From 202d1a8d2b91e2ac4fbb754cde1faef7cd238c98 Mon Sep 17 00:00:00 2001
From: Parbhat Puri <parbhatpuri17@gmail.com>
Date: Tue, 23 Apr 2019 07:52:14 +0000
Subject: [PATCH] GH-1147: Partner can view submission detail view only if has
 access and status of submission in edit/review phase

---
 opentech/apply/funds/views.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/opentech/apply/funds/views.py b/opentech/apply/funds/views.py
index 2d8d39f13..1a99921ac 100644
--- a/opentech/apply/funds/views.py
+++ b/opentech/apply/funds/views.py
@@ -55,7 +55,7 @@ from .tables import (
     SubmissionReviewerFilterAndSearch,
     SummarySubmissionsTable,
 )
-from .workflow import STAGE_CHANGE_ACTIONS, PHASES_MAPPING, review_statuses
+from .workflow import STAGE_CHANGE_ACTIONS, PHASES_MAPPING, review_statuses, get_edit_review_active_statuses
 
 
 class BaseAdminSubmissionsTable(SingleTableMixin, FilterView):
@@ -492,7 +492,8 @@ class PartnerSubmissionDetailView(ReviewContextMixin, ActivityContextMixin, Dele
             return ApplicantSubmissionDetailView.as_view()(request, *args, **kwargs)
         # Only allow partners in the submission they are added as partners
         partner_has_access = submission.partners.filter(pk=request.user.pk).exists()
-        if not partner_has_access:
+        user_edit_review_statuses = get_edit_review_active_statuses(request.user)
+        if not partner_has_access or submission.status not in user_edit_review_statuses:
             raise PermissionDenied
         return super().dispatch(request, *args, **kwargs)
 
-- 
GitLab