Right.view_submits),
         can_upload=rr.offer_upload_feedback(),
         can_view_statement=rr.can_view_statement(),
+        can_view_submits=rr.can_view_submits(),
         can_add_contest=g.gatekeeper.rights_generic().have_right(Right.add_contest),
     )
 
@@ -335,7 +336,7 @@ def org_round_task_upload(round_id: int, task_id: int):
 
 @app.route('/org/contest/r/<int:round_id>/task/<int:task_id>/batch-points', methods=('GET', 'POST'))
 def org_round_task_batch_points(round_id: int, task_id: int):
-    round, _, _ = get_round_rr(round_id, Right.edit_points, True)
+    round, _, _ = get_round_rr(round_id, Right.edit_points, False)
     task = get_task(round, task_id)
     return generic_batch_points(round=round, contest=None, task=task)
 
diff --git a/mo/web/org_score.py b/mo/web/org_score.py
index cbebbcda..2b46ab44 100644
--- a/mo/web/org_score.py
+++ b/mo/web/org_score.py
@@ -216,6 +216,7 @@ def org_score(round_id: Optional[int] = None, contest_id: Optional[int] = None):
             contest=contest, round=round, tasks=tasks,
             table=table, messages=messages,
             group_rounds=group_rounds,
+            can_view_submits=rr.can_view_submits(),
         )
     else:
         return table.send_as(format)
diff --git a/mo/web/templates/org_contest.html b/mo/web/templates/org_contest.html
index 2675f9e0..f2ac68bd 100644
--- a/mo/web/templates/org_contest.html
+++ b/mo/web/templates/org_contest.html
@@ -48,7 +48,7 @@
 
 <div class="btn-group">
 	<a class="btn btn-primary" href='{{ url_for('org_contest_list', id=contest.contest_id, site_id=site_id) }}'>Seznam účastníků</a>
-	{% if round.state != RoundState.preparing %}
+	{% if can_view_submits and round.state != RoundState.preparing %}
 	<a class="btn btn-primary" href='{{ url_for('org_contest_solutions', id=contest.contest_id, site_id=site_id) }}'>Odevzdaná řešení</a>
 	{% endif %}
 	{% if not site %}
@@ -115,7 +115,9 @@
 		<td>{{ task.sol_count }}
 		<td>{{ task.max_points|none_value('–') }}
 		<td><div class="btn-group">
+			{% if can_view_submits %}
 			<a class="btn btn-xs btn-primary" href="{{ url_for('org_contest_task', contest_id=contest.contest_id, task_id=task.task_id, site_id=site_id) }}">Odevzdaná řešení</a>
+			{% endif %}
 			{% if not site and can_edit_points %}
 				<a class="btn btn-xs btn-default" href="{{ url_for('org_contest_task_points', contest_id=contest.contest_id, task_id=task.task_id) }}">Zadat body</a>
 			{% endif %}
@@ -124,7 +126,9 @@
 			{% endif %}
 		</div>
 		<td><div class="btn-group">
+			{% if can_view_submits %}
 			<a class="btn btn-xs btn-primary" href="{{ url_for('org_contest_task_download', contest_id=contest.contest_id, task_id=task.task_id, site_id=site_id) }}">Stáhnout ZIP</a>
+			{% endif %}
 			{% if can_upload %}
 				<a class='btn btn-xs btn-default' href="{{ url_for('org_contest_task_upload', contest_id=contest.contest_id, task_id=task.task_id, site_id=site_id) }}">Nahrát ZIP</a>
 			{% endif %}
diff --git a/mo/web/templates/org_round.html b/mo/web/templates/org_round.html
index aa1a62a6..8c3af862 100644
--- a/mo/web/templates/org_round.html
+++ b/mo/web/templates/org_round.html
@@ -131,7 +131,7 @@
 			<th>Odevzdaná řešení
 			<th>Maximum bodů
 			{% if can_manage_round %}<th>Akce{% endif %}
-			{% if can_handle_submits or can_upload %}<th>Dávkové operace{% endif %}
+			{% if can_view_submits or can_upload %}<th>Dávkové operace{% endif %}
 		</tr>
 	</thead>
 	{% for task in tasks %}
@@ -155,9 +155,9 @@
 				{% endif %}
 			</div>
 			{% endif %}
-			{% if can_handle_submits or can_upload %}
+			{% if can_view_submits or can_upload %}
 			<td><div class="btn-group">
-				{% if can_handle_submits %}
+				{% if can_view_submits %}
 					<a class="btn btn-xs btn-primary" href="{{ url_for('org_round_task_download', round_id=round.round_id, task_id=task.task_id) }}">Stáhnout ZIP</a>
 				{% endif %}
 				{% if can_upload %}
diff --git a/mo/web/templates/org_score.html b/mo/web/templates/org_score.html
index 21740346..cc536445 100644
--- a/mo/web/templates/org_score.html
+++ b/mo/web/templates/org_score.html
@@ -10,7 +10,9 @@
 {% block pretitle %}
 <div class="btn-group pull-right">
 	{% if contest %}
+	{% if can_view_submits %}
 	<a class="btn btn-default" href="{{ url_for('org_contest_solutions', id=contest.contest_id) }}">Odevzdaná řešení</a>
+	{% endif %}
 	<a class="btn btn-default" href="{{ url_for('org_score', round_id=round.round_id) }}">Výsledky kola</a>
 	{% endif %}
 </div>
-- 
GitLab