From 802076226190a2ee942656c2d836dd368158a290 Mon Sep 17 00:00:00 2001
From: Mo8it <mo8it@proton.me>
Date: Mon, 19 Sep 2022 14:24:00 +0200
Subject: [PATCH] Prevent assistants from viewing or changing marks in
 semesters marked as done

---
 advlabdb/assistantModelViews.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/advlabdb/assistantModelViews.py b/advlabdb/assistantModelViews.py
index ec452f9..26c1228 100644
--- a/advlabdb/assistantModelViews.py
+++ b/advlabdb/assistantModelViews.py
@@ -7,6 +7,7 @@ from flask_admin.model.template import EndpointLinkRowAction
 from flask_login import current_user
 from flask_security.changeable import admin_change_password
 from flask_wtf import FlaskForm
+from markupsafe import Markup
 from wtforms.validators import DataRequired
 
 from .advlabdb_independent_funs import (
@@ -26,6 +27,7 @@ from .model_dependent_funs import (
     generate_new_password_field,
     parse_selection_mark_field,
     user_info_fields,
+    user_settings_url,
 )
 from .model_independent_funs import randomPassword, reportBadAttempt
 from .models import Assistant, GroupExperiment, Semester, SemesterExperiment, User, db
@@ -39,6 +41,19 @@ assistantSpace = FlaskAdmin(
 
 
 class AssistantGroupExperimentView(SecureAssistantModelView):
+    def is_accessible(self):
+        active_semester = current_user.active_semester
+        if active_semester.done:
+            flash(
+                Markup(
+                    f"Active semester {active_semester} is marked as done. Therefore, you are not allowed to view or edit any marks in this semester. You should change your active semester in <a href='{ user_settings_url() }'>user settings</a>."
+                ),
+                "danger",
+            )
+            return False
+
+        return super().is_accessible()
+
     column_display_actions = True
 
     column_list = [