From b917c53a592e75adfb116d5d3f54ca597a4bd46f Mon Sep 17 00:00:00 2001
From: br0kenpixel <23280129+br0kenpixel@users.noreply.github.com>
Date: Thu, 6 Nov 2025 10:11:34 +0100
Subject: [PATCH] fix: restrict `DEFENDED` and `NOT_DEFENDED` status for admins
 based on report confirmation

---
 .../InternshipStatusController.php            | 32 ++++++++++++-------
 .../app/components/InternshipStatusEditor.vue |  3 ++
 2 files changed, 24 insertions(+), 11 deletions(-)

diff --git a/backend/app/Http/Controllers/InternshipStatusController.php b/backend/app/Http/Controllers/InternshipStatusController.php
index 2621faa..f02784b 100644
--- a/backend/app/Http/Controllers/InternshipStatusController.php
+++ b/backend/app/Http/Controllers/InternshipStatusController.php
@@ -9,11 +9,12 @@ use Illuminate\Http\Request;
 
 class InternshipStatusController extends Controller
 {
-    public function get(int $id) {
+    public function get(int $id)
+    {
         $user = auth()->user();
         $internship_statuses = InternshipStatus::whereInternshipId($id)->orderByDesc('changed')->get()->makeHidden(['created_at', 'updated_at', 'id']);
 
-        if(!$internship_statuses) {
+        if (!$internship_statuses) {
             return response()->json([
                 'message' => 'No such internship exists.'
             ], 400);
@@ -31,11 +32,12 @@ class InternshipStatusController extends Controller
         return response()->json($internship_statuses);
     }
 
-    public function get_next_states(int $id) {
+    public function get_next_states(int $id)
+    {
         $user = auth()->user();
         $internship = Internship::find($id);
 
-        if(!$internship) {
+        if (!$internship) {
             return response()->json([
                 'message' => 'No such internship exists.'
             ], 400);
@@ -46,7 +48,7 @@ class InternshipStatusController extends Controller
         }
 
         $currentStatus = $this->currentInternshipStatus($internship);
-        $nextPossibleStatuses = $this->possibleNewStatuses($currentStatus->status, $user->role);
+        $nextPossibleStatuses = $this->possibleNewStatuses($currentStatus->status, $user->role, $internship->report_confirmed);
 
         return response()->json($nextPossibleStatuses);
     }
@@ -99,7 +101,7 @@ class InternshipStatusController extends Controller
         $user = auth()->user();
         $internship = Internship::find($id);
 
-        if(!$internship) {
+        if (!$internship) {
             return response()->json([
                 'message' => 'No such internship exists.'
             ], 400);
@@ -110,7 +112,7 @@ class InternshipStatusController extends Controller
         }
 
         $internshipStatus = $this->currentInternshipStatus($internship);
-        $newStatusValidator = 'in:' . implode(',', $this->possibleNewStatuses($internshipStatus->status, $user->role));
+        $newStatusValidator = 'in:' . implode(',', $this->possibleNewStatuses($internshipStatus->status, $user->role, $internship->report_confirmed));
 
         $request->validate([
             'status' => ['required', 'string', 'uppercase', $newStatusValidator],
@@ -136,8 +138,10 @@ class InternshipStatusController extends Controller
         //
     }
 
-    private function possibleNewStatuses(string $current_status, string $userRole) {
-        if($userRole === "STUDENT") return [];
+    private function possibleNewStatuses(string $current_status, string $userRole, bool $report_confirmed)
+    {
+        if ($userRole === "STUDENT")
+            return [];
 
         switch ($current_status) {
             case 'SUBMITTED':
@@ -146,7 +150,12 @@ class InternshipStatusController extends Controller
                 if ($userRole === 'EMPLOYER') {
                     return ['DENIED'];
                 }
-                return ['SUBMITTED', 'DENIED', 'DEFENDED', 'NOT_DEFENDED'];
+
+                if ($report_confirmed) {
+                    return ['SUBMITTED', 'DENIED', 'DEFENDED', 'NOT_DEFENDED'];
+                }
+
+                return ['SUBMITTED', 'DENIED'];
             case 'DENIED':
                 if ($userRole === 'EMPLOYER') {
                     return ['CONFIRMED'];
@@ -160,7 +169,8 @@ class InternshipStatusController extends Controller
         }
     }
 
-    private function currentInternshipStatus(Internship $internship) {
+    private function currentInternshipStatus(Internship $internship)
+    {
         return InternshipStatus::whereInternshipId($internship->id)->orderByDesc('changed')->firstOrFail();
     }
 }
diff --git a/frontend/app/components/InternshipStatusEditor.vue b/frontend/app/components/InternshipStatusEditor.vue
index 20d06e2..2d594fd 100644
--- a/frontend/app/components/InternshipStatusEditor.vue
+++ b/frontend/app/components/InternshipStatusEditor.vue
@@ -67,6 +67,9 @@ async function submit() {
         <!-- Chybová hláška -->
         <ErrorAlert v-if="load_error" :error="`Nepodarilo sa načítať stavy: ${save_error}`" />
 
+        <!-- Chybová hláška -->
+        <ErrorAlert v-else-if="data?.length === 0" :error="`Nepodarilo sa načítať stavy: ${save_error}`" />
+
         <v-form v-else v-model="isValid" @submit.prevent="submit" :disabled="loading">
             <v-select v-model="new_state" label="Stav" :items="data" item-value="value"></v-select>
             <v-text-field v-model="note" :rules="[rules.required]" label="Poznámka"></v-text-field>