Set ReviewerUserId only if Status changed

For non-admin reviewers (i.e., without `CanReviewOwnArtwork`), the `PATCH` form
has a hidden element with the artwork's current `Status`. If the reviewer
updates the `EbookUrl` and not `Status`, then don't record the reviewer's
`ReviewerUserId` because they didn't review or change the `Status`.

Side note: Sending the `PATCH` form an invalid `Status` will result in a
validation error, but that validation error was hard to read because it was the
wrong exception type. This commit adds a new `InvalidArtworkStatusException` to
fix that.

Fixes #433
This commit is contained in:
Mike Colagrosso 2024-12-12 17:15:30 -07:00 committed by Alex Cabal
parent 5e4636f249
commit cae8271ecb
3 changed files with 16 additions and 9 deletions

View file

@ -393,7 +393,7 @@ class Artwork{
} }
if(!isset($this->Status)){ if(!isset($this->Status)){
$error->Add(new Exceptions\InvalidArtworkException('Invalid status.')); $error->Add(new Exceptions\InvalidArtworkStatusException());
} }
if(isset($this->Tags)){ if(isset($this->Tags)){

View file

@ -0,0 +1,7 @@
<?
namespace Exceptions;
class InvalidArtworkStatusException extends AppException{
/** @var string $message */
protected $message = 'Invalid artwork status.';
}

View file

@ -93,19 +93,19 @@ try{
// We can PATCH the status, the ebook www filesystem path, or both. // We can PATCH the status, the ebook www filesystem path, or both.
if(isset($_POST['artwork-status'])){ if(isset($_POST['artwork-status'])){
$newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? ''); $newStatus = Enums\ArtworkStatusType::tryFrom(HttpInput::Str(POST, 'artwork-status') ?? '');
if($newStatus !== null){ if($artwork->Status != $newStatus){
if($artwork->Status != $newStatus && !$artwork->CanStatusBeChangedBy(Session::$User)){ if(!$artwork->CanStatusBeChangedBy(Session::$User)){
throw new Exceptions\InvalidPermissionsException(); throw new Exceptions\InvalidPermissionsException();
} }
if($newStatus !== null){
$artwork->ReviewerUserId = Session::$User->UserId; $artwork->ReviewerUserId = Session::$User->UserId;
$artwork->Status = $newStatus; $artwork->Status = $newStatus;
} }else{
else{
unset($artwork->Status); unset($artwork->Status);
} }
} }
}
if(isset($_POST['artwork-ebook-url'])){ if(isset($_POST['artwork-ebook-url'])){
$newEbookUrl = HttpInput::Str(POST, 'artwork-ebook-url'); $newEbookUrl = HttpInput::Str(POST, 'artwork-ebook-url');