From d78b4cae5845fb58929e36773fd2765f2671dfbe Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Fri, 3 Jan 2014 16:02:00 +0100
Subject: [PATCH] always redirect to status page (#3031)

---
 wcs/formdef.py      |  6 ++++++
 wcs/forms/common.py |  6 +++++-
 wcs/forms/root.py   |  6 +++++-
 wcs/sessions.py     | 14 +++++++++++++-
 wcs/workflows.py    |  5 ++---
 5 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/wcs/formdef.py b/wcs/formdef.py
index 5c9beb8..8834681 100644
--- a/wcs/formdef.py
+++ b/wcs/formdef.py
@@ -622,6 +622,9 @@ class FormDef(StorableObject):
         if self.acl_read == 'all':
             return True
         if not user:
+            if self.acl_read == 'owner' and formdata and get_session() and \
+                    get_session().is_anonymous_submitter(formdata):
+                return True
             return False
         if user.is_admin:
             return True
@@ -676,6 +679,9 @@ class FormDef(StorableObject):
             user_roles = set(user.roles)
         else:
             user_roles = set([])
+
+        if not self.workflow_roles:
+            self.workflow_roles = {}
         form_roles = [x for x in self.workflow_roles.keys() if x]
         if user and self.private_status_and_history and not user_roles.intersection(form_roles):
             return False
diff --git a/wcs/forms/common.py b/wcs/forms/common.py
index 9563b6b..342ab0c 100644
--- a/wcs/forms/common.py
+++ b/wcs/forms/common.py
@@ -110,6 +110,9 @@ class FormStatusPage(Directory):
                     mine = True
             elif self.filled.is_submitter(user):
                 mine = True
+        else:
+            if get_session() and get_session().is_anonymous_submitter(self.filled):
+                mine = True
 
         self.check_receiver()
         return mine
@@ -262,7 +265,8 @@ class FormStatusPage(Directory):
     def check_receiver(self):
         session = get_session()
         if not session or not session.user:
-            raise errors.AccessUnauthorizedError()
+            if not self.filled.formdef.is_user_allowed_read(None, self.filled):
+                raise errors.AccessUnauthorizedError()
         user = get_request().user
         if self.filled.formdef is None:
             raise errors.AccessForbiddenError()
diff --git a/wcs/forms/root.py b/wcs/forms/root.py
index 7437399..aa478aa 100644
--- a/wcs/forms/root.py
+++ b/wcs/forms/root.py
@@ -605,6 +605,10 @@ class FormPage(Directory):
             if [x for x in user_forms if not x.is_draft()]:
                 return redirect('%s/' % user_forms[0].id)
         filled.store()
+
+        if not filled.user_id:
+            get_session().mark_anonymous_formdata(filled)
+
         if not filled.user_id and existing_formdata is None:
             a = AnonymityLink()
             a.formdata_type = 'form'
@@ -619,7 +623,7 @@ class FormPage(Directory):
             url = filled.perform_workflow()
             if url:
                 return redirect(url)
-        return self.receipt_page(filled)
+        return redirect(filled.get_url())
 
     def submitted_existing(self, form, editing):
         old_data = editing.data
diff --git a/wcs/sessions.py b/wcs/sessions.py
index e8273ea..c0341d4 100644
--- a/wcs/sessions.py
+++ b/wcs/sessions.py
@@ -23,9 +23,10 @@ class BasicSession(Session):
 
     anonymous_key = None
     magictokens = None
+    anonymous_formdata_keys = None
 
     def has_info(self):
-        return self.anonymous_key or self.magictokens or Session.has_info(self)
+        return self.anonymous_formdata_keys or self.anonymous_key or self.magictokens or Session.has_info(self)
     is_dirty = has_info
 
     def get_anonymous_key(self, generate = False):
@@ -45,5 +46,16 @@ class BasicSession(Session):
             return default
         return self.magictokens.get(token, default)
 
+    def mark_anonymous_formdata(self, formdata):
+        if not self.anonymous_formdata_keys:
+            self.anonymous_formdata_keys = {}
+        self.anonymous_formdata_keys['%s-%s' % (formdata.formdef.id, formdata.id)] = True
+
+    def is_anonymous_submitter(self, formdata):
+        if not self.anonymous_formdata_keys:
+            return False
+        formdata_key = '%s-%s' % (formdata.formdef.id, formdata.id)
+        return formdata_key in self.anonymous_formdata_keys
+
 qommon.sessions.BasicSession = BasicSession
 StorageSessionManager = qommon.sessions.StorageSessionManager
diff --git a/wcs/workflows.py b/wcs/workflows.py
index 2d91c55..be9b563 100644
--- a/wcs/workflows.py
+++ b/wcs/workflows.py
@@ -1268,8 +1268,6 @@ class RedirectToStatusWorkflowStatusItem(WorkflowStatusItem):
     backoffice = False
 
     def perform(self, formdata):
-        if not get_request().user:
-            return None
         return formdata.get_url(self.backoffice)
 
     def add_parameters_widgets(self, form, parameters, prefix='', formdef=None):
@@ -1281,7 +1279,8 @@ class RedirectToStatusWorkflowStatusItem(WorkflowStatusItem):
     def get_parameters(self):
         return ('backoffice',)
 
-register_item_class(RedirectToStatusWorkflowStatusItem)
+# RedirectToStatusWorkflowStatusItem is not registered as the class kept for
+# backward compatibility only and should not be exposed to the user. (#3031)
 
 
 class EditableWorkflowStatusItem(WorkflowStatusItem):
-- 
1.8.5.2