From a3b52a20e13996d08f6f10a398c6b2a6824b2dca Mon Sep 17 00:00:00 2001
From: "Steven R. Loomis" <srl295@gmail.com>
Date: Tue, 2 Jul 2024 12:57:16 -0500
Subject: [PATCH 1/3] CLDR-17776 disallow reports if vetting closed

Back end side:
- Change CheckCLDR.Phase.getShowRowAction() to allow pathValueInfo and pathHeader to be optional (null)
- add convenience functions on StatusAction
- Report API returns 403 forbidden if NOT in phase where voting is allowed.
---
 .../org/unicode/cldr/web/api/ReportAPI.java   | 31 +++++++++---
 .../java/org/unicode/cldr/test/CheckCLDR.java | 50 +++++++++++++------
 2 files changed, 60 insertions(+), 21 deletions(-)

diff --git a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
index 7973d09ecc0..d91c5d91d07 100644
--- a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
+++ b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
@@ -7,6 +7,7 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
+import java.util.logging.Logger;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.HeaderParam;
@@ -25,6 +26,7 @@
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponse;
 import org.eclipse.microprofile.openapi.annotations.responses.APIResponses;
 import org.eclipse.microprofile.openapi.annotations.tags.Tag;
+import org.unicode.cldr.test.CheckCLDR;
 import org.unicode.cldr.tool.Chart;
 import org.unicode.cldr.util.CLDRLocale;
 import org.unicode.cldr.util.VoteResolver;
@@ -38,12 +40,15 @@
 import org.unicode.cldr.web.STFactory;
 import org.unicode.cldr.web.SubtypeToURLMap;
 import org.unicode.cldr.web.SurveyAjax;
+import org.unicode.cldr.web.SurveyLog;
 import org.unicode.cldr.web.SurveyMain;
 import org.unicode.cldr.web.UserRegistry;
 
 @Path("/voting/reports")
 @Tag(name = "voting", description = "APIs for voting and retrieving vote and row data")
 public class ReportAPI {
+    static final Logger logger = SurveyLog.forClass(ReportAPI.class);
+
     @GET
     @Path("/users/{user}")
     @Produces(MediaType.APPLICATION_JSON)
@@ -327,13 +332,27 @@ public Response updateReport(
         if (!report.isAvailable()) {
             return Response.status(Status.FORBIDDEN).build();
         }
+        final CLDRLocale loc = CLDRLocale.getInstance(locale);
+        // apply the same standard as for vetting.
+        // First check whether they even have permission.
+        if (!UserRegistry.userCanModifyLocale(mySession.user, loc)) {
+            return Response.status(Status.FORBIDDEN).build();
+        }
+        CheckCLDR.StatusAction showRowAction =
+                SurveyMain.checkCLDRPhase(loc)
+                        .getShowRowAction(
+                                null /* not path based */,
+                                CheckCLDR.InputMethod.DIRECT,
+                                null /* Not path based */,
+                                mySession.user);
+
+        logger.info(() -> "ShowRowAction = " + showRowAction);
+        if (!showRowAction.canVote()) {
+            return Response.status(Status.FORBIDDEN).build();
+        }
+
         ReportsDB.getInstance()
-                .markReportComplete(
-                        user,
-                        CLDRLocale.getInstance(locale),
-                        report,
-                        update.completed,
-                        update.acceptable);
+                .markReportComplete(user, loc, report, update.completed, update.acceptable);
 
         return Response.status(Status.NO_CONTENT).build();
     }
diff --git a/tools/cldr-code/src/main/java/org/unicode/cldr/test/CheckCLDR.java b/tools/cldr-code/src/main/java/org/unicode/cldr/test/CheckCLDR.java
index b5591694798..2c8fd1540ad 100644
--- a/tools/cldr-code/src/main/java/org/unicode/cldr/test/CheckCLDR.java
+++ b/tools/cldr-code/src/main/java/org/unicode/cldr/test/CheckCLDR.java
@@ -162,6 +162,16 @@ public boolean isForbidden() {
         public boolean canShow() {
             return !isForbidden;
         }
+
+        public boolean canVote() {
+            // the one non-voting case
+            if (this == ALLOW_TICKET_ONLY) return false;
+            return !isForbidden();
+        }
+
+        public boolean canSubmit() {
+            return (this == ALLOW);
+        }
     }
 
     private static final HashMap<String, Phase> PHASE_NAMES = new HashMap<>();
@@ -195,9 +205,9 @@ public boolean isUnitTest() {
         /**
          * Return whether or not to show a row, and if so, how.
          *
-         * @param pathValueInfo
+         * @param pathValueInfo - may be null for a non-path entry.
          * @param inputMethod
-         * @param ph the path header
+         * @param ph the path header - may be null if it is a non-path entry
          * @param userInfo null if there is no userInfo (nobody logged in).
          * @return
          */
@@ -208,7 +218,14 @@ public StatusAction getShowRowAction(
                 UserInfo userInfo // can get voterInfo from this.
                 ) {
 
-            PathHeader.SurveyToolStatus status = ph.getSurveyToolStatus();
+            // default to read/write
+            PathHeader.SurveyToolStatus status = PathHeader.SurveyToolStatus.READ_WRITE;
+            boolean canReadAndWrite = true;
+
+            if (ph != null) {
+                status = ph.getSurveyToolStatus();
+                canReadAndWrite = ph.canReadAndWrite();
+            }
             /*
              * Always forbid DEPRECATED items - don't show.
              *
@@ -239,23 +256,26 @@ public StatusAction getShowRowAction(
                 return StatusAction.FORBID_READONLY;
             }
 
-            CandidateInfo winner = pathValueInfo.getCurrentItem();
-            ValueStatus valueStatus = getValueStatus(winner, ValueStatus.NONE, null);
+            ValueStatus valueStatus = ValueStatus.NONE;
+            if (pathValueInfo != null) {
+                CandidateInfo winner = pathValueInfo.getCurrentItem();
+                valueStatus = getValueStatus(winner, ValueStatus.NONE, null);
 
-            // if limited submission, and winner doesn't have an error, limit the values
+                // if limited submission, and winner doesn't have an error, limit the values
 
-            if (LIMITED_SUBMISSION) {
-                if (!SubmissionLocales.allowEvenIfLimited(
-                        pathValueInfo.getLocale().toString(),
-                        pathValueInfo.getXpath(),
-                        valueStatus == ValueStatus.ERROR,
-                        pathValueInfo.getBaselineStatus() == Status.missing)) {
-                    return StatusAction.FORBID_READONLY;
+                if (LIMITED_SUBMISSION) {
+                    if (!SubmissionLocales.allowEvenIfLimited(
+                            pathValueInfo.getLocale().toString(),
+                            pathValueInfo.getXpath(),
+                            valueStatus == ValueStatus.ERROR,
+                            pathValueInfo.getBaselineStatus() == Status.missing)) {
+                        return StatusAction.FORBID_READONLY;
+                    }
                 }
             }
 
             if (this == Phase.SUBMISSION || isUnitTest()) {
-                return (ph.canReadAndWrite())
+                return (canReadAndWrite)
                         ? StatusAction.ALLOW
                         : StatusAction.ALLOW_VOTING_AND_TICKET;
             }
@@ -265,7 +285,7 @@ public StatusAction getShowRowAction(
             // Only allow ADD if we have an error or warning
             // Only check winning value for errors/warnings per ticket #8677
             if (valueStatus != ValueStatus.NONE) {
-                return (ph.canReadAndWrite())
+                return (canReadAndWrite)
                         ? StatusAction.ALLOW
                         : StatusAction.ALLOW_VOTING_AND_TICKET;
             }

From c62a1d0c359d3d61b7a1aede9c1e19ece38de9a4 Mon Sep 17 00:00:00 2001
From: "Steven R. Loomis" <srl295@gmail.com>
Date: Tue, 2 Jul 2024 14:32:08 -0500
Subject: [PATCH 2/3] CLDR-17776 st: report page should pop up error

- pop up error on voting or read error
---
 tools/cldr-apps/js/src/views/ReportResponse.vue | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/tools/cldr-apps/js/src/views/ReportResponse.vue b/tools/cldr-apps/js/src/views/ReportResponse.vue
index ebde8d50fa7..2ca780ed086 100644
--- a/tools/cldr-apps/js/src/views/ReportResponse.vue
+++ b/tools/cldr-apps/js/src/views/ReportResponse.vue
@@ -44,6 +44,7 @@
 
 <script>
 import * as cldrClient from "../esm/cldrClient.mjs";
+import * as cldrNotify from "../esm/cldrNotify.mjs";
 import * as cldrReport from "../esm/cldrReport.mjs";
 import * as cldrStatus from "../esm/cldrStatus.mjs";
 import * as cldrTable from "../esm/cldrTable.mjs";
@@ -172,7 +173,12 @@ export default {
         );
         await this.reload(); // will set loaded=true
       } catch (e) {
-        console.error(e);
+        cldrNotify.exception(
+          e,
+          `Trying to vote for report ${
+            this.report
+          } in ${cldrStatus.getCurrentLocale()}`
+        );
         this.error = e;
         this.loaded = true;
       }
@@ -210,7 +216,12 @@ export default {
         this.loaded = true;
         this.error = null;
       } catch (e) {
-        console.error(e);
+        cldrNotify.exception(
+          e,
+          `Trying to load report ${
+            this.report
+          } in ${cldrStatus.getCurrentLocale()}`
+        );
         this.error = e;
         this.loaded = true;
       }

From 737b43c0a12457b516d0878cb9ab715a4e9526bf Mon Sep 17 00:00:00 2001
From: "Steven R. Loomis" <srl295@gmail.com>
Date: Tue, 2 Jul 2024 16:24:07 -0500
Subject: [PATCH 3/3] CLDR-17776 st: disable report page if unavailable

- UI: disable radio group if canVote is false.
- cldrReport: update API to expose canVote
- ReportAPI: expose canVote over REST if the user can vote on the report
---
 tools/cldr-apps/js/src/esm/cldrReport.mjs     |  8 +++----
 .../cldr-apps/js/src/views/ReportResponse.vue |  8 ++++---
 .../org/unicode/cldr/web/api/ReportAPI.java   | 22 ++++++++++++++-----
 3 files changed, 25 insertions(+), 13 deletions(-)

diff --git a/tools/cldr-apps/js/src/esm/cldrReport.mjs b/tools/cldr-apps/js/src/esm/cldrReport.mjs
index b8f3c47c781..27430b760fc 100644
--- a/tools/cldr-apps/js/src/esm/cldrReport.mjs
+++ b/tools/cldr-apps/js/src/esm/cldrReport.mjs
@@ -112,7 +112,7 @@ async function getOneLocaleStatus(locale) {
       `getOneLocaleStatus(${locale}) expected an array of one item but got ${obj.locales.length}`
     );
   }
-  return obj.locales[0].reports;
+  return obj.locales[0];
 }
 
 /**
@@ -122,9 +122,9 @@ async function getOneLocaleStatus(locale) {
  * @returns
  */
 async function getOneReportLocaleStatus(locale, onlyReport) {
-  const reports = await getOneLocaleStatus(locale);
-  const myReport = reports.filter(({ report }) => report === onlyReport)[0];
-  return myReport;
+  const { reports, canVote } = await getOneLocaleStatus(locale);
+  const report = reports.filter(({ report }) => report === onlyReport)[0];
+  return { report, canVote };
 }
 
 /**
diff --git a/tools/cldr-apps/js/src/views/ReportResponse.vue b/tools/cldr-apps/js/src/views/ReportResponse.vue
index 2ca780ed086..88f7b1bc7ab 100644
--- a/tools/cldr-apps/js/src/views/ReportResponse.vue
+++ b/tools/cldr-apps/js/src/views/ReportResponse.vue
@@ -10,7 +10,7 @@
       before continuing.
     </p>
 
-    <a-radio-group v-model:value="state" @change="changed">
+    <a-radio-group v-model:value="state" :disabled="!canVote" @change="changed">
       <a-radio :style="radioStyle" value="acceptable">
         I have reviewed the items below, and they are all acceptable</a-radio
       >
@@ -60,6 +60,7 @@ export default {
   ],
   data() {
     return {
+      canVote: false,
       completed: false,
       acceptable: false,
       loaded: false,
@@ -211,9 +212,10 @@ export default {
           completed: this.completed,
           acceptable: this.acceptable,
         });
-        this.reportStatus = await reportLocaleStatusResponse; // { status: approved, acceptability: acceptable }
-        console.dir(await reportLocaleStatusResponse);
+        const { report, canVote } = await reportLocaleStatusResponse;
+        this.reportStatus = report; // { status: approved, acceptability: acceptable }
         this.loaded = true;
+        this.canVote = canVote;
         this.error = null;
       } catch (e) {
         cldrNotify.exception(
diff --git a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
index d91c5d91d07..039a833aa97 100644
--- a/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
+++ b/tools/cldr-apps/src/main/java/org/unicode/cldr/web/api/ReportAPI.java
@@ -7,7 +7,6 @@
 import java.util.Map;
 import java.util.Set;
 import java.util.TreeMap;
-import java.util.logging.Logger;
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
 import javax.ws.rs.HeaderParam;
@@ -40,15 +39,12 @@
 import org.unicode.cldr.web.STFactory;
 import org.unicode.cldr.web.SubtypeToURLMap;
 import org.unicode.cldr.web.SurveyAjax;
-import org.unicode.cldr.web.SurveyLog;
 import org.unicode.cldr.web.SurveyMain;
 import org.unicode.cldr.web.UserRegistry;
 
 @Path("/voting/reports")
 @Tag(name = "voting", description = "APIs for voting and retrieving vote and row data")
 public class ReportAPI {
-    static final Logger logger = SurveyLog.forClass(ReportAPI.class);
-
     @GET
     @Path("/users/{user}")
     @Produces(MediaType.APPLICATION_JSON)
@@ -195,7 +191,15 @@ public Response getReportLocaleStatus(
         // set of all valid userids
         final Set<Integer> allUsers = CookieSession.sm.reg.getVoterToInfo().keySet();
         for (final CLDRLocale loc : locales) {
-            LocaleReportVettingResult rr = new LocaleReportVettingResult();
+            CheckCLDR.Phase phase = SurveyMain.checkCLDRPhase(loc);
+            CheckCLDR.StatusAction showRowAction =
+                    phase.getShowRowAction(
+                            null /* not path based */,
+                            CheckCLDR.InputMethod.DIRECT,
+                            null /* Not path based */,
+                            mySession.user);
+            final boolean canModify = UserRegistry.userCanModifyLocale(mySession.user, loc);
+            LocaleReportVettingResult rr = new LocaleReportVettingResult(showRowAction, canModify);
             rr.locale = loc.toString();
             for (final ReportId report : ReportId.getReportsAvailable()) {
                 Map<Integer, ReportAcceptability> votes = new TreeMap<>();
@@ -220,6 +224,9 @@ public LocaleReportVettingResult[] getLocales() {
     }
 
     public static class LocaleReportVettingResult {
+        @Schema(description = "True if user is allowed to vote for this report.")
+        public final boolean canVote;
+
         public String locale;
         private Set<ReportVettingResult> reports = new HashSet<ReportVettingResult>();
 
@@ -237,6 +244,10 @@ void addVoters(Set<Integer> s) {
         public int getTotalVoters() {
             return allUsers.size();
         }
+
+        public LocaleReportVettingResult(CheckCLDR.StatusAction action, boolean canModify) {
+            canVote = canModify && action.canVote();
+        }
     }
 
     public static class ReportVettingResult {
@@ -346,7 +357,6 @@ public Response updateReport(
                                 null /* Not path based */,
                                 mySession.user);
 
-        logger.info(() -> "ShowRowAction = " + showRowAction);
         if (!showRowAction.canVote()) {
             return Response.status(Status.FORBIDDEN).build();
         }