forms: redirect to safe page if workflow action makes page forbidden (#3213)
This commit is contained in:
parent
c5ca23d118
commit
748a7a63d7
|
@ -417,7 +417,6 @@ class FormStatusPage(Directory):
|
|||
|
||||
'<a href="..">%s</a>' % _('Back to Listing')
|
||||
|
||||
|
||||
def submit(self, form, comment_only = False):
|
||||
status = None
|
||||
current_status = self.filled.status
|
||||
|
@ -430,6 +429,21 @@ class FormStatusPage(Directory):
|
|||
if current_status != self.filled.status:
|
||||
get_logger().info('form %s - id: %s - status -> %s' % (
|
||||
self.formdef.name, self.filled.id, self.filled.status))
|
||||
try:
|
||||
self.check_auth()
|
||||
except errors.AccessError:
|
||||
# the user no longer has access to the form; redirect to a
|
||||
# different page
|
||||
if 'backoffice/' in [x[0] for x in get_response().breadcrumb]:
|
||||
user = get_request().user
|
||||
if user and (user.is_admin or self.formdef.is_of_concern_for_user(user)):
|
||||
# user has access to the formdef, redirect to the
|
||||
# listing.
|
||||
return '..'
|
||||
else:
|
||||
return get_publisher().get_backoffice_url()
|
||||
else:
|
||||
return get_publisher().get_root_url()
|
||||
|
||||
def download(self):
|
||||
self.check_receiver()
|
||||
|
|
Loading…
Reference in New Issue