0001-forms-redirect-to-safe-page-if-workflow-action-makes.patch
wcs/forms/common.ptl | ||
---|---|---|
417 | 417 | |
418 | 418 |
'<a href="..">%s</a>' % _('Back to Listing') |
419 | 419 | |
420 | ||
421 | 420 |
def submit(self, form, comment_only = False): |
422 | 421 |
status = None |
423 | 422 |
current_status = self.filled.status |
... | ... | |
430 | 429 |
if current_status != self.filled.status: |
431 | 430 |
get_logger().info('form %s - id: %s - status -> %s' % ( |
432 | 431 |
self.formdef.name, self.filled.id, self.filled.status)) |
432 |
try: |
|
433 |
self.check_auth() |
|
434 |
except errors.AccessError: |
|
435 |
# the user no longer has access to the form; redirect to a |
|
436 |
# different page |
|
437 |
if 'backoffice/' in [x[0] for x in get_response().breadcrumb]: |
|
438 |
user = get_request().user |
|
439 |
if user and (user.is_admin or self.formdef.is_of_concern_for_user(user)): |
|
440 |
# user has access to the formdef, redirect to the |
|
441 |
# listing. |
|
442 |
return '..' |
|
443 |
else: |
|
444 |
return get_publisher().get_backoffice_url() |
|
445 |
else: |
|
446 |
return get_publisher().get_root_url() |
|
433 | 447 | |
434 | 448 |
def download(self): |
435 | 449 |
self.check_receiver() |
436 |
- |