diff --git a/apps/registration/views.py b/apps/registration/views.py index 53d890d..5101bb1 100644 --- a/apps/registration/views.py +++ b/apps/registration/views.py @@ -14,6 +14,7 @@ from django.http import FileResponse, Http404 from django.shortcuts import redirect, resolve_url from django.template.loader import render_to_string from django.urls import reverse_lazy +from django.utils import timezone from django.utils.crypto import get_random_string from django.utils.http import urlsafe_base64_decode from django.utils.translation import gettext_lazy as _ @@ -507,17 +508,21 @@ class SolutionView(LoginRequiredMixin, View): raise Http404 solution = Solution.objects.get(file__endswith=filename) user = request.user + passage_participant_qs = Passage.objects.filter(Q(defender=user.registration.team.participation) + | Q(opponent=user.registration.team.participation) + | Q(reporter=user.registration.team.participation), + defender=solution.participation, + solution_number=solution.problem) if not (user.registration.is_admin or user.registration.is_volunteer and Passage.objects.filter(Q(pool__juries=user.registration) | Q(pool__tournament__in=user.registration.organized_tournaments.all()), defender=solution.participation, solution_number=solution.problem).exists() or user.registration.participates and user.registration.team - and Passage.objects.filter(Q(defender=user.registration.team.participation) - | Q(opponent=user.registration.team.participation) - | Q(reporter=user.registration.team.participation), - defender=solution.participation, - solution_number=solution.problem).exists()): + and (solution.participation.team == user.registration.team or + any(passage.pool.round == 1 + or timezone.now() >= passage.pool.tournament.solutions_available_second_phase + for passage in passage_participant_qs.all()))): raise PermissionDenied # Guess mime type of the file mime = Magic(mime=True)