correctly handle opening a survey that the user isnt allowed to edit

13b459ac · Remco Tukker · 9f5b9a45 · 13b459ac · 13b459ac · 13b459ac
Commit 13b459ac authored Aug 16, 2023 by Remco Tukker
--- a/compendium_v2/routes/response.py
+++ b/compendium_v2/routes/response.py
@@ -30,6 +30,7 @@ SURVEY_RESPONSE_SCHEMA = {
        'verification_status': {'type': 'object'},
        'mode': {'type': 'string'},
        'status': {'type': 'string'},
+        'edit_allowed': {'type': 'boolean'},
    },
    'required': ['model', 'locked_by', 'data', 'page', 'verification_status', 'mode', 'status'],
    'additionalProperties': False
@@ -111,7 +112,8 @@ def try_survey(year) -> Any:
        "page": 0,
        "verification_status": {},
        "mode": SurveyMode.Edit,
-        "status": RESPONSE_NOT_STARTED
+        "status": RESPONSE_NOT_STARTED,
+        "edit_allowed": True
    }
@@ -152,7 +154,8 @@ def inspect_survey(year) -> Any:
        "page": 0,
        "verification_status": {},
        "mode": SurveyMode.Edit,
-        "status": RESPONSE_NOT_STARTED
+        "status": RESPONSE_NOT_STARTED,
+        "edit_allowed": True
    }
@@ -219,7 +222,8 @@ def load_survey(year, nren_name) -> Any:
        "page": page,
        "verification_status": verification_status,
        "mode": SurveyMode.Display,
-        "status": response.status.value if response else RESPONSE_NOT_STARTED
+        "status": response.status.value if response else RESPONSE_NOT_STARTED,
+        "edit_allowed": current_user.is_admin or survey.status == SurveyStatus.open
    }
@@ -248,6 +252,9 @@ def lock_survey(year, nren_name) -> Any:
    if not check_access_nren(current_user, nren):
        return {'message': 'You do not have permissions to access this survey.'}, 403
+    if survey.status != SurveyStatus.open and not current_user.is_admin:
+        return {'message': 'Survey is closed'}, 400
    response = db.session.scalar(
        select(SurveyResponse).where(SurveyResponse.survey_year == year)
                              .where(SurveyResponse.nren_id == nren.id)


--- a/survey-frontend/src/SurveyContainerComponent.tsx
+++ b/survey-frontend/src/SurveyContainerComponent.tsx
@@ -66,6 +66,7 @@ function SurveyContainerComponent({ loadFrom }) {
            survey.mode = json['mode'];
            survey.lockedBy = json['locked_by'];
            survey.status = json['status'];
+            survey.editAllowed = json['edit_allowed'];
            setSurveyModel(survey);
        }


--- a/survey-frontend/src/SurveyNavigationComponent.tsx
+++ b/survey-frontend/src/SurveyNavigationComponent.tsx
@@ -49,7 +49,7 @@ function SurveyNavigationComponent({ surveyModel, surveyActions, year, nren, chi
    const renderExternalNavigation = () => {
        return (
            <div className="survey-edit-buttons-block">
-                {!editing && !lockedBy && renderButton('Start editing', 'startEdit')}
+                {!editing && !lockedBy && surveyModel.editAllowed && renderButton('Start editing', 'startEdit')}
                {!editing && lockedBy && lockedBy == loggedInUser.name && renderButton('Discard any unsaved changes and release your lock', 'releaseLock')}
                {editing && (pageNo === surveyModel.visiblePages.length - 1) && renderButton('Complete Survey', 'complete')}
                {editing && renderButton(saveAndStopEdit, 'saveAndStopEdit')}
@@ -83,7 +83,8 @@ function SurveyNavigationComponent({ surveyModel, surveyActions, year, nren, chi
            <Row className="survey-content">
                {!editing && (
                    <div className="survey-edit-explainer">
-                        {!lockedBy && <span>The survey is in read-only mode; click the “Start editing“ button to start editing the answers.</span>}
+                        {!lockedBy && surveyModel.editAllowed && <span>The survey is in read-only mode; click the “Start editing“ button to start editing the answers.</span>}
+                        {!lockedBy && !surveyModel.editAllowed && <span>The survey is in read-only mode and can not be edited by you.</span>}
                        {lockedBy && lockedBy != loggedInUser.name && 'The survey is in READONLY mode and currently being edited by: ' + lockedBy + '. To start editing the survey, ask them to complete their edits.'}
                        {lockedBy && lockedBy == loggedInUser.name && 'The survey is in READONLY mode because you started editing in another tab, browser or device. To start editing the survey, either complete those edits or click the "Discard any unsaved changes" button.'}
                    </div>