0001-forms-redirect-to-safe-page-if-workflow-action-makes.patch
| wcs/forms/common.ptl | ||
|---|---|---|
| 417 | 417 | |
| 418 | 418 |
'<a href="..">%s</a>' % _('Back to Listing')
|
| 419 | 419 | |
| 420 | ||
| 421 | 420 |
def submit(self, form, comment_only = False): |
| 422 | 421 |
status = None |
| 423 | 422 |
current_status = self.filled.status |
| ... | ... | |
| 430 | 429 |
if current_status != self.filled.status: |
| 431 | 430 |
get_logger().info('form %s - id: %s - status -> %s' % (
|
| 432 | 431 |
self.formdef.name, self.filled.id, self.filled.status)) |
| 432 |
try: |
|
| 433 |
self.check_auth() |
|
| 434 |
except errors.AccessError: |
|
| 435 |
# the user no longer has access to the form; redirect to a |
|
| 436 |
# different page |
|
| 437 |
if 'backoffice/' in [x[0] for x in get_response().breadcrumb]: |
|
| 438 |
user = get_request().user |
|
| 439 |
if user and (user.is_admin or self.formdef.is_of_concern_for_user(user)): |
|
| 440 |
# user has access to the formdef, redirect to the |
|
| 441 |
# listing. |
|
| 442 |
return '..' |
|
| 443 |
else: |
|
| 444 |
return get_publisher().get_backoffice_url() |
|
| 445 |
else: |
|
| 446 |
return get_publisher().get_root_url() |
|
| 433 | 447 | |
| 434 | 448 |
def download(self): |
| 435 | 449 |
self.check_receiver() |
| 436 |
- |
|