Merge branch 'develop' into wicket-10

owasp.xml

@@ -65,4 +65,11 @@
         </notes>
         <cve>CVE-2023-52070</cve>
     </suppress>
+    <suppress>
+        <notes>
+            This is a complete nonsense vulnerability. Some automated tool has
+            gone completely bananas.
+        </notes>
+        <cve>CVE-2024-23076</cve>
+    </suppress>
 </suppressions>

view/src/main/java/se/su/dsv/scipro/components/DisableSubmitButtonsOnSubmit.java

@@ -7,7 +7,7 @@ import org.apache.wicket.markup.head.OnEventHeaderItem;
 import org.apache.wicket.markup.html.form.Form;
 
 /**
- * Disables all elements with {@code [type=submit]}
+ * {@link Form} behavior that disables all elements with {@code [type=submit]} when the form is submitted.
  */
 public class DisableSubmitButtonsOnSubmit extends Behavior {
     @Override
@@ -21,10 +21,12 @@ public class DisableSubmitButtonsOnSubmit extends Behavior {
     @Override
     public void renderHead(Component component, IHeaderResponse response) {
         super.renderHead(component, response);
-        final String javaScript = "const submitButtons = event.target.querySelectorAll(\"[type=submit]\");\n" +
-                                  "for (const button of submitButtons) {\n" +
-                                  "    button.disabled = true;\n" +
-                                  "}\n";
+        final String javaScript = """
+                                  const submitButtons = event.target.querySelectorAll("[type=submit]");
+                                  for (const button of submitButtons) {
+                                      button.classList.add('disabled');
+                                  }
+                                  """;
         response.render(OnEventHeaderItem.forComponent(component, "submit", javaScript));
     }
 }

view/src/main/java/se/su/dsv/scipro/finalthesis/FinalThesisPanel$RevisionPanel.html

@@ -5,7 +5,7 @@
     <strong>Status:</strong> <span class="text-danger">REVISION NEEDED</span>
     <div class="help-box">
         <span wicket:id="rejectedDateLabel"></span><br>
-        Your supervisor have decided that you need to revise your final thesis and then upload it again.<br>
+        Your supervisor has decided that you need to revise your final thesis and then upload it again.<br>
         <a href="#" wicket:id="forumLink">Go to the forum to view the reason behind this decision</a>.
     </div>
 </wicket:panel>

view/src/main/java/se/su/dsv/scipro/project/pages/ProjectDetailsPage.java

@@ -11,7 +11,9 @@ import se.su.dsv.scipro.activityplan.UpcomingActivitiesPanel;
 import se.su.dsv.scipro.checklists.ChecklistOverviewPanel;
 import se.su.dsv.scipro.components.menuhighlighting.MenuHighlightAuthorMyProjects;
 import se.su.dsv.scipro.finalseminar.OverviewSeminarPanel;
+import se.su.dsv.scipro.finalthesis.FinalThesis;
 import se.su.dsv.scipro.finalthesis.FinalThesisPanel;
+import se.su.dsv.scipro.finalthesis.FinalThesisService;
 import se.su.dsv.scipro.group.AuthorGroupPage;
 import se.su.dsv.scipro.group.GroupsOverviewPanel;
 import se.su.dsv.scipro.latestevents.LatestEventsPanel;
@@ -42,12 +44,23 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
     public static final String EXTERNAL_RESOURCES = "externalResources";
     public static final String EXTERNAL_LINK = "externalLink";
 
+    private final boolean shouldFillOutSurvey;
+
     @Inject
     private SurveyService surveyService;
 
+    @Inject
+    private FinalThesisService finalThesisService;
+
+
     public ProjectDetailsPage(PageParameters pp) {
         super(pp);
 
+        FinalThesis finalThesis = finalThesisService.findByProject(getActiveProject());
+        boolean finalThesisIsRejected = (finalThesis != null && finalThesis.isRejected());
+        shouldFillOutSurvey = surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser())
+                              && !finalThesisIsRejected;
+
         add(new ExternalResourcesPanel(EXTERNAL_RESOURCES, LambdaModel.of(projectModel, se.su.dsv.scipro.project.Project::getProjectType, se.su.dsv.scipro.project.Project::setProjectType)));
 
         add(new ExternalLinkPanel(EXTERNAL_LINK, projectModel));
@@ -90,7 +103,6 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
             @Override
             protected void onConfigure() {
                 super.onConfigure();
-                final boolean shouldFillOutSurvey = surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser());
                 setVisibilityAllowed(shouldFillOutSurvey);
             }
         });
@@ -103,15 +115,13 @@ public class ProjectDetailsPage extends AbstractProjectDetailsPage implements Me
     @Override
     protected void onConfigure() {
         super.onConfigure();
-        if (surveyService.shouldFillOutSurvey(getActiveProject(), SciProSession.get().getUser())) {
-            if (getSession().getMetaData(ProjectFinalSurveyPage.SURVEY_VISITED) == null) {
+        if (shouldFillOutSurvey && getSession().getMetaData(ProjectFinalSurveyPage.SURVEY_VISITED) == null) {
             getFeedbackMessages().forEach(getSession().getFeedbackMessages()::add);
             throw new RestartResponseException(
                     ProjectFinalSurveyPage.class,
                     ProjectFinalSurveyPage.getPageParameters(getActiveProject()));
         }
     }
-    }
 
     @Override
     public void renderHead(IHeaderResponse response) {