forms: redirect to safe page if workflow action makes page forbidden (#3213)

2013-07-05 13:19:53 +02:00 · 2013-07-05 13:19:53 +02:00 · 748a7a63d7
parent c5ca23d118
commit 748a7a63d7
1 changed files with 15 additions and 1 deletions
--- a/wcs/forms/common.ptl
+++ b/wcs/forms/common.ptl
@ -417,7 +417,6 @@ class FormStatusPage(Directory):

        '<a href="..">%s</a>' % _('Back to Listing')

-
    def submit(self, form, comment_only = False):
        status = None
        current_status = self.filled.status
@ -430,6 +429,21 @@ class FormStatusPage(Directory):
        if current_status != self.filled.status:
            get_logger().info('form %s - id: %s - status -> %s' % (
                        self.formdef.name, self.filled.id, self.filled.status))
+            try:
+                self.check_auth()
+            except errors.AccessError:
+                # the user no longer has access to the form; redirect to a
+                # different page
+                if 'backoffice/' in [x[0] for x in get_response().breadcrumb]:
+                    user = get_request().user
+                    if user and (user.is_admin or self.formdef.is_of_concern_for_user(user)):
+                        # user has access to the formdef, redirect to the
+                        # listing.
+                        return '..'
+                    else:
+                        return get_publisher().get_backoffice_url()
+                else:
+                    return get_publisher().get_root_url()

    def download(self):
        self.check_receiver()