From 39736a81c4933f697d12fe4c993dc2ad3ae90f90 Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Thu, 7 Mar 2024 06:45:35 +0900
Subject: fix issue where any one can see any answers

---
 services/app/src/App.php                     | 4 ++--
 services/app/templates/answer_list.html.twig | 2 +-
 services/app/templates/quiz_view.html.twig   | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'services/app')

diff --git a/services/app/src/App.php b/services/app/src/App.php
index e7d2816..3eedfe7 100644
--- a/services/app/src/App.php
+++ b/services/app/src/App.php
@@ -388,7 +388,7 @@ final class App
             throw new HttpNotFoundException($request);
         }
         $currentUser = $this->getCurrentUser($request);
-        if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser?->user_id) {
+        if (!$quiz->isFinished() && $answer->author_id !== $currentUser?->user_id) {
             throw new HttpForbiddenException($request);
         }
 
@@ -887,7 +887,7 @@ final class App
         if ($quiz === null) {
             throw new HttpNotFoundException($request);
         }
-        if ($quiz->isOpenToAnswer() && $answer->author_id !== $currentUser->user_id) {
+        if (!$quiz->isFinished() && $answer->author_id !== $currentUser->user_id) {
             throw new HttpForbiddenException($request);
         }
 
diff --git a/services/app/templates/answer_list.html.twig b/services/app/templates/answer_list.html.twig
index 818a755..0ca3318 100644
--- a/services/app/templates/answer_list.html.twig
+++ b/services/app/templates/answer_list.html.twig
@@ -46,7 +46,7 @@
               {% endif %}
             </td>
             <td>
-              {% if quiz.isOpenToAnswer() and answer.author_id != current_user_id %}
+              {% if not quiz.isFinished() and answer.author_id != current_user_id %}
                 #{{ answer.answer_number }}
               {% else %}
                 <a href="{{ url_for('answer_view', { qslug: quiz.slug, anum: answer.answer_number }) }}">#{{ answer.answer_number }}</a>
diff --git a/services/app/templates/quiz_view.html.twig b/services/app/templates/quiz_view.html.twig
index 44676e2..a42520c 100644
--- a/services/app/templates/quiz_view.html.twig
+++ b/services/app/templates/quiz_view.html.twig
@@ -42,7 +42,7 @@
           <tr>
             <td>{{ loop.index }}</td>
             <td>
-              {% if quiz.isOpenToAnswer() and answer.author_id != current_user_id %}
+              {% if not quiz.isFinished() and answer.author_id != current_user_id %}
                 #{{ answer.answer_number }}
               {% else %}
                 <a href="{{ url_for('answer_view', { qslug: quiz.slug, anum: answer.answer_number }) }}">#{{ answer.answer_number }}</a>
-- 
cgit v1.2.3-70-g09d2