diff --git a/app/models/competition.rb b/app/models/competition.rb index 67a4989a041..b7d576ecbf8 100644 --- a/app/models/competition.rb +++ b/app/models/competition.rb @@ -1169,8 +1169,8 @@ def has_event_change_deadline_date? # can registration edits be done right now # must be allowed in general, and if the deadline field exists, is it a date and in the future - def registration_edits_allowed? - self.allow_registration_edits && + def registration_edits_permitted? + !started? && self.allow_registration_edits && (!has_event_change_deadline_date? || !event_change_deadline_date.present? || event_change_deadline_date > DateTime.now) end @@ -1564,7 +1564,7 @@ def ineligible_events(user) end def started? - start_date.present? && start_date < Date.today + start_date.present? && start_date <= Date.today end def organizers_or_delegates diff --git a/app/models/user.rb b/app/models/user.rb index a6ed85808e6..cb598dea1eb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -873,7 +873,7 @@ def can_view_hidden_competitions? def can_edit_registration?(registration) # A registration can be edited by a user if it hasn't been accepted yet, and if edits are allowed. - editable_by_user = (!registration.accepted? || registration.competition.registration_edits_allowed?) + editable_by_user = (!registration.accepted? || registration.competition.registration_edits_permitted?) can_manage_competition?(registration.competition) || (registration.user_id == self.id && editable_by_user) end diff --git a/lib/registrations/registration_checker.rb b/lib/registrations/registration_checker.rb index eb87bd08d7a..0c3cacd9627 100644 --- a/lib/registrations/registration_checker.rb +++ b/lib/registrations/registration_checker.rb @@ -78,7 +78,7 @@ def user_can_modify_registration!(competition, current_user, target_user, regist raise WcaExceptions::RegistrationError.new(:unauthorized, Registrations::ErrorCodes::USER_INSUFFICIENT_PERMISSIONS) unless can_administer_or_current_user?(competition, current_user, target_user) raise WcaExceptions::RegistrationError.new(:forbidden, Registrations::ErrorCodes::USER_EDITS_NOT_ALLOWED) unless - competition.registration_edits_allowed? || current_user.can_manage_competition?(competition) || user_uncancelling_registration?(registration, new_status) + competition.registration_edits_permitted? || current_user.can_manage_competition?(competition) || user_uncancelling_registration?(registration, new_status) raise WcaExceptions::RegistrationError.new(:unauthorized, Registrations::ErrorCodes::REGISTRATION_IS_REJECTED) if user_is_rejected?(current_user, target_user, registration) && !organizer_modifying_own_registration?(competition, current_user, target_user) raise WcaExceptions::RegistrationError.new(:forbidden, Registrations::ErrorCodes::ALREADY_REGISTERED_IN_SERIES) if diff --git a/spec/lib/registrations/registration_checker_spec.rb b/spec/lib/registrations/registration_checker_spec.rb index b86343aa737..f36a2bf0bae 100644 --- a/spec/lib/registrations/registration_checker_spec.rb +++ b/spec/lib/registrations/registration_checker_spec.rb @@ -797,6 +797,24 @@ end end + it 'user cant change events after comp has started', :tag do + comp_started = FactoryBot.create(:competition, :ongoing, allow_registration_edits: true) + registration = FactoryBot.create(:registration, competition: comp_started) + + update_request = FactoryBot.build( + :update_request, + competition_id: registration.competition.id, + user_id: registration.user_id, + ) + + expect { + Registrations::RegistrationChecker.update_registration_allowed!(update_request, Competition.find(update_request['competition_id']), User.find(update_request['submitted_by'])) + }.to raise_error(WcaExceptions::RegistrationError) do |error| + expect(error.status).to eq(:forbidden) + expect(error.error).to eq(Registrations::ErrorCodes::USER_EDITS_NOT_ALLOWED) + end + end + it 'user cant change events after event change deadline' do edit_deadline_passed = FactoryBot.create(:competition, :event_edit_passed) registration = FactoryBot.create(:registration, competition: edit_deadline_passed)