From aad4aba8ed2ed0edd88557b6ec313102a7b35aba Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20P=C3=A9ters?= <fpeters@entrouvert.com>
Date: Mon, 4 Jan 2016 18:23:06 +0100
Subject: [PATCH] forms: fix is_of_concern_for_user to take formdata into
 account (#9494)

---
 tests/test_backoffice_pages.py | 33 +++++++++++++++++++++++++++++++++
 wcs/formdef.py                 | 14 +++++++++-----
 2 files changed, 42 insertions(+), 5 deletions(-)

diff --git a/tests/test_backoffice_pages.py b/tests/test_backoffice_pages.py
index 26114bb..171d0f2 100644
--- a/tests/test_backoffice_pages.py
+++ b/tests/test_backoffice_pages.py
@@ -18,6 +18,7 @@ from wcs.qommon.http_request import HTTPRequest
 from wcs.roles import Role
 from wcs.workflows import (Workflow, CommentableWorkflowStatusItem,
         ChoiceWorkflowStatusItem, EditableWorkflowStatusItem)
+from wcs.wf.dispatch import DispatchWorkflowStatusItem
 from wcs.wf.jump import JumpWorkflowStatusItem
 from wcs.wf.register_comment import RegisterCommenterWorkflowStatusItem
 from wcs.wf.wscall import WebserviceCallStatusItem
@@ -757,6 +758,38 @@ def test_backoffice_submission(pub):
     resp = resp.form.submit('cancel')
     assert resp.location == 'http://example.net/backoffice/submission/'
 
+def test_backoffice_submission_dispatch(pub):
+    user = create_user(pub)
+    create_environment(pub)
+
+    wf = Workflow(name='dispatch')
+    st1 = wf.add_status('Status1')
+    dispatch = DispatchWorkflowStatusItem()
+    dispatch.id = '_dispatch'
+    dispatch.role_key = '_receiver'
+    dispatch.role_id = '2'
+    st1.items.append(dispatch)
+    dispatch.parent = st1
+    wf.store()
+
+    formdef = FormDef.get_by_urlname('form-title')
+    formdef.workflow_id = wf.id
+    formdef.backoffice_submission_roles = user.roles[:]
+    formdef.store()
+
+    app = login(get_app(pub))
+    resp = app.get('/backoffice/submission/')
+
+    resp = resp.click(formdef.name)
+    resp.form['f1'] = 'test submission'
+    resp.form['f2'] = 'baz'
+    resp.form['f3'] = 'C'
+    resp = resp.form.submit('submit') # to validation screen
+    resp = resp.form.submit('submit') # final submit
+    # should go the submission screen
+    assert resp.location == 'http://example.net/backoffice/submission/'
+    resp = resp.follow()
+
 def test_backoffice_submission_tracking_code(pub):
     user = create_user(pub)
     create_environment(pub)
diff --git a/wcs/formdef.py b/wcs/formdef.py
index 0a7f48c..18a43b9 100644
--- a/wcs/formdef.py
+++ b/wcs/formdef.py
@@ -935,13 +935,17 @@ class FormDef(StorableObject):
     def is_of_concern_for_user(self, user, formdata=None):
         if not self.workflow_roles:
             self.workflow_roles = {}
-        for role_id in self.workflow_roles.values():
+        workflow_roles = self.workflow_roles.copy()
+        if formdata and formdata.workflow_roles:
+            workflow_roles.update(formdata.workflow_roles)
+        for role_id in workflow_roles.values():
             if role_id in (user.roles or []):
                 return True
-        data_class = self.data_class()
-        for role_id in user.roles or []:
-            if data_class.get_ids_with_indexed_value('workflow_roles', role_id):
-                return True
+        if not formdata:
+            data_class = self.data_class()
+            for role_id in user.roles or []:
+                if data_class.get_ids_with_indexed_value('workflow_roles', role_id):
+                    return True
         return False
 
     def is_user_allowed_read(self, user, formdata=None):
-- 
2.6.4