Diplomy/UI: Účastníci vidí jen schválené diplomy

d525cc70 · Martin Mareš · c5cd35ef · d525cc70
Commit d525cc70 authored 5 months ago by Martin Mareš
--- a/mo/web/user.py
+++ b/mo/web/user.py
@@ -53,6 +53,8 @@ def user_index():
 def load_pcrs() -> List[Tuple[db.Participation, db.Contest, db.Round, int]]:
    cert_subq = (db.get_session()
                 .query(db.Certificate.user_id, db.Certificate.cert_set_id, func.count(db.Certificate.type).label('count'))
+                 .join(db.Certificate.cert_file)
+                 .filter(db.CertFile.approved)
                 .group_by(db.Certificate.user_id, db.Certificate.cert_set_id)
                 .subquery())
    return (db.get_session().query(db.Participation, db.Contest, db.Round, cert_subq.c.count)
@@ -341,7 +343,10 @@ def user_contest(id: int):
    if contest.state == db.RoundState.closed:
        certs = (sess.query(db.Certificate)
-                 .filter_by(cert_set_id=id, user=g.user)
+                 .join(db.Certificate.cert_file)
+                 .filter(db.Certificate.cert_set_id == id,
+                         db.Certificate.user == g.user,
+                         db.CertFile.approved)
                 .limit(1)
                 .all())
    else:
@@ -642,7 +647,7 @@ def user_contest_score_pdf(id: int):
 # Využívá se i z org_certs
-def send_certificate(ct_id: int, cert_type: str, user_filename: str, user_id: Optional[int] = None):
+def send_certificate(ct_id: int, cert_type: str, user_filename: str, user_id: Optional[int] = None, approved_only: bool = False):
    try:
        typ = db.CertType.coerce(cert_type)
    except ValueError:
@@ -653,7 +658,7 @@ def send_certificate(ct_id: int, cert_type: str, user_filename: str, user_id: Op
    sess = db.get_session()
    cfile = sess.query(db.CertFile).get((ct_id, typ))
-    if cfile is None:
+    if cfile is None or (approved_only and not cfile.published):
        raise werkzeug.exceptions.NotFound()
    file = os.path.join(mo.util.data_dir('certs'), cfile.pdf_file)
@@ -698,7 +703,10 @@ def user_contest_certificates(id: int):
    sess = db.get_session()
    cset = sess.query(db.CertSet).filter_by(contest_id=id).one_or_none()
    certs = (sess.query(db.Certificate)
-             .filter_by(cert_set_id=id, user=g.user)
+             .join(db.Certificate.cert_file)
+             .filter(db.Certificate.cert_set_id == id,
+                     db.Certificate.user == g.user,
+                     db.CertFile.approved)
             .all())
    return render_template(
@@ -713,7 +721,7 @@ def user_contest_certificates(id: int):
 def user_cert_file(ct_id: int, cert_type: str, filename: str):
    _ = get_contest(ct_id)
-    return send_certificate(ct_id, cert_type, filename, g.user_id)
+    return send_certificate(ct_id, cert_type, filename, g.user_id, approved_only=True)
 @app.route('/user/history/')