From b8aac3bfb27cf83b4fd6ef144c493a3dc20465c0 Mon Sep 17 00:00:00 2001
From: Evan <evanzhang1028@hotmail.com>
Date: Mon, 13 Apr 2020 23:43:21 -0400
Subject: [PATCH] Move submission access check into a helper method

---
 judge/jinja2/submission.py |  4 ++--
 judge/models/submission.py | 16 ++++++++++++++++
 judge/views/submission.py  | 16 +++-------------
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/judge/jinja2/submission.py b/judge/jinja2/submission.py
index 0b2352e371..c1be2d1ed6 100644
--- a/judge/jinja2/submission.py
+++ b/judge/jinja2/submission.py
@@ -6,13 +6,13 @@ def submission_layout(submission, profile_id, user, completed_problem_ids, edita
     problem_id = submission.problem_id
     can_view = False
 
-    if problem_id in editable_problem_ids:
+    if user.has_perm('judge.view_all_submission'):
         can_view = True
 
     if profile_id == submission.user_id:
         can_view = True
 
-    if user.has_perm('judge.change_submission'):
+    if problem_id in editable_problem_ids:
         can_view = True
 
     if submission.problem_id in completed_problem_ids:
diff --git a/judge/models/submission.py b/judge/models/submission.py
index 16cc79f371..41338af730 100644
--- a/judge/models/submission.py
+++ b/judge/models/submission.py
@@ -123,6 +123,22 @@ def abort(self):
 
     abort.alters_data = True
 
+    def can_see_detail(self, user):
+        profile = user.profile
+        if not user.is_authenticated:
+            return False
+        if user.has_perm('judge.view_all_submission'):
+            return True
+        if self.user_id == profile.id:
+            return True
+        if self.problem.is_editor(profile):
+            return True
+        if (self.problem.is_public or self.problem.testers.filter(id=profile.id).exists()) and \
+                self.problem.submission_set.filter(user_id=profile.id, result='AC',
+                                                   points=self.problem.points).exists():
+            return True
+        return False
+
     def update_contest(self):
         try:
             contest = self.contest
diff --git a/judge/views/submission.py b/judge/views/submission.py
index edfe2b1ba3..45696e57eb 100644
--- a/judge/views/submission.py
+++ b/judge/views/submission.py
@@ -43,19 +43,9 @@ class SubmissionMixin(object):
 class SubmissionDetailBase(LoginRequiredMixin, TitleMixin, SubmissionMixin, DetailView):
     def get_object(self, queryset=None):
         submission = super(SubmissionDetailBase, self).get_object(queryset)
-        profile = self.request.profile
-        problem = submission.problem
-        if self.request.user.has_perm('judge.view_all_submission'):
-            return submission
-        if submission.user_id == profile.id:
-            return submission
-        if problem.is_editor(profile):
-            return submission
-        if problem.is_public or problem.testers.filter(id=profile.id).exists():
-            if Submission.objects.filter(user_id=profile.id, result='AC', problem_id=problem.id,
-                                         points=problem.points).exists():
-                return submission
-        raise PermissionDenied()
+        if not submission.can_see_detail(self.request.user):
+            raise PermissionDenied()
+        return submission
 
     def get_title(self):
         submission = self.object