nobody but the user can see the status (needs change)

2005-05-20 14:53:00 +00:00 · 2005-05-20 14:53:00 +00:00 · 7f50cc941a
parent d7d4143215
commit 7f50cc941a
1 changed files with 5 additions and 0 deletions
--- a/wcs/forms/root.ptl
+++ b/wcs/forms/root.ptl
@ -64,6 +64,11 @@ class FormStatusPage(Directory):
        html_foot()

    def status [html] (self):
+        session = get_session()
+        if not session or self.filled.user_id != session.user:
+            # XXX: allows only for the persons responsible for that type of
+            # form
+            raise wcs.errors.AccessError()
        html_top(self.formdef.name + ' - ' + self.filled.id)
        tm = time.strftime(str("%Y-%m-%d %H:%M"), self.filled.receipt_time)
        "<p>"