Prevent clarifications before the contest without explicit time

In the Jury UI we can warn with a flash message, for API we can't easily
prevent automated tools from unintentionally disclosing the information.

We provide both relevant times, either contest start or now to keep this easy
to copy/paste. The format is already in the timezone of the contest to make
sure validation passes.

In theory this can still give problems in case you submit a clarification and
afterwards the contest starts later, it's up to the contest admin to change the
database in such cases as we don't have a reltime for clarifications.

Author: vmcj

webapp/src/Controller/API/ClarificationController.php

@@ -8,6 +8,7 @@
 use App\Entity\ContestProblem;
 use App\Entity\Team;
 use App\Utils\Utils;
+use DateTime;
 use Doctrine\ORM\NonUniqueResultException;
 use Doctrine\ORM\QueryBuilder;
 use Exception;
@@ -208,6 +209,17 @@ public function addAction(
             } else {
                 throw new BadRequestHttpException('A team can not assign time.');
             }
+        } elseif ($this->isGranted('ROLE_API_WRITER') && $contest->getStartTime() > $time) {
+            $startTime = $contest->getStarttimeString();
+            $startTimeTimeZone = DateTime::createFromFormat('Y-m-d h:i:s e', $startTime)->getTimezone();
+            $now = DateTime::createFromFormat('U.u', (string) $time);
+            $now->setTimezone($startTimeTimeZone); // We can't the timezone in createFromFormat as it always picks UTC.
+            throw new BadRequestHttpException(
+                "Sending a clarification before the contest can disclose restricted information, "
+                . "provide an explicit time when this clarification should be visible. "
+                . "For the start of this contest: " . $contest->getStarttimeString() . ", "
+                . "for the current time: " . $now->format('Y-m-d H:i:s e') . "."
+            );
         }
 
         $clarification->setSubmittime($time);